Reviews (1-25 of 35)
- My favorite aspect of the Fortigate product is the ease of use. The GUI is very easy to get around. The products rules and configuration are easy to learn and apply. The informational tools are easy to look at and produce results that are intuitive and quick to assess.
- Another great attribute of the FortiGate product was reasonable pricing for the product and then the ongoing support. Living in the SMB space with tight governmental budgets is a huge factor in all my decisions. When a company like Fortinet comes along and produces good products at very reasonable prices it is good for SMB companies like mine. Many vendors price their products in a fashion that is beyond consideration by SMBs like myself.
- Support is always a big factor in consideration of any product for our organization. Fortinet support has been extremely good. They have provided an onsite engineer at no cost to help us design, implement and maintain new products when needed. The call support has also been excellent, with quick response times and knowledgeable technicians.
- It looks like they are making an effort to produce a centralized management interface with the integration of switches and APs into the FortiGate interface. They have a good start, but it needs continued work. While you can do some basic tasks for these external devices in that GUI, you must change over to the main browser page of the device itself to do many configuration tasks and check performance issues. I hope that they will add all this functionality into the main FortiGate GUI.
- One other area of improvement I would like to see is the time to show real-time events in log screens. The results always seem to be a bit behind and you have to refresh to get them to show current things. The FortiAnalyzer product that works in conjunction with the FortiGate firewall addresses this but it would be nice if the default logging was more timely.
- The GUI is easy so that is a major plus.
- The cost is really good. Others we've seen are pretty costly, especially if you are on a budget.
- An engineer to help with the installation at no cost is really good. Too many times you had to pay for that and travel at times.
- Management needs a little work but we can get by with a few tweaks.
- Real-time would be good.
- Some logging features could use a little lift but not too bad. It depends on what you're looking for.
- Secure the network from botnet, spyware.
- You can use URL filters to block certain pages by content or categories.
- Great site-to-site VPN.
- Command line interface is a little bit hard to use.
- HA is not reliable.
- VPN - Great for remote users.
- Site-to-site VPN.
- Prevent any unwanted connection from outside.
- Firmware releases - Sometimes you have to follow an upgrade path. If you don't follow it, you could brick it.
- User-friendly interface
- Detailed logs
- IDS and IPS work without any problems
- Easy to set and manage rules
- User documentation can be more detailed
- FortiClient - the app for VPN connection sometime get errors
- Another problem we did not find
We also use Fortigate captive portal with their 2FA (mobile or physical) keys to offer an additional validation before accessing our service backend networks.
- User authentication inside firewall rules. It is practically seamless and really easy to setup.
- Management of firewall rules via the GUI.
- Management of IPS rules via the GUI.
- Forticlient with SSL VPN causes a lot more problems than it solves. Windows and Mac updates keep breaking the Forticlient and it takes weeks to get updates. Fortigate updates also sometimes break the SSL VPN. Forticlient crashes and the only fix is to restart the computer to restart the VPN driver. We had this problem for 3 years and they still don't have a fix for that. We now use L2TP-IPsec and Cisco-IPsec with Windows and Mac embedded VPN clients because of all that.
- Memory issues with IPS. We tried all the firmware versions and IPS engines given to us by the Fortinet support and we are still experiencing memory leaks once in a while with the IPS engine. The only provided solution is to restart the IPS engine via CLI.
- FortiView only works properly if you disable ASIC routing. Their marketing always says that their ASICs is the reason their appliances are better than competition but you can't use it if you want reports or to be able to drill down on network usage.
- Every time they release a new firmware version, it takes 3-6 revisions for it to be free from major bugs. We are still waiting for a 5.6 revision that will not have major bugs within the features we use.
- Active-Active clusters do not offer much resilience when problems are software based. If for example the IPS engine has a memory leak, it will not automatically fallback on the other Fortigate, even if the primary one reboots.
- Everything related to virus, spam and intrusion detection (Forticlient, IPS, mail antispam, etc.) needs a lot of tweaking otherwise you will get a lot of false positive. It is also lacking in the type of actions you can do when those are detected. It is designed more for blocking than anything else.
If you need a lot of those features and you are ready to put the time into tweaking your FortiGates, I really think it will give you the most value.
If you have the money to buy the best VPN appliance, the best Firewall, the best IPS appliance and the time to set them with each other then FortiGate is not for you. If money is not the main concern and you only need the best, FortiGate is not for you but I really doubt it will be the case for most.
- SSL VPN works well and is very configurable for controlling access to internal network resources based on user groups.
- Fortigate also manages our wireless AP and many SSIDs can be created with either WPA or Enterprise WPA with radius for greater security
- IPSec VPNs easy to configure between fortigate devices but also not that difficult for other IPSec compatible devices
- Initial learning curve was difficult coming from a Symantec/Raptor background but not a huge deal
- Creating and managing access control policies that allow specific traffic in and out of the network. Once you get it set up, it's easy to create new policies, specify ports, and configure IP ranges.
- Active-Passive failover works well.
- It generally works pretty well without much care and feeding.
- Their web filtering module makes it pretty easy to block malicious websites quickly.
- We tried to roll out the client about five years ago. This is used both for VPN, as well as antivirus/web filtering. Any policies set at the firewall would be automatically pushed to the client and enforced. It was a great idea, but the drive mapping feature never worked consistently in our environment, so we were forced to find alternative solutions for both VPN and antivirus. Too bad, really.
- We have had a couple times when one of the firewalls would hang for no apparent reason. Support engineers were never able to pinpoint the problem either time. It only happened a couple times.
- Ease to configure policies
- VPN performance
- Active directory integration.
- Not so scalable, if you need more performance you need to buy another device
- The traffic shaper could be better
- The Wan load balance could be better
We have many policies, with some schedule, very easy to use.
- Site-to-Site VPN. Easy to setup, and reliable.
- Not the best strength of the Fortigate, but very powerful.
- Firewall Policies. Drag and drop, dropdown, schedule, etc. Simple.
- NAT publishing is a bit a pain. Need to create virtual service, virtual address, virtual IP, and publish it thru a policy... so many clicks.
- SSL VPN isn't very reliable, a lot of 98% Connecting issues.
- Monitoring and Troubleshooting can sometime be a pain.
Both a small office and a large datacenter can use the power of a Fortigate.
- Simple but complete GUI allows for easy management.
- Intuitive CLI allows experienced CLI users from other platforms to come up to speed quickly.
- Unit comes out of the box with a feature rich logging capability, FortiAnalyzer brings it to the next level and is very easy to install.
- Licensing is easy to understand, The device is a single line item and support has 2 options 8x5 and 24x7.
- Fortigate's SSL VPN client isn't available via MSI with an easy options for mass deployment and configuration out of the box. You need to have a Fortinet Developer Network license to create a custom deploy image.
- Fortinet's after hours support is overseas and is adequate. Not stellar.
- VPN client is easy to use and can be customized for your organization.
- All features are enabled on the firewall with little to no impact on performance.
- Easy to configure interface on the firewall but also has a command line available for high level admins.
- Excellent technical support department - very quick response time.
- Pricing was amazing compared to peers.
- Sales team was lacking information (type of licensing, hardware model, etc). Make sure you ask lots of questions.
- Web filtering. It has specific categories to filter web pages. You can always customize them and also create new ones.
- Security. FortiGate provides a good security to guarantee that no users override the system.
- You can find different categories where you can filter services. Something like IM, Social Networks, etc. You can also filter ports and create proxy-like routes.
- I think that the GUI can be improved to make it friendlier.
- License fee could be lower.
- Logs and the information that comes out of it [don't have] much information to debug.
- It's a cost effective solution for a smaller business like ours.
- Consulting companies like the one we bought this thru offer support for the product
- Performance of the firewall and VPN are good
- The VPN client install is not very clear. It includes other features like antivirus that we are not wanting to use but you have to know where to look to prevent that from being installed.
- Configuring the firewall is a bit complicated. It really helps to have someone familiar with it do that for you.
- Their ASIC technology has very high-performance. The hardware is fast.
- Easy to manage. Rule creation is easy and flexible.
- Logging is detailed. GUI allows you to add/remove columns to get the detail you want.
- There seems to be a lack of quality control with new versions and service pack releases. GUI menus fail to load. Features get pulled out. What's in this release might not be in the next. Random bugs you would not expect to see.
- Alerting options are not flexible. Very basic and limited options.
- VPN logging is not very detailed for troubleshooting.
- The Fortinet FortiGate firewall software includes a full function graphical user interface that makes firewall administration easy without having to know the command line interface commands.
- The FortiGate does an excellent job of protecting devices behind the firewall, its integrated Spam, anti-malware and IPS services all work very well.
- FortiGate licensing costs are reasonable and much more affordable that Cisco's offerings.
- The only complaint I have about the FortiGate is the fact that the advanced services like IPS, anti-malware and spam filtering are add-on services. It would be great if they were a part of the firewall offering.
- Integrated SD-WAN functionality
- Best in class threat protection
- Single pane of glass (Instead of three in checkpoint)
- Breakout switch still required to share ethernet connectivity with redundant pair.
- CLI could use some improvement but is overall good.
- Web filtering, which protects the users browsing to non-secure websites
- Network security between different networks
- Traffic shaping control for users and applications
- Traffic shaping options based more on layer 7, so you could have a more detailed control over the exact sites users are browsing
- The transition between different major updates
- More option in fast reports and dashboards
- A more exact measure of bandwidth to show in dashboard and FortiView
On the other hand, you could have some issues when you are tracking a user in the forward traffic log because is not easy to troubleshoot or find some browsing information because of the main graphical interface.
- An accurate Web Filtering module that will allow to your IT Staff, leverage the administration of the web access from the end point users. Also will allow to customize the policies through a broad presentation of options, where you can customize or schedule the access to specific web sites.
- AD & LDAP integration will allow you to sync your DC with the Firewall and set the traffic rules and packages with ease.
- VPN through SSL Web Portals will simplify the scale of adaptation for final user, allowing a customization of the front end portal, with corporate image.
- Improve time for releasing bug fixing.
- Integrate graphical troubleshoot tools for policies based on devices or user identities, will help IT Sec Admins to answer faster to security breaches.
- Using CLI reference guides and a better sort options.
For those IT pros that can save money and use their own resources you can have pfSense Firewall to cover SMB, SOHO offices also for mid size companies 50-99, should work perfect and you will save time money, and training.
- Unified Protection: Having firewall, IDS, Anti-virus and Anti-spam on the same appliance is very handy as you don't need to deploy multiple appliances/solutions
- User Access Control: Setup Firewall rules based on Active Directory User and Groups help with the constant need for firewall changes, saving the network folks a lot of time.
- GUI Interface: Very intuitive Management interface, makes the need for CLI changes very seldom
- Non-disruptive upgrades on standalone boxes. Not sure if the technology would allow it but it would be great to have.
- Subscription signatures auto-deployment could affect production traffic. In some circumstances letting Fortigate accept subscription signatures may cause the device to drop traffic
FortiGate Scorecard Summary
Feature Scorecard Summary
Fortinet’s FortiGate is a firewall product with high integrability. It can be deployed on-premises or as a Virtual Machine in a variety of modules. The granularity of the product enables buyers to tailor their purchase to their business needs. FortiGate integrates into multivendor environments, including IaaS cloud platforms and public cloud environments.
FortiGate’s functionality includes the core firewall features, such as intrusion prevention, anti-malware, and web filtering. It also includes SSL inspection, threat protection, and scalable segmentation, all within low-latency standards.
FortiGate Technical Details