Reviews (1-25 of 45)
- Ease to configure policies
- VPN performance
- Active directory integration.
- Not so scalable, if you need more performance you need to buy another device
- The traffic shaper could be better
- The Wan load balance could be better
- The GUI is very simple and understandable.
- It is a very cost effective firewall with all the enterprise grade features.
- There are some bugs in the newer versions and patches.
- Sometimes the firewall gets stuck we need to do a hard reboot which impacts the production.
1. How do we reduce the costs incurred securing our infrastructure and assets, while at the same time not exposing those assets to undue risk; and
2. How do we simply our infrastructure, while increasing our visibility into those assets, with the limited resources available.
Fortinet Fortigate solved both those questions, and actually improved our security posture.
- Fortinet Fortigate created a simplified cost structure for every device we installed, saving our company thousands of dollars compared with our previous vendor of choice.
- Fortinet Fortigate firewalls contain a tremendous and robust feature set allowing our organization better protection while reducing the number of devices and software required to do similar functions if we went with our previous vendor.
- When we switched to Fortinet Fortigate, it took some time getting used to and become familiar with the new interface. Being used to strictly command-line interfaces, a full GUI-based firewall was something brand new. Careful planning had to be done when creating rules to ensure we didn't miss anything. However, once we got used to the new GUI interface, going from one Fortinet product to another was simple, as Fortinet used the same interface for all of its devices.
- Allow secure access to the network for external vendors.
- Protects the network from nefarious online activities
- It gives us granular control over what we allow in and out of the network and the flow of traffic between network points (LANS & WANS).
- It allows us to connect multiple offices over WAN connections.
- Training - The software and device is complex I believe free training should be offered for administrators to become experts on how the device function as opposed to learning by a bit of trial and error or discovering useful features only when the necessity arises. Companies usually like to avoid the added costs of training. Therefore, free training courses to certification would benefit all shareholders and lead to even further widespread adoption over the competition.
- Any simplification of the user interface to implement essential security features would be welcomed. It can be relatively daunting for a new administrator, especially if having to use the command prompt.
- More screenshots in the online documentation or more videos to guide admins on how to implement useful security features I find the documentation online sometimes a bit hard to follow. Still, if screenshots were added, it would simplify the process.
- It's easy to stand up-the registering process is straight forward.
- The flow of the GUI is second to none- easy to navigate.
- One thing that I have noticed with other vendors like WatchGuard is the automatic creation of policies when configuring a VPN tunnel. That helps speed up the configuration to get that tunnel up faster.
- I would also like to see a traffic monitor that shows all live traffic coming in and out. A great tool to use for troubleshooting, that's a feature on the WatchGuard that I like.
- Very effective firewall. If set up correctly, creates a very secure environment.
- Amazing price when compared to same feature set as other prominent firewalls.
- Updates. I have an HA pair but I always lose connection for a minute or two when upgrading.
- Interface display. I have a bug where I have to refresh several times to view policies and objects.
- Compared to Palo Alto, FortiGates are significantly less expensive. I would advise organizations to use them in cases where funds are limited.
- FortiGates are easy to configure via GUI - it is very simple and logical. Compared to Palo Alto or Cisco ASAs, Fortinet products are easier to work with for less experienced admins.
- Web filtering subscription services are not as good as Palo Alto's. Palos had a smaller number of false negatives in my experience.
- Log filtering is better on Palo Altos. It is easier to find log entries for particular events on the Palo Altos.
- Ease to deploy and manage.
- Very cost effective when compared to competitors.
- Good, local, reactive support.
- Upgrades are always "risky" (usually wait for 2 upgrades before upgrading).
- Some of the settings don't make sense at first look.
- My favorite aspect of the Fortigate product is the ease of use. The GUI is very easy to get around. The products rules and configuration are easy to learn and apply. The informational tools are easy to look at and produce results that are intuitive and quick to assess.
- Another great attribute of the FortiGate product was reasonable pricing for the product and then the ongoing support. Living in the SMB space with tight governmental budgets is a huge factor in all my decisions. When a company like Fortinet comes along and produces good products at very reasonable prices it is good for SMB companies like mine. Many vendors price their products in a fashion that is beyond consideration by SMBs like myself.
- Support is always a big factor in consideration of any product for our organization. Fortinet support has been extremely good. They have provided an onsite engineer at no cost to help us design, implement and maintain new products when needed. The call support has also been excellent, with quick response times and knowledgeable technicians.
- It looks like they are making an effort to produce a centralized management interface with the integration of switches and APs into the FortiGate interface. They have a good start, but it needs continued work. While you can do some basic tasks for these external devices in that GUI, you must change over to the main browser page of the device itself to do many configuration tasks and check performance issues. I hope that they will add all this functionality into the main FortiGate GUI.
- One other area of improvement I would like to see is the time to show real-time events in log screens. The results always seem to be a bit behind and you have to refresh to get them to show current things. The FortiAnalyzer product that works in conjunction with the FortiGate firewall addresses this but it would be nice if the default logging was more timely.
- The GUI is easy so that is a major plus.
- The cost is really good. Others we've seen are pretty costly, especially if you are on a budget.
- An engineer to help with the installation at no cost is really good. Too many times you had to pay for that and travel at times.
- Management needs a little work but we can get by with a few tweaks.
- Real-time would be good.
- Some logging features could use a little lift but not too bad. It depends on what you're looking for.
- Secure the network from botnet, spyware.
- You can use URL filters to block certain pages by content or categories.
- Great site-to-site VPN.
- Command line interface is a little bit hard to use.
- HA is not reliable.
- VPN - Great for remote users.
- Site-to-site VPN.
- Prevent any unwanted connection from outside.
- Firmware releases - Sometimes you have to follow an upgrade path. If you don't follow it, you could brick it.
- User-friendly interface
- Detailed logs
- IDS and IPS work without any problems
- Easy to set and manage rules
- User documentation can be more detailed
- FortiClient - the app for VPN connection sometime get errors
- Another problem we did not find
We also use Fortigate captive portal with their 2FA (mobile or physical) keys to offer an additional validation before accessing our service backend networks.
- User authentication inside firewall rules. It is practically seamless and really easy to setup.
- Management of firewall rules via the GUI.
- Management of IPS rules via the GUI.
- Forticlient with SSL VPN causes a lot more problems than it solves. Windows and Mac updates keep breaking the Forticlient and it takes weeks to get updates. Fortigate updates also sometimes break the SSL VPN. Forticlient crashes and the only fix is to restart the computer to restart the VPN driver. We had this problem for 3 years and they still don't have a fix for that. We now use L2TP-IPsec and Cisco-IPsec with Windows and Mac embedded VPN clients because of all that.
- Memory issues with IPS. We tried all the firmware versions and IPS engines given to us by the Fortinet support and we are still experiencing memory leaks once in a while with the IPS engine. The only provided solution is to restart the IPS engine via CLI.
- FortiView only works properly if you disable ASIC routing. Their marketing always says that their ASICs is the reason their appliances are better than competition but you can't use it if you want reports or to be able to drill down on network usage.
- Every time they release a new firmware version, it takes 3-6 revisions for it to be free from major bugs. We are still waiting for a 5.6 revision that will not have major bugs within the features we use.
- Active-Active clusters do not offer much resilience when problems are software based. If for example the IPS engine has a memory leak, it will not automatically fallback on the other Fortigate, even if the primary one reboots.
- Everything related to virus, spam and intrusion detection (Forticlient, IPS, mail antispam, etc.) needs a lot of tweaking otherwise you will get a lot of false positive. It is also lacking in the type of actions you can do when those are detected. It is designed more for blocking than anything else.
If you need a lot of those features and you are ready to put the time into tweaking your FortiGates, I really think it will give you the most value.
If you have the money to buy the best VPN appliance, the best Firewall, the best IPS appliance and the time to set them with each other then FortiGate is not for you. If money is not the main concern and you only need the best, FortiGate is not for you but I really doubt it will be the case for most.
- SSL VPN works well and is very configurable for controlling access to internal network resources based on user groups.
- Fortigate also manages our wireless AP and many SSIDs can be created with either WPA or Enterprise WPA with radius for greater security
- IPSec VPNs easy to configure between fortigate devices but also not that difficult for other IPSec compatible devices
- Initial learning curve was difficult coming from a Symantec/Raptor background but not a huge deal
- Creating and managing access control policies that allow specific traffic in and out of the network. Once you get it set up, it's easy to create new policies, specify ports, and configure IP ranges.
- Active-Passive failover works well.
- It generally works pretty well without much care and feeding.
- Their web filtering module makes it pretty easy to block malicious websites quickly.
- We tried to roll out the client about five years ago. This is used both for VPN, as well as antivirus/web filtering. Any policies set at the firewall would be automatically pushed to the client and enforced. It was a great idea, but the drive mapping feature never worked consistently in our environment, so we were forced to find alternative solutions for both VPN and antivirus. Too bad, really.
- We have had a couple times when one of the firewalls would hang for no apparent reason. Support engineers were never able to pinpoint the problem either time. It only happened a couple times.
We have many policies, with some schedule, very easy to use.
- Site-to-Site VPN. Easy to setup, and reliable.
- Not the best strength of the Fortigate, but very powerful.
- Firewall Policies. Drag and drop, dropdown, schedule, etc. Simple.
- NAT publishing is a bit a pain. Need to create virtual service, virtual address, virtual IP, and publish it thru a policy... so many clicks.
- SSL VPN isn't very reliable, a lot of 98% Connecting issues.
- Monitoring and Troubleshooting can sometime be a pain.
Both a small office and a large datacenter can use the power of a Fortigate.
FortiGate Scorecard Summary
Feature Scorecard Summary
Fortinet’s FortiGate is a firewall product with high integrability. It can be deployed on-premises or as a Virtual Machine in a variety of modules. The granularity of the product enables buyers to tailor their purchase to their business needs. FortiGate integrates into multivendor environments, including IaaS cloud platforms and public cloud environments.
FortiGate’s functionality includes the core firewall features, such as intrusion prevention, anti-malware, and web filtering. It also includes SSL inspection, threat protection, and scalable segmentation, all within low-latency standards.
FortiGate Technical Details