Item: Fortinet FortiGate
Rating: 8
Author: Verified User

Overall Satisfaction with Fortinet FortiGate

Use Cases and Deployment Scope

We recently purchased a pair of FortiGate 120G appliances to serve as highly available edge firewalls with next generation technology that we did not have before like web content filtering and zero trust remote access. The appliances replaced a pair of SonicWall devices that were old and lacking the same features. Along with the new FortiGate hardware we also got 3 years of licensing and support.

Pros and Cons

Pros

Technical support is physically located in the same city and country
Hardware seems to be robust
Pre-sales was very helpful right up to the point of purchase

Cons

Documentation is missing a great deal of detail and assumes the customer and just guess and fill in the blanks themselves
Fortinet has lots and lots of video guides on topics that only a small percentage of customers would ever need
The documentation and video guides do not get updated so most is only relevant to older software versions

Return on Investment

The web content filter is very much needed to cut down on users going to bad web sites
The VPN software might be better compared to SonicWall but we transitioned most staff away from using the VPN to conditional access for Office365 and InTune which reduced the burden on the FortiGate devices
The DNS and file filter will also cut down on bad websites and resources that staff may wonder into by not paying attention to what they are doing, which is everyday

Usability

For a network non-super-expert, the devices are a little too complex and some of the vocabulary on the devices and the user interface does not make sense so much use of the local technical support is needed. I do believe that once it is configured to pass traffic correctly, it will be of huge benefit to our organization

Alternatives Considered

Sophos UTM

The FortiGate is a next generation firewall and has more features and more flexibility compared to the Sophos UTM devices and the older SonicWall devices. Technical support from Fortinet is far superior to SonicWall and Sophos.

Key Insights

Do you think Fortinet FortiGate delivers good value for the price?

Yes

Are you happy with Fortinet FortiGate's feature set?

Yes

Did Fortinet FortiGate live up to sales and marketing promises?

Yes

Did implementation of Fortinet FortiGate go as expected?

Would you buy Fortinet FortiGate again?

Yes

Other Software Used

FortiClient, FortiConverter

Likelihood to Recommend

FortiGate is well suited to medium sized organizations because it has the enterprise features at a lower cost compared to Palo Alto. Those enterprise features actually work where as on something like Sophos or SonicWall, they don't or are just not available. FortiGate may be too unreliable for very large organizations as I do not think the products are mature enough. Software development appears to be hit and miss at Fortinet.

FortiGate Feature Ratings

Using Fortinet FortiGate

Users and Roles

3 - IT staff and management

Support Headcount Required

2 - Network or security professionals in an IT department or a generalist with support from the vendor.

Business Processes Supported

Firewall to separate the trusted internal network from the external internet
Web content filter to prevent users from goofing off all day long
Does have the ability to do IDS/IPS

Innovative Uses

Better VPN client software
Allows us to use conditional access for Office365 apps and data
Has allowed us to retire VMware Horizon View

Future Planned Uses

We could transition from our DarkTrace appliance to IDS/IPS on the FortiGate
We could implement ZTNA for all users
We could do more internal network segregation if needed

Likelihood to Renew

We are still a new customer at the start of a 3 year license and support contract

Evaluating Fortinet FortiGate and Competitors

Products Replaced

Yes - SonicWall firewall appliances were replaced at 2 locations in our organization because the SonicWalls were lacking in features and the technical support was super bad and we needed the new features of a next generation firewall like the FortiGates

Key Differentiators

Cloud Solutions
Scalability
Ease of Use

The FortiGate appliances had the right set of features at an affordable cost.

Evaluation Lessons Learned

We should have got 1 or 2 days worth of professional services which would have saved a bunch of time

Fortinet FortiGate Implementation

Implementation Rating

We should have got 1 or 2 days worth of professional services which would have saved a lot of time for setup

Implementation Details / Implementation Partner

Implemented in-house

Implementation Phases

Yes - The different phases of implementation were grouped into how critical the functions were.

Change Management Lessons

Change management was minimal

Implementation Issues

Confusing vocabulary in the FortiGate user interface
Video guides that do not show any of the basic setup tasks
Documentation that has little detail and is referencing much older versions of the software and hardware

Fortinet FortiGate Training

Training Types Used

No Training

In-Person Training

Online Training

Ease of FortiGate Training

The learning curve was moderate due to some of the different vocabulary that Fortinet uses like virtual IPs instead of NAT, but figuring it out was mostly doable if you have had prior experience with similar equipment.

Configuring Fortinet FortiGate

Product Configurability

Learning curve is moderate for folks that have prior experience with the hardware

Configuration Lessons

Start slowly, don't rush, do one task at a time and document what is being configured so others can understand how the design works

UI Customization

Some - we have done small customizations to the interface - Yes easy to customize the screens for when users go to blocked or malicious websites or services

Extensibility and Customization

No - we have not done any custom code

Additional Customization Considerations

We were also able to add our company logos to a few things so that users can be more confident about error messages of communication that they have gone to a bad website or service.

Fortinet FortiGate Support

Support Rating

The support is local to city and country so I can understand what the support engineers are saying and gosh it actually sounds like they care about my needs as a customer. Outsourced support in India will always be a giant waste of time because it very clearly shows the vendor does not care about the support outcomes for its customers.

FortiGate Customer Support Pros and Cons

Pros	Cons
Quick Resolution Good followup Knowledgeable team Problems get solved Kept well informed No escalation required Support understands my problem Support cares about my success Quick Initial Response	None

Premium Support

I do not believe we paid for premium support, the level we did get is effective and providing good ROI

Bug Resolution

Exceptional Examples of FortiGate Support

Most support cases have been handled well and been resolved. Everybody speaks normal English and appears to have good training on the products they are supporting. This should be the bare minimum but since most tech vendors do not provide adequate support, the minimum seems to be fantastic in comparison

Using Fortinet FortiGate

Usability Pros and Cons

Pros	Cons
Like to use Easy to use	Unnecessarily complex Requires technical support Inconsistent Slow to learn Lots to learn

Easy Tasks

Configuring the web content filter was easy
Making a support case is easier than other vendors
High availability was also easy to setup

Difficult Tasks

NAT and some of the firewall rules are very differently designed to other firewalls
Site to site VPNs should be easy to setup with a wizard but not on the FortiGate
The logging functions appear to be a bit hidden which is not a good look

Mobile Interface Availability and Impressions

Fortinet FortiGate Reliability

Scalability

Reliability and Availability

Performance

Integrating Fortinet FortiGate

Ease of Integration

Integration was satisfactory but not entirely obvious. Some of the aspects of the integration process needed questions answered by support, which was ok because they gave the correct answers and knew the product so no harm no foul there.

Systems Integrated With

Active Directory
InTune
Windows 11

We are getting identity information from local AD and O365 Entra so users onsite and offsite can authenticate properly. InTune also plays in for some of the software that client machines need to provide security and that authentication bit.

Future Integration Plans

O365 Defender

It would be nice if the Fortinet Cloud EMS client could talk back and forth with Defender so that we can get a big picture of which users and user devices need attention.

Types of Integration

Single Signon

Integration Lessons Learned

Go slow and do one task at a time. Slow is smooth and smooth is fast.

Relationship with Fortinet

Pre-Sale Experience

Good pre-sales discussions and demonstrations. Yes a little pushy on the "let's do lunch" but everyone has a different level of tolerance for that. Generally no complaints about the pre-sales process and getting quotes and finally making the purchase. We understood what we needed and what was not needed at the purchase stage.