The product's setup is quite complex, making it an area where improvements are required.

In SonicWall, there is no need to buy two boxes for HA. SonicWall will work fine if you buy one box with the fully licensed set and get another box without a license. When it comes to Palo Alto Networks or Fortinet FortiGate-VM, people have to buy the same type of boxes with the same features to ensure that they get HA. The need to buy the same type of boxes with the same features to ensure that you get HA is one of the shortcomings of Fortinet FortiGate-VM when compared to SonicWall, where improvements are needed.

The product has a good reputation in the SMB industry market. The tool does not have a good name in the market, consisting of enterprise-class businesses, making it an area where the product lacks and needs to improve.

The price of the license needs to be improved.

If a user makes any changes, it will immediately have an effect on the solution. If a user makes any changes in a product like Palo Alto, there is a need to push those changes to the firewall and apply commit changes, which shows the configuration part, making it a good feature since it sometimes helps, considering how a user may make small errors.

Errors made by a user get applied when using Fortinet FortiGate-VM. In the production environment, if a user makes any changes in a live environment, there is a need for the user to be very alert. The aforementioned area can be considered for improvement in the solution. Palo Alto is good for the production environment.

Capacity-wise, I think the solution's log storage area is something that needs to be increased since, by default, it stores logs for only seven days. The compliance team in our company needs to check the logs, which may be older than ninety days. Though the tool provides a storage hard disk with enough space, in our company, we can't store logs.

Support could be improved a little.

I don't have any specific improvements to suggest, but perhaps the pricing could be enhanced. Regarding updates, more frequent updates would be appreciated. FortiGate-VM is currently focused on providing very good firmware updates, automation, and top-notch features. It stands as a great product for now.

Based on our needs and the vulnerabilities we've encountered due to various downloads, I suggest integrating with Kaspersky Gateway. This integration would involve scanning and inspecting both official emails and spam emails. Our customer has successfully worked with Kaspersky Gateway, and overall, the integration has been effective.

The users must buy FortiSIEM to get advanced analytics. The product must provide users with more reports before asking them to buy FortiSIEM.

There is room for improvement in the pricing model. The pricing is expensive, but pricing should be competitive, and it should be unit-based pricing.

There were a few cases where I had to use the command line interface on it. Now they do have the ability to pop up a command line, which is nice, however, the fact that you can't do everything within the GUI is probably a problem. There's a thing I have for most products that have started out in the command line and have added GUI, and the GUI is always somewhat behind in capability.

If you have a product you should be able to control the entire product through your user interface. You shouldn't have to drop back into backend command line commands in order to tweak something. There's a couple of cases where we had to do that when we were trying to set up one of the tunnels in particular. We were talking to Check Point or some other company. You've got two different manufacturers with a sort of standard for tunneling with all kinds of encryption methods and stuff like that. You have all these options, and, in order to get the right one, we couldn't discern it from the logs that we were viewing with the user interface. We had to drop down to the command line in order to do that. I would have thought that there should be enough information options made visible in what you can just do from the user interface.

Fortinet FortiGate-VM should improve its asset identification, wherein the device can identify assets on the network, like computers. We should be able to identify a device and the user account used to log on to that device.

The biggest area for improvement is storage configuration. It could be smoother.

The product is satisfactory. I haven't identified any features to improve, and based on the number of deployments I've handled with FortiGate-VM, there haven't been any complaints from the customer's side.

I believe that Fortinet FortiGate-VM makes improvements on a quarterly or yearly basis.

In Fortinet FortiGate-VM, the area around the configuration, performance monitoring, and GUI are not as easy as in Palo Alto. Fortinet FortiGate-VM's configuration part, performance monitoring, and GUI are areas where improvements are required.

The scalability feature of the solution has certain shortcomings, making it an area where improvements are required.

The solution could use very well-defined support for resellers. There isn't necessarily 24/7 support and resolution.

The interface could be improved. 

The product could have more protocol routing options. 

I'd rate the solution at a seven out of ten.

They should keep us up to date about the latest version. That's the biggest thing. Currently, we have to go looking for the latest version. We should get notified about what's going on with the versions.

I would like to see easier dual-factor authentication.

SD-WAN could be enhanced to provide a clear division between control and data planes, utilizing controllers to manage tasks within the network.

They could simplify the troubleshooting process. Troubleshooting requires expertise, often necessitating the command-line interface (CLI). It could be more advanced and easier to use than other products.

Additionally, they could enhance support capabilities and a facility to communicate efficiently with the team.

The integration can be a bit easier. You need to maintain the integrations. You shouldn't have to. For example, in Cisco, you don't have to maintain integration that same way.

The support could be a bit better.

There are no missing features or items we would like to see in the future.

This is not a good solution for enterprises. It's better for smaller companies. 

It would be better if it could provide you with options before completely blocking anything through the web filter. If you are doing a deep SSL inspection on the site if it says it's expired, it doesn't give you the option to continue at your own risk. I can't say that it's bad, but SSL internally isn't really a requirement. However, its security features can help. Right now, we have people going out and spending on purchasing the SSL certificates for internal sites. 

There is always room for improvement in any solutions, including Fortinet's FortiGate-VM. Although the solution claims to have a superior throughput compared to other OEMs, upon closer examination and comparison, there is potential for significant improvement in this area. In today's rapidly evolving technology world, it is important to continuously strive for enhancement and development, and I believe Fortinet can make significant strides in this direction for the FortiGate-VM.

The stability of the product is an area of concern where improvements are required.

The response time of the technical support team is an area of concern where improvements are needed.

The solution is highly scalable, depending on the type of hardware it runs on. You need knowledge of hypervisors to learn about the virtualized environment.

The previous version, which was 7.1 or 7.2, was a little bit easier to use. It's kind of a little bit tricky to find the options from the firewall configurations now, in the latest version. Previously, it was easier to deal with. The whole dashboard that you get can be improved. They could organize the whole dashboard a bit more to put stuff under each other in a way that makes sense and makes everything easy to reach.

The costs could be lowered.

FortiGate-VM could be improved by making it cloud-based. I'd like it to be a cloud-based management solution instead of just a dedicated management orchestration tool. 

We have lost some information and we do not know how that happened through the solution. That needs improvement. 

If I could add one feature, it would be free security profiles.

I don't see any specific features that are missing from the solution right now.

The user interface needs to be improved.

One thing that can be better is added automation. And, on top of that, enhanced security when it comes to the automation itself.

We face some issues with the IPsec connection during replication. It must be improved.

The tool is expensive. 

Fortinet devices are acknowledged as highly potent and come with a notable cost. These devices offer extensive visibility, an array of configurations, and a range of security features. However, there's room for enhancement in their routing and switching security aspects, akin to Cisco's offerings.

A noteworthy aspect here is Meraki, which offers cloud controllers. If FortiGate were to introduce a similar cloud management solution, it could strongly compete with both Meraki and Cisco products. Cisco operates in two sectors: enterprise and SMB. Particularly in the SMB market, they hold sway due to their convenient cloud management features. For instance, Meraki's cameras and wireless access points can be easily controlled through their cloud management portal. If FortiGate were to provide cloud-based management solutions for SMB customers, it could cater to a significant portion of the market, considering that a substantial number of customers fall within the SMB and mid-level enterprise categories.

The solution's web-filtering configuration could be more straightforward. It takes a long time to configure.

In the next releases, it would be nice to see central cloud management.

They have an on-premises solution that you can deploy for fleet management or for multiple site management, but it seems like a cloud solution would be a little bit easier.

I think one thing we couldn't find in the software console was all of our logs. In the logs themselves, for example, we couldn't find if a user was accessing all of the VPN. We don't get to know or we don't have a report that shows on what date or for how long and from what time he user has logged on. We don't have that particular feature or that kind of visibility. That could be improved. Reporting, therefore, in general, could be improved.

The one thing that could be improved is the integration with the exchange. The gateway level controls can be enhanced a bit more. For example, it's still little here and there. You do get malicious attacks and suspicious emails like spam. It's not like Sophos where we got a lot of spam email, and yet, it's still relatively vulnerable. It can be upgraded, maybe with a fifth-generation firmware that it is ready for unknown threats. 

Especially after this pandemic situation, it requires a little more enhancement. For an SME level organization, it's okay, but when it comes to corporate and banking enterprises it still requires a lot of enhancement. Comparing it to Palo Alto, for example, it's still very behind the curve.

Price is okay and can be considered in the middle range, provided we compare it with other solutions. So, the solution can be made cheaper.

Fortinet FortiGate-VM should have a public forum where engineers can ask and answer questions. This would make it easy for anyone to search for incidents and find solutions quickly without needing to ask for support. The forum should contain a lot of information to help users troubleshoot issues on their own.

The solution's support can be considered a bit slow since it takes some time to resolve issues. So, support needs to be improved.

Sizing can be challenging for customers interested in using Fortinet FortiGate-VM. They often ask for guidance on how to size the virtual machine for their needs properly.

Right now, we are totally satisfied with this solution. There are several units worldwide. We have only one unit at our Kolkata location, and we are satisfied as of now in terms of its capabilities.

Price-wise, it could be slightly better, however, if you compared it to other makes and models of equal category, it is generally cheaper.

There are certain GUI features that should be present but are not, although these we can address through the command-line interface. We have to make use of this to create certain policies or change the interface layer. These configuration restrictions should be addressed. 

Moreover, the reporting should be upgraded, as there are only a small number of reports available. We also encounter issues on the logging pages. GUI does not allow for live logging and the command-line interface must be used in its stead. The need to rely on CLI should be done away with entirely. 

While we consider the solution to be user-friendly, certain improvements should be made in this respect. 

The licensing needs to be improved. We need longer licensing periods, especially for POCs and trials. It should be for six months. Right now, it's too short of a timeframe. 

Overall as I say, the features-wise and performance-wise the VM and hardware versions are the same. The main difference is that the hardware-based option ins is more powerful compared to the VM version. 

Their technical support is not helpful and I try to avoid using it.

The product needs to focus on cloud-nativeness and pricing. 

The solution can improve by adding separate interfaces for proxy and flow-based usage.

In the next release, the web application firewall should be integrated into the hardware. There is separate hardware for the web application firewall and for  FortiGate.

We have had some issues with connecting to the VPN from home after firmware updates, which could be an area for improvement.

Customization needs improvement. A lot of people have very unique requirements that they ask for at times. Everybody wants to get more out of the solutions so that they have more with less. I would like a little more customization, especially now that everything is becoming a lot more flexible with cloud-based deployments. A little more flexibility in terms of the offering that we can do or the bundling of products would help acquire markets much faster or much better.

I haven't had much of a chance to work on the VM environment too much. I don't have any notes for improvement. 

Technical support could be better. 

Their offering for MFA isn't the cleanest. They have a product called FortiAuthenticator. It's not a FortiGate but that is one of their MFA offerings. However, other products that I've used, like Duo, are better from a user experience standpoint. They are easier to configure. 

As we just began implementing the solution, I'm not sure if there are any features missing. We haven't come across any shortcomings in the product yet.

We purchased the product through a reseller, and we don't have any issues with them and therefore, so far, don't have any issues with the solution itself.

The product may not be as robust as Palo Alto. However, unless you are a big bank, you probably won't need it to be.

The encryption detection could be improved. In my opinion, I think Sophos has better encryption detection than this solution.

The security of the solution could be better.

The interface needs to be updated and simplified.

The management could be more in-depth or clear. 

The product has issues with integration. I would like to see better integration in future releases of the product. 

It is a very good product, and it is good at standing by itself. It can maybe have a little bit of integration with other products, but it is not that important for most use cases.

The product does not have a good graphical interface. Their patches and their upgrades are not always compatible with configuration. That means that often you find after you upgrade that there was something else you have to do to the rest of the infrastructure, whether it's a printer or a user or whatever. It doesn't appear to me that their upgrades are well tested. They usually do what they're supposed to do, however, they also usually do some other things that FortiGate doesn't seem to be aware of.

It doesn't maintain legacy capabilities very well.

The stability of the solution isn't ideal.

They don't seem capable of supporting their own product.

The solution needs a better user interface and more intelligent services like spam blocking and auto whitelisting, gray listing, blacklisting, et cetera. It just basically needs better user monitoring.

With FortiGate, we sometimes encounter bugs in various operating systems. Also, sometimes the security policies are hard to apply specifically when it comes to web filtering.

They could provide more integration options with different platforms.

With every new version, there are issues and new parts due to the improvements. But the improvements are not always easy for the customer, especially when making a big configuration. Rather than being an improvement, it becomes more complicated.

The performance could be better. Some features need to have quality control when the switch is working. The dedicated bandwidth for some users is not reliable.

There should be more options to use lower-end models in a high availability configuration.

They should continue to improve the traffic shaping; they should add some AI to the traffic shaping. They should also consider learning from other organizations as opposed to just internally. They should follow patterns instead of everyone having to recognize patterns and make adjustments on their own. Instead, they should add some form of intelligence to guide administrators in best practices with traffic shaping. I think this will become very important as we move more toward a SaaS-type world. 

Web filtering is a feature that needs some improvement. There should be some additional features to allow active users to change their own passwords.

Additionally, the secure web gateway and the inspection feature need more security improvement in the next release.

Compatibility and integration with other products or vendors such as Cisco SD-WAN products need improvement.

The multi-tenancy environment for multiple customers, to make it more secure, needs some improvement.

When you buy a bigger box, you should have the ability to slice and dice data. It should also have the ability to give customers either read and write or more privileged access to that environment. Specifically, to the environment that doesn't overflow into the other parts that have been sliced up.

I would like to see a type of portal for on-site deployment, where they can report into a cloud portal and have a high-level view of utilization. Basic indicators on the performance of the environment, including health status, should be displayed.

Data reporting could be improved and also in terms of performance, some improvement should be made on VM, it should be more optimized. Scalability of the solution could also be improved. 

For an additional feature, Fortinet should add more SD-WAN with caching as a special functionality. It should be integrated with Fortinet. 

The price and licensing of the solution can be better.

I can't recall any aspects that need improvement.

The pricing could be a bit better.

We'd like to have more customization and easier customization of policies. 

The scaling can be a bit better. 

It needs an Application Inspection. The threat landscape is very high. Anyone can exploit the flow-based policies. It is always better to have intern-based policies.

The stability could be improved. I find Cisco to be more stable than Fortigate, which is I major differentiator between the two.

I haven't really explored the cloud too much, as we deal mostly with an on-premises system. However, now with everyone working from home due to COVID-19, it's something I'm beginning to explore and something I think Fortigate needs to invest in and expand on. If they could do something that integrates the cloud effectively, maybe with a cloud provider like Azure, that would be helpful.

Fortigate could speed up its level of customer service in our region.

There isn't anything in terms of features that we find are lacking. We don't see any places on the solution that don't cater to our requirements.

I would like to see VNX security and WildFire. Those features I would like to see on the solution in the future in order to be able to evaluate it further.

At this time, I can't say anything against the device. It has been doing a great job.

Fortinet could improve the availability and delivery of its products. It takes four to six weeks for every purchase to arrive.

Integration could be better. Whatever devices I'm using with FortiGate are all compatible. The access points and switches are also FortiGate, so I can easily integrate them. But it would be better if we could embed other devices as well. There are compatibility issues with other brands, and we need that. We can only integrate universal brands with FortiGate. The initial setup could also be easier.

It would be useful to have integration with different reporting tools. This is something we are sorely missing. It would be a plus to have reporting integrations. 

It would be good to have more integration with the identity suites, such as Office 365 and Azure Active Directory, of different providers that we use. Integrations are already available, but it would be nice to have some more advanced options.

The reporting is not as good as it is with other firewalls and it should be improved. There should be a customized report, for example.

The dashboard seems to change quickly from version to version, and they should follow the lead of vendors like Palo Alto, Juniper, and Cisco, and always keep it the same.

The bandwidth limitations should be increased.

To improve FortiGate-VM, Fortinet needs to harden it more. For example, if you are using Hyper-V, then you need guidelines for hardening FortiGate-VM that are specific to the Hyper-V environment. If it's VMware, there should be at least a guideline on how to harden the firewall.

The technical support could be improved. I'd like to see the security platform upgraded.

The price is problematic. 

An interesting feature of the vendor license involves SD-WAN orchestrator and this should be addressed in the part which deals with feature licensing. 

Sometimes, FortiGate-VM is a little different to set up than other firewalls that I've managed. It would be better if it was just a little more mainstream. Some more documentation would be nice as well. Documentation has always kind of been our problem with FortiGate-VM. 

There's a lot of stuff I like about FortiGate-VM, but like I said, we still do a lot more Palo Alto firewalls than anything because they have true layer-seven attack prevention. FortiGate-VM does have that too, but it doesn't work as well. I would like to see more layer-seven functionality and expect to realistically block things at the top level.

The graphical user interface should be enhanced. While the antivirus profile can be implemented very easily with the graphic user interface, there are many important features that cannot be undertaken without the CLI command like signature, such as extending a  database. One cannot do a graphical user interface for this and CLI command must be employed instead. 

All hidden features related to CLI should appear as a graphical user interface.

The scalability of the solution needs to be improved.

The price model is not transparent by any means and should be made more clear. What's included in the packages is often not very obvious.

In terms of what features should be improved with Fortinet, I feel it should give better reports. They provide some basic reports in the entry-level and middleware products but I would love this product if they gave more reports, including more MIS from the traffic because they capture everything in the UTM. They don't produce a team value report. They don't produce a usable report where the IT manager, IT head or CTO can analyze where the attack happened or figure out where the bridge is down, etc. The reports are basic. There are engines which make everything on the GUI. All the user can potentially access for the risky function in the Fortinet but it should be on the GUI, it should not be behind the command line. They could definitely provide the FortiAnalyzer with the basic UTM in a bundle pack.

People should not have to ask for another FortiAnalyzer. It's an entry-level product. I understand that FortiAnalyzer is an expert level product but the functionality should be available at the entry-level as well. Fortinet should think about the entry-level and give it managing capabilities. That's why I selected Sophos because, for a small or medium office, all the reports are available there.

Secondly, Sophos is cost-effective. It is comparatively much cheaper. Sophos is available for a much cheaper price than Fortinet. Also, they have some other functions like sandboxing and others. FortiGate should be more customer-friendly and budgeted better. If I am a buyer, I do not want multiple appliances to manage. It should be one box, one appliance. One mobile should do everything. Multiple products require IT to create a workaround. You have to buy two products and then there is actually another one with that, one plus one, and then there is multiple management, so the product is definitely cumbersome. The beauty of the product is implementation and maintenance without it.

I have my own team to maintain this product. We are very happy as a Sophos user, as we get whatever we want from the reporting point of view. There are no glitches. There is no one issue in particular. When I ask, or my team asks, how the network is working and why there is network latency there are reports about where the traffic is going and I do not have the input after moving or switching to Sophos. I can get the support regarding which IP is working where and which IPs are making traffic, and more.

The Fortinet solution has resolved the issues with Microsoft Azure active directory.  This integration allows us to build rules based on Grupo membership for access to data center assets on individual bases.

The user interface could be improved, but as a firewall, it's the best product we have.

There should be a bit more automation.

There could be more integration capabilities.

Technical support could be better.

The solution needs more features surrounding event log management.

The technical support is not very responsive and is an area that needs to be improved.

The tech support calls were not the best and could be improved. There have been times when we felt as if we knew more about the device than the support person on the phone. 

There's this command in the email of service policy that you add for the email of service policy. It's hard to do in reality. It could be made easier.

The block, the clarity, the quarantine command, is not very user-friendly. You would have to do everything through the command line and I would have preferred if it wasn't a CLI. 

The interface of the solution could be improved. Right now, it's not the best.

In some areas of the solution, it works slowly.

The price of FortiGate-VM is high and should be more competitive.

In the next release, we would like to see full integration with VMware NSX virtualized networks.

The solution should provide more useful GUI features. This would prevent us from having to resort to CLI or certain basic commands. 

There should be an IPsec failover. 

The key activation is very complicated at times. For example, when you use it for different customers, due to the fact that they are linked with one customer or another, you need an account. Sometimes the customer doesn't have the account, or they confuse the key. It derails the process a bit. It would be ideal if they could simplify or streamline the process.

The internal logs could be easier to manage. When you handle debugging sometimes you have some trouble seeing the whole of a packet that crossed the firewall. Luckily, I have a lot of expertise and therefore can work within these shortcomings. However, it would be easier if there was more visibility.

Pricing should be more competitive, it's expensive.

In the next release, I would like to see integration capability with SIEM tools, such as QRadar, and LogRhythm.

When new versions are deployed they tend to be a little buggy, so they should be more fully tested before release.

I have had a data issue with physical devices that could improve.

Areas for improvement would be application control and web filtering.

It's important that, over time, the solution just keeps up with additional features. There's nothing specific that comes to mind, however, it's important for Fortinet to stay as much on the edge as possible, as far as keeping up with what's out there.

The solution is fairly complex.

The operating system isn't stable, so it goes to memory counters every night.

We are experiencing a failed login issue. There should also be improvements in functionalities we store to enhance our services.

It should have the SD-WAN feature. This would increase the number of features that are available in the box.

I'd like for it to be possible to cluster together data centers. Right now, we have two data centers that are a thousand kilometers apart. It would be nice to be able to string them together.

We occasionally have issues when we are doing firmware updates.

The log settings and filters could use some improvement.

More monitoring should be included with Fortinet FortiGate-VM, in my opinion.

It has a monitoring tool, but it could be improved.

The management tools should be more user-friendly.

We have encountered certain issues with the bandwidth in respect of the security layer. 

The solution could be improved by making deployment easier and dispensing with the reliance on FortiManager, as well as FortiAnalyzer to get any meaningful reporting out of it. If they could exclude both of those from the whole equation so that it bundles direct to the firewall, that would be a big improvement. It should be decoupled from the whole ecosystem, the security fabric side of it, and that would improve things. I get the feeling we have limited functionality if we just look at the data itself, and that's not cool when you're spending thousands of dollars on a product.

The technology is just not there yet in terms of UX and true integration. We have had endless woes with our Analyzer services and the Manager seems rather rudimentary on its own. We believe that the actual Fortigate should have all this disparate functionality baked-in.

It is difficult to size the VM in terms of machine resources, and for this reason, clients prefer the appliance.

The GUI could be improved. Furthermore, the unit we have could be modified because it's not that high of a torrent. 

We are using a product from eight years ago. I am sure there have been improvements in the newer versions. Improvements on the following are needed:

1. Responsive UI
2. JIT and detailed traffic reporting.

We've had issues with integration. It hasn't gone well.

We have had some stability issues.

There are some instances where configurations can get complex.

FortiGate's application load balancing has to be improved. They need to improve a lot on the load balancing and RAF side. They are far behind Citrix in that regard.

The user interface (UI) and the performance of interface both need improvement.