TrustRadius
FortiGate, from San Francisco-based company Fortinet, is a firewall option.https://media.trustradius.com/product-logos/xg/Td/W8SSKHRTKKEC.pngFortinetFortinet FortiGate Review2019-06-05T21:24:05.054ZFortinet Fortigate is a complex solution to assure the security of your network perimeter. It has a very simple interface with sufficient functionality. We like this tool because it is easy to install, easy to administer, has a good price, and good protection. We would say that Fortinet Fortigate is the best in its class because of its high availability, speed, resilience, and the vendor offers very qualitative support.,Very easy-to-use interface
Good resilience
High availability and speed
Easy installation,More complex configurations must be done via the console
Licensing options can be improved,10,We are more secure with Fortinet FortiGate.
We have the possibility to administrate servers with VPN and to do daily work with VPN.
Monitor and prevent cyber attacks.,Cisco ASA,McAfee NAC (Discontinued), Cisco IronPort Web Security Appliance, Cisco Aironet and Catalyst Access PointsNeil JohnsonEverything you need to know about Fortigate before buying it !!2017-11-28T20:05:09.579ZWe use FortiGate mainly for internet gateway and IPS at each of our offices. It offers us IPS, Firewall, VPN and many more features for a competitive price.
We also use Fortigate captive portal with their 2FA (mobile or physical) keys to offer an additional validation before accessing our service backend networks.,User authentication inside firewall rules. It is practically seamless and really easy to setup.
Management of firewall rules via the GUI.
Management of IPS rules via the GUI.,Forticlient with SSL VPN causes a lot more problems than it solves. Windows and Mac updates keep breaking the Forticlient and it takes weeks to get updates. Fortigate updates also sometimes break the SSL VPN. Forticlient crashes and the only fix is to restart the computer to restart the VPN driver. We had this problem for 3 years and they still don't have a fix for that. We now use L2TP-IPsec and Cisco-IPsec with Windows and Mac embedded VPN clients because of all that.
Memory issues with IPS. We tried all the firmware versions and IPS engines given to us by the Fortinet support and we are still experiencing memory leaks once in a while with the IPS engine. The only provided solution is to restart the IPS engine via CLI.
FortiView only works properly if you disable ASIC routing. Their marketing always says that their ASICs is the reason their appliances are better than competition but you can't use it if you want reports or to be able to drill down on network usage.
Every time they release a new firmware version, it takes 3-6 revisions for it to be free from major bugs. We are still waiting for a 5.6 revision that will not have major bugs within the features we use.
Active-Active clusters do not offer much resilience when problems are software based. If for example the IPS engine has a memory leak, it will not automatically fallback on the other Fortigate, even if the primary one reboots.
Everything related to virus, spam and intrusion detection (Forticlient, IPS, mail antispam, etc.) needs a lot of tweaking otherwise you will get a lot of false positive. It is also lacking in the type of actions you can do when those are detected. It is designed more for blocking than anything else.,7,Because we use FortiGate in all our offices and all FortiGates run on the same firmware/OS, it is really easy to setup cross-site configuration or deploy firewall/IPS rules company wide.
Fortinet always does things a bit differently than the rest which sometimes makes it easier to set up but most of times means that you need to contact support or search online to know what options really do. This can cost a lot of man-hour in the long run.
The man-hour needed to fix or workaround all the small bugs as to be the most impacting thing to consider before buying FortiGate. If you really use most of the features, you will need to put the time into learning this product. Also for some reason their support doesn't seem to be trained on a lot of features they have inside the product. I often have to link Fortinet documentations to the support technician for them to even understand which feature I am trying to implement.,Sophos Firewall, Palo Alto VPN Appliance, Palo Alto Networks Threat Protection and WatchGuard NGFW,Microsoft System Center Configuration Manager, System Center Operations Manager, Cisco Ethernet Switches, Nginx, Microsoft Office 365, SysAid,Yes,Price
Product Features
Existing Relationship with the Vendor
Positive Sales Experience with the Vendor
Analyst Reports,If we had to do it again now we would probably evaluation the more expensive options that were out of the budget at the time. Now though we have so much time and experience on the platform that the alternatives would need to be an order of magnitude better even with the bigger budget.,Yes,Our SE always provides support that goes beyond what is expected.
One time we were diagnosing a slowness when doing SMB traffic over L2TP VPN and even though support was trying to help but not finding the problem our SE was continually giving us things to try in parallel and in the end it wasn't even the Fortigate that was causing the problem, it was some regkey in Windows.,7,Windows and macOS embedded VPN clients
FortiManager
FortiAnalyzer
FortiAuthenticator,OpenVPN as a VPN client
Clearpass,File import/export
Single Signon
API (e.g. SOAP or REST)
Javascript widgets,7,You should probably stick to Fortinet products if you want to use Fortigate as they are not the best at being vendor agnostic. Sometimes they will use standard protocols and it will be possible to use third party but you will need figure out mostly by yourself if it's even possible and then how to do it.Marc-Olivier Turgeon-FerlandFortinet FIrewalls2017-04-18T19:12:28.479ZFortinet's version of throughput is good and It has a strong active cluster, as you can have between three and 32 units to a cluster. The most important factor is that you choose a firewall or UTM solution that fits your organization's security requirements. Begin by determining what business problem you are trying to solve, what technical controls you need to implement (Firewall, IPS, NAC, VPN, endpoint, mobility, web filtering, malware detection, etc.). Then, determine what hardware features you need such as (HA clustering, link aggregation or 10Gb, port density), and what kind of throughput, and how many concurrent connections.,Easy to set up
9/10 Customer Service
9/10 Technical Supports
Multiple layers of security,Security
LAN
WAN,8,With the Fortinet solution store connectivity can be restored in about 20 minutes. Estimating an average of one outage a year and a potential for average hourly earnings at a store of $$$ an hour,Cisco ASA,No,Price
Product Features
Product Usability
Product Reputation
Prior Experience with the Product
Vendor Reputation
Existing Relationship with the Vendor
Positive Sales Experience with the Vendor
Analyst Reports
Third-party Reviews,Yes,10,No,Great with 4-Hour On-site Engineer: Parts delivered on-site with an
engineer, 24 hours a day, 7 days a week within 4 hours
of RMA approval by Fortinet support.,GUI
Reports,Scripting,Yes, but I don't use it,10Adithyo Dewangga WijayaProbably the best Firewall wall.2018-02-12T22:18:12.326ZOur Fortigate is used as the primary network router and IPSec VPN access point. We have a hub [and] spoke setup between the main office and other remote offices. Users also connect to our fortigate to access the network remotely using SSL VPN with the FortiClient software installed on their PCs or using the SSL web portal.,SSL VPN works well and is very configurable for controlling access to internal network resources based on user groups.
Fortigate also manages our wireless AP and many SSIDs can be created with either WPA or Enterprise WPA with radius for greater security
IPSec VPNs easy to configure between fortigate devices but also not that difficult for other IPSec compatible devices,Initial learning curve was difficult coming from a Symantec/Raptor background but not a huge deal,10,Fortigate has made it easy for users to connect remotely and securely with Forticlient 2fa.
Fortigate has offered a number of devices that are appropriately sized for the various locations so we never have to over purchase.
Fortigate allows us to have multiple links between locations for redundancy making it easy to keep users connected.,,100,2,Remote access for users
Inter-office VPN links using SD-WAN
Network segmentation to protect and isolate various network segments
Wan failover
source and destination routing of network traffic,SDWan has allowed us to utilize our multiple internet circuits to provide the best connection for inter office VPN. Before using SDWan features, we would have to be continuously monitoring VPN links and manually switching routing priority from links with degraded performance. This resulted in numerous complaints from users, but now SDWan keeps choosing the optimal circuit between ISPs which has dramatically improved things,We are hoping to use more SDWan features in the future to segregate the types of traffic on our VPNs, so that higher priority business traffic is placed on premium DIA circuits, and backup replication traffic is placed on cheaper broadband circuits. Currently we have to use all traffic on the same DIA link which is less capacity and is expensive.,10,Yes,9,No,My last support call was with a SSL VPN portal issue which had to be escalated to a level 2 engineer. The engineer came up with a way to troubleshoot the issue which was affecting another product we were testing, and even spent time on two calls with engineers from the other vendor so that we could find a work-around. This went on for about 3 weeks and he constantly updated me with progress he was making.,8,10Adrian CumberbatchFortinet FortiGate 1500D Series Product Review2019-02-28T18:28:57.883ZWe have two FortiGate 1500D firewalls, one at each datacenter. They are configured as active-passive. All traffic coming and going passes through them for the entire organization. This ensures that all packets to and from users are managed and controlled.,Creating and managing access control policies that allow specific traffic in and out of the network. Once you get it set up, it's easy to create new policies, specify ports, and configure IP ranges.
Active-Passive failover works well.
It generally works pretty well without much care and feeding.
Their web filtering module makes it pretty easy to block malicious websites quickly.,We tried to roll out the client about five years ago. This is used both for VPN, as well as antivirus/web filtering. Any policies set at the firewall would be automatically pushed to the client and enforced. It was a great idea, but the drive mapping feature never worked consistently in our environment, so we were forced to find alternative solutions for both VPN and antivirus. Too bad, really.
We have had a couple times when one of the firewalls would hang for no apparent reason. Support engineers were never able to pinpoint the problem either time. It only happened a couple times.,7,It's performed as expected. I think that is about as good as it gets for an appliance that's sole job is to be invisible. In an environment with staffing challenges, it's imperative that we pick solutions that make our jobs more manageable. I would put this product in that category.,,Nutanix, Nutanix Prism, Exagrid EX Series, SolarWinds Network Device Monitor, Barracuda Load Balancer, Zoom, Ivanti Endpoint Manager (formerly LANDESK Management Suite), Sophos Endpoint Protection, ForeScout CounterACT, Dude Solutions Help Desk (formerly SchoolDude)Shawn UmanskyExcelent solution, ease to configure and manage with a low cost2019-01-24T19:50:42.786ZWe have been working with this solution over 5 years and we are very satisfied. We use it for one of our offices and the configuration is very easy and intuitive. You can apply policies by address or by user, the integration with Active Directory is not complicated, the cost of the solution is cheaper in comparison with other vendors and including the same solutions.,Ease to configure policies
VPN performance
Active directory integration.,Not so scalable, if you need more performance you need to buy another device
The traffic shaper could be better
The Wan load balance could be better,10,Improve the process agility
Help us to offer a better service to our users
We improve the perimeter security,Check Point Next Generation Firewall and Palo Alto Networks Next-Generation Firewalls - PA Series,Cisco Webex Room Series (formerly Cisco Spark Room Series), Jabber, SysAid, Trend Micro Worry-Free Business SecurityMauro Osvaldo Sepulveda GutierrezGreat solution for all budgets2017-11-29T17:51:56.523ZWe use Fortigate in 3 locations, for a total of 5 units (two locations are clustered). Mainly used as router / NAT, we also use it for a large number of Site-to-Site VPNs. We have also recently started using it as IPS, Antivirus, Webfiltering, etc.
We have many policies, with some schedule, very easy to use.,Site-to-Site VPN. Easy to setup, and reliable.
Not the best strength of the Fortigate, but very powerful.
Firewall Policies. Drag and drop, dropdown, schedule, etc. Simple.,NAT publishing is a bit a pain. Need to create virtual service, virtual address, virtual IP, and publish it thru a policy... so many clicks.
SSL VPN isn't very reliable, a lot of 98% Connecting issues.
Monitoring and Troubleshooting can sometime be a pain.,9,They are very cheap compared to other solutions, the ROI is very easy.
When used as a router, you can use the IPS between VLANs, and catch the problem before it hits the antivirus.
All-in-One UTM, don't have to log to many UIs to manage your network.,WatchGuard NGFW and pfSense,Remote Desktop Manager, Microsoft Data Protection Manager, Microsoft System Center, FreeNAS, ownCloud, Microsoft Office 365,No,8,Yes,During an upgrade, some of the feature stopped working, and everything was down. We called them, and they assisted us, step by step, to reverse, and get it back online. It was in the middle of the night and support was very helpful. They came back to us after with the solutions, and a fix, so we could do the upgrade again.Tommy BoucherFortinet FortiGate - Fantastic platform, hardware and service!2019-03-06T18:51:52.699ZWe are using Fortigate Firewalls at all of our properties, from large campus installs to small branch office locations. We use Fortigate units to route traffic and as a Next Generation Firewall, to allow policy based security at all of our locations. The Fortigate units allow us to secure our networks, while providing a great experience for our administrators,Simple but complete GUI allows for easy management.
Intuitive CLI allows experienced CLI users from other platforms to come up to speed quickly.
Unit comes out of the box with a feature rich logging capability, FortiAnalyzer brings it to the next level and is very easy to install.
Licensing is easy to understand, The device is a single line item and support has 2 options 8x5 and 24x7.,Fortigate's SSL VPN client isn't available via MSI with an easy options for mass deployment and configuration out of the box. You need to have a Fortinet Developer Network license to create a custom deploy image.
Fortinet's after hours support is overseas and is adequate. Not stellar.,10,Increased visibility into our traffic flow
We've experienced no outages during business hours since installing the devices 4 years ago.,Palo Alto Networks Next-Generation Firewalls - PA Series, Cisco ASA and Check Point 12000 Appliances,FortiClientVerified UserFortinet Fortigate - my top choice for medium enterprise networks.2017-10-10T21:30:22.665ZThis device is being used across the entire organization. We are using it as our primary Internet facing firewall. It is protecting our network from outside threats and ensuring that the users inside the organization are protected as well. All authorized users have access to the FortiClient VPN software so they can access resources from remote locations.,VPN client is easy to use and can be customized for your organization.
All features are enabled on the firewall with little to no impact on performance.
Easy to configure interface on the firewall but also has a command line available for high level admins.
Excellent technical support department - very quick response time.
Pricing was amazing compared to peers.,Sales team was lacking information (type of licensing, hardware model, etc). Make sure you ask lots of questions.,10,The sales team recommended the wrong product for us initially. It was unable to keep up with the traffic load at our location, even with everything disabled. They resolved the issue by finding the appropriate device for us and giving us a steep discount due to the previous issues.
Since switching to the appropriate hardware we have had an increased in availability. No longer experiencing outages or slowdowns due to insufficient equipment,,Cisco ASA and SonicWall TZ,Cisco ASA, Cisco Catalyst, Ubiquiti WLAN,NoVerified UserA mature security solution2019-05-13T15:45:14.192ZFortinet FortiGate is a mature solution that help us to assure perimeter security of our network. The implementation was pretty easy. We purchased support from the vendor for implementation. The integration with another solution is very easy: SIEM, DLP, proxy. Very user friendly interface and very intuitive. Detailed logs that can be easy send to the SIEM solution.,User-friendly interface
Detailed logs
IDS and IPS work without any problems
Easy to set and manage rules,User documentation can be more detailed
FortiClient - the app for VPN connection sometime get errors
Another problem we did not find,10,Assure security of our network perimetre
Assure compliance with international standards
VPN connection for remote administration
Prevent and detect counterattacks,,Cisco IronPort Web Security Appliance, MobileIron, ManageEngine Password Manager ProVerified UserFortinet from a SysAdmin perspective2017-03-13T15:29:08.426ZFortigate is a very simple solution to deploy and it helps to handle web users and to apply policies to those users according to departments or user's roles. This solution was deployed across the whole organization and it helped to manage limited resources as well as network bandwidth. You can manage resources to power or limit users. You can always define new roles and filter websites accordingly.,Web filtering. It has specific categories to filter web pages. You can always customize them and also create new ones.
Security. FortiGate provides a good security to guarantee that no users override the system.
You can find different categories where you can filter services. Something like IM, Social Networks, etc. You can also filter ports and create proxy-like routes.,I think that the GUI can be improved to make it friendlier.
License fee could be lower.
Logs and the information that comes out of it [don't have] much information to debug.,10,Fortinet helps you manage Internet bandwidth and web connections. This tool helps any IT admin to assign resources accordingly depending on the user's roles.
You can protect your network from viruses and malware by restricting access to unsecured websites.
You can use this tool when you have different networks on your domain.,,Avaya Communicator, Cisco Catalyst,700,4,Web filtering using the website lists
Grant different access levels to the web
Creating a DMZ in the network,The organization implemented a group of rules to give different levels of access to employees using their job functions.,Allow remote users to log onto the network.,10Verified UserFortinet for small business2019-03-14T21:36:53.752ZWe are using Fortinet FortiGate as our firewall for our office as well as its client VPN capabilities for certain users to connect back remotely. The firewall provides some website and antivirus filtering to help keep our network secure without solely relying on desktop antivirus programs. It's critical for some workers to be able to connect back to office resources securely with the client VPN installed on their laptops.,It's a cost effective solution for a smaller business like ours.
Consulting companies like the one we bought this thru offer support for the product
Performance of the firewall and VPN are good,The VPN client install is not very clear. It includes other features like antivirus that we are not wanting to use but you have to know where to look to prevent that from being installed.
Configuring the firewall is a bit complicated. It really helps to have someone familiar with it do that for you.,7,ROI has been good in that we had it installed and configured and haven't had to touch it. The initial cost was reasonable so the total outcome of expense has been good.,SonicWall TZ and SonicWall VPN Clients,Microsoft Office 2016Verified UserFortiGate Review2019-03-02T18:10:54.726ZFortiGate is used as our enterprise firewall used across the organization. It addresses securing our network from outside attacks with policy control, antivirus, IPS, application and web filtering.,Their ASIC technology has very high-performance. The hardware is fast.
Easy to manage. Rule creation is easy and flexible.
Logging is detailed. GUI allows you to add/remove columns to get the detail you want.,There seems to be a lack of quality control with new versions and service pack releases. GUI menus fail to load. Features get pulled out. What's in this release might not be in the next. Random bugs you would not expect to see.
Alerting options are not flexible. Very basic and limited options.
VPN logging is not very detailed for troubleshooting.,7,The bundled options reduce the need for multiple systems.
Firewall segmentation helps meet compliance requirements separating protected data from general data.,Cisco ASA,McAfee Web Gateway, SafeNet Authentication Service (SAS), Trend Micro Deep SecurityVerified UserBest for office location configurations2019-06-24T18:00:52.167ZFortigate is used by our organization as a firewall and a VPN for our office internet services and some datacenter configurations. We use multiple devices to manage internet traffic and also use it to gain access via VPN to our internet network.,VPN routing.
Firewall protection.
Traffic management.,Process of updating firmware configurations.
Licensing costs could be lower.
Having to look for updates for software.,9,Protection from attacks.
Protection for stabilizing our internet traffic.
Security to see any type of negative traffic by IP.,,Barracuda Web Application FirewallVerified UserFortinet FortiGate Review2019-02-28T02:40:42.756ZWe use Fortinet FortiGate as our firewall at all three of our offices. We use the Fortiguard service on the firewalls, which includes anti-malware, intrusion protection and the Next Generation Firewall. Before we added the Fortiguard services we were unprotected against bad actors from around the world trying to brute force our RDP servers. Now I am confident that all of those actors are being blocked/banned at the firewall.,The Fortinet FortiGate firewall software includes a full function graphical user interface that makes firewall administration easy without having to know the command line interface commands.
The FortiGate does an excellent job of protecting devices behind the firewall, its integrated Spam, anti-malware and IPS services all work very well.
FortiGate licensing costs are reasonable and much more affordable that Cisco's offerings.,The only complaint I have about the FortiGate is the fact that the advanced services like IPS, anti-malware and spam filtering are add-on services. It would be great if they were a part of the firewall offering.,9,The Fortinet FortiGate allows us to meet our business objectives of keeping our data and systems safe from external actors with bad intentions. Without FortiGate I could not rest easy at night knowing the sheer number of attackers trying to access our network on a daily basis. With FortiGate, I sleep like a baby at night.,Cisco ASA,Captora, Microsoft Office 365, Hyper-VVerified UserFortinet and Fortigate: A force to be reckoned with!2019-02-15T21:56:13.148ZOur company decided to switch from Checkpoint to Fortinet as a corporate standard. I've used Fortinet products for the last 10 years, and have been incredibly happy with the ease of use, and support resources are not as hard to find as they are for Checkpoint. Additionally, the integrated SD-WAN in more recent versions made us start running out of reasons why we SHOULDN'T use Fortinet FortiGate firewalls.,Integrated SD-WAN functionality
Best in class threat protection
Single pane of glass (Instead of three in checkpoint),Breakout switch still required to share ethernet connectivity with redundant pair.
CLI could use some improvement but is overall good.,10,Positive: SDWAN functionality as part of the software package was the big win.
Positive: Low spend allows our company to put our money to use on other projects. We are big fans of getting more done with less money spent.
Positive: Threat detection and prevention is best-in-class.,Check Point Next Generation Firewall and Cisco ASA,Juniper Secure Access SSL VPN, Check Point 4000 Appliances, Cisco ASA, MikroTik Routers and Switches, MikroTik Cloud Router Switch, pfSense, Cisco MDS 9100, Cisco MDS 9500, Ubiquiti Networks UniFi, Ubiquiti WLAN, Ubiquiti Wireless WAN, Ruckus ICX Switches (formerly Brocade ICX Switches)Verified UserHigh quality experience of network security and traffic control in a single appliance2018-08-09T16:03:52.551ZWe use it as our internal and external firewall. It is also used with all security options, including DDOS protection, in our branches.,Web filtering, which protects the users browsing to non-secure websites
Network security between different networks
Traffic shaping control for users and applications,Traffic shaping options based more on layer 7, so you could have a more detailed control over the exact sites users are browsing
The transition between different major updates
More option in fast reports and dashboards
A more exact measure of bandwidth to show in dashboard and FortiView,8,Very positive because it helps us reducing cost by avoiding the acquisition of additional network equipment
It helps us to easily reach our internal security objectives
Bandwidth control,,Cisco Meraki Wireless Access Point, Kaseya Virtual System Administrator (VSA), ManageEngine AssetExplorer, ManageEngine Password Manager Pro,200,2,Security protection
WAN links load balance
Traffic Shaping,Wan link Load balance and high availability configuration for main ISP connections at the same time in active mode
Different ways to apply traffic shaping to the users,Load balancing options
Remote site connections,8,Yes,Price
Product Reputation
Analyst Reports
Third-party Reviews,I still will keep it as my option.,Implemented in-house,Change management was a small part of the implementation and was well-handled,Load balance between WANs connections,8,In-person training
Self-taught,10,Yes, it was easy, there are a lot of resources in internet that are easy to follow.,9,Fortigate Cookbook it is definitely a good guide to start and follow,Yes - we have customized the interface extensively,No - we have not done any custom code,No,Yes,8,Yes,In some occasion during this year, we experienced a big issue that was causing a degradation in our internet, initially we created several cases requesting support to factory to try to find the origin of the bad internet performance and experience for the users especially in videoconference, after hours of troubleshooting and testing we found that the issue was caused by a security protection of DOS that only was automatically applied during high traffic hours during the day.,Policy creation to allow communication between networks
Application traffic Shaping,Make traffic shaping troubleshooting,9,10,10,10,9,10,Additional hour of support in case of an emergency failure or advanced support,No,Yes,New Features available,having access to las network tendencies in market like SDWAN without doing an appliance replacementKewyn MedinaFortinet Fortigate 110C General Review2018-04-24T21:01:56.725ZWe're currently working with amaze with a FortiGate 110C, that is our front end Firewall for ISP routing and as a first layer to declare web access policies, anti-spam filtering, IPS, application inventory and to implement fail over policies to warranty the Internet connection to all departments. The UTM Solution from Fortinet brings a bundle package of features that is allowing the company to establish a MAN and an extreme secure VPN layer to deliver to our branch offices the WAN access with incredible ease. I do strongly recommend this quite remarkable Security Solution.,An accurate Web Filtering module that will allow to your IT Staff, leverage the administration of the web access from the end point users. Also will allow to customize the policies through a broad presentation of options, where you can customize or schedule the access to specific web sites.
AD & LDAP integration will allow you to sync your DC with the Firewall and set the traffic rules and packages with ease.
VPN through SSL Web Portals will simplify the scale of adaptation for final user, allowing a customization of the front end portal, with corporate image.,Improve time for releasing bug fixing.
Integrate graphical troubleshoot tools for policies based on devices or user identities, will help IT Sec Admins to answer faster to security breaches.
Using CLI reference guides and a better sort options.,9,Renewals are quite decent but if you scale them over 2 - 3 years, I strongly recommend updating the unit after that time, will give the more juice from the FortiOS releases.
The initial investment from the FortiGate UTM Solutions will always come with a better bundle license and features, also it's an advantage for those who seek to lower the cost of initial investment to enable specific features.
ROI will be seen after the 6th month.,,pfSense, Revit, ProcoreVictor AranaGreat product, at a great price point2018-03-16T14:50:31.304ZThe FortiGate in our environment provides protection across the entire organization. We are using SSL VPN, web filter, antivirus, and application monitoring. I can attest that these functions all work really well, and our FortiGate has had high reliability and configuring it is not a laborious task. The few interactions I have had with support have been great.,Web Filter - with the supplied FSSO utility filtering users by groups or department is simple.
Application Filtering - insight into what applications are running have been great
SSL VPN - SSL VPN is simple to set up
AV - has done a great job catching viruses before ever hitting the internal network,Logging can be a somewhat difficult to dig into
Occasionally usernames aren't attached to the computers being filtered,9,There's been minimal downtime
Policies are simple to set up, so carving out bandwidth for a specific application is painless,Palo Alto Networks Next-Generation Firewalls - PA Series, Cisco ASA and SonicWall TZ,Windows Server, Ubiquiti Networks UniFi, EMC VNXDerek AldridgeFortigates are good options for Firewalls2017-12-19T15:19:13.603ZWe use Fortigate as our main firewall to protect the network and to establish VPN between 2 sites. We make use of most Fortigate modules and subscription such as anti-spam, anti-virus and Intrusion detection systems. The Fortigates protect our Internal network and the public Wifi we provide to the public. We also take advantage of the Web filtering functionality.,Unified Protection: Having firewall, IDS, Anti-virus and Anti-spam on the same appliance is very handy as you don't need to deploy multiple appliances/solutions
User Access Control: Setup Firewall rules based on Active Directory User and Groups help with the constant need for firewall changes, saving the network folks a lot of time.
GUI Interface: Very intuitive Management interface, makes the need for CLI changes very seldom,Non-disruptive upgrades on standalone boxes. Not sure if the technology would allow it but it would be great to have.
Subscription signatures auto-deployment could affect production traffic. In some circumstances letting Fortigate accept subscription signatures may cause the device to drop traffic,9,Fortigates have an interesting bundle model for support and subscription services that make it an attractive option to deploy Firewall, IDS, Ant-virus, anti-SPAM in a single device. The cost of the bundle is pretty much what you pay for the device, not requiring huge expenditures on it's time to renew the hardware.,Cisco AS5800 Series,Palo Alto Networks Next-Generation Firewalls - PA Series, Microsoft Azure, Amazon Web ServicesArtur BittencourtFortiGate, a trustworthy UTM and NGFW2017-11-21T20:53:28.158ZFortiGate is a gateway firewall in our organization. It is utilized as a UTM. Our network is monitored, analyzed, secured and enhanced by the FortiGate device. Its is utilized across the whole organization. We can secure our network from threats, antivirus, intrusion using the G/W firewall. Cloud based reporting is really a decent feature of FortiGate. QoS, web filtering, AD synchronization, control over applications, SSL/IPSec VPN, and site-to-site IPSec VPN features are utilized by us.,Inbuilt wireless controller, which helps to create wireless VLAN. Its an amazing feature provided by FortiGate. There is no need to pay more for this feature. It is an inbuilt controller. I truly appreciate Fortinet to avail this feature avail within the NGFW and strong managing capabilities.
The VPN throughput. Hats' off commitment by Fortinet. The words in data-sheet of FortiGate device means it and proved it. We are using the site-to-site VPN, site-to-client VPN, and my clients are happy with the level of connectivity and responsiveness.
Security Fabric. Another legitimate feature proves FortiGate out of the box. All the devices installed in end-point or in network , are well synchronized for playing vital roles to provide security. And they are worthy.,Post Sale Support, I think. It could be improved. The product has amazing features and commitment towards its dedicated performance. The post-sale service might attract more end customers.
The user login client application. Currently it is browser based.,10,(Positive) The network is secured.
(Positive) As an analyst, I have to convince C level executives regarding protection from threats, intrusion, and productivity of the network resources. And I am achieving all the segments with ease of access.
(Neutral) The unavailability of post-sale service requires improvements. But due to the vast community of users and excellent documentation of the product, hides the lack of post-sale service availability.,Sophos Cyberoam and Sonicwall,FortiAP, FortiDDoSHarshil GuptaFortigate, the best2017-11-21T19:11:34.436ZWe use and recommend Fortinet Fortigate to all our customers as the main firewall at the internet access point of the organization. We use it mainly as a firewall but we also make use of its anti-virus capabilities and as a web filter. The VPN is an additional plus.,fire wall
antivirus
VPN,GUI
wizards
price,9,Main ROI is security
Difficult to recognize real ROI as you don't know losses incurred without.
Fortinet could show clearer which attacks were averted in order to highlight ROI,Check Point 4000 Appliances,Windows Server, Eset Smart Security, Symantec Backup ExecVerified UserForti-UTM2017-11-21T16:23:37.869ZWe use Fortigate across the whole organization. It is used for firewall/IPS/Web filtering.,UTM provides comprehensive security, which is great
Easy to use GUI
Great support,Site-to-site vpn - would like to configure using wizard. currently, I use manual configuration.
Additional reports on web site usage statistics
Failover / redundancy,9,Easy to maintain, which means less time spent to monitor
URL filtering is great
Fortianalyzer is a plus,Cisco ASA,Cisco Application Control Engine, FortiGuard Web Filtering Service,250,2,Geo block
URL filtering
IPS/Firewall,Web filter bypass
Geo block,Automatic failover
Redundancy,10,Yes,Price
Product Features
Product Usability
Third-party Reviews,none - happy with Fortigate,Vendor implemented
Implemented in-house,Yes,Change management was a small part of the implementation and was well-handled,Before and after network diagram
Up to date documentation
Tribal knowledge,9,Yes,9,No,We had to come up with a way to block certain web sites for all users but allow it for a few users. support provided a workaround, which worked.,URL filtering
Geo block
Site to site vpn,Log analyzer
Wizard for site to site vpn will be a plus,Yes, but I don't use it,9Verified UserA FortiGate firewall and UTM appliances review2017-06-08T22:15:46.091ZFortiGate is a label that Fortinet applies to a really large number of products having a part of shared features.Possible usage scenarios include:VPN GatewaySmall offices connection endpointsEnterprise proxy, firewall and threats management with UTM (Unified Threat Management)Routing and layer 3 managementHigh availabilityVirtualized FortiGates are also an option, and it is something that is interesting for companies with a good virtualization infrastructure.FortiGate is not just a firewall but a full Unified Threat Management (UTM) solution. So, a FortiGate can be used as the single security point to check on security risks like SPAM, infected attachments, spyware and so on).Smaller devices (series 90 and 30) have a limited subset of the above features.
The routing and VPN performances are really good too, so a company network could easily use a correctly dimensioned appliance as the core of the layer 3 and routing infrastructure.,FortiOS (Fortinet's network security operating system) is used on all the appliances, so security people are able to move from a smaller device to really large deployments with (relative) ease.
Having a single solution used to manage security risks (using the UTM) is really something that reduces complexity of the network administration and deployment.
The NAT and routing management that a FortiGate is able to deliver is one of the best I have seen so far. I had to configure really peculiar addressing requests and the FortiOS gave me a range of solutions that made it doable.,The graphical interface of the FortiOS makes it look like an easy to use tool. This perception is true if you are going to do a really limited use of the appliance. However, it could create a false sense of confidence in using something that is really complex.
In the past months I know that a few customers were not happy about the quality of the support they received, especially from sales people. If it is true (I have no first hand evidence) it could be an important point to fix.
Some of the services and upgrades are costly. I am not saying they are not worth the money, but in a market that is really crowded, cost is a decision factor that could push companies to different platforms.,9,The ROI is usually good, especially if the FortiGate is used as the single solution for multiple security threats.
Impact on the company is really much related to the expertise of the solution architect/consultant. So far, the only unhappy users I have seen were the one receiving sub-optimal technical advice.,Cisco ASA and Check Point Next Generation Firewall,Skype for Business, Windows Server, Microsoft Office 365Fabrizio VolpeFortiGate - a good all-in-one firewall with some design weaknesses2017-04-18T20:21:29.724ZFor customers with 50-200 users we are using FortiGate as the central firewall. That is, internal users are surfing the Internet (URL filtering, antivirus), servers in the DMZ are reached from the Internet, partners are connected via static site-to-site VPNs, and home office users are able to log into the company network via a VPN with two-factor authentication.,Good summary GUI: The basic steps such as adding new policies or users can be done through the GUI. The GUI is fast and has a couple of options. There is a CLI-widget on the dashboard which enables the usage of CLI commands through the GUI - nice.
Counters and bars for policies and VPNs: Within the GUI you have several counters of packets/bytes/sessions that make it easy to understand whether some policies of VPNs are functional and in use.
Built-In two-factor authentication possibility: You can use a two-factor auth via SMS out of the box. You simply need an email-to-SMS provider and you're done.,Though the GUI is fast, it lacks many options. In many cases, you can only configure the first 20% of options while the other 80% must be done through the CLI. This won't be a problem for experienced (Cisco) admins but it's a challenge for normal IT workers that are not working with FortiGate every day.
Separate security policy for IPv4 and IPv6: This is a really bad design because you need to manage two independent security policies! Other firewall vendors have a single policy which can be used for both Internet protocols.
No configuration revisions: There is no store for old configuration snapshots. Don't forget to backup the config manually before doing an upgrade!
No dedicated out-of-band management plane: FortiGate can only be managed in-line. You must connect to some data ports. (That is: You don't have the possibility to configure a management-only interface with its own default route.),8,From my point of view, FortiGate has the best price-performance ratio. The usage of URL filtering and antivirus is a good (and easy) first step in reducing unwanted traffic for your users.
Due to the fast routing capabilities, FortiGate can be used as a LAN segmentation router for smaller locations. No need for an extra router.,Palo Alto Networks PA-3000 Series,Palo Alto Networks PA-3000 Series, Cisco ASA, TufinJohannes Weber
Unspecified
Fortinet FortiGate
88 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>
