Fortinet FortiGate-VM Review

Slightly unstable, needs a better user interface, and lacks good monitoring capabilities

What is our primary use case?

We primarily use the solution for checking a 250-person defense contracting company with multiple locations.

How has it helped my organization?

It's improved our operations by not being overly problematic.

What is most valuable?

The solution seems to be very reliable. 

It's a relatively simple product that is easy to use. It's not overly complex.

The initial setup is fairly straightforward.

What needs improvement?

The product does not have a good graphical interface. Their patches and their upgrades are not always compatible with configuration. That means that often you find after you upgrade that there was something else you have to do to the rest of the infrastructure, whether it's a printer or a user or whatever. It doesn't appear to me that their upgrades are well tested. They usually do what they're supposed to do, however, they also usually do some other things that FortiGate doesn't seem to be aware of.

It doesn't maintain legacy capabilities very well.

The stability of the solution isn't ideal.

They don't seem capable of supporting their own product.

The solution needs a better user interface and more intelligent services like spam blocking and auto whitelisting, gray listing, blacklisting, et cetera. It just basically needs better user monitoring.

For how long have I used the solution?

I've been using the solution for about four years at this point. It's been a while now.

What do I think about the stability of the solution?

While I wouldn't describe the solution as unstable, there are definitely hiccups. I expect firewalls to be really efficient and very stable and I would say they're only sort of stable. I don't expect to have to figure out how to create a scan-to-email solution every time I upgrade my firewall, for instance.

Of course, they'll blame it on the vendor of the printer and say now how they're not following the standard or something, however, it was working with their product previously and the printer wasn't the item that changed. Their product gets a patch and it no longer works and you're like, "Well, I like your theory, but I don't exactly accept it." I don't think they have the features that a Palo Alto has, let's say.

What do I think about the scalability of the solution?

The solution seems to be scalable. For our purposes, it scales well.

We have about 250 users on the solution currently.

How are customer service and technical support?

Technical support isn't that great. On a scale from one to ten, they're a five at best. A couple of times where we had a problem, they couldn't solve the problem. We researched the problem on our own, unfortunately, via Google, and we found the solution and the solution was actually written by one of their techs and they didn't even know it.

How was the initial setup?

The initial setup is not too difficult. It's not overly complex. I'd describe it as pretty straightforward. A company shouldn't have any issues with implementation.

For deployment, we did one site and then the other site and it took probably two weeks to deploy it, with maybe 30 days to get it fully configured. Then, once we had one site deployed, configured, and functional, we implemented a copy of that to the other site. We followed this pattern for each of our locations.

In terms of maintenance, it's hard to quantify what you need for the firewall. The firewalls are relatively low in terms of required maintenance. We have one IT administrator that may be a day a month has duties that are firewall-related. It varies, however, it's not significant work to maintain the firewall.

What about the implementation team?

We did not need the assistance of an integrator or consultant. We were able to handle it ourselves.

What was our ROI?

We haven't really seen an ROI. It does what it's supposed to do, however, I'm not sure that it makes my job easier. It's kind of a sunk cost. It's one of the frustrations I have. I would expect it to be smarter and capable of doing things that it really doesn't do.

What's my experience with pricing, setup cost, and licensing?

We pay a yearly licensing fee. It's probably a couple of thousand dollars per firewall.

On top of that, if you maintain a hardware warranty, so that you own the devices, you still maintain a warranty on them. There's sort-of a service contract, or you can go at risk. I don't know where we are in that. I'd have to go look, but I know at one point in time we talked about again, if we're going to be doing a tech exchange, maybe we don't want to maintain the warranties on them anymore.

The competitors actually have lower prices for more functionality. On the higher side, if you go with Cisco, it's more expensive, however, it's obviously more functional. A Palo Alto is probably a better solution than a FortiGate.

Which other solutions did I evaluate?

We're currently looking for alternatives to this solution.

We're looking at alternatives. However, the deficiencies that they have are not significant enough that I would like to immediately leave them, however, they're big enough that I'm looking for alternatives. 

When I come to end the life and I do a tech refresh, if we're not going to go 100% virtual, which is certainly another consideration, I am going to look at an alternate product. I'm not sure we're going to go away from them with a timeline right now, however, I'm certainly looking at it.

We don't yet have a shortlist, however, we'll likely look at the top big names in the market.

What other advice do I have?

We're an end-user and a customer.

We have a plug-in with the subscription. We use the current version on their 100Es.

In general, I would advise other users that they need to look at whether they're going to go physical or virtual. I'd advise once they decide that to then look at the maybe lesser known next-generation firewalls that have functionality. The folks that are going to be operating the tool need to look at the user interface to make sure that that it is easy to use. Most users at an enterprise don't even know the firewall's there, let alone what it is, so they're not unique. I think all of the firewalls are pretty decent at not impacting users. The differentiator is which ones are easy to set up, which ones are easy to configure and use and how good they are at reporting.

The other thing I would say is, look at whether or not they integrate into your overall IT management, whether you're using ServiceNow or what you're using for IT management. How do the firewalls integrate with that or not? It's important.

I'd rate the solution at a four out of ten. It does base functions and it's doing that at a pretty high price.

Which deployment model are you using for this solution?

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More Fortinet FortiGate-VM reviews from users
...who work at a Comms Service Provider
...who compared it with Cisco Firepower NGFW Firewall
Learn what your peers think about Fortinet FortiGate-VM. Get advice and tips from experienced pros sharing their opinions. Updated: July 2021.
524,194 professionals have used our research since 2012.
Add a Comment
ITCS user