My main use case for Fortinet FortiGate is controlling our incoming and outgoing traffic as it's installed in our data center. We're managing all the VPNs, IPsec VPNs, over 48 VPNs with our Fortinet FortiGate. We are also controlling network attacks and threats using IPS/IDS, using web filter, and URL filtering. We are bounding users to access the relevant sites only by using the URL.
Fortinet FortiGate Next-Generation Firewall
Fortinet Inc.External reviews
234 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Improved traffic control and security protocols but needs a more intuitive interface
What is our primary use case?
How has it helped my organization?
Fortinet FortiGate has positively impacted our organization by providing stronger network security as it's a next-generation firewall. The IPS we have blocks known threats and vulnerabilities in real-time. Application control detects and controls thousands of applications, blocks P2P, and limits social media.
SSL inspection scans encrypted traffic, even TLS 1.3 for hidden threats, advanced web filtering, antivirus, and anti-malware. The result is fewer breaches, blocked attacks, better compliance, and simplified and secure WAN connectivity, intelligent link selection based on latency, load balancing across multiple ISPs, and automated failover.
We can run routing protocols very easily, such as BGP. We are using BGP over IPsec VPN for our multiple branches and different stations. We are using BGP over Fortinet FortiGate so it's automated. If one ISP goes down, it will shift automatically without requiring human or network administration involvement. It improves VPN and remote access, including SSL VPN and IPsec VPN as well.
What is most valuable?
The best features Fortinet FortiGate offers include the SD-WAN, which really stands out, and the comfortable GUI. The IPsec VPN configuration is very user-friendly. Compared to Huawei firewall, Fortinet FortiGate offers more features and is more user-friendly.
In terms of security features, Fortinet FortiGate has Deep SSL/TLS inspection, which is very limited in Huawei NGFW firewall. The AI-powered features in Fortinet FortiGate are more advanced compared to Huawei's basic filtering. The SD-WAN is built-in and mature, while Huawei's support is less feature-rich.
Application control is very granular with signatures, while Huawei is less extensive. The management and usability of Fortinet FortiGate is clean and user-friendly, compared to Huawei's more complex user interface. FortiOS CLI is popular and well-documented, while Huawei, Cisco, and Juniper differ from standards. Fortinet FortiGate offers centralized management through FortiManager and FortiAnalyzer. The reporting, logs, and firmware updates are excellent and stable in Fortinet FortiGate.
What needs improvement?
Fortinet FortiGate can be improved, specifically in the user interface and UX enhancement. The GUI, especially in older FortiOS versions, can be cluttered or slow. Improvements could make the UI more modern and responsive with a quick dashboard, real-time visibility, health checks, and improved policy editing with bulk changes and better search filters.
Policy management in a large environment becomes complex when managing dozens or hundreds of policies. This could be improved by introducing better policy grouping and tagging for more intelligent policy optimization suggestions, such as unused rules or shadow rules.
The built-in logging and reporting is limited without FortiAnalyzer. Internal reporting tools should be enhanced with graphs, trends, PDF exports, alert-based thresholds, and real-time traffic summaries without requiring FortiAnalyzer, which requires additional payment.
User identity integration with LDAP, AD, and user-based rules can be tricky or limited. Additionally, SSL users cannot change their passwords themselves, which should be included in the OS functionality.
For how long have I used the solution?
I have been using Fortinet FortiGate for six years.
What do I think about the scalability of the solution?
Fortinet FortiGate's scalability is good, and it can handle our organization's growth and needs as it's expanding.
What other advice do I have?
When choosing Fortinet FortiGate, you must know your network size and use case. Choose a FortiGate model that fits your current network and allows for future growth. For small offices and branches, you can use 40, 48, 40F, and 60F series. For medium offices, 80F and 100F are suitable. For large enterprises, you need 200F, 400F, 600F. For data centers, 1000F is recommended.
It's advisable not to buy a model that barely fits; choose one with headroom for future expansion. Always check key specs based on your needs, such as firewall throughput, threat protection throughput, VPN throughput, maximum concurrent sessions, and ports. Check if you need SFP, PoE, or 10G ports.
Consider the features you actually need, such as SD-WAN, SSL VPN, application IPS, AV scanning, Wi-Fi AP support, or central management. If you need central management, you can use FortiManager. Look for FortiOS version compatibility as the F-series offers clear advantages. Make sure your team can operate and manage it with experienced Fortinet engineers.
My review rating for Fortinet FortiGate is three out of ten.
Not operationally ready with autoscaling.
Tried the cloud formation template for autoscaling and found the worker node was not working. Logs showed it crashing out when trying to do an API call to the Firewalls. Updated the worker code, started again, and crashed again.
Without the worker node your not even getting the two on demand nodes sync'd.
Traceback (most recent call last):
File "./Fortigate.py", line 3504, in
exit(main())
File "./Fortigate.py", line 2882, in main
rc = ChangeDHCP(fgt, 'apiadmin', encrypted_password, verbose, debug)
File "./Fortigate.py", line 721, in ChangeDHCP
values = status.json()
File "/usr/lib/python2.7/dist-packages/requests/models.py", line 651, in json
return json.loads(self.text or self.content, **kwargs)
File "/usr/local/lib64/python2.7/site-packages/simplejson/__init__.py", line 516, in loads
return _default_decoder.decode(s)
File "/usr/local/lib64/python2.7/site-packages/simplejson/decoder.py", line 370, in decode
obj, end = self.raw_decode(s)
File "/usr/local/lib64/python2.7/site-packages/simplejson/decoder.py", line 400, in raw_decode
return self.scan_once(s, idx=_w(s, idx).end())
simplejson.scanner.JSONDecodeError: Expecting value: line 1 column 1 (char 0)
Impossible to get support
1. I have a fortinet account
2. I have my serial number for the Fortigate VM (directly copied from the Fortigate Console - I know it is correct).
I click on the contact support link mentioned under the Support section of the AWS marketplace listing. It asks me to login. I login with my fortinet account. I try to create a technical support ticket. To create a ticket, it asks for a serial number. I enter the serial number but it says the serial number is invalid (i took the serial number directly from the Fortigate console, so I know it is correct).
In my Fortigate Admin screen, I try to "register" the product - every time i register, it says "Unknown Error".
My issues are the following
1. I cant register the product with my fortinet account - I get an "An Unexpected Error Occurred" message.
2. Because I can't register the product with my fortinet account, I am unable to submit a support ticket. When I try to create a support ticket in the portal, it says "Invalid Input Data. The Serial Number is Not Registered."
So how are we supposed to get support?
Unable to access any documentation to get started
Sorry but I couldn't even get out testing going. The documentation links failed, setting up support account failed and, well, no way to actually look at the product. May be good but no way to tell if support information is not available to even get started.
Login Never Worked
The instance ID was never accepted as the password. I messed with it for an hour thinking it was just that poorly documented. Turns out it is more likely to be that poorly implemented.
can't login
I can't login to the FortiGate Console with instance id as the password.
Probably because my AWS account has longer IDs for EC2 instance.
showing 1 - 6