Probably the best Firewall wall.
Adrian Cumberbatch profile photo
Updated March 06, 2019

Probably the best Firewall wall.

Score 10 out of 10
Vetted Review
Verified User
Review Source

Overall Satisfaction with Fortinet FortiGate

Our Fortigate is used as the primary network router and IPSec VPN access point. We have a hub [and] spoke setup between the main office and other remote offices. Users also connect to our fortigate to access the network remotely using SSL VPN with the FortiClient software installed on their PCs or using the SSL web portal.
  • SSL VPN works well and is very configurable for controlling access to internal network resources based on user groups.
  • Fortigate also manages our wireless AP and many SSIDs can be created with either WPA or Enterprise WPA with radius for greater security
  • IPSec VPNs easy to configure between fortigate devices but also not that difficult for other IPSec compatible devices
  • Initial learning curve was difficult coming from a Symantec/Raptor background but not a huge deal
  • Fortigate has made it easy for users to connect remotely and securely with Forticlient 2fa.
  • Fortigate has offered a number of devices that are appropriately sized for the various locations so we never have to over purchase.
  • Fortigate allows us to have multiple links between locations for redundancy making it easy to keep users connected.
Fortigate's multiple internet links were what made it desirable at the time but I imagine this is commonplace now.
Fortigate is well suited where you have multiple internet connections and you want to provide failover for these connections. This can be done by round-robin or in an active-passive mode when an ISP goes down, traffic is automatically routed across the other device without interruption. Users never notice and it saves a lot of headaches. Of course, monitoring should be done from external sources so that you are aware when a link goes down.

Using Fortinet FortiGate

100 - All aspects of business, including Sales, Marketing, Tech, Finance and Customer service
2 - Network administrators should be familiar with how the fortigate device can be used to protect assets within the internal network as well as providing secure remote access to users from outside the network.
Skills required are
  • understanding of network security concepts, such as IPSEC, VPN, OTP with Forti-token, and access policies,
  • Routing and subnetting
  • SDWAN,
  • DMZ
  • user access control methods such as LDAP and Radius
  • Wireless access points
  • Remote access for users
  • Inter-office VPN links using SD-WAN
  • Network segmentation to protect and isolate various network segments
  • Wan failover
  • source and destination routing of network traffic
  • SDWan has allowed us to utilize our multiple internet circuits to provide the best connection for inter office VPN. Before using SDWan features, we would have to be continuously monitoring VPN links and manually switching routing priority from links with degraded performance. This resulted in numerous complaints from users, but now SDWan keeps choosing the optimal circuit between ISPs which has dramatically improved things
  • We are hoping to use more SDWan features in the future to segregate the types of traffic on our VPNs, so that higher priority business traffic is placed on premium DIA circuits, and backup replication traffic is placed on cheaper broadband circuits. Currently we have to use all traffic on the same DIA link which is less capacity and is expensive.
Fortinet's products have kept improving with new software releases and they continue to deliver great value.
Their support is also very good. I believe that as a small enterprise, their products have given us competitive advantage delivering features and functionality that enable us to innovate and do things better. They also continue to be a leader in the markets they serve.

FortiGate Support

The support engineers will always try to find the root of the problem you are having and not give up. Using gotomeeting makes it easy for them to see exactly what the problem is and I've learnt quite a lot from these interactions so that I'm now able to do more troubleshooting on my own.
ProsCons
Quick Resolution
Good followup
Knowledgeable team
Problems get solved
Kept well informed
No escalation required
Immediate help available
Support understands my problem
Support cares about my success
Quick Initial Response
None
Yes - We pay for annual subscription of Forticare which gives us access to 24x7 support. Responses are usually the same day and with them usually asking for a copy of the config file.
My last support call was with a SSL VPN portal issue which had to be escalated to a level 2 engineer. The engineer came up with a way to troubleshoot the issue which was affecting another product we were testing, and even spent time on two calls with engineers from the other vendor so that we could find a work-around. This went on for about 3 weeks and he constantly updated me with progress he was making.

FortiGate Reliability

My environments are pretty small (less than 100 users per location) so no issues here.
We had didn't any hardware failures at our two main office locations and upgraded our units last year after using them for about 5-6 years.