Compare Fortinet FortiGate vs. Kerio Control

Cancel
You must select at least 2 products to compare!
Cisco ASA Firewall Logo
67,223 views|50,354 comparisons
Fortinet FortiGate Logo
170,051 views|120,912 comparisons
Kerio Control Logo
11,657 views|8,984 comparisons
Most Helpful Review
Find out what your peers are saying about Fortinet FortiGate vs. Kerio Control and other solutions. Updated: September 2020.
437,827 professionals have used our research since 2012.
Quotes From Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros
Unfortunately in Cisco, only the hardware was good.The traffic inspection and the Firepower engine are the most valuable features. It gives you full details, application details, traffic monitoring, and the threats. It gives you all the containers the user is using, especially at the application level. The solution also provides application visibility and control.If we look at the Cisco ASA without Firepower, then one of the most valuable features is the URL filtering.It's easy to integrate ASA with other Cisco security products. When you understand the technology, it's not a big deal. It's very simple.The benefits we see from the ASA are connected to teleworking as well as, of course, having the basic functionality of a firewall in place and the prevention of attacks.On the network side, where you create your rules for allowing traffic — what can come inside and what can go out — that works perfectly, if you know what you want to achieve. It protects you.If you have a solution that is creating a script and you need to deploy many implementations, you can create a script in the device and it will be the same for all. After that, you just have to do the fine tuning.They provide DDoS protection and multi-factor authentication. That is a good option as it enables work-from-home functionality.

More Cisco ASA Firewall Pros »

Advanced routing (RIP, OSPF, BGP, PBR). It gives you a seamless and simple integration into a large network.We use the FortiGate Sandbox to detect zero-day vulnerabilities, such as anomalies or malware, that are unknown and have not yet been discovered.We are a visual effects company, and there have been a number of high profile security issues in our industry. This has brought us to a higher standard of security, which our clients are very keen on these days.Virtual Domains (VDOMs) are a feature that we found valuable.SSL-VPN is very useful for us and has been very reliable.FortiGate Secure SD-WAN includes best-of-breed next-generation firewall (NGFW) security, SD-WAN, advanced routing, and WAN optimization capabilities, delivering a security-driven networking WAN edge transformation in a unified offering.The most valuable feature is the VDOM, which allows the customer to have multiple firewalls in a single campus.The security features are about the best that I've seen anywhere.

More Fortinet FortiGate Pros »

The firewall appliance itself is the most valuable feature.The firewall and intrusion detection features are good. It has blocked certain things. We have a lot of blocked sites that the staff or anyone using it, the public, etc., can't go on. It works for that. I get quite a few messages every now and again, saying that a virus has been detected and I can go in and block the user who's causing the problem.The firewall and intrusion detection features are very useful these days because hackers have a lot of tricks that they use to get into a system. With Kerio Control you can see something that's happening. Otherwise, you have to use other tools to see what's happening on the firewalls. Having IPS in it is quite useful for us.It has saved a lot of time and it was a secure way of doing it too. We had a whole contact center that worked from home for a period of time and that's a 21 hour a day contact center that we moved, that was spread out across the greater Brisbane region and working on home internet connections. Surprisingly, we didn't have a lot of stability issues anyway on those connections, but Kerio didn't blink, so that was good.One very good thing about the Kerio device is its authentication. I don't have a Windows domain for authentication. Instead, I use the Kerio product because it can separate users by Mac addresses and give them IP addresses based on their usernames, automatically logging them in. This makes for a very simple authentication system.One thing we use quite a lot, as well, is the DHCP Server, because we do a lot of work where all our devices need to have static IP addresses. Rather than going around and configuring every box, we do it all through DHCP reservations. It's easier. We've got a record of it. We can manipulate it if we need to change something or change some hardware. It's all easy. Even guys who are not used to using it can pick it up quite quickly.In terms of the comprehensiveness of the security features, it does a great job of laying out what it does. It's fairly easy to edit and research. Some of the features were turned on by our IT company and I was able to easily find other features on my own by searching for videos on the internet. I've been able to block certain websites, and content filter, as well as manage some of our bandwidth because we live stream on Sunday. I'm able to dedicate bandwidth for the encoder that goes to the internet. It always has enough bandwidth, no matter how many people are on the network. That's really helpful.The top features are ones that we're not using yet but we soon will be because we've just had broadband upgraded in Australia. We've got something called the National Broadband Network, which is forced onto you, so you have to take it when it arrives. We'll be trying the high availability out soon. We tried that with some load balancing, it didn't quite work as we expected, but I think that was more of a configuration thing rather than a product thing.

More Kerio Control Pros »

Cons
In NGFW, Cisco should be aligned with the new technology and inspection intelligence because Cisco is far behind in this pipeline.Security generally requires integration with many devices, and the management side of that process could be enhanced somewhat. It would help if there was a clear view of the integrations and what the easiest way to do them is.One area where the ASA could be improved is that it doesn't have AMP. When you get an ASA with the Firepower model, ASA with FTD, then you have advanced malware protection.If I want to activate IPS features on it, I have to buy another license. If I want Cisco AnyConnect, I have to buy another license. That's where we have challenges.Cisco missed the mark with all the configuration steps. They are a pain and, when doing them, it looks as if we're using a very old technology — yet the technology itself is not old, it's very good. But the front-end configuration is very tough.Cisco provides us with application visibility and control, although it's not a complete solution compared to other vendors. Cisco needs to work on the application behavior side of things, in particular when it comes to the behavior of SSL traffic.It is expensive.We were also not too thrilled when Cisco announced that in the upcoming new-gen ASA, iOS was not going to be supported, or if you install them, they will not be able to be managed through the Sourcefire. However, it seems like Cisco is moving away from the ASA iOS to the Sourcefire FireSIGHT firmware for the ASA. We haven't had a chance to test it out.

More Cisco ASA Firewall Cons »

I think there could be more QoS featuresWe would like to see a better training platform implemented.We had a minor problem where there was a major system upgrade on the hardware platfrom and the Mac client was not available as soon as it might have been. The PC client was available immediately, but we had to wait a month or so, before there was a mac client. I was slightly irritated that it was not ready on time, but it was eventually resolved.To the best of my knowledge, Fortinet does not have a CASB solution and Fortinet does not have a Zero trust solution.The user interface could be improved to make it less confusing and easier to set up.There is a lot of improvement needed with SSL-VPN.Improvement is needed in the Web Filter quotas to restrict users with allocated quotas.Technical support for this solution can be improved.

More Fortinet FortiGate Cons »

I find it a bit costly to pay for the products that I am not using. They need to change their model in such a way that you don't have to pay for the products that you are not using. Its local support and scalability are also not good. I am looking forward to a more scalable product that will be able to grow with time and technology.The VPN features are the ones that we really like, but we are using a VPN client to be able to use them. We would like to have an SSL implementation for this same feature so we don't need to install anything on the client side. That's a feature I really miss and that should really be embedded in the product. We really would love to use it via a web browser.If I would suggest anything, it would be to expand on its multifactor authentication to be a little bit more user-friendly. They should do multifactor authentications for the client itself perhaps, rather than served on a webpage, in a page hijack, that might be more user-friendly, but I don't have a lot of complaints about it. It's doing its job. You have to have a certain amount of skills to configure these things anyway, the ones that we use on-site doing point-to-point, and we've been tricked up a few times with their interfaces.One area that confused me a bit when I was building my current network. I use VLANs to have separate functionality on the network, and the appliance I got was the WiFi model, but I discovered that you can't assign WiFi channels to the VLAN. So, you can have WiFi, but its own subnet. You can't run that over the VLAN. Effectively, I can't use the WiFi facility in the appliance and had to purchase a separate web that supports VLANs. In the end, I had to go to GFI support. They confirmed this is just a limited functionality of that device, as it is a low-end device. I don't know if any of their high-end models have a better facility or not.There's also room for improvement in the Traffic Rules. We define networks to use a specific outgoing interface, say VSAT, shore, or marine WiFi, which is okay. But then all we have is a checkbox that says "Use other internet interfaces if this one is unavailable." What we would prefer would be to have a priority list. So if VSAT is unavailable, try to use 4G, etc. We haven't really found a reliable way of doing that in the current release.There were certain things I didn't know about it, but I've always been able to just contact our IT company. They've been able to walk me through certain things. It was quite a monumental task to set up a public site. Support really had to help me with setting up the VLANs and walk me through it. It was not possible for me to figure that out on my own, but that's what they're here for. That could have been a little bit easier laid out.The antivirus seemed to be a bit laggy on the connection so I disconnected that. It's definitely good. The only issue we've had with any sort of cyber attack seemed to be coming from a couple of distinct locations, people trying to get into known ports on remote desktops and stuff like that. The fact that we can block all that traffic is just great. It simplifies it.The comprehensiveness of the security features could be improved upon. However, for the most part, it is pretty good. They could add more logs. I would like to see more detailed reporting, custom reporting from the logs, and more of a streamlined interface for certain aspects.

More Kerio Control Cons »

Pricing and Cost Advice
Always consider what you might need to reduce your wasted time and invest it in other solutions.There is room for improvement in the pricing when compared to the market. Although, when you compare the benefits of support from Cisco, you can adjust the value and it becomes comparable, because you usually need very good support. So you gain value there with this device.When it comes to Cisco, the price of everything is higher. Cisco firewalls are expensive, but we get support from Cisco, and that support is very active.It's a brilliant firewall, and the fact that it comes with a perpetual license really does go far in terms of helping the organization in not having to deal with those costs on an annual basis. That is a pain point when it comes to services like the ones we have on Fortigate. That's where we really give Cisco firewalls the thumbs up.Cisco is expensive, but you do get benefits for the price.In terms of costs, other solutions are more expensive than Cisco. Palo Alto is more expensive than Cisco.Pricing varies on the model and the features we are using. It could be anywhere from $600 to $1000 to up to $7,000 per year, depending on what model and what feature sets are available to us.We used Check Point and the two are comparable. Cost was really what put us onto the ASAs... the price tag for Check Point was exorbitantly more than what it is for the ASA solution.

More Cisco ASA Firewall Pricing and Cost Advice »

Setup cost may be not so low, as you expect, because it depends on different factors, but TCO for 5 years may pleasantly surprise you.Fortinet is the least expensive solution.Fortinet Secure SD-WAN delivered the lowest total cost of ownership (TCO) per Mbps among all other vendors.The pricing for this solution is good.Before choosing a piece of equipment you have to take into account the cost-benefit offered by each one. Sometimes it is not worth paying a very cheap price to have a minimum level of security.Each feature costs money, so it is important to study your needs.I would say that all things considered, the pricing is pretty good.Fortinet is reasonable in pricing and licensing. Overall, FortiGate is affordable. The licensing fee can be a little high, depending on the budget for your project.

More Fortinet FortiGate Pricing and Cost Advice »

Its initial cost is less as compared to other products. It becomes a bit costly when you pay for the products that you don't use. We paid for almost all the products through subscription, but we are using only a few products. We use EndPointSecurity, Kerio Connect, WebMonitor, and LanGuard. We don't use the rest of the products.It's too expensive. The license, in the last year or so, has gone up by over a £100. We're almost being out-priced by the annual license at the minute.It's pretty expensive in licensing costs, especially if you use the product longer than one or two years. The licensing costs are still high, which I don't think is reasonable for a product like this.On the low-end device that I use, it has unlimited IP addresses. So, they have a subscription model where, on the higher models, you pay X dollars for 10 IP addresses. Then, if you want any more, you have to pay more on the model. On the low-end model, it has unlimited IP addresses, because if you have too many users, the thing will just slow you down and stop working. At some point, you need to say, "Okay, I've grown to a point where performance is impacted. I need to get some bigger hardware." If I get to that stage, I will possibly look at using one of the virtual appliances and putting it on some bigger hardware.It gets expensive pretty quickly if you need to purchase license packs.I think it is a bit on the pricey side, but it's okay. I've got 50 licenses which I think is $250 a year or something like that.The yearly maintenance fee is a bit high for the Kerio Control Boxes. The end of life for the devices is kind of short. It seems like they're making you upgrade within a short period of time. They should at least allow five years, but it seems like they are changing their end of life to be shorter to generate revenue.It gives us a lot. It does prove to be a very robust product for the cost.

More Kerio Control Pricing and Cost Advice »

report
Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
437,827 professionals have used our research since 2012.
Questions from the Community
Top Answer: Fortinet FGs: Great devices, relatively easy to deploy and maintain. Cheaper than most devices of their kind. If you're looking for a lot of features at a relatively low price point this is the way to… more »
Top Answer: They provide DDoS protection and multi-factor authentication. That is a good option as it enables work-from-home functionality.
Top Answer: In terms of costs, other solutions are more expensive than Cisco. Palo Alto is more expensive than Cisco.
Top Answer: The main difference between Watchguard and Fortinet is the operating system, and how it uses the hardware features. The user interface in Fortinet is cleaner and we can adjust network and security… more »
Top Answer: The most valuable feature is the VDOM, which allows the customer to have multiple firewalls in a single campus.
Ask a question

Earn 20 points

Popular Comparisons
Compared 9% of the time.
Compared 5% of the time.
Compared 11% of the time.
Compared 9% of the time.
Compared 8% of the time.
Compared 6% of the time.
Compared 38% of the time.
Compared 12% of the time.
Compared 4% of the time.
Compared 3% of the time.
Also Known As
Cisco Adaptive Security Appliance (ASA) Firewall, Cisco ASA NGFW, Cisco ASA, Adaptive Security Appliance, ASA, Cisco Sourcefire FirewallsFortiGate 60b, FortiGate 60c, FortiGate 80c, FortiGate 50b, FortiGate 200b, FortiGate 110c, FortiGate
Learn
Cisco
Fortinet
GFI
Overview

Cisco ASA firewalls deliver enterprise-class firewall functionality with highly scalable and flexible VPN capabilities to meet diverse needs, from small/branch offices to high performance data centers and service providers. Available in a wide range of models, Cisco ASA can be deployed as a physical or virtual appliance. Flexible VPN capabilities include support for remote access, site-to-site, and clientless VPN. Also, select appliances support clustering for increased performance, VPN load balancing to optimize available resources, advanced high availability configurations, and more.

Cisco ASAv is the virtualized version of the Cisco ASA firewall. Widely deployed in leading private and public clouds, Cisco ASAv is ideal for remote worker and multi-tenant environments. The solution scales up/down to meet performance requirements and high availability provides resilience. Also, Cisco ASAv can deliver micro-segmentation to protect east-west network traffic.

Cisco firewalls provide consistent security policies, enforcement, and protection across all your environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables greater simplicity, visibility, and efficiency.

Learn more about Cisco’s firewall solutions, including virtual appliances for public and private cloud.

The FortiGate family of NG firewalls provides proven protection with unmatched performance across the network, from internal segments, to data centers, to cloud environments. FortiGates are available in a large range of sizes and form factors and are key components of the Fortinet Security Fabric, which enables immediate, intelligent defense against known and new threats throughout the entire network.

Kerio Control brings together next-generation firewall capabilities -- including a network firewall and router, intrusion detection and prevention (IPS), gateway anti-virus, VPN, and web content and application filtering. These comprehensive capabilities and unmatched deployment flexibility make Kerio Control the ideal choice for small and mid-sized businesses.

Offer
Learn more about Cisco ASA Firewall
Learn more about Fortinet FortiGate
Learn more about Kerio Control
Sample Customers
There are more than one million Adaptive Security Appliances deployed globally. Top customers include First American Financial Corp., Genzyme, Frankfurt Airport, Hansgrohe SE, Rio Olympics, The French Laundry, Rackspace, and City of Tomorrow.Pittsburgh Steelers, LUSH Cosmetics, NASDAQ, Verizon, Arizona State University, Levi Strauss & Co. Whitepaper and case studies hereTriton Technical, McDonald's
Top Industries
REVIEWERS
Financial Services Firm20%
Manufacturing Company10%
Comms Service Provider9%
University8%
VISITORS READING REVIEWS
Computer Software Company28%
Comms Service Provider22%
Media Company6%
Government5%
REVIEWERS
Comms Service Provider17%
Real Estate/Law Firm8%
Energy/Utilities Company8%
Financial Services Firm8%
VISITORS READING REVIEWS
Computer Software Company26%
Comms Service Provider23%
Media Company7%
Government5%
REVIEWERS
Financial Services Firm15%
Computer Software Company15%
Transportation Company15%
Government8%
VISITORS READING REVIEWS
Comms Service Provider32%
Computer Software Company20%
Media Company7%
Government6%
Company Size
REVIEWERS
Small Business35%
Midsize Enterprise25%
Large Enterprise40%
VISITORS READING REVIEWS
Small Business31%
Midsize Enterprise22%
Large Enterprise46%
REVIEWERS
Small Business47%
Midsize Enterprise25%
Large Enterprise28%
VISITORS READING REVIEWS
Small Business46%
Midsize Enterprise24%
Large Enterprise30%
REVIEWERS
Small Business87%
Midsize Enterprise10%
Large Enterprise3%
Find out what your peers are saying about Fortinet FortiGate vs. Kerio Control and other solutions. Updated: September 2020.
437,827 professionals have used our research since 2012.
Fortinet FortiGate is ranked 1st in Firewalls with 43 reviews while Kerio Control is ranked 5th in Firewalls with 32 reviews. Fortinet FortiGate is rated 8.6, while Kerio Control is rated 8.2. The top reviewer of Fortinet FortiGate writes "Don't underestimate FortiAnalyzer. It can give you a better understanding of what is going on in your network". On the other hand, the top reviewer of Kerio Control writes "Through the ease of how quickly we could roll out the VPN to everybody, we had whole companies remotely working overnight". Fortinet FortiGate is most compared with Meraki MX , pfSense, Sophos UTM, SonicWall TZ and Cisco Firepower NGFW Firewall, whereas Kerio Control is most compared with pfSense, Sophos UTM, Sophos XG, OPNsense and Untangle NG Firewall. See our Fortinet FortiGate vs. Kerio Control report.

See our list of best Firewalls vendors.

We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.