Fortinet FortiGate Next-Generation Firewall

I have worked on multiple products including Fortinet FortiGate  VM, Fortinet FortiGate  firewalls of different models, FortiSwitch, FortiAP , FortiADC , FortiWeb, FortiAuthenticator , and some other products as well.

I have been working on Fortinet FortiGate and Fortinet FortiGate VM for around five or six years. I have deployed it as a perimeter firewall, as a data center firewall, and as a campus firewall in many banking sectors, commercial sectors, and oil and gas sectors. Most of my clients have deployed Fortinet FortiGate firewall on-premises to protect their services.

The ease of use and the user-friendly interface are the beauty of this firewall. The UI itself and the documentation are completely available on the internet. The UI is very easy, and you can easily understand the implementation. The product itself has very strong deep features and security features including IPS and malware protection to prevent and save against cyber attacks.

I have very good hands-on experience and very good deployment experience with Fortinet FortiGate SD-WAN. Fortinet FortiGate SD-WAN allows you to use multiple internets and multiple interfaces separately to load balance your internet and to load balance your services between multiple service providers. This is a very good feature in this firewall that you cannot get as a free default feature in other brands.

The network performance after enabling SD-WAN is very smooth and very efficient. I recently deployed this in forty commercial sector sites with stores that previously had MPLS circuits. With the MPLS circuit, they had a very high cost for private connectivity between sites and branches. After deploying SD-WAN, the operational cost was cut down around fifty to sixty percent because of this implementation. All MPLS costing was wiped out from their IT budget and is now dependent on internet circuits, which are normally standard internet connections.

SASE  is a very good feature. For example, I recently deployed this for a customer with users in remote locations. The issue was that they wanted users to remain connected and keep monitoring systems after office hours with no malware installed on the laptop while staying protected. The use case of SASE  involved implementing the POP itself on the cloud. The users, whether remotely at home or anywhere in the world, are connected to and keep connected with POP. They access the internet securely with secure company policies as defined by IT. They are not allowed to go directly to the internet without IT policies as defined on SASE POP. There is very good integration from SASE to Fortinet FortiGate firewall to access private access.

For improving sectors, they need to focus on technical support and work on the technical part. Although it is good, they need to onboard these things and improve the technical part of the support factor. Although it is good, it needs much more improvement to get more business and a bigger footprint in the market. Second, AI in the market and malware detection exist. Fortinet FortiGate already has these features in the Fortinet FortiGate sandbox features with built-in AI features. I prefer that they work on more features that they can provide in Fortinet FortiGate firewall.

I would rate this product ten out of ten. For example, when comparing it with Palo Alto and Fortinet FortiGate, I can provide a very good point. In Palo Alto, some features must be purchased separately. In Fortinet FortiGate, it comes with the Wi-Fi controller built-in. Features that you need to buy a separate license for in Palo Alto do not require additional licenses in Fortinet FortiGate as they are built as complimentary features in this firewall.

The network performance after enabling SD-WAN is very smooth and very efficient.

Scalability is the same, and I would rate it ten out of ten.

Technical support can be marked as ten out of eight. There is some lag, but you can find documentation and all things over the internet. They can provide support, and I would rate it eight point five to nine.

My technical team are all technically expert in deployment of Fortinet FortiGate firewall.

My team has around five or six people who are all technically sound in Fortinet FortiGate firewalls.

If we are talking about Check Point, Cisco, and Palo Alto, these are the top-tier firewalls and top-tier vendors for providing firewalls. Following the Gartner report, Palo Alto and Fortinet are at the top in the Gartner report. Because of that, Fortinet FortiGate firewall itself does not require management centers as required in Cisco and Check Point. Fortinet FortiGate firewall cannot be managed by a management center. In Fortinet FortiGate case, there is no requirement for these prerequisites to configure or implement Fortinet FortiGate firewall without a management center. We can deploy Fortinet FortiGate firewall without any management center. It is a very web-based firewall and you can access the firewall GUI from the website, and we can easily deploy it without any management center. In Check Point or Cisco cases, a management center is required. In Cisco case, the Firepower Management Center is required to get the advanced features. But in Fortinet case, it does not require these things. This is a very beauty of this firewall.

I suggest buying Fortinet instead of buying Palo Alto, Cisco, or Check Point. I will definitely recommend Fortinet.

Fortinet FortiGate has different models of firewalls which are high capacity and high variant firewalls that you can deploy as data center firewalls to protect your data centers, your server farms, and your services which are hosted inside a data center.

Fortinet FortiGate has embedded services, these FortiGuard services which have machine learning-based and artificial intelligence-based malware analysis. These services analyze malwares and next-generation malwares that are not easily identified by signature-based detection. They have the capability to analyze malware by AI-based methods and can identify zero-day attacks. Before they exploit as a zero-day, they prevent this signature and stop this attack to prevent that this is an attack. Those services are hosted in my data centers, web applications, storage, and SaaS. All are protected by those cyber attacks.

Regarding pricing, we cannot compare it right now because pricing matters based on business size and the business deal. We cannot say whether it is high or low. Sometimes we can easily compete with any brand, and in some cases we cannot compete. For example, if we have a big deal, we can get good discounts from Fortinet team. In some cases, the deal is not big, so we cannot get enough good discount. Deployment from FortiSASE  to your Fortinet FortiGate firewall over SD-WAN is very easy. Fortinet gives you multiple connections from SASE POP to your Fortinet FortiGate firewall. They have fully redundant connections on SASE POP if you have the same redundant connections with ISP connection on your Fortinet FortiGate firewalls. They have the secure SPX tunnel from FortiSASE  to Fortinet FortiGate firewall. You can easily access from Fortinet FortiGate firewall to SASE applications and SASE users who are connected on SASE POP can access local services from SASE POP to Fortinet FortiGate and access the local services.

My overall rating for this product is nine out of ten.

I mainly use Fortinet FortiGate  to implement it as a perimetral firewall solution because Fortinet FortiGate  are next-generation firewalls. I use it to protect internal network customers and configure remote access, firewall policies, internal access websites, web filtering solutions, IPS, and IDS configurations.

I implemented it approximately one year ago in an Italian manufacturer producer. My perspective on the effectiveness of the unified SASE  in providing consistent security policies across multiple locations is that it is very similar to Fortinet FortiGate, so if you know how to manage Fortinet FortiGate firewalls, it is easier and very easy to implement and configure FortiSASE .

For Fortinet FortiGate, it is very easy because it is very near to zero-touch provisioning. You need to install the box and if we speak about hardware appliances, you just need to install the boxes on the infrastructure and connect the cables to connect Fortinet FortiGate firewalls to the internet routers or MPLS routers, and configure basically the main IP address to have the connectivity. Next, you configure policy firewalls and it is very easy and very fast.

You can implement Fortinet FortiGate for small, medium, and large enterprise because it is very suitable for small and medium enterprise. For one to five or six firewalls on different branches or different sites, you can manage it manually and independently. But if you need to scale or have a large enterprise deployment, you can manage all Fortinet FortiGates directly in one panel with the FortiManager solution. There is a dedicated orchestrator delivered by Fortinet in hardware or VM solution, and with FortiManager you can manage all Fortinet FortiGates in one platform. For example, two years ago, I used to manage around 500 Fortinet FortiGates with FortiManager. It is very scalable with the correct solution and the other things you need to manage large deployments.

What I appreciate the most about Fortinet FortiGate is that it has a very large integration using Fabric , which they call Fabric  Connectors. With Fortinet FortiGate firewalls, you can manage not only the perimetral firewalls but also all the internal infrastructure. For example, you can connect access points of Fortinet for wireless and Wi-Fi and manage them directly on Fortinet FortiGate. The same applies for switches and other Fortinet appliances that can be managed directly from one single dashboard.

Fortinet has developed the firmware for Fortinet FortiGate extensively. They change the operating system continuously and very often. Sometimes they introduce many features or new features or change the commands or the method you need to use to implement something or some configuration. The fact is if you develop always or very often the firmware, you need to study every release to see if there is a new feature or something changed. Sometimes it is difficult to remain aligned with the new firmware and the features.

You need to maintain alignment with Fortinet FortiGate. For example, in Europe, we have many policies and regulations, so you need to check, tune, and configure your firewall in the correct manner and maintain alignment with the policy of the European Union. You need to always check, improve, and maintain the firmware of Fortinet FortiGate up to date.

I have been using Fortinet FortiGate for seven to eight years.

Sometimes I experience stability issues, but sometimes they are related to hardware not functioning properly or related to a software bug. Sometimes I have encountered this type of situation using Fortinet FortiGate. But in those specific cases, I opened a ticket and worked directly with Fortinet to resolve the issue for the customer.

I have worked with the technical assistance of Fortinet for my seven to eight years of career with Fortinet, and I have opened tickets with different departments of the TAC. For example, the FortiSASE  team is very effective. If you open a ticket, you have very good engineers to interact with, and they help in a correct manner. The flow is very clear to understand and resolve the issue. The only problem I have encountered in the last years with Fortinet is that if you open a support ticket for the main solution of Fortinet, for example, Fortinet FortiGate, FortiManager, or FortiAnalyzer, the support is not delivered directly from Fortinet but from partners of Fortinet. If you need to speak directly with the main core solution of Fortinet and you open a ticket, initially you are followed by a partner of Fortinet. But if you escalate to a more specific support, next you can go through a real Fortinet engineer. But sometimes this step extends the duration of the ticket and the analysis. I would give a score of 7.5 to 8 for the support of Fortinet FortiGate.

The first time that I deployed Fortinet FortiGate depends on the size of the customer. For a small to medium customer, I think three days for the initial setup and to configure some firewall rules is appropriate.

If you are a junior network engineer, you need to be followed by a middle or senior engineer in the backend that helps the junior to implement and test the solution. But for a middle or senior engineer, one person is adequate for deploying Fortinet FortiGate.

I do not follow the finance perspective directly, but what I know about Fortinet FortiGate pricing is that it is very affordable compared to, for example, Palo Alto Networks. I have observed that some people see and speak about the price of the Fortinet solution as very convenient.

I am a system integrator in Italy. Previously, until three months ago, I worked for one of the main partners in Italy called Maticmind SPA. Now I work for another system integrator, and we are a lower partnership, but we manage and install Fortinet FortiGate appliances for our customers. My overall review rating for this product is 8 out of 10.

Fortinet FortiGate  is commonly used by many customers in my region requiring a low-cost and better solution. Fortinet offers antivirus, next-generation antivirus feeds, DLP , application control, URL filtering, and IPsec VPN. These are the common use cases that many customers use, including IPsec, SSL VPN , URL filtering, DNS filtering, video filtering, and application filtering.

A useful feature of Fortinet FortiGate  is its firewall capability because when I create and implement a rule, it is simple to execute. I just need to select the incoming interface, outgoing interface, and apply the source and destination, and that is all. This is the simplest way to implement the policy, and I can easily create a simple rule in this manner, which I consider one of the best features in Fortinet FortiGate.

When considering the effectiveness of Fortinet Unified SASE  in providing consistent security policies across multiple locations, I find there is a very good positive response from many customers and from my side as well, as it provides centralized, verified policy creation. For many locations, I can create a simple policy from a centralized location without any difficulty, simply by putting one Fortinet FortiGate in the branch and creating a central policy from my head office.

I would like to improve the application filter aspect of Fortinet FortiGate, similar to other solutions that offer a simple click to select categories. If I do not want to block an entire category, there should be a provision to just enter the website or application, which I believe would be a beneficial improvement.

Regarding how stable and reliable Fortinet FortiGate is, I find it reliable as far as the rule implementation is concerned, and I can rely on the simple way of creating the rule. However, one feature that I cannot rely on is the application filter, which requires tedious steps compared to other solutions like Check Point and Palo Alto, where creating the application filter rule is simpler. In Fortinet FortiGate, I need to create and edit the profile and add websites according to my list, making it a bit cumbersome.

For around two years I have been working with Fortinet FortiGate as a partner, and I have deployed the Fortinet FortiGate firewall at more than twelve to thirteen customer locations.

In general, I think that Fortinet FortiGate is mostly used by small to medium enterprises, as it offers a low-budget option for security. Fortinet is the best choice for small enterprises because it provides security as per their requirement and comes under their budget, making the pricing very acceptable for medium-level and small-level enterprise customers.

My experience with the initial setup and deployment of Fortinet FortiGate is that it is very easy, as I just need to open the box and power on the appliance. I can register the appliance on a portal from the firmware, and within half a day, I can make Fortinet FortiGate live in any office setup with a simple policy.

When rating the technical support from Fortinet, I can say that I am personally not happy with it, so I would rate it at a six out of ten.

My frustrations with the technical support come from the need to log a ticket for issues with Fortinet firewalls and FortiSwitches, as I have to create separate tickets for each, which increases my workload and delays issue resolution since I must manage multiple tickets for the same problem.

I have integrated SD-WAN capabilities with Fortinet FortiGate when multiple customers have two ISPs, as it provides ISP redundancy failover with simple configuration. I have integrated with SD-WAN as well.

Comparing Fortinet FortiGate with similar tools in the firewall area, I find that Fortinet FortiGate does better in pricing for small to medium businesses, as they offer a good deal compared to other OEMs.

The last time I worked with Fortinet FortiGate was two to three days ago when I assisted a customer in migrating from Check Point to Fortinet.

I have not worked on a Fortinet FortiGate data center solution currently, as I have mostly deployed for medium branches and small offices.

These are all the improvements that I would like to suggest for Fortinet FortiGate.

My customers usually prefer deployment on-premises for Fortinet FortiGate.

My experience with integrating Fortinet FortiGate with third-party tools involves LDAP, which integrates very easily by entering the LDAP ID, username, password, and port number, making the experience fairly good.

I would rate this review an eight out of ten.

My clients use Fortinet FortiGate  in the boundary and border gateway as a border firewall, positioned between the internet and the company. We also use it for VPN and IPsec VPN to connect remote office sites. Additionally, I have a use case for MES in high technology where it blocks malware in machines such as those used for producing semiconductors.

I have used Fortinet FortiGate 's data center solution, specifically the FortiGuard service, which is included in every Fortinet FortiGate deployment. In the data center, we use Fortinet FortiGate to block server farms from the internal LAN due to its performance, which is higher than other products. We consistently use it in server farm environments.

The best feature of Fortinet FortiGate is its SD-WAN capability, which is included and differs from other products that require an additional license.

With SD-WAN capabilities, I notice a significant impact on network performance. The E series offers good performance, double that of the D series. If a new series is released, it always performs well. For example, if my customer uses the 200D model, the new 100E model can serve as an upgrade.

My experience in integrating SD-WAN capabilities with Fortinet FortiGate indicates that the integration is not difficult. We simply incorporate user ID and user account, and we have not encountered other challenges.

The main benefits that my customers see from Fortinet FortiGate include low cost and the integration of switches, APs, and Fortinet FortiGate, which reduces management overhead.

I have not used the Unified SASE  capabilities in Fortinet FortiGate.

I do not have the AI or ML enhanced FortiGuard with machine learning or AI.

My impression of the dynamic segmentation feature in Fortinet FortiGate is that while some customers use it, I believe it is not granular enough. It can separate VLANs, but it cannot separate individual users. We use it with FortiSwitch or AP to expand Fortinet FortiGate ports to every switch port.

Regarding stability, I have experienced performance issues with Fortinet FortiGate. Sometimes it does not work correctly in certain situations, such as DNS or URL categories, where it might block incorrectly.

When it comes to scalability, I find Fortinet FortiGate somewhat scalable, but not highly scalable because we usually replace it. We always buy a larger model to replace the old one. For better scalability, Check Point performs best as it offers products that allow for adding more firewalls to expand performance or bandwidth.

In assessing the performance of the hardware-assisted DDoS protection in Fortinet FortiGate, I think it does not work effectively in critical events, as DDoS protection is challenging due to the number of attackers.

In the future, I would like to see improvements with Fortinet FortiGate, especially as all firewalls emphasize AI or machine learning. I do not see significant use of AI in Fortinet FortiGate, whereas I can see how AI improves functionality in Palo Alto.

I have been working with Fortinet FortiGate for approximately twenty years.

Regarding stability, I have experienced performance issues with Fortinet FortiGate. Sometimes it does not work correctly in certain situations, such as DNS or URL categories, where it might block incorrectly.

When it comes to scalability, I find Fortinet FortiGate somewhat scalable, but not highly scalable because we usually replace it. We always buy a larger model to replace the old one. For better scalability, Check Point performs best as it offers products that allow for adding more firewalls to expand performance or bandwidth.

I would evaluate Fortinet's customer service and technical support teams with a rating of nine.

I mainly work with firewalls from Palo Alto Networks.

Apart from Palo Alto, I have worked with Check Point, but I used it very minimally.

The initial setup of Fortinet FortiGate is not difficult for me.

I have a business relationship with Fortinet as a reseller and system integrator.

I am aware of investment regarding ROI, but I need clarification on what type of investment you mean. The cost is the main concern of my customers, and Fortinet FortiGate offers the future we need.

I use Fortinet FortiGate primarily as a physical appliance; the VM deployment is minimal. My impression of the dynamic segmentation feature in Fortinet FortiGate is that while some customers use it, I believe it is not granular enough. It can separate VLANs, but it cannot separate individual users. We use it with FortiSwitch or AP to expand Fortinet FortiGate ports to every switch port.

Regarding stability, I have experienced performance issues with Fortinet FortiGate. Sometimes it does not work correctly in certain situations, such as DNS or URL categories, where it might block incorrectly.

In assessing the performance of the hardware-assisted DDoS protection in Fortinet FortiGate, I think it does not work effectively in critical events, as DDoS protection is challenging due to the number of attackers.

My clients use Fortinet FortiGate in the boundary and border gateway as a border firewall, positioned between the internet and the company. We also use it for VPN and IPsec VPN to connect remote office sites. Additionally, I have a use case for MES in high technology where it blocks malware in machines such as those used for producing semiconductors.

In the future, I would like to see improvements with Fortinet FortiGate, especially as all firewalls emphasize AI or machine learning. I do not see significant use of AI in Fortinet FortiGate, whereas I can see how AI improves functionality in Palo Alto.

I mainly work with firewalls from Palo Alto Networks.

Apart from Palo Alto, I have worked with Check Point, but I used it very minimally. I would rate this review with an overall score of nine.