We just raised a $30M Series A: Read our story

Fortinet FortiGate-VM OverviewUNIXBusinessApplication

Fortinet FortiGate-VM is the #12 ranked solution in our list of best firewalls. It is most often compared to Azure Firewall: Fortinet FortiGate-VM vs Azure Firewall

What is Fortinet FortiGate-VM?

FortiGate Virtual Appliances allow you to mitigate blind spots by implementing critical security controls within your virtual infrastructure. They also allow you to rapidly provision security infrastructure whenever and wherever it is needed. FortiGate virtual appliances feature all of the security and networking services common to traditional hardware-based FortiGate appliances. With the addition of virtual appliances from Fortinet, you can deploy a mix of hardware and virtual appliances, operating together and managed from a common centralized management platform.

Fortinet FortiGate-VM is also known as FortiGate Virtual Appliance, FortiGate-VM.

Fortinet FortiGate-VM Buyer's Guide

Download the Fortinet FortiGate-VM Buyer's Guide including reviews and more. Updated: October 2021

Fortinet FortiGate-VM Customers

Security7 Networks, COOPENAE

Fortinet FortiGate-VM Video

Pricing Advice

What users are saying about Fortinet FortiGate-VM pricing:
  • "Our license is yearly, but we're thinking of going monthly. I think it's somewhere around 100,000 for VM04. Nowadays, everyone wants to be a hacker, so we believe in security. That's why we also have third-party people that we involve to make sure that we're secure. I don't think the costs are too bad. You still want to get advice from people who worked in security for many years, so you add a third party. The third party also said they would give their share like 100K, or 200K or something like that, so I don't think it's too expensive for security. I think it just adds more trust."

Fortinet FortiGate-VM Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Richard Domikis
Chief Technology Officer at cornerstone defense
Real User
Top 5Leaderboard
Slightly unstable, needs a better user interface, and lacks good monitoring capabilities

Pros and Cons

  • "It's a relatively simple product that is easy to use. It's not overly complex."
  • "The product does not have a good graphical interface."

What is our primary use case?

We primarily use the solution for checking a 250-person defense contracting company with multiple locations.

How has it helped my organization?

It's improved our operations by not being overly problematic.

What is most valuable?

The solution seems to be very reliable. 

It's a relatively simple product that is easy to use. It's not overly complex.

The initial setup is fairly straightforward.

What needs improvement?

The product does not have a good graphical interface. Their patches and their upgrades are not always compatible with configuration. That means that often you find after you upgrade that there was something else you have to do to the rest of the infrastructure, whether it's a printer or a user or whatever. It doesn't appear to me that their upgrades are well tested. They usually do what they're supposed to do, however, they also usually do some other things that FortiGate doesn't seem to be aware of.

It doesn't maintain legacy capabilities very well.

The stability of the solution isn't ideal.

They don't seem capable of supporting their own product.

The solution needs a better user interface and more intelligent services like spam blocking and auto whitelisting, gray listing, blacklisting, et cetera. It just basically needs better user monitoring.

For how long have I used the solution?

I've been using the solution for about four years at this point. It's been a while now.

What do I think about the stability of the solution?

While I wouldn't describe the solution as unstable, there are definitely hiccups. I expect firewalls to be really efficient and very stable and I would say they're only sort of stable. I don't expect to have to figure out how to create a scan-to-email solution every time I upgrade my firewall, for instance.

Of course, they'll blame it on the vendor of the printer and say now how they're not following the standard or something, however, it was working with their product previously and the printer wasn't the item that changed. Their product gets a patch and it no longer works and you're like, "Well, I like your theory, but I don't exactly accept it." I don't think they have the features that a Palo Alto has, let's say.

What do I think about the scalability of the solution?

The solution seems to be scalable. For our purposes, it scales well.

We have about 250 users on the solution currently.

How are customer service and technical support?

Technical support isn't that great. On a scale from one to ten, they're a five at best. A couple of times where we had a problem, they couldn't solve the problem. We researched the problem on our own, unfortunately, via Google, and we found the solution and the solution was actually written by one of their techs and they didn't even know it.

How was the initial setup?

The initial setup is not too difficult. It's not overly complex. I'd describe it as pretty straightforward. A company shouldn't have any issues with implementation.

For deployment, we did one site and then the other site and it took probably two weeks to deploy it, with maybe 30 days to get it fully configured. Then, once we had one site deployed, configured, and functional, we implemented a copy of that to the other site. We followed this pattern for each of our locations.

In terms of maintenance, it's hard to quantify what you need for the firewall. The firewalls are relatively low in terms of required maintenance. We have one IT administrator that may be a day a month has duties that are firewall-related. It varies, however, it's not significant work to maintain the firewall.

What about the implementation team?

We did not need the assistance of an integrator or consultant. We were able to handle it ourselves.

What was our ROI?

We haven't really seen an ROI. It does what it's supposed to do, however, I'm not sure that it makes my job easier. It's kind of a sunk cost. It's one of the frustrations I have. I would expect it to be smarter and capable of doing things that it really doesn't do.

What's my experience with pricing, setup cost, and licensing?

We pay a yearly licensing fee. It's probably a couple of thousand dollars per firewall.

On top of that, if you maintain a hardware warranty, so that you own the devices, you still maintain a warranty on them. There's sort-of a service contract, or you can go at risk. I don't know where we are in that. I'd have to go look, but I know at one point in time we talked about again, if we're going to be doing a tech exchange, maybe we don't want to maintain the warranties on them anymore.

The competitors actually have lower prices for more functionality. On the higher side, if you go with Cisco, it's more expensive, however, it's obviously more functional. A Palo Alto is probably a better solution than a FortiGate.

Which other solutions did I evaluate?

We're currently looking for alternatives to this solution.

We're looking at alternatives. However, the deficiencies that they have are not significant enough that I would like to immediately leave them, however, they're big enough that I'm looking for alternatives. 

When I come to end the life and I do a tech refresh, if we're not going to go 100% virtual, which is certainly another consideration, I am going to look at an alternate product. I'm not sure we're going to go away from them with a timeline right now, however, I'm certainly looking at it.

We don't yet have a shortlist, however, we'll likely look at the top big names in the market.

What other advice do I have?

We're an end-user and a customer.

We have a plug-in with the subscription. We use the current version on their 100Es.

In general, I would advise other users that they need to look at whether they're going to go physical or virtual. I'd advise once they decide that to then look at the maybe lesser known next-generation firewalls that have functionality. The folks that are going to be operating the tool need to look at the user interface to make sure that that it is easy to use. Most users at an enterprise don't even know the firewall's there, let alone what it is, so they're not unique. I think all of the firewalls are pretty decent at not impacting users. The differentiator is which ones are easy to set up, which ones are easy to configure and use and how good they are at reporting.

The other thing I would say is, look at whether or not they integrate into your overall IT management, whether you're using ServiceNow or what you're using for IT management. How do the firewalls integrate with that or not? It's important.

I'd rate the solution at a four out of ten. It does base functions and it's doing that at a pretty high price.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PB
Manager Information Technology at a media company with 51-200 employees
Real User
Top 10
Clearly captures each and every thing for the backup capture

Pros and Cons

  • "FortiGate is a nice and very good product."
  • "FortiGate should be more customer friendly and budgeted better."

What needs improvement?

In terms of what features should be improved with Fortinet, I feel it should give better reports. They provide some basic reports in the entry-level and middleware products but I would love this product if they gave more reports, including more MIS from the traffic because they capture everything in the UTM. They don't produce a team value report. They don't produce a usable report where the IT manager, IT head or CTO can analyze where the attack happened or figure out where the bridge is down, etc. The reports are basic. There are engines which make everything on the GUI. All the user can potentially access for the risky function in the Fortinet but it should be on the GUI, it should not be behind the command line. They could definitely provide the FortiAnalyzer with the basic UTM in a bundle pack.

People should not have to ask for another FortiAnalyzer. It's an entry-level product. I understand that FortiAnalyzer is an expert level product but the functionality should be available at the entry-level as well. Fortinet should think about the entry-level and give it managing capabilities. That's why I selected Sophos because, for a small or medium office, all the reports are available there.

Secondly, Sophos is cost-effective. It is comparatively much cheaper. Sophos is available for a much cheaper price than Fortinet. Also, they have some other functions like sandboxing and others. FortiGate should be more customer-friendly and budgeted better. If I am a buyer, I do not want multiple appliances to manage. It should be one box, one appliance. One mobile should do everything. Multiple products require IT to create a workaround. You have to buy two products and then there is actually another one with that, one plus one, and then there is multiple management, so the product is definitely cumbersome. The beauty of the product is implementation and maintenance without it.

I have my own team to maintain this product. We are very happy as a Sophos user, as we get whatever we want from the reporting point of view. There are no glitches. There is no one issue in particular. When I ask, or my team asks, how the network is working and why there is network latency there are reports about where the traffic is going and I do not have the input after moving or switching to Sophos. I can get the support regarding which IP is working where and which IPs are making traffic, and more.

For how long have I used the solution?

I have been personally using FortiGate-VM for two years.

Which solution did I use previously and why did I switch?

We already procured Sophos. I already ordered two devices from our Indian partner.

We are now partners with Sophos. We were partners with FortiGate for the last year.

The first reason that we switched is because of our work use cases. We moved 80% of our infrastructure to AWS outsource. So we do not require a big firewall anymore. We are a 50 to 70 employee organization so a different firewall is required. We have a 310 exchange enterprise-level firewall. So we moved to 83210 Sophos. The reason why we are changing to different technologies is the comprehensive reports that Sophos provides at the very basic entry-level firewall. In the FortiGate, we have to also have another plan for data analyzer.

The second thing which I believe is that FortiGate has some special functions in the CLI (command-line interface) mode. Sophos does not support that and all its functions are on the UI. So it's easier management in Sophos compared to FortiGate. 

In terms of ease of use, if you implement FortiGate in your organization, you must have a FortiGate person who knows FortiGate and then three, four, or five years to learn to maintain the FortiGate device. Whereas Sophos doesn't require that much because all the things are on the UI. So anybody can understand it from the UI.

I can give you an example of the issue with UI. This is a basic thing. In the UI, you could go to the FortiGate console and work directly in the command. You can manage it from the command but you must have command line experience to manage the FortiGate device. If I want to see the traffic and where it goes and where it's from or any attack, in case of an attack, you need FortiAnalyzer to analyze, to track the packet, to protect the traffic. So that's easily available in other products like Sophos 83210. 

The cost of Sophos and other players is better compared to the FortiGate. FortiGate is a more important product in the industry. It is recommended, but the cost is also a major point in evaluating Fortinet's firewall solutions in our niche.

What other advice do I have?

On a scale of 1 to 10, I'd give it a 9. 

FortiGate is a nice and very good product but the implementation and post-implementation of the product are cumbersome. You have to manage four devices instead of two devices if I go for FortiAnalyzer. For a small, entry-level business, Fortinet should give the entire reporting on the UI so that end to end engineers can manage efficiently. So as technology is concerned, I give eight out of 10, but because of reporting, I would give five out of 10. I am just giving an example: if I know everything or you know everything but if you can't explain it, how do other people come to know that you know everything? FortiGate clearly captures each and everything for the backup capture and everything but it doesn't show what it is acquiring. Analytical reports are missing from there.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Learn what your peers think about Fortinet FortiGate-VM. Get advice and tips from experienced pros sharing their opinions. Updated: October 2021.
542,267 professionals have used our research since 2012.
SM
Senior Security Engineer at a energy/utilities company with 1,001-5,000 employees
Real User
Very intuitive with a clean interface and good stability

Pros and Cons

  • "It's very easy to set up, even for more junior developers."
  • "Their offering for MFA isn't the cleanest."

What is our primary use case?

The use case for VMs is if you're going to deploy them like a SaaS edge, to protect your applications or provide deeper visibility into the traffic. Or you could use it in your data centers as well. However, that's not our preference.

We primarily use the solution for network segmentation at our data centers and remote connectivity to our distributed sites.

How has it helped my organization?

We were able to take advantage of their management tool, FortiManager, to get a single pane of glass. FortiManager and FortiAnalyzer do not have a single panel glass. Rather, they are two panes of glasses to manage and monitor the firewalls where previously we were using Cisco. I don't want to call them legacy firewalls, however, with Cisco firewalls, we didn't have that management or logging visibility.

What is most valuable?

The product has pretty good logging and reporting capabilities native to the firewall. Then they also use FortiAnalyzer to aggregate that traffic and provide more detailed and aggregated reporting. That's going to help when you're analyzing network traffic for network segmentation initiatives.

The stability is excellent.

It's very easy to set up, even for more junior developers.

The scalability has improved. 

It's got a clean interface and it's very intuitive. Everything is easy to navigate.

What needs improvement?

Their offering for MFA isn't the cleanest. They have a product called FortiAuthenticator. It's not a FortiGate but that is one of their MFA offerings. However, other products that I've used, like Duo, are better from a user experience standpoint. They are easier to configure. 

For how long have I used the solution?

I've been using the solution for ten years. It's been a while. 

What do I think about the stability of the solution?

Six or seven years ago, they had issues with code versions where they would make changes within the code version and they would have some bugs. That said, over the last six or so years, their releases have been very stable. We've had very few issues with any type of bugs or issues.

What do I think about the scalability of the solution?

Scalability has gotten better with their SD-WAN offering. They're able to utilize inexpensive lines such as 4G, 5G, or DSL. It has allowed us to move away from expensive MPLS lines.

Historically, conventional or Next-Gen firewalls have been utilized at data centers and remote sites. Now, however, a lot of customers are moving towards Zero-Trust access and SASE. I'm currently looking to get a little bit more information on Zero-Trust architecture, as it reduces the overall management and need for physical firewalls in all your locations, which can get expensive.

Which solution did I use previously and why did I switch?

We also use the Cisco ASA firewalls. I do find that Fortinet is easier to handle than Cisco as you don't need to handle tasks via the command line, which makes it easier especially for junior-level developers.

How was the initial setup?

The initial setup is very straightforward. I started out in the Cisco world with Cisco firewalls and switches. Then we started deploying FortiGate and I found that FortiGate was easier to learn, especially for junior-level engineers. We were able to get junior-level engineers up to speed quicker than if it was a Cisco platform, especially if they haven't used the command line before.

Deployment usually takes a day, depending on the complexity of the firewall. It might be a day to two, depends on if we are using multiple IPSec tunnels if it's at a data center or a remote site. 

In terms of deployment and maintenance, in my experience, by a rough order of magnitude, a company would need one technician per 30 firewalls. For our company, we had a team of three network engineers and we had a fleet of about 120 firewalls.

What about the implementation team?

I handed the implementation myself with my team. We didn't need any integrators or consultants.

What's my experience with pricing, setup cost, and licensing?

For our entire fleet of 120 firewalls, we're paying about $100,000 per year. The licensing fees give you support and the capability to download updated definitions of threat intelligence from Fortinet.

What other advice do I have?

I was previously a customer. now I am a reseller and Fortinet partner.

We primarily use hardware-based appliances, including the 100 D/E series, 100F, 190 D/E's, ADCs, 600 E's. They are similar to VMs.

We're using the most recent code level at this time. We're one version behind the latest version. We tend to use one version behind the most recent for safety reasons so that we can avoid troublesome bugs or glitches.

Anyone looking to deploy Next-Gen firewalls, in general, should really define their use cases to be able to decide on the proper technology to deploy within the environment. If you're looking to deploy Next-Gen firewalls at all your locations and create point-to-point VPN tunnels, they can get cumbersome and difficult to manage policies. It is also difficult to do network segmentation. With some of the Zero-Trust offerings, you're able to actually move your clients outside of your corporate perimeter, and then isolate those applications based on the user per application, instead of requiring them to dial back via traditional VPN to your data centers, which sometimes isn't the best user experience for your end-users.

I'd rate the solution at an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
EX
Director at Treasure Technology
Reseller
Top 20
Excellent UI, very good features and very scalable

Pros and Cons

  • "While the stability maybe isn't quite to the level of Cisco, it is a very cost-effective solution. It's cheap compared to Cisco."
  • "The stability could be improved. I find Cisco to be more stable than Fortigate, which is I major differentiator between the two."

What is our primary use case?

We primarily use the solution simply for its firewall functionality. It's the main reason we use it.

What is most valuable?

For myself, the UI is pretty much perfect. It's much easier to work with than Cisco's FirePOWER, for example. I prefer the way it is designed above everything else, even though Cisco may be better for a different reason. Fortigate is just hands down more intuitive and therefore users need less training. While a non-tech person may need a bit of training in terms of configuration, it's still easier than Cisco.

In terms of general features, I find Fortigate and Cisco very comparable. They technically do the same things. Both can drill down by IP or region, so, application-wise, they're very much the same. 

What needs improvement?

The stability could be improved. I find Cisco to be more stable than Fortigate, which is I major differentiator between the two.

I haven't really explored the cloud too much, as we deal mostly with an on-premises system. However, now with everyone working from home due to COVID-19, it's something I'm beginning to explore and something I think Fortigate needs to invest in and expand on. If they could do something that integrates the cloud effectively, maybe with a cloud provider like Azure, that would be helpful.

Fortigate could speed up its level of customer service in our region.

For how long have I used the solution?

I've been using the solution for quite a few years now. It's been perhaps five or six years in total.

What do I think about the stability of the solution?

While the stability maybe isn't quite to the level of Cisco, it is a very cost-effective solution. It's cheap compared to Cisco. Licensing is very, very easy. It's much, much easier than Cisco where licensing is a pain. The Cisco licensing is very difficult to configure, which makes Fortigate a more attractive alternative even with less stability. 

That said, after working with Fortigate for many years, I haven't really encountered a lot of crashes or glitches. The hardware is very, very good. Once a power adapter failed on us and we just replaced it on the device and it was able to recover. With ASA, I can say so far so good. The hardware's really good. They've improved a lot of the hardware specs.

What do I think about the scalability of the solution?

We haven't had any issues with scalability. If a company needs to build it out or expand, they really shouldn't have any issues.

How are customer service and technical support?

The customer support for Fortigate is fine. Compared to Cisco, however, I would say Cisco's response might be a bit faster. If a device fails, they'll be onsite to replace it themselves. In my region, in terms of Fortigate's response to a similar event, users would have to go through the distributor and not directly to Fortigate. That's why it takes longer. It could be a bit easier, and if they did it a bit more like Cisco, I think it would be better. However, Fortigate's response isn't bad.

How was the initial setup?

The initial setup was straightforward. A company just needs to get requirements from its customers and then they can just deploy. It's not complex at all.

Deployment takes about two weeks. The setup itself is very fast and you will have limited downtime. However, there will be fine-tuning that will be required and this may take weeks. If a customer gives new requirements at any time, you'll need to make some tweaks.

What's my experience with pricing, setup cost, and licensing?

With Cisco, licensing is quite complex, but with Fortigate, you simply need to buy a bundle and they give you everything you'll require.

Which other solutions did I evaluate?

Right now, I'm also interested in learning more about Cisco, and how it compares to Fortigate. I know Cisco quite well, but I've never directly compared Cisco and Fortigate together before. Of course, I still believe I know Fortigate better.

What other advice do I have?

We're resellers of both Cisco and Fortigate solutions.

I'd advise other companies or users to give a try. The Virtual Appliance is very easy to set up. In terms of scalability, it's easy enough to expand out, especially if you compare it to the hardware. For the virtual solution, it's easily upgraded. For the physical, you need to do a POC.

It really depends on what kind of distributor a company is working with. Some provide you all the resources. Others don't. I'm not sure how it works with the Cisco Virtual Appliance. For Cisco, I only know about the cloud. 

Normally, I provide my customer with Meraki. I won't provide a Cisco solution, even though Meraki is part of Cisco.

I would rate the solution eight out of ten. There's still room for improvement. There could be a bit better support and not all solution providers offer this kind of Virtual Appliance in my region. Once more people use it, they may begin to improve on it even more.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Abdul  Faheem
Sr. Project Consultant (IFS-Complex MRO Process) at a aerospace/defense firm with 201-500 employees
Real User
Top 10
Good monitoring and competitive pricing but needs integration with the exchange

Pros and Cons

  • "We are able to closely monitor the usages of individual users and see their usage habits and other items, including the data itself, which gives us quite a bit of visibility."
  • "The one thing that could be improved is the integration with the exchange. The gateway level controls can be enhanced a bit more. For example, it's still little here and there. You do get malicious attacks and suspicious emails like spam. It's not like Sophos where we got a lot of spam email, and yet, it's still relatively vulnerable. It can be upgraded, maybe with a fifth-generation firmware that it is ready for unknown threats."

What is our primary use case?

The solution is mainly used for remote connectivity and endpoint and gateway network security.

What is most valuable?

The most valuable aspect of the solution is the V-Scanner which is the monitoring software. That's something that I love. 

We are able to closely monitor the usages of individual users and see their usage habits and other items, including the data itself, which gives us quite a bit of visibility.

What needs improvement?

I think one thing we couldn't find in the software console was all of our logs. In the logs themselves, for example, we couldn't find if a user was accessing all of the VPN. We don't get to know or we don't have a report that shows on what date or for how long and from what time he user has logged on. We don't have that particular feature or that kind of visibility. That could be improved. Reporting, therefore, in general, could be improved.

The one thing that could be improved is the integration with the exchange. The gateway level controls can be enhanced a bit more. For example, it's still little here and there. You do get malicious attacks and suspicious emails like spam. It's not like Sophos where we got a lot of spam email, and yet, it's still relatively vulnerable. It can be upgraded, maybe with a fifth-generation firmware that it is ready for unknown threats. 

Especially after this pandemic situation, it requires a little more enhancement. For an SME level organization, it's okay, but when it comes to corporate and banking enterprises it still requires a lot of enhancement. Comparing it to Palo Alto, for example, it's still very behind the curve.

For how long have I used the solution?

We've been using the solution for two years.

What do I think about the stability of the solution?

The solution is very stable. It's reliable, for the most part.

It's stable, comparatively, to the fifth generation UDL appliances or other software that is available in the market. It's quite stable for the integration. It still requires more of a formal enhancement for speedy patches and speedy updates.

What do I think about the scalability of the solution?

The solution has a moderate amount of scalability potential. I wouldn't say it's the best, however, it is possible to scale it if you need to.

We have about 25-30 people on the VM currently.

How are customer service and technical support?

We've never had to contact Fortigate's technical support, so I can't speak to their quality of service. If we have any issues on the solution, we tend to handle the problem internally.

Which solution did I use previously and why did I switch?

We used to have Sophos and we shifted to Fortinet about two years ago.

The integration of the active directory with Sophos was not up to spec. We decided to drop it and instead went ahead with Fortinet.

How was the initial setup?

The initial setup was a bit difficult. It's not perfectly straightforward. This may have been due to the fact that we were using ISA, which is pretty determined, and we had to migrate from ISA to Sophos and from Sophos to Fortinet. It was a little difficult, but not that complex.

For us, the implementation took about two weeks.

Each quarter we have a managed service contract with the integrator and they do any preventative maintenance every quarter. We have four visits in a year that we have agreed upon. Every quarter they come to us and they do some penetration testing and see the usability features and give us a report.

What about the implementation team?

We outsourced the implementation to an integrator that handled the setup for us. They also handle quarterly maintenance for us.

What's my experience with pricing, setup cost, and licensing?

The pricing of the solution is moderate. It's competitive, although I wouldn't consider it a cheap solution per se.

Aside from the licensing, there are some add-ons that need to be added that we personally haven't added. There are features such as content filtering, etc., that we haven't opted for. However, users can add them on if they need to for an additional cost.

What other advice do I have?

We're just customers. We don't have a professional relationship with the organization. We're using the latest version of the solution.

I have learned that they have some internal resources available. However, those who are not trained and certified should not be experimenting with it. 

I'd advise other organizations that, if they don't have a proper administrator who can monitor and maintain their appliance, it's better they if don't implement it. It's not like somebody who has a background of software can handle Fortinet. They need to be properly trained and knowledgable.

I'd rate the solution seven out of ten overall.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
ThendoNdzimeni
Network Administrator Team Lead at a financial services firm with 51-200 employees
Real User
Top 10
A full-featured virtual appliance with valuable monitoring and visibility features

Pros and Cons

  • "I like the visibility and monitoring features because they're easy to use to monitor traffic. Features like geo-blocking and more have AI, and we're currently using all of it. But for now, we're only using geo-blocking, and we're able to block traffic from different countries. I also like that it's highly responsive. VM04 is also very powerful."
  • "It would be better if it could provide you with options before completely blocking anything through the web filter. If you are doing a deep SSL inspection on the site if it says it's expired, it doesn't give you the option to continue at your own risk. I can't say that it's bad, but SSL internally isn't really a requirement. However, its security features can help. Right now, we have people going out and spending on purchasing the SSL certificates for internal sites."

What is our primary use case?

We use Fortinet FortiGate-VM for managing inbound and outbound internet traffic through our environment. Sometimes, we also use it for managing the site's internet outbound and routing. We also use it for IPSec on Azure. We also have an on-premises environment, and we're using it for IPSec on that environment. 

All the routing happens through it because we're swinging all the traffic on the Azure side through a firewall which is basically the gateway. It acts as the gateway and manages outbound traffic in that environment. We have also set up the SSL VPN for users. We do have FortiGate on-premise, and we set up the SSL VPN connection for users.

What is most valuable?

I like the visibility and monitoring features because they're easy to use to monitor traffic. Features like geo-blocking and more have AI, and we're currently using all of it. But for now, we're only using geo-blocking, and we're able to block traffic from different countries. I also like that it's highly responsive. VM04 is also very powerful.

What needs improvement?

It would be better if it could provide you with options before completely blocking anything through the web filter. If you are doing a deep SSL inspection on the site if it says it's expired, it doesn't give you the option to continue at your own risk. I can't say that it's bad, but SSL internally isn't really a requirement. However, its security features can help. Right now, we have people going out and spending on purchasing the SSL certificates for internal sites. 

What do I think about the stability of the solution?

Fortinet FortiGate-VM is a stable and very reliable solution.

What do I think about the scalability of the solution?

Fortinet FortiGate-VM is a scalable solution. It's very powerful, and I've never seen that machine running out of resources. It always worked.

How are customer service and technical support?

Tech support is okay, but we do a lot of management by ourselves. We have a third party that we use when we do implementations, and I haven't contacted Fortinet even though I have access to it. The local support that we use costs much less. 

Which solution did I use previously and why did I switch?

I still remember using Check Point, and it took a long time to apply a policy. To install the policy, you had to wait for ten to 20 minutes or even 30 minutes. Fortinet FortiGate-VM instantly applies the policy on the FortiGate itself.

How was the initial setup?

The initial setup was difficult because we were all new when it came to the Azure environment. It was a little difficult to create space and understand that you have to have more than one interface. But once you get used to it. It's pretty straightforward.

It's straightforward if you have all that is required when you're clearing your traffic. If you're clearing your traffic already into your internal length to communicate with the firewall range, and you have information and understand it before the implementation, it will be very seamless. It will be stress-free when you understand the environment where you're going to implement it.

What's my experience with pricing, setup cost, and licensing?

Our license is yearly, but we're thinking of going monthly. I think it's somewhere around 100,000 for VM04. Nowadays, everyone wants to be a hacker, so we believe in security. That's why we also have third-party people that we involve to make sure that we're secure. 

I don't think the costs are too bad. You still want to get advice from people who worked in security for many years, so you add a third party. The third party also said they would give their share like 100K, or 200K or something like that, so I don't think it's too expensive for security. I think it just adds more trust. 

What other advice do I have?

I will recommend the solution. If it's a first-time deployment in Azure, they need to understand a couple of things, like the interfaces we need to create. The good thing about FortiGate is that they don't hide how their devices work. You can go to their website and get every instruction that you need at any time. It's straightforward and even has pictures showing you what you should expect. I've done a few changes for the first time, and I didn't have to stress. But you must know the infrastructure well.

On a scale from one to ten, I would five Fortinet FortiGate-VM a ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Dhsrms Fff
Team Leader Network & Security at Rogers Capital
Real User
Top 10
User friendly with good documentation and a quick deployment

Pros and Cons

  • "The VM it's very quick for deployment. If we need to have a POC for a customer, if we don't have any hardware physically at our premises, at our store, in our office, we can download the VM from Fortinet and install all the VM to their environment in order to run it. If we have a customer that says "let's start tomorrow" we are able to do that in a way that's not possible with a hardware version."
  • "The licensing needs to be improved. We need longer licensing periods, especially for POCs and trials. It should be for six months. Right now, it's too short of a timeframe."

What is most valuable?

The virtual and hardware versions of the solution are mostly the same. 

The VM it's very quick for deployment. If we need to have a POC for a customer, if we don't have any hardware physically at our premises, at our store, in our office, we can download the VM from Fortinet and install all the VM to their environment in order to run it. If we have a customer that says "let's start tomorrow" we are able to do that in a way that's not possible with a hardware version.

Normally Fortinet is very flexible that it supports almost all environments. 

The solution is user friendly.

The cost of the solution is pretty fair.

The documentation is very good.

The SD-WAN is very good, as compared to, for example, Citrix SD-WAN which has an overall lack of security and needs to leverage other devices, like Palo Alto, to cover this.

What needs improvement?

The licensing needs to be improved. We need longer licensing periods, especially for POCs and trials. It should be for six months. Right now, it's too short of a timeframe. 

Overall as I say, the features-wise and performance-wise the VM and hardware versions are the same. The main difference is that the hardware-based option ins is more powerful compared to the VM version. 

Their technical support is not helpful and I try to avoid using it.

For how long have I used the solution?

I've been using the solution for ten years. It's been a decade now.

What do I think about the stability of the solution?

We do occasionally get bugs on the solution, and when that happens, we do need to go to technical support to get the issue resolved.

What do I think about the scalability of the solution?

Let's say tomorrow we want to upgrade in terms of memory, in terms of processor. If we are VM  based we are using files and by default, we have some spec which is set to the VM. If tomorrow we need more capacity for this logging, we can just upgrade it. We take an analyzer like G1 or G5 and we upload the license, and it will upgrade automatically. 

It's so much easier as compared to hardware, due to the fact that, with hardware, you need to change everything completely. 

We have nine people on our team working with the solution regularly.

How are customer service and technical support?

The support for Fortinet is not very good, and so I tend not to contact them if I can avoid it. They are not good in their general response time. Some team members are quite technical, however, that's not everyone, and you aren't guaranteed to get someone who knows what they are talking about. Sometimes their answers are irrelevant as if they aren't even replying to your actual questions. Other times they tell you what you need is not possible.   

Fortinet has forums for users, and if you go there, you'll see that there are a lot of others saying they are unhappy with support as well. While I'm a big fan of Fortinet, I do not like their support.

We only really use it now if we have an issue with a bug and there's no workaround except to go right to them. Otherwise, we don't contact them.

What's my experience with pricing, setup cost, and licensing?

The cost of the solution is good.

What other advice do I have?

Normally I don't really push a virtual appliance. Some customers may be interested in a virtual appliance for scalability. For most of our customers, we are pushing hardware-based solutions and not a virtual appliance.

For example, if we have a customer that has a private data center in Mauritius and wants to have a hybrid solution, let's say to interconnect on the public cloud, and they want to do SD-WAN to secure it from the public to its current on-premises data center, normally we will go with the virtual appliance on the public side. 

I would recommend Fortinet's hardware 100% of the time, especially in comparison to Palo Alto. With the VM, it's a harder question to answer. A better question would be: what do you will prefer for a next-generation firewall? Do you prefer Fortinet? Do you recommend Fortinet or Cisco or Palo Alto? I would say personally I always recommend Fortinet. I will continue to due to the fact that the cost and the integration, and the general user-friendliness, are all impressive.

I'd rate the solution eight out of ten. I'd rate it higher if it had a longer trial, better licensing, and stronger technical support. There are still places for improvement in the solution.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
EE
Lead Cybersecurity Analyst at a consultancy with 5,001-10,000 employees
Real User
Top 20
Very stable, great user interface, and can scale well

Pros and Cons

  • "The user interface is the most valuable aspect of the solution."
  • "The solution is fairly complex."

What is our primary use case?

The client wants to use the solution for a mix of things, however, I can't recall exactly what they are at this time.

What is most valuable?

The user interface is the most valuable aspect of the solution.

What needs improvement?

It's important that, over time, the solution just keeps up with additional features. There's nothing specific that comes to mind, however, it's important for Fortinet to stay as much on the edge as possible, as far as keeping up with what's out there.

The solution is fairly complex.

For how long have I used the solution?

I've probably been using the solution for three or four years at this point, although I'm not exactly sure.

What do I think about the stability of the solution?

We don't really need to worry about stability. Most of the time, what we were running into is just trying of get the client familiar enough with the solution, so that way they can deal with it going forward on their own. There's a little bit of training going on at the outset.

What do I think about the scalability of the solution?

That's primarily why we steer clients in the direction of Fortinet. With this solution, clients have the potential to grow in the near future. It's just one of those items that we wanted to make sure they had. It's something that is robust enough to be able to handle growing. It's somewhat robust without breaking the bank, initially. 

Our organization doesn't use the solution ourselves, so we don't have a large number of users on the solution. Out of 160 people, maybe a third use it here. It's different, of course, with clients, who use it more extensively.

How are customer service and technical support?

We've never had any technical issues on the solution and have never had to reach out to technical support. However, I've heard that they are quite helpful. I just can't personally speak to the quality or responsiveness of their services.

For those trying to troubleshoot on their own, the solution doesn't really need or have tutorials, however, you can find so much information online, it's not necessary. It would be nice it newly released features had a bit more information. It doesn't happen often, so it's not too big of an issue.

Which solution did I use previously and why did I switch?

We previously worked with a lot of open source products.

How was the initial setup?

The solution's initial set up was pretty complex. There were a lot of on-site VPN connections to set up, so we went through a lot of additional setup for the clients.

The deployment was pretty quicksand was probably completed in just a couple of days.

What about the implementation team?

We didn't need a consultant or integrator. We handled the implementation ourselves.

What's my experience with pricing, setup cost, and licensing?

Since we don't primarily work with the solution, I'm not sure what the licensing costs are.

What other advice do I have?

We aren't really a customer or reseller, however, we do occasionally recommend the solution to clients from time to time.

The entity I was recently researching for was looking basically to replace some existing solutions. That was the reason why they were asking me to help them do some research. I, on a normal basis, don't do that much with it anymore. However, because I have access, I've been helping them.

I'm not using the latest version. I may be using the one before that, although I don't know the exact version number.

I would warn other organizations that there are some places where some people run into some roadblocks, and they're not sure what to do. My experience in the past has always been that, at least, the support is actually really good. Therefore, if they're running into a situation that they're not sure about, it's probably better to call and seek professional help, as opposed to trying to force it, because it can get confusing really quick.

I'd rate the solution eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Product Categories
Firewalls
Buyer's Guide
Download our free Fortinet FortiGate-VM Report and get advice and tips from experienced pros sharing their opinions.