We've faced an issue when we need to move devices. Templates need to be recreated instead of having the policies, et cetera, cut and pasted over. Everything should just move over when we need to move devices instead of recreating everything from scratch. 

For the IPSEC tunnels, Fortimanager doesn't have all of the features that are available on Fortigate. 

The presence of Fortinet in our region (Nigeria) needs to be stronger. They need to have a local footprint and local support. 

I cannot recall any missing features.

The pricing could always be lower. 

One of the biggest limitations is the grammar of the API – not the API itself. It was not very well done.

The CLI could be enhanced.

Not just in FortiManager, but in any Fortinet project in general, the troubleshooting is very hard. If you compare it with other products from other vendors like Cisco or like Palo Alto, it is just more difficult. Say we are in a situation where we need to do some debugging. It is very hard to understand and to use the CMD and the CLI commands because there is not very much documentation. There is no description when you are using the CLI and there are no examples to follow. So it is hard to do some troubleshooting to find a problem. There is FortiAnalyzer that can help with this but it is not real-time. It is too hard to view real-time inbound and outbound traffic. Because we are network engineers and network administrators, we always need to have some time real-time traffic to view what is happening now, as it happens, to know what is really going on.  

I haven't had any issues with the product.

Their EDR products could be better. They need to dedicate more R&D to that area.

Pricing-wise, it could always be less, even though it is less expensive than Palo Alto.

The information extraction through command lines was could improve to some extent. Although there were some command lines available, there were not enough options. For instance, I needed to obtain the management IP address of my two Fortigates, but the Fortinet FortiManager did not provide me with the IP address on the LAN interface. I attempted to find this information through the command line but was unsuccessful. I also searched for articles on the internet, but could not find a solution. This is an aspect that could be improved or potentially there is a method to access this information that I have yet to discover.

Issues arise when customers experience unstable electricity or poor grounding conditions. In such cases, their CPE or other devices on-site may become unreliable, leading to occasional configuration discrepancies. To address this, site visits are necessary, and sometimes manual configuration adjustments are required. In extreme cases, device replacement may be necessary, particularly when inadequate electricity grounding poses a persistent challenge, creating specific conditions for intervention.

It requires a lot of resources. This is the main challenge.

There are a lot of bugs that need to be fixed, for example, the ZTP. Automating and making it easier to understand devices is necessary, especially in terms of zero-touch provisioning. This mechanism needs more work as there are some bugs and some functions that do not work very well. Today, there are tickets with Fortinet regarding a problem with cluster devices. It means two devices can be configured to work like one device. In general, it is easy to configure manually, but when you want to do it automatically, Forti Manager should help, but today it didn't work.

FortiManager is a good tool, but there is a lack of really advanced documentation. While there are a lot of features available, for example, when working with Fortinet support, it can be challenging to find the right information. I work with Fortinet support every week as we have a partnership in my enterprise. However, for the public, it's not easy to access the kind of documentation we have access to. This level of partnership with Fortinet can be costly to attain for the general public.

Some learning websites and communities are available, but the documentation provided is not as advanced as what we have access to. It's challenging to find confirmation and recommendations for advanced admin settings based on complex configurations. To have access to this kind of information, a partnership or conversation with Fortinet support is required, which can be expensive for most users.

It would be better if it were easier to run a routing protocol. In the next release, I would like them to enhance some features in the GUI rather than CLI or OSP. For example, whenever a customer generates an ISP directly on the firewall, it's complicated to configure the routing protocol. 

The SD-WAN solution is difficult to manage on FortiManager because you need to share some configurations on the firewall side. Sometimes you lose all connectivity with the firewall, so it is challenging to apply the default configuration to the SD-WAN solution.

The price is a bit too high. Aside from the price, I do not have any complaints about the product.

It would be ideal if they could bundle the product with others. Right now, you have all of these Forti products and you have to pay for a license for FortiGate and then have other licenses for the Analyzer and Cloud, for example. Instead of paying separately and having all of these licenses, it would be nice to centralize everything and maybe reduce the price for a bundle.

I cannot comment on what needs to be improved, although there are always potential areas for improvement in every product.

The Fortinet team is always very responsive and resolves issues quickly. For example, sometimes there may be a communication issue. However, other items may be the culprit, such as network connectivity. It depends on the customer's network. 

Fortinet FortiManager could improve them by adding more portfolio components.

In a future release, it would be beneficial if Fortinet FortiManager could improve by adding more devices able to be managed the solution, including  switching, routing, and wireless,

FortiManager should improve the integration with third-party platforms. Though the solution is easy to manage, we need adequate training to use it.

The price may only be applicable for bigger companies, and there is room for improvement in the FortiManager in license models. In general, the SIM license can be a bit complicated. You have to order licenses for different endpoints and devices, and calculating the costs can be confusing. Simplifying the ordering process for the SIM license would be helpful.

FortiManager could improve by making it easier to port larger policy packages to the FortiGate firewalls. Sometimes, there's an issue when we install a big package of policies. If you have a couple thousand policies for FortiGate firewalls, it can take a few minutes to receive a response from the remote devices. It's only an issue when you're dealing with thousands of policies and installing them on a large number of devices.

I'm still exploring the solution. I have not come across any missing features. 

The documentation could be better. Sometimes information seems lacking, however, maybe I'm not sure where to look for the information I need.

The solution should be more open to other products. FortiManager must be able to manage other products from other vendors. While it's perfect for other Forti products, it's not ideal for everything.

This is not available to work with many other vendors in the cloud. In the end, you want only one view of your own security view of everything, which is impossible with FortiManager.

Of course, this is the case with Palo Alto as well.

When we have a specific configuration pushed it does take some time to be deployed on the actual firewall. There might be some bugs or issues in that particular case. Sometimes we need to, if it is in a cluster mode, reboot the firewall. If the configuration does not go properly we have to reboot. These are small changes that will make things seamless. 

When upgrades are deployed, Fortinet FortiManager should identify if a specific device is not matching with other devices. I think it is there, but then in the perspective of alerts and logs, the uneven configuration is there. It should be today's alert. For example, disaster recovery site, there is a firewall. If someone changes it in the primary production area and then they forget to change it in their area, there should be an alert.

The reporting details have room for improvement.

The solution has some bugs that we have to fix for customers. We provide feedback about these issues to Fortinet for future development or updates. 

More software stability is needed to prevent breakdowns. 

I didn't like the connectivity with FortiManager and FortiSwitch, which was buggy and annoying and had fewer features. For example, sometimes you could change something in FortiManager, and then you had to upload another version of the configuration. If you changed something on the suite side, you had a problem. The correlation between FortiManager and the Forti suites was not that good.

I'd like more visibility and more troubleshooting features for the whole VPN. I'd like a better quality of service and maybe more features. We always compare features with what other vendors offer to see if there is added value from a certain product. From what I've seen, for example, with SD-WAN that Cisco used to build, which was similar to the VPN for FortiManager, it was quite easy to implement in comparison. 

The scalability has room for improvement. The solution is available in both a hardware and a virtual machine model. The VM model is scalable by simply adding additional licenses, but the hardware model has scalability limitations.

You cannot integrate with other solutions, so they should allow integration with Cisco and Juniper. It'd be great if we could log into other provider equipment on Fortinet FortiManager.

The rules need to be more flexible. I prefer configuring rules and the VPN on the standalone device, not on the manager.

Within the management of some features on FortiManager, specifically the management of user objects used for VPN service, FortiManager is quite weak. This was the case as of the time when we deployed them, which was one software cycle ago. I don't know whether that deficiency was fixed, however, we found it was easier to make changes to the VPN user objects, and local user objects. It was much easier to make the changes directly on the firewall than with FortiManager because in FortiManager you have to go through different windows, and even the CLI, in order to make the changes to the user database. It's just a matter of improving the UI, being able to manipulate objects that could be manipulated using the firewall GUI for example. It's just about expanding the features of the product so that whatever you can do on the firewall, you can also do it at the same level of convenience on the FortiManager.

The fabric for integrations or connections could be improved. This would make a big difference for some customers. 

We are not missing any features at this time. I don't have any expectations about additional features.

The storage could be better for logs. There is a degradation of performance if we activate logs on FortiManager.

The solution has to be enhanced to manage new switches.

I didn't use the alternative FortiManager yet, so I'm happy with the FortiManager right now. If I use some other product, then I should be able to isolate things, and I'd like some sort of isolation feature in the product. There's nothing I can say that's a negative point. 

When I started, it was a bit difficult, however, now it's okay. It can be a bit complex for basic users.

If I'm defining a subnet, I need to define it in two different locations. We have to create the subnet and then name it as well. So there are two different ways to define a single subnet, and it should only be one.

Its licensing model should be improved.

FortiManager could be more user-friendly.

If you have more than one FortiMail device, you can't manage it then with FortiManager on FortiGate.

It needs more integration with more Fortinet devices. 

For how we use the solution, we do not need any new features. 

The interface could be improved. It is split up into different areas, which makes it more difficult to navigate and get the right section of the correct file.

I would like to be able to manage other products such as Endpoint and FortiAnalyzer through FortiManager. That is, the integration with other solutions needs to be improved.

It would be helpful if we can manage all Fortinet products with a simpler GUI. FortiManager's GUI is complicated in comparison to that of FortiGate.

The solution is very good; I'm not sure if I can think of any features that are lacking.

The GUI could be updated. It's not as good as it could be and is something the solution should improve in an upcoming release.

It would be nice if there could be more reporting included in the solution so that we could get more details about an individual user's profile.

Regional support in African countries needs to be improved.

Areas for improvement in Fortinet FortiManager are scalability and stability.

We have some visibility issues with the reporting. As the reporting is not properly available, we have to use many tools to get a meaningful outcome of the reports.

There should be training available for the clients. Cisco, for example, provides training hours or credits at the time of purchase. People should get some kind of coaching on how to use this solution and various features rather than depending upon the support partners.

The reports are available separately, but they should be a part of the standard product.

We have experienced a series of minor bugs that necessitated contacted technical support on several occasions.

The GUI is not ideal. It needs to be improved. It should be more user-friendly.

I'd like to see the improvement of wizards when it comes to pushing policies and copying, VPNs, etc. Sometimes Fortinet changes its subscriptions. A few years ago Fortinet Firewall had capabilities for use in the cloud environment; they then changed the subscription and it was no longer part of the subscription, forcing the customer to buy an additional license. The technical support needs to improve. They moved their call center to India and although I have a special PIN code for the support team, they hang up after a minute or so and I need to redial. 

FortiManager would be improved by putting everything into a single console, including Microsoft O365 integration. Its stability could also be better.

The user interface itself has areas that need improvement.

It would be very useful if they come up with a feature or a process that makes the transition of the interfaces between virtual domains easier. It's a difficult process to transfer one interface from one virtual domain to another.

We find that several vulnerabilities are showing up every week, so we have to check every time with the customer to make sure everything is okay and to apply patches when needed. The frequency is a little disarming. So, the product is not very stable. 

There's nothing special about it compared to other vendors, except for its simplicity.

This solution needs more experienced technical support staff.

In the next release, FortiManager should include more protection features.

The compatibility with legacy products should be better. It would also be nice if the software could manage other devices from Fortinet and third parties.

Fortinet is releasing quite a lot of new versions and I would say that most of the versions are not well tested before they're pushed out. Even the new versions sometimes are a bit buggy before it's all correct.

The product could be improved by making it a little easier to configure. Sometimes it's a  bit complicated to find the right way to configure. For example, if you want to have a link between a FortiGate to a FortiSwitch, sometimes it's not so clear. Sometimes there is a problem because U.S. FortiGate has one version and FortiSwitch has another version of the operating system and it's difficult to create, to have a link between two devices, and we have to do an upgrade before using it.

I would like the configuration to be easier. If that is solved then the product is perfect. 

The areas that need improvement are implementation and support. In terms of implementation, it mainly needs clear documentation. There are many features that are not mentioned in the documentation.

The solution could improve by having better integration with other solutions other than Fortinet.

Performance issues should be improved. We have problems when we have more mobile connections than local devices. Most of us have two to three devices. 

Finetuning and performance tuning need improvement.

Fortinet develops many different solutions but only some of them can be managed using FortiManager. For example, if you have a load balancer then you have to have a separate manager. Having FortiManager work with all of the Fortinet products would be a good improvement.

The GUI and the whole process of configuration should be improved.

The response times from technical support need to be a bit quicker.

FortiManager could be simpler.

The FortiManager is more complex and they can make it easier to use the VPN manager. All other features are okay. However, the VPN manager is more difficult and can cause some issues in the environment, if you do not have the experience to use it.