Overall Satisfaction with Fortinet FortiGate
We currently have two FortiGate firewalls that we use for city and county Internet gateway connections. All the traffic for each organization flows out to the Internet through one of these firewalls. We also use these firewalls as connectors for each organizations DMZ networks using VLAN technology. As our edge/gateway devices, these firewalls serve several purposes. All inbound and outbound connections are explicitly set, which is intended to limit exposure to ports used by bad actors. The software features included in the firewall inspect all traffic for security including https traffic. We are using firewall software to provide web filtering in an effort to increase productivity and reduce access to potentially bad sites. We are planning on deploying more Fortigate firewalls, including virtualized versions, in an effort to segment internal networks. The FortiGate product is also part of our overarching effort to use Fortinet switches and APs to provide what Fortinet considers a security fabric in an effort to make many of our security products work in concert.
- My favorite aspect of the Fortigate product is the ease of use. The GUI is very easy to get around. The products rules and configuration are easy to learn and apply. The informational tools are easy to look at and produce results that are intuitive and quick to assess.
- Another great attribute of the FortiGate product was reasonable pricing for the product and then the ongoing support. Living in the SMB space with tight governmental budgets is a huge factor in all my decisions. When a company like Fortinet comes along and produces good products at very reasonable prices it is good for SMB companies like mine. Many vendors price their products in a fashion that is beyond consideration by SMBs like myself.
- Support is always a big factor in consideration of any product for our organization. Fortinet support has been extremely good. They have provided an onsite engineer at no cost to help us design, implement and maintain new products when needed. The call support has also been excellent, with quick response times and knowledgeable technicians.
- It looks like they are making an effort to produce a centralized management interface with the integration of switches and APs into the FortiGate interface. They have a good start, but it needs continued work. While you can do some basic tasks for these external devices in that GUI, you must change over to the main browser page of the device itself to do many configuration tasks and check performance issues. I hope that they will add all this functionality into the main FortiGate GUI.
- One other area of improvement I would like to see is the time to show real-time events in log screens. The results always seem to be a bit behind and you have to refresh to get them to show current things. The FortiAnalyzer product that works in conjunction with the FortiGate firewall addresses this but it would be nice if the default logging was more timely.
- The pricing given to us for our firewall was well within what we were already spending for other vendors solutions and had the added value of eliminating a separate expense for a dedicated web filtering appliance.
- We have also adopted Fortinet's security fabric approach and thus changed vendors for our switch and AP devices. These devices have come at reduced prices as compared to another previous vendor we were using, particularly in relation to ongoing annual maintenance costs.
The user interface shared among many simultaneous users is very easy to get around. With shared favorites among users, most tasks are easily bookmarked and can quickly be found and edited. Their strategy for web filter integration is easy to understand and manage as well. With some general direction, setup and maintenance were easy to do and easy to teach others in the organization to do as well.
The support offered by on onsite engineer to help design, configure, and use the firewall was the best we've experienced from a vendor. He was knowledgeable, efficient, and patient. Sales support has been equally good. We haven't used the email or phone support very much due to lack of issues, but when we have they have been quick, easy to get to, and knowledgeable as well.
Compared to the products we have used in the past the FortiGate has been easier to configure, easier to upgrade, and as easy to visualize problems from the logging. The web filter integration allowed us to eliminate the Barracuda. This was something we tried and failed to accomplish with the other two firewall brands we have used. We apparently take a more technical approach that provides granular AD control over surfing that wasn't easy to accomplish with the other products.
Learning from our experience using a couple of different SMB firewall devices, the FortiGate firewall is well suited to our 500 or so user environment. The model recommended to us by the Fortinet engineers has performed well and seems more than adequate for current usage and future growth. Unlike other firewalls we have used, we are able to break open and inspect SSL traffic with this device and also replaced a separate web filtering device we were using. We are looking to add more of these to further segment internal networks.