Fortinet FortiGate Room for Improvement

Chingiz Abdukarimov
User at a integrator with 11-50 employees
I think there could be more QoS features in GUI. FortiGate has Traffic Shaping feature that is enough in most cases when shaping egressing packets, but sometimes I just need 802.1p prioritizing (Class of Service) of incoming packets and manual ingress queue assignment. This is what would be nice to have, but I realize that such a job is more efficiently done by L4 switch standing before firewall. Fortinet has a FortiSwitch that can do it, and it also can be controlled by FortiGate via FortiLink protocol. [Firmware version FortiOS 6.2 update]: There are a lot of improved and newly added things, so it is very hard to imagine any additional features. View full review »
Andrew S. Baker (ASB)
Virtual CIO (Chief Information Officer) at a tech services company with 1-10 employees
WAN load-balancing could be a lot better at detecting when a link is poor or inconsistent, and not just flat out dead. There are lots of options for routing traffic over a specific path when you have WAN load-balancing enabled, but they are not as clear and consistent as they could be, and most can only be set at the CLI. Some configuration elements cannot be easily altered once created. For instance, there is no way to rename an interface (say, for a VPN tunnel), unless you create an entirely new one and perform a little gymnastics to switch from one to the other. Or, you export the config, rename the elements in question, then re-import the entire config. Creating a meshed VPN connection (Office A with two WAN links connecting to Office B with two WAN links) requires a massive bundle of four IPsec interfaces, with two policies. It would be nice to have a cleaner, simpler config for that functionality, something not very uncommon today. I have found that if you have a console cable in the device when you reboot it for a disk check, it will boot to the device firmware. This will not happen for a regular reboot. If you have more than a very basic environment, you quickly have to escalate past the first level of support. The initial level is so-so. The next level up has been stellar for me, and quick to figure out issues and resolve them. View full review »
Neal Tipton
User at MT Pockets Computers
They should make the rule sets more understandable for the end user. When you're trying to explain to somebody how a computer network is secured, sometimes it's difficult for an end user or customer to understand. If there was a way to make the terminology more accessible to the end user, the set up could be easier. They should translate the technical jargon to an easily relatable and understandable conversation for the end user, the customer. Particularly in an environment where the IT structure is audited regularly, there's always pressure from the auditor to up the standards and up the security and you get your USCERT's that come out and there's a warning about this and the customer will want to lock out so much so when you apply it they run into issue where they can't search the internet or print to their remote office. Of course they can't print to their remote office, they just locked it up. They should make the language more understandable for the customer. If there's a product out there that made the jargon understandable to John Q. Public, I would buy that. There's a link off of the reports that you can click and make suggestions, which is pretty awesome because it seems like somebody is reading those and doing something about it. If I could save reports on a format where I could save space and not have to reprint them and move information down from letterheads and that sort of stuff that would be great. Formatting reports is the only thing I would change about that product right now. View full review »
Find out what your peers are saying about Fortinet, Cisco, Sophos and others in Firewalls. Updated: February 2020.
398,567 professionals have used our research since 2012.
Cesar Nieves
Technical Services Mgr with 501-1,000 employees
For me, at this time, it's very complete. View full review »
User at a tech services company with 51-200 employees
I recently saw the new updates that are coming, such as the ability to quarantine a user's machine. Once done, you have the ability to connect to it from the FortiManager Console and you can bring it back online, out of quarantine. This is all very good news. One of the areas that I feel need improvement is on the DLP (Data Leak Prevention) side of things. Compared to some other products, the DLP is not at par for the moment. Also, if in the next few years this solution can be made to support HE between models, it would be better. I feel that improvements can be made on the security side. Sometimes the product does a good job, but sometimes not. View full review »
Vineeth Babu P
User at emirates hospital
It is mainly our own application of FortiGate that we need to improve. If you compare FortiGate to any other products, all of the other products have more signatures. I couldn't find that many signatures available in the application. Some features of Fortinet FortiGate are actually fee enabled that are inconvenient for deploying in production. Other issues relate to isolation with Cisco products and your server. Fortinet should make it so that we are not able to use analytics from Cisco at the same time that FortiGate is installed. We are not able to do real-time network monitoring. For the next release, FortiGate should be improved to support these issues. For the setup, you need to prepare a lot for that before engaging the deployment. I learned a lot about FortiGate from books. That should be important in preparation. Fortinet should implement these changes, then we would be able to do more. View full review »
User with 51-200 employees
I would like to be able to do segmentation, for a specific user, with more priveledges. I would also like to see an easier user interface to implement that. View full review »
Emmanuel Salamat
User at UAS
Flexibility is questionable when it comes to the hardware parts. If Fortinet can make FortiGate modular so that you can actually upgrade it without changing the parts, I would prefer it. If Fortinet FortiGate could actually integrate with the hybrid cloud architecture without changing the storage parts, i.e. the hardware, it would be better. View full review »
Diana Nongera
User at a agriculture with 201-500 employees
It should come integrated or have its own type of network monitor tool in a module. There should just be one package, and you are good to go. View full review »
User at IT Green Public Company Ltd.
The Fortinet FortiGate firewall has been improved with many new functions. Fortinet is working to develop a new generation of firewalls with better security. Fortinet already improved FortiGate, but in the current market, many brands of security devices have improved together. Fortinet still needs to catch up with market standards. Fortinet is lacking in features in comparison to competitors. View full review »
Sabyasachi Sen
User with 51-200 employees
A couple of things I've seen that need improvement, especially in terms of a hard coding. The driver-level active moment really is out-of-the-box and we have to have contact the customer support and sometimes it is difficult to resolve. My only solution would be please don't make it as a closed source. Don't make it as a closed source. Give some kind of a power to the user so that they can consider it according to their determine that it should have some flexibility on concurrent connections not be restricted. I agree that to some concurrent connections the CPU and the box may be a lower model and it need some higher scale level with this. But, there should be a provision. There should be a provision to go to at least to 60-70% onto the threshold to go beyond the designed capacity of something. Like we call it as a design capacity, and since 70% addition to the 100% of it. View full review »
Amgad Soliman
User at Icon
Fortinet needs more memory to save the log files (like in the 101E, the old product). We need it to save the logs on the hardware and not in the cloud. I know this feature is available in FortiCloud, but if we need to log locally, it is not available. Also, the log only records a little time and needs to be longer. View full review »
User at a tech vendor with 51-200 employees
After four years it has started to fail. The firewall engine is not so strong as of now, in my opinion. For that reason, we want to migrate to Check Point. This is one of the concerns that I have right now. My second concern is that, while they have Zero-day vulnerability and anti-malware features, the threat engine needs to be strengthened, its efficiency can be increased. I also need user-behavior analytics, to find threat scenarios from inside the organization, insider attacks. That would be very helpful for us. In addition, I would like next-generation features for small and medium businesses. These businesses require UTM, all in one product. Fortinet must include it. View full review »
Sherif Abouelezz
User at CGP
The FortiGate reporting system needs to be more detailed about files. Palo Alto Networks is more detailed in the reporting system than Fortinet. Currently, as for our security, we don't need more. The main reporting in Palo Alto Networks is much more developed than Fortinet, especially in the part of the file exchange. As a security lead, I think Fortinet FortiGate is much more reliable than Palo Alto Networks. View full review »
Mohsinoddi Mohammed
User at a government with 1,001-5,000 employees
We are managing FortiGate using a FortiManager and it needs improvement with respect to the ease of administration tasks. There is a lot of improvement needed with SSL-VPN. Technical support could be improved. View full review »
Fernando Neto
User at a comms service provider with 201-500 employees
I use the FortiGate 60D model and realized the 300Mbps bandwidth limitation. Because it is a product that offers many services, I think it could have greater bandwidth capacity. View full review »
Naseema Ap
User at HOCL
We have many users currently with this solution. One issue that I have had is that sometimes I need to monitor the traffic, so I need to filter it according to the user and which user is using it the most. I experience a bottleneck most of the time, particularly at peak time when the number of contracts and users are at maximum. We feel a kind of bottleneck. When I first entered the log section, I could not find any results. I did not find any proof, i.e. reporting and analytics on the speed and network availability were not optimized. I could not find any such log from the server, maybe Fortinet could improve this service. View full review »
Md Mohiuddin
User at Urmi Garments Ltd
Since we are in the initial stages of implementation I can't suggest any additional features for the next release. At this point, I really need more time to evaluate the tool. The only thing I can recommend at this time is to make improvements for the user end when the user website is running slowly; the speed can definitely be improved. There is room to include IP wise and net-wise and bandwidth settings. View full review »
User at a non-profit with 5,001-10,000 employees
At first glance, the interface for the device is very confusing. However, every version is getting better. View full review »
User at senhwabio
Fortinet could improve the windows opener or the virtual IP solutions for opening windows. The virtual IP settings need improvement as firewalls are trending in new development directions. View full review »
Kevin Stephens
User at a mining and metals company with 11-50 employees
Some of the filtering is not robust, you can escape it with a VPN. Some of the users bypass some of the filters. It catches some but it also misses some, that area could be improved. It's functioning reasonably but there's room for improvement in that area. There is a feature that Palo Alto has called Traps. It helps to prevent attacks on the system. A feature similar to this would be worth adding. View full review »
User at a Consumer Goods with 10,001+ employees
The room for improvement is about the global delivery time period. Usually I need to wait for almost one month to deliver it overseas. So if you can shorten the deliver time it would be great. View full review »
User with 1-10 employees
I would like to see improvements made to the dashboard and UI, as well as to the reporting. I would also like them to consider offering more predefined security templates. View full review »
User at a wholesaler/distributor with 51-200 employees
The reporting needs to be improved. Also, the VPN (Virtual private network) monitoring needs improvement. Beyond these improvements, I cannot think of any additional features that I would like. View full review »
User at a non-profit with 1,001-5,000 employees
The web-cache feature which was previously on the FortiGate device, but was deleted with the recent upgrade, should be returned. It was a very valuable feature for us. View full review »
Mgr. IT Infrastructure and Network Operations at a media company with 11-50 employees
Cisco Meraki products are rising very quickly in the cloud and the connected era. Meraki products are future proof and offer much better ROI, upgradability, and manageability. IT is continuously evolving, and every few days or months, there is something new. Whoever evolves first will take the lead over the competition. Adopting and evolving is the key to success. View full review »
Gamal Al-Hamzah
User at LinkTech
The main aspect of FortiGate that could be improved is load balancing. Our management team does not want to buy another appliance for only load balancing. The network routing with Fortinet FortiGate can be an issue, but it generally depends on the size of the company. View full review »
Kofi Osei-Appaw
User at WorldNet ICT Solutions Limited
FortiWAN was supposed to help in doing intersite linking, but we've realized that most of the ISPs use BGP. FortiWAN supports OSPF but does not support the BGP protocol. This is a problem for us because without BGP they are not doing anything, and we've had to pack them up. I would like to see the BGP protocol supported on FortiWAN. Technical support for this solution can be improved. View full review »
* It needs more available central management. * It could use better throughput on some of the smaller boxes for the branch offices. View full review »
Derrick Slaton
User at a financial services firm with 51-200 employees
They should improve the interface to make it more user-friendly. I would like to see some sort of reporting if there was an issue with the connecting network sources or connections. View full review »
Ramon Henriquez
User at a comms service provider with 51-200 employees
There are problems with the custom reporting of the unique traffic. The data is there, but it is too difficult for us to extract. View full review »
Narendra Singh
User at a marketing services firm with 11-50 employees
Improvement is needed in the Web Filter quotas to restrict users with allocated quotas. It would be an improvement to add a feature for active users to change/reset their own passwords. Fortinet renewal prices for all models are too high, so they should offer discounts for customers on renewal. View full review »
Abdy Sanjur
User at a financial services firm with 1,001-5,000 employees
I am looking to implement key authentication for admin access for the Fortinet product. View full review »
User at a tech services company with 201-500 employees
The UI could be improved. View full review »
Mohamed Abdullah
User at crystal networks
The monitoring and the visibility, in this proxy, is very weak. I would for them to develop better visibility, monitoring, and reporting. View full review »
User at Focus
There could be more integration between the logging and analytical platforms to make it more seamless and integrated. View full review »
Yousef Altaj
User at Global tec
I think the only issue that needs improvement is the interface. View full review »
Simon Coombs
System Administrator at a media company with 11-50 employees
We had a minor problem where there was a major system upgrade on the hardware platform and the Apple Mac client was not available as soon as it might have been. The PC client was available immediately, but we had to wait a month or so, before there was a Apple Mac client. I was slightly irritated that it was not ready on time, but it was eventually resolved. View full review »
User at a real estate/law firm with 501-1,000 employees
They need faster serviceability and more security features. View full review »
Ahmed Konsowa
User at SEE "Systems Engineering of Egypt"
I would like to see more advanced developments of a wireless controller in the future. View full review »
Robert Kaczorowski
System Administrator at a construction company with 201-500 employees
It could use more templates for third-party site-to-site VPN setups other than FortiGate and Cisco. View full review »
Panos Kre
This product could be improved with active directory integration and better handling in IPsec and GRE Tunnels. There are not enough recent online materials to assist in integration with Cisco for VPN, GRE, and IPSec. View full review »
Vuong Huynh
One area for improvement is the performance on the bandwidth demands for smaller devices, as well as better web filtering. View full review »
Randy Obanon
User at Soporte Antivirus Ltda
They need to improve their technical support. View full review »
User with 11-50 employees
The UTM filtering control could be improved. View full review »
Dave Winkel
User with 1-10 employees
FortiOS is not simple. Too many people think it should be simple to use, but the complexity of the product makes that impossible. View full review »
User with 1-10 employees
I think they need to improve more in order to be a competitor with the leaders of the field. View full review »
Camilo Benavides
User at a university with 51-200 employees
FortiGate is a complete solution, but it is very expensive compared with other solutions. Then actually, we are analyzing other solutions. View full review »
Shahab Razak
Network Architect at a financial services firm with 10,001+ employees
The speed of synchronization between FortiManager and FortiGate could be improved, but that could be because we host them in Azure. View full review »
Ibrahim El Sayed
User with 1,001-5,000 employees
I would like to have logs, monitoring, and reporting for a month without extra fees. View full review »
Ali Asvadi
User at a tech services company with 1-10 employees
I have only one request and that is to have Fortinet as a market download in Azure. View full review »
Zhargal Solovyev
User with 11-50 employees
The Web-filter in this solution is not very good. Perhaps because Fortinet does not want to compete with its own dedicated solution. View full review »
Manager at a tech consulting company with 11-50 employees
The reports are very basic. View full review »
Find out what your peers are saying about Fortinet, Cisco, Sophos and others in Firewalls. Updated: February 2020.
398,567 professionals have used our research since 2012.