The solution is not scalable.

The solution is expensive.

It is very complex. 

There are a variety of improvements that can be made. 

The reporting was limited. I had to use FortiAnalyzer to obtain a complete solution. The reports are very limited with the solution, basically. Once you implement FortiAnalyzer, you can create very, very detailed reports for all the networks.

The biggest problem we have is the way they handle virtual IPs. It's not handled well at all and even pfSense handles that better. There are three different ways to configure it, depending on whether it is an internal or a through process, and it's just unnecessarily complicated. It would be nice if everybody got together and agreed on some language in their CLIs, but that's not going to happen. If you only dealt with one product on a regular basis, then the problem wouldn't be as evident.

The dashboard is not user friendly so is a bit complicated. Training is important or you will suffer when completing tasks.

We would like the ability to divide users by position and assign different rules to each position. For example, managers are allowed to browse YouTube but employees are not allowed. 

FortGate's IPS reporting could be made better by giving more details regarding the source and destination of network traffic when it comes to the overview section. This would allow me to more easily follow the flow of traffic based on IP addresses, without having to integrate the IPS with other products that perform more sophisticated traffic analysis.

Another improvement, that may only tangentially relate to the IPS, would be to include more functionality and details regarding SD-WAN (such as the ISDB), in order to make it more secure.

There could be more modifications. Some features are enabled, however, compared to Fortinet, some features are not easy. 

Sometimes the dashboard does not open properly. When we add more options, SD-WAN features, and user control features, the opening is very slow. It does not sync properly.

Fortinet has serious vulnerabilities. Some of their interfaces are exposed to attacks. Since they are more prevalent, they may attract more attacks and have more vulnerabilities discovered.

The solution’s stability could be improved because we sometimes face some drops. It was not due to the box, but it was due to some misconfiguration on our end.

The customization is a little bit difficult because we have to customize everything. Typically, we will enable everything.

There is room for improvement in being proactive about identifying and integrating new signatures.

The initial deployment could be minimally improved. It's fairly good right now but it could be better. 

We sometimes have issues when carrying out inspections because the system slows down and our clients complain about it. The only other drawback is that we have to manually insert certificates for our clients. Most social networking sites have dependencies and to completely block them requires a deep inspection profile. For protection, we need to put the certificates in for all of our clients. It's a major drawback not having it embedded in the system. I would very much like to see Forticlient's new TNA technology included with the original license for Fortigate. It currently requires an additional license which is quite costly for us as a middle-size organization. We could include it with VPN for our clients. 

Fortigate is always innovating. I'm not sure if any improvements are needed.

We'd like to have multi-factor authentication via fiber.

FortiGate IPS is somewhat pricey compared to other solutions. There is also room for improvement in terms of the radio signals. The FortiGate WiFi has a relatively short range. I've found there is a lag in its zero-day malware response that could be better, and FortiGate could integrate better with other brands of equipment or identity management solutions.

They can improve in the area of creating daily, monthly, and item-wise reporting. I think they should focus on including IP-controlling functions. 

I would like for Fortinet to add a ransomware protection feature in the next release.

Fortinet FortiGate IPS could improve the VPN. There are times it is slow.

The interface could be better.

We would like the initial setup to be a bit easier.

It isn’t missing any features. We’re pretty happy with it.

It's a bit more complex to configure in comparison to Cisco.

The learning curve is a bit higher. 

It's not the least expensive solution on the market. 

It would be helpful to have a better tool for migrating all policy rules using an automatic script. The current tool does not place entire configurations in their desired locations. It takes time to manually configure for compatibility across different platforms or vendors. 

They should provide us with a CSV number for patch updates. It will help us block specific signatures as well.

When everything is taken into account, the migration is quite painless. I believe that improvements will continue to come from the fact that as threat vectors get more complex around the world, advanced threat protection and deep packet inspection will become increasingly vital. That is where technology needs to advance much more quickly.

The most important feature to have is zero trust, which is lacking in Fortinet FortiGate IPS.

Zero trust is something that has to be embedded and I would still like to see how Fortinet approaches it.

So far, everything has been good for us. We haven't had any issues. 

While the security is good, we'd always prefer if it was even better to ensure protection.

Fortinet FortiGate can improve performance. There was a huge challenge in terms of CPU and memory where the IPS engine would keep triggering. There were random spikes of overutilization in the CPU and memory resources. They have to work on CPU and memory stability considering these IPS engines. A few versions were very unstable.

The current Fortinet FortiGate IPS package has only standard options. If they could work around optimizing those packages for different needs it would be better. There might be a media company, or banking organization, which needs a different set of signatures and different bundles on priority. If they could segregate that in terms of organization and needs, or at least institutional-wise segregation, that could be great. 

The speed of the detection could be improved. The prevention mechanisms and implementation are not easy and could be better. In addition, filtering and IDS could be added.

Fortinet can add some Machine Learning and AI to improve its accuracy and give it an edge on IPS detection and protection. They have some machine language learning but can still improve using AI.

Whitelisting could be better. We'd like to be able to automate more so we can whitelist in bulk. It would be ideal to have the ability in this tool or to have a tool that could plug in and allow us to do whitelisting in batches. 

We'd like more integration with the analyzer so we can track down any problem and have a correlation to try to find the root cause.

The solution could maybe use more integration with artificial intelligence to be more proactive.

I would like to be able to generate reports about the protections that we have. I would like a report feature.

For example, I would like to see that in VPN and FortiGate, that the equipment that connects to the network is evaluated. Right now, FortiGate validates the users in the active directory and the users have the right permissions to connect. I would also add the user and the computers that are allowed in the active directory. It evaluates the actual active directory, and some computers are allowed but not all. Only the computers that are in the active directory. Right now, when you connect to the VPN, FortiGate checks the active directory. They have the check feature but it should be improved.

This solution has records but I would like to see that in IPS you could define your rules - we have almost 10 or 15 rules, and see if these rules provided protections over the month. For example, to track a specific rule across the IPS solution.

I have been pretty satisfied with the application as it is. I am pleased with the layout and how everything is integrated. Sometimes we will have a client who has a firewall that is not FortiGate, and often times we are able to convince them to switch over to using FortiGate as their solution because of our recommendations.  

On a little different subject, the software for antivirus that we usually use with FortiGate is called Webroot. I know that some of our Apple / Mac clients experience some issues with the integration of that product. The integration, in that case, is not seamless. That is an issue that could be addressed.  

The tool is expensive for small businesses, making it an area where the tool can improve the product by making it available at a cheaper rate.

The interface and product support could use improvement. 

Fortinet FortiGate IPS could improve the configuration. In some use cases, there can be some configuration conflicts.

The graphical interface could be improved.

Overall, the integration could be better. The FortiManager is likely not good. I can't use it as it is unstable most of the time. We'd like to have an SD-WAN for a sandbox, for the Fortinet perimeter. We'd like to be able to manage different boxes.

Price is a major competitor in the market for solutions. When we compare solutions, it's important to consider the pricing. To stay ahead of the competition Fortinet FortiGate IPS needs to think about how to adjust pricing. Most people prefer to use Apollo setpoint.

The price of the solution could be cheaper. 

The solution is quite expensive and I'd like to see the cost reduced. I think Fortinet could raise their level of security. Their VPN service for users gives them the ability to direct remote users to exactly where they're supposed to go. It's good but some other solutions don't give access for remote users to come on to the network. Rather the cloud platform relays or reflects the application that the remote user would've wanted to get access to on the network. It means that remote users don't get to the physical network of the company and that's good for security. 

It would be better if they had a dashboard where we could see what attacks were happening. It would be good to see who's trying to get into our network.

I can't speak to coming across any missing features. 

The solution has limited scalability. The sizing is based don't eh scale of the hardware. 

They can probably improve the reporting feature. Reporting and report alerting are the main key features of this solution. They can always find ways to improve these.

We would like to see an improvement in the consistency of the product's performance levels.

The IPS monitoring can be improved. 

The price could be better. 

The installation was comparatively on the complex side when the solution's ease of use is stacked up against such products as Palo Alto. 

I would like to be able to see more log details.

Its performance can be better. We have had performance issues in the past, but we sometimes tend to find that it is more related to what we do in our network than anything else. It is quite a good product, and there isn't much to improve.

The solution could improve the integration.

The web filtering categories could improve in Fortinet FortiGate IPS. There are too many websites under the category of Unknown and the other categories are not featuring all the necessary sites.

The solution could improve the configuration, there are times the configuration is missing.

The user interface needs a bit of upgrading.

Pricing could be better. 

Customers are looking for 24/7 protection, but it's not as critical in the end. The pricing is preventing them for adopting it so they should be competitive.

FortiGate's logging and reporting could be improved. I would also like to see Fortinet add a guest management portal. 

I think they could improve the monitoring.