Likelihood to Recommend For FortiGate Firewall, the basic functionality and requirement is met easily as Fortigate is among market leaders in NGFW. There are some extra points that inclined us to use Fortigate as our main Firewall. [Fortinet]Fortigate has a very well refined and functional SD-WAN solution when it comes to load balancing for normal Internet Traffic. SD-WAN - Load balancing of Internet traffic is a USP of Fortigate and makes it stand tall in the competition. Be it 3 or more Internet Links, multiple Subnets/segments of users to distribute and bandwidth load balancing for links and users. SLA based monitoring of Internet Links / MPLS links, makes it even better to choose the links on the basis of performance (Latency, packet loss, Jitter etc). SSL VPN configuration - The deep CLI-level debugging is also very helpful in troubleshooting. Type of tunnel can be easily configured - Full Tunnel or Split Tunnel for SSL. Though, I think Fortigate is one of the best options for small and mid-sized organizations, there are some areas for improvement. First, the CLI interface is very hard to adapt as the commands and directory hierarchy is very different for common syntax and standards.
Read full review Any scenario where a dedicated firewall administrator is on staff and a secure firewall solution that requires high availability is needed will be a good solution for the McAfee Firewall Enterprise product. The McAfee Firewall Enterprise however comes with some of its own parlance that is different from other vendors and does require some comfort on the administrators side when it comes to working in the command line. Added knowledge of protocols and how they interact is a must for any firewall admin but particularly for the McAfee Firewall Enterprise product due to its flexible nature. If the environment is to be mostly hands off where a very limited rule set is to be configured and not likely to change often, I would defer to a different product
Read full review Pros It is the most reliable NGFW that we have ever been touch with it. You can easily upgrade the firewall cluster firmware without user attention!!! User IDentity based feature is fantastic and intrusion prevention just works with least false-positive possible. Very reachfull and intuitive GUI, just love it Read full review Based on the SecureComputing Sidewinder firewalls, the McAfee Firewall Enterprise does similar backend containerization of each service which provides for added security in the unlikely event of failures or breeches. Tie in reporting services (if used by the admin) provide very granular details on rules accessed and the firewalls response to the requests. Configurable options are plentiful. Unbound DNS can be configured on each "burb" (SecureComputing/McAfee parlance for interface), similar options for sendmail while rulesets can be configured at the application level down to simple IP-filter making options for enhancing security as well as troubleshooting equally as useful. Full control over shell for scripting and/or scheduling (cron) purposes. Solid HA and patching architecture. Support was always helpful, knowledgeable and insightful (especially the staff that migrated from SecureComputing). Read full review Cons When we switched to Fortinet Fortigate, it took some time getting used to and become familiar with the new interface. Being used to strictly command-line interfaces, a full GUI-based firewall was something brand new. Careful planning had to be done when creating rules to ensure we didn't miss anything. However, once we got used to the new GUI interface, going from one Fortinet product to another was simple, as Fortinet used the same interface for all of its devices. Read full review For an application-layer firewall the applications supported (at the time I managed them) were too few and would need to be expanded and the application ruleset needed to be expanded as well. The remote access VPN client configuration was overly complex for the average user and would need to be supplemented with a configuration file that had already been generated. Other solutions from CheckPoint or Cisco ASA are not as complex for end user remote access. Enhancing the GUI with a builtin "packet capture" feature would be useful for administrators not familiar with tcpdump. Read full review Likelihood to Renew Fortinet's products have kept improving with new software releases and they continue to deliver great value. Their support is also very good. I believe that as a small enterprise, their products have given us competitive advantage delivering features and functionality that enable us to innovate and do things better. They also continue to be a leader in the markets they serve.
Read full review Usability The user interface shared among many simultaneous users is very easy to get around. With shared favorites among users, most tasks are easily bookmarked and can quickly be found and edited. Their strategy for web filter integration is easy to understand and manage as well. With some general direction, setup and maintenance were easy to do and easy to teach others in the organization to do as well.
Read full review Reliability and Availability We had didn't any hardware failures at our two main office locations and upgraded our units last year after using them for about 5-6 years
Read full review Performance Good performance and really good integration. We have integration with Microsoft AD.
Read full review Support Rating We live in Turkey. Fortinet's Turkey office [dealt] constantly with us in our every problem or our experience. In addition, global support teams also supported every ticket we opened in every problem we encountered. They support innovative approaches and evaluate and offer solutions. In this context, they were very supportive of the problems we encountered in previous versions.
Read full review In-Person Training I received it a couple years afters use it and it was just to confirm my knowledge about the tool.
Read full review Implementation Rating Make sure that you have the most current version of FortiOS. Make sure all Fortigates are on the same version
Read full review Alternatives Considered [Fortinet] FortiGate is not only cost effective but it gives the comprehensive security against the APT attacks and gives the complete traffic visibility and granular control. You can easily create the VDOMs (Virtual firewall) within a Fortigate firewall and customize the dashboard as per your requirement if you have multiple VDOMs within a single firewall.
Read full review Compared to other firewalls I've managed (Palo Alto, Cisco ASA & CheckPoint) I would say that McAfee Firewall Enterprise was probably at the time not the leader in its field however it is a product that proved its reliability and flexibility over the other vendors. The addition of many new features usually comes as a detriment to some other area (restricted CLI, decreased logging etc.). In my experience this product gave the flexibility and options that the organization needed.
Read full review Scalability My environments are pretty small (less than 100 users per location) so no issues here.
Read full review Return on Investment Fortigates have an interesting bundle model for support and subscription services that make it an attractive option to deploy Firewall, IDS, Ant-virus, anti-SPAM in a single device. The cost of the bundle is pretty much what you pay for the device, not requiring huge expenditures on it's time to renew the hardware. Read full review In its highly available configuration the impact on any business objective has been positive given the fact that any downtime of the firewall would negatively impact all business objectives. Read full review ScreenShots