Fortinet FortiOS Review

Robust, scales well using FortiManager, and you have a choice of two different modes to run in

What is our primary use case?

We use this solution as a gateway, a firewall for the office.

How has it helped my organization?

More Stability on VPN and SSL Deep Packet Inspection (Compare to Sonicwall)

What is most valuable?

It is very robust.

What needs improvement?

Many things are missing from the interface that necessitates using the CLI, so it needs to be improved. When I migrated to FortiGate, there many things that I wanted to do, but couldn't.

With FortiOS, you can use the router in two modes. The first mode is the profile mode, which is the starter mode that most use, but you have another mode that is a policy mode and is required before creating your firewall rule. The problem is that when you switch from one mode to the other, all of your firewall rules will be gone. This means that you have to decide if you want to use the policy mode firewall or a profile mode firewall.

With policy mode, you can have granular control on the application on the firewall rule because the firewall rule works with the source destination protocol. With the application, you have multiple rules, one by one. As an example, you can have one for Skype or one for OneDrive, etc. On the source, you can add a group, and add people to the group, and they can have access to Skype and OneDrive along with others added.

You can granularly control applications on the firewall rule with the policy mode, but you don't have access to the proxy mode rules. There are also issues with the antivirus, IPS, and you are forced to switch back to the profile mode where you have less granular control on the application.

I have problems with the IPS stability and the antivirus in Policy Based Mode. If the file is bigger, then the antivirus doesn't check it.

In policy Based Mode, There are many issues. (Firmware =< 6.4)

For how long have I used the solution?

I have been using this solution for one year.

We are using the latest version, either 6.4 or 6.5.

What do I think about the stability of the solution?

This solution is very stable. It is more stable than SonicWall. The biggest difference is the stability on the VPN site to site, and on the DPI SSL for the HTTPS communication.

What do I think about the scalability of the solution?

If you wanted to expand the firewall to another office you would have to use the FortiManager, which I have not used yet.

I have built five routers, one by one.

SonicWall is the same where you have the GMS that can be used to move the rule to the other firewall.

How are customer service and technical support?

Technical support is not always good.

Which solution did I use previously and why did I switch?

I can only compare it with SonicWall, and it is missing many advanced features that SonicWall has. SonicWall has multiple advanced features on the DNS, Antivirus, etc...  and a lot of options that don't exist in Fortinet.

With SonicWall, I never had to use the CLI but have had to with Fortinet. They are missing many things on the interface.

FortiGate is like a teenager, where SonicWall is the adult firewall. However, it is more robust than SonicWall, particularly on the VPN site to site and SLL Inspection.

How was the initial setup?

When you build a VPN from site to site, you have to make sure the tunnel you select has the same option on both sides to make it work, but you have to also make sure that the routing exists, the mapping exists, and the firewall role exists. 

If one of them is not there, even if you create a site-to-site VPN with the other side and everything, there is no error, the VPN will not go up. 

On SonicWall, it's different. You build a tunnel, you put the same encryption, the same password on both tunnels, and you click up and it's up. If it's not working, it's because you didn't create yet the firewall rule, you work on the VPN, you click, then connect, and it's up.

Then if it's still not working, you create a firewall rule and it's up, or if you forgot the net rule, etc. You do that step-by-step, and it's working, but unfortunately if one of them has a mistake, even if you have no error on the site-to-site VPN setup, it's not going up.

With SonicWall, you can do it step by step and have it working, but with Fortinet, you have to do it all at the same time with no errors.

What's my experience with pricing, setup cost, and licensing?

I work on the configuration and not really involved in the pricing. It was already in place when the company decided to switch back to Fortinet. 

I concentrate more on security.

What other advice do I have?

I know Fortinet and SonicWall, and If I had to consider other solutions or if I have to redo it again, I would take a closer look with Palo Alto first.

With Palo Alto, the cost is more, but when I switch from SonicWall to Fortinet FortiOS, I lost a lot in the features. I would check to see if Palo Alto has what was lost in terms of features.

The stability is good. I would rate Fortinet FortOS an eight out of ten.

Which deployment model are you using for this solution?


Which version of this solution are you currently using?

6.4, 6.5
**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More Fortinet FortiOS reviews from users
...who work at a Comms Service Provider
...who compared it with Palo Alto Networks NG Firewalls
Learn what your peers think about Fortinet FortiOS. Get advice and tips from experienced pros sharing their opinions. Updated: June 2021.
512,221 professionals have used our research since 2012.
Add a Comment
ITCS user