Overall Satisfaction with Fortinet FortiGate
Our Fortigate is used as the primary network router and IPSec VPN access point. We have a hub [and] spoke setup between the main office and other remote offices. Users also connect to our fortigate to access the network remotely using SSL VPN with the FortiClient software installed on their PCs or using the SSL web portal.
- SSL VPN works well and is very configurable for controlling access to internal network resources based on user groups.
- Fortigate also manages our wireless AP and many SSIDs can be created with either WPA or Enterprise WPA with radius for greater security
- IPSec VPNs easy to configure between fortigate devices but also not that difficult for other IPSec compatible devices
- Initial learning curve was difficult coming from a Symantec/Raptor background but not a huge deal
- Fortigate has made it easy for users to connect remotely and securely with Forticlient 2fa.
- Fortigate has offered a number of devices that are appropriately sized for the various locations so we never have to over purchase.
- Fortigate allows us to have multiple links between locations for redundancy making it easy to keep users connected.
Fortigate's multiple internet links were what made it desirable at the time but I imagine this is commonplace now.
Using Fortinet FortiGate
100 - All aspects of business, including Sales, Marketing, Tech, Finance and Customer service
2 - Network administrators should be familiar with how the fortigate device can be used to protect assets within the internal network as well as providing secure remote access to users from outside the network.
Skills required are
Skills required are
- understanding of network security concepts, such as IPSEC, VPN, OTP with Forti-token, and access policies,
- Routing and subnetting
- SDWAN,
- DMZ
- user access control methods such as LDAP and Radius
- Wireless access points
- Remote access for users
- Inter-office VPN links using SD-WAN
- Network segmentation to protect and isolate various network segments
- Wan failover
- source and destination routing of network traffic
- SDWan has allowed us to utilize our multiple internet circuits to provide the best connection for inter office VPN. Before using SDWan features, we would have to be continuously monitoring VPN links and manually switching routing priority from links with degraded performance. This resulted in numerous complaints from users, but now SDWan keeps choosing the optimal circuit between ISPs which has dramatically improved things
- We are hoping to use more SDWan features in the future to segregate the types of traffic on our VPNs, so that higher priority business traffic is placed on premium DIA circuits, and backup replication traffic is placed on cheaper broadband circuits. Currently we have to use all traffic on the same DIA link which is less capacity and is expensive.
FortiGate Support
Pros | Cons |
---|---|
Quick Resolution Good followup Knowledgeable team Problems get solved Kept well informed No escalation required Immediate help available Support understands my problem Support cares about my success Quick Initial Response | None |
Yes - We pay for annual subscription of Forticare which gives us access to 24x7 support. Responses are usually the same day and with them usually asking for a copy of the config file.
My last support call was with a SSL VPN portal issue which had to be escalated to a level 2 engineer. The engineer came up with a way to troubleshoot the issue which was affecting another product we were testing, and even spent time on two calls with engineers from the other vendor so that we could find a work-around. This went on for about 3 weeks and he constantly updated me with progress he was making.