All firewalls, including Fortinet FortiGate-VM, provide similar features under the sync capability. The differences between them are minimal, with FortiGate-VM offering simplicity in use. It covers aspects such as intrusion prevention, web filtering, application control, routing, virtual domains, policy-based routing, and SSL.

For our customer, this product holds paramount importance. It is critical for them as we collaborate with government agencies, financial institutions, and oil and gas companies. Inspecting and controlling traffic, especially pertaining to credit cards, is crucial for their operations.

GitDM, like FortiGate VM, provides similar features to FortiGate appliances or cloud solutions. However, FortiGate VM is more suitable for heavy traffic and inspection compared to GitDM. Unfortunately, FortiGate VM lacks a dedicated SPU for inspection, and all features rely on CPU and RAM.

I don't have any specific improvements to suggest, but perhaps the pricing could be enhanced. Regarding updates, more frequent updates would be appreciated. FortiGate-VM is currently focused on providing very good firmware updates, automation, and top-notch features. It stands as a great product for now.

Based on our needs and the vulnerabilities we've encountered due to various downloads, I suggest integrating with Kaspersky Gateway. This integration would involve scanning and inspecting both official emails and spam emails. Our customer has successfully worked with Kaspersky Gateway, and overall, the integration has been effective.

I have been working with Fortinet FortiGate-VM for 3 years.

In conjunction with the switch and based on the sizing, it indicates a suitable box or VM for the customer. If the level of mailbox is low, the stability will be good, and the box will not be in conserve mode. Regarding impressions of scalability, I would rate it eight out of ten.

The support team is excellent, providing assistance and resolving issues effectively.

The setup is straightforward for me, but our customers might find it a bit challenging. Overall, following the provided steps and consulting the official materials or documentation makes the FortiGate-VM setup relatively easy.Firstly, we establish a console connection to the firewall and access its default IP. In the second step, we create rules to enable the firewall to access the internet. Following these two steps, we register a rule with Fortinet Broadcom, download the necessary licenses, and upload them. After uploading the license, we set up an interface rule, check the license, and configure interfaces such as LAN, WAN, and VPN. Subsequently, we create profiles, including web filter, application, antivirus, and IPS profiles. The last steps involve configuring interfaces like LAN, WAN, and VPN, as well as attaching profiles to outbound policies. We also consider additional configurations, like server publishing, destination netting, or integrating with PBM for Alibaba Cloud. The final three configurations are optional and depend on the customer's requirements.

We can tailor the suitable license for the customer, whether they require UTB or enterprise features. The options are flexible based on their needs.

I would recommend Fortinet for large-scale companies and Sophos for medium or small enterprises. I would rate it 8 out of 10.

I am a network engineer. I deploy firewalls for customers. I also provide firewall installation and configuration services.

I mostly prefer Fortinet firewalls. The graphical user interface is user-friendly and easy to configure. I recommend it to my clients because it is very easy to deploy.

Performance, scalability, and everything else are top-notch compared to others like Sophos or Cisco. I've used them all, and Fortinet is my go-to.

The main use case is for organizations that can't afford or procure hardware appliances. They can install the VM and license it as a cost-effective alternative.

The combination of SD-WAN and VPN capabilities is the most valuable feature.

If I could add one feature, it would be free security profiles.

I have experience with FortiGate VM. I've used it for practice and deployed it on customer sites.

I have been using it for four years.

I haven't personally experienced any bugs, and none of my clients have reported any either.

I would rate the scalability a seven out of ten.

The customer service and support are very knowledgeable and helpful.

I've deployed Cisco firewalls and hold certifications like CCNA and CCNP. But for security-level firewalls, I always go with FortiGate.

The initial configuration is very easy, even for non-technical users.

VMs can be affordable, but for high-demand scenarios, I'd still recommend the hardware. For the cost, it's a ten out of ten.

I would recommend the hardware firewall unless you have specific constraints. If you're installing on a server or desktop, and something happens like a cache issue, you won't have the same backup options as a physical appliance.

With hardware, you can claim a warranty, get a new unit, and easily restore from your existing backup. That wouldn't be as straightforward with a VM.

Over a hundred customers have deployed the physical Fortinet firewall based on my recommendations.

Overall, I would rate the solution a seven out of ten.

Fortinet FortiGate is our primary security solution for network communication. It enforces segregation between the IT and OT networks. All communication, integrations, and other traffic between IT and OT must pass through the FortiGate, which inspects and controls it.

FortiGate also serves as our VPN concentrator. Both internal users and partners connect their VPNs to FortiGate. We manage the entire VPN process, including access control and security policies.

All web traffic within the organization flows through the FortiGate for inspection and security controls. We leverage FortiGate's UTM capabilities, including web filtering, intrusion prevention, and application control.

While we have several websites running behind FortiGate, they are primarily static content sites with limited business activity. Therefore, we utilize the basic WAF functionality within FortiGate instead of a dedicated WAF device. This approach has proven effective for our needs due to the low volume of transactions and sensitive data on these websites.

FortiGate also manages communication between our internal IT units. With five units in operation, efficient inter-unit communication is critical. FortiGate ensures secure and controlled data exchange between these units.

FortiGate provides us with both visibility and segmentation for our industrial devices. This allows us to achieve good segmentation and also gain a clear view of the assets that reside behind them. Now, if I need to find a specific asset within our industrial environment, I can simply access Fortinet and check the assets listed there. Additionally, FortiGate utilizes sensing technology that identifies the type of each device, further enhancing our overall visibility.

FortiGate helps a lot to reduce the risk of cyberattacks that could disrupt our production.

FortiGate enables centralized management of our organization's network and security operations, providing comprehensive visibility into our environment for proactive threat detection and mitigation.

The effectiveness of our response to a production disruption depends on the affected environment. Some environments have sufficient redundancy to continue operating without the system, while others require immediate intervention. To address this variability, we utilize a strategically deployed FortiGate across all environments. This firewall enforces pre-defined rules to manage traffic and data flow effectively, ensuring that disruptions are minimized and operations continue smoothly.

FortiGate provides us with actionable data, enabling us to make informed decisions. The visibility it grants into the devices operating within our environment empowers us to take timely action and safeguard them.

All our OT traffic traversing to and from our IT environment passes through our Fortinet FortiGate firewall, which helps to reduce our operational expenses.

The security fabric helps reduce our mean time to remediation.

Fortinet has helped us take a more serious approach to cybersecurity.

The Intrusion Prevention System and the web filtering are both working well. The Deep Packet Inspection is also functioning properly, allowing us to see all network traffic, including encrypted data. I find the DPI to be a valuable and user-friendly feature. Additionally, the logs are clear and easy to understand. Having worked with Cisco and Check Point in the past, I can confidently say that these logs are on par with those of other leading security solutions. They greatly aid in troubleshooting, investigations, and general network monitoring. Overall, I am impressed with this solution's web filtering capabilities and robust IPS functionality. It is both easy to manage and deploy, making it a valuable tool for our network security.

While FortiGate offers a wide range of security features, I sometimes feel that the platform could benefit from more extensive improvements. Given the multitude of functions it provides, I wonder if the developers have enough time to adequately refine each aspect. However, for our specific needs, FortiGate currently performs adequately.

The debugging and troubleshooting has room for improvement.

I would like to see greater integration with third-party solutions. For instance, one example would be integrating Endpoint Protection with FortiGate, such that if an issue arises with Endpoint Protection, an action could be automatically triggered on FortiGate.

I am concerned about Fortinet's ability to help us meet regulatory compliance because its optimal functionality requires deploying all solutions within the mesh as Fortinet products. This raises questions about the compatibility and integration of non-Fortinet technologies within the Fortinet Security Fabric.

I have been using Fortinet FortiGate for two years.

I would rate the stability of Fortinet FortiGate an eight out of ten.

I would rate the scalability of Fortinet FortiGate an eight out of ten.

The technical support responds quickly.

I have worked with Cisco, Check Point, and Palo Alto. I worked with Cisco for ten years and I find Fortinet FortiGate to be a better solution.

The price is fair for what we get with FortiGate.

I would rate Fortinet FortiGate a nine out of ten.

Although we currently don't use any Fortinet devices designed for extreme environments, we are planning to test a few Fortinet switches in such conditions. This initial experiment aims to assess their performance and suitability for our harsh environment. If the switches perform well, we may consider switching our current supplier. While we don't frequently change our OT networks, prioritizing long-term stability has been our main objective, and we've achieved that so far. However, since Fortinet is our network supplier, testing their switches and confirming their reliability is a prudent step for when we need to update our switches.

Potential users should understand their needs before purchasing the solution.

I use Fortinet FortiGate-VM in my company to manage firewall installation and endpoint connectivity.

The most valuable feature of the solution is that it is easy to operate.

If a user makes any changes, it will immediately have an effect on the solution. If a user makes any changes in a product like Palo Alto, there is a need to push those changes to the firewall and apply commit changes, which shows the configuration part, making it a good feature since it sometimes helps, considering how a user may make small errors.

Errors made by a user get applied when using Fortinet FortiGate-VM. In the production environment, if a user makes any changes in a live environment, there is a need for the user to be very alert. The aforementioned area can be considered for improvement in the solution. Palo Alto is good for the production environment.

Capacity-wise, I think the solution's log storage area is something that needs to be increased since, by default, it stores logs for only seven days. The compliance team in our company needs to check the logs, which may be older than ninety days. Though the tool provides a storage hard disk with enough space, in our company, we can't store logs.

I have been using Fortinet FortiGate-VM for more than three years. My company is a customer of the product.

As my company uses an active-passive deployment in our environment, we did not face any stability-related issues with the product. Stability-wise, I rate the solution a ten out of ten.

Around 4000 to 6000 employees in my organization use the solution.

The solution's technical support is good. I rate the technical support a ten out of ten.

I rate the product's initial setup phase a ten on a scale of one to ten, where one is a difficult setup phase, and ten is an easy setup phase.

The solution can be deployed in an hour or two.

I deployed the solution by myself in my organization.

It is a medium-priced product.

Compared to the other VMs in the market, Fortinet FortiGate-VM is very easy to use.

I rate the overall tool a nine out of ten.

We utilize Fortinet FortiGate appliances at six branch offices, one data center, and one DLP site. Our network is driven by SD-WAN, and we employ FortiGate as our firewall, FortiEDR for endpoint protection, and FortiSwitch for alerting on all layers of the network.

For me, the best practice is to deploy on-premises for data centers. However, for small branch offices with over ten to twenty staff members, I can deploy the devices remotely. We can provision our cloud and push the configuration to those devices from the cloud.

The visibility that FortiGate provides into our devices is crucial for network segmentation. I want to see the output in a specific way. The traditional approach has shifted slightly, as I'm accustomed to Cisco networking equipment. Typically, we have a call feature, but I'm currently using all the call features for internal routing. However, with FortiGate, most security subnets are segmented and protected behind the firewall. This allows me to lock down or secure sensitive subnets, such as HR or departmental information. I can log in from there, and all other subnets for client users require centralized access. This means that all traffic must go through the firewall, enhancing security.

FortiGate enabled us to achieve compliance with governance requirements. The FortiGate, along with fabric security and checkpoints, essentially act as regulatory checkers, reviewing our security practices against industry best practices and guidelines. If they identify any discrepancies, they alert us, allowing us to develop and implement mitigation plans to address the issues. For instance, if our SSH configurations don't meet security standards, such as algorithm or cipher requirements, FortiGate will notify us, enabling us to take corrective action and regain compliance.

We utilize API calls for FortiGate, including those related to our PRTG monitoring system. Additionally, we employ HVAC calls and leverage another MDR solution from Arctic Wolf to trigger specific events on the FortGate. This API functionality enables us to generate API keys and seamlessly integrate with API features across various platforms.

Integrating FortiGate into our environment is straightforward. Our transition from Palo Alto to FortiGate was seamless, utilizing our existing policies and migration tools. FortiGate also provides provisioning capabilities for defining branch office configurations. As long as branch office devices can access the internet to communicate with Fortinet Cloud, we can remotely implement provisioning for these devices, offering greater convenience for small branch offices.

The built-in APIs streamline integrations with other vendors, reducing deployment time. They effortlessly generate API keys upon logging into the Fortinet network, facilitating the deployment of our PRTT monitor tools. These tools seamlessly integrate with each other, fostering rapid deployment. Most platforms, including Cisco Meraki, Palo Alto, and Check Point, now adhere to industry standards and support API calls.

FortiGate has been instrumental in mitigating the risk of cyberattacks that could potentially disrupt our production operations. I am particularly impressed with Fortinet's cloud-based FortiGuard service, which continuously updates our systems with the latest zero-day attack protection, significantly reducing the threat landscape within our industry. Given the energy industry's heightened vulnerability to cyberattacks, we have implemented measures to restrict access to our network based on geolocation IP addresses. This includes restricting access from countries such as Russia and China, further safeguarding our environment from potential threats. Additionally, FortiGuard's regularly updated list of malicious websites provides an invaluable layer of protection for our industry.

In the event of a production-disrupting attack, we can utilize FortiManager to remotely isolate and mitigate the threat by shutting down specific subnets or networks. We can easily navigate through the unpacked data, and upon detecting a suspicious event, we can initiate automation or SOAR processes to notify the Cloud Service Provider team with whom we have been collaborating. Additionally, we can establish traffic alerts. For instance, since not all users access the AD server simultaneously each month, if we observe such suspicious behavior, we can remotely shut down that network, thereby minimizing our risk exposure.

FortiGate provides us with actionable insights to guide our decision-making regarding the appropriate actions to take. We generate 20 gigabytes of log data daily, which we utilize to establish a baseline for network traffic on our servers and compare it to our generated report. This approach allows us to set a threshold for the read volume of 20 gigabytes of FortiGate data attempting to reach a server from an external source. If this threshold is exceeded, an alert is triggered, prompting us to take corrective action. The centralized monitoring of our environment provides significant value.

Security is not a single, isolated element. It encompasses the entire network infrastructure, including firewalls, routers, switches, endpoints, and even mobile devices. The Fortinet Security Fabric seamlessly integrates these components to provide comprehensive protection. It generates detailed logs, including those from access points linked to FortiSwitch. The FortiSwitch, fully integrated with the FortiGate Fabric, relays security alerts to the FortiViewer in the SOC. This centralized view provides complete visibility into the network, including SSIDs, wireless networks, subnets, and devices protected by FortiClient. The Fortinet Security Fabric tracks individual devices connected to the network, including compromised laptops. FortiClient triggers alerts and sends them to FortiCloud, which also receives logs from the EMS server and the firewall. These logs are consolidated in the FortiAnalyzer and forwarded to the cloud-based log server for analysis. This comprehensive approach to security ensures that all potential threats are identified and addressed promptly.

FortiGate has contributed to a reduction in our operational expenses. Prior to adopting Fortinet, we utilized Palo Alto for firewalls and Cisco for call switches. However, as we began using Fortinet, we gradually transitioned to their products. Currently, we employ FortiGate for our firewall, FortiSuite, and FortiAP Access Points, phasing them in one at a time. This approach has effectively minimized downtime and lightened our workload by enabling centralized management through a single pane of glass.

FortiGate has significantly reduced our time to remediation. We can now check logs from servers, firewalls, switches, access points, clouds, and even devices from different brands, all from a single centralized location. This has greatly reduced the time required for threat hunting and security event investigation.

Fortinet has been instrumental in enhancing our cybersecurity approach to safeguard our industrial machinery. We rely on some heavy equipment that is critical to our industry's operations. To protect this equipment, we have isolated it on a single subnet and implemented strict access controls, allowing only authorized users and MAC addresses to access the network. This ensures that only internal staff can operate the equipment unless authorized maintenance personnel are present. The high level of security we have implemented is essential because our industry's operations are closely tied to the core applications of our industry. We are committed to safeguarding our equipment and preventing any potential risks.

I appreciate FortiGate's flexibility, which allows for centralized management through FortiManager. Additionally, its integration with FortiAnalyzer, which can be deployed in the cloud, enables centralized monitoring of all firewall logs.

Fortinet needs to overhaul its documentation. Our current reliance on outdated documentation has resulted in significant time wastage. While we can locate the necessary documentation, the constant daily revisions necessitate meticulous identification of the relevant documents to prevent the use of outdated information that could jeopardize our environment. At the very least, Fortinet should classify its documentation to clearly indicate the applicable version, as our attempts to do so manually are becoming increasingly tedious.

I have been using Fortinet FortiGate for over three years.

Fortinet FortiGate is stable. I have not encountered any performance issues.

Fortinet FortiGate is scalable.

The speed of Fortinet's technical support is significantly faster compared to Palo Alto. I recall an instance where I experienced an issue with Palo Alto, and it took an hour to connect with a real technician from Palo Alto. However, when I call Fortinet, it takes a maximum of two minutes to get a knowledgeable individual to address my concerns. Considering the stark contrast in service levels, imagine having a network issue with Palo Alto and having to wait an hour for support. Conversely, with Fortinet, we can receive proper assistance within two minutes. The difference is immense. This is the one aspect I find lacking in Palo Alto.

The reason I don't give Fortinet's support a perfect score is that I've worked in this field for many years and have come to expect a certain level of expertise. Even when we call Palo Alto, Cisco, Check Point, or any other support service, our experience can vary depending on who we get on the phone. If we're lucky, we'll get a highly experienced expert who can quickly resolve our issue. However, we may also get someone who is new to the team or to their role, and they may take a long time to understand our problem. While Fortinet's support is generally excellent, I have had a couple of experiences where I felt like the person on the other end was inexperienced and asked me irrelevant questions. Despite these occasional issues, I am still very satisfied with Fortinet's support overall, but I wouldn't give it a perfect score.

We previously used Palo Alto for five years and switched to Fortinet FortiGate. Palo Alto is expensive.

The initial deployment is simple. We need to determine which interface is the WAN interface and which is the internal interface.

With Fortinet, we should prioritize a centralized approach to ensure synchronization and consistency across the network. This centralized management strategy will streamline the implementation of SD-WAN, as it allows for the deployment of standardized templates and traffic configurations. Centralized management also simplifies future modifications, as minor changes can be pushed down without requiring complete redesigns. Conversely, deploying SD-WAN without prior centralized management can lead to complexities and potential disruptions. For instance, if WAN interfaces are configured independently of SD-WAN, integrating SD-WAN later will necessitate removing and reconfiguring existing data, policies, firewall policies, and rules. This process can be time-consuming and error-prone.

For medium and enterprise organizations, FortiGate is more affordable. We can choose from a variety of bundles to find the right license for our needs. The software is reliable and easy to install, and it will run smoothly on our systems. FortiGate is priced lower than Palo Alto.

I would rate Fortinet FortiGate nine out of ten.

I compared SD-WAN solutions offered by companies like Cisco Meraki, and Palo Alto. I'm impressed with SD-WAN solutions in general, but I recommend considering purchasing Fortinet's SD-WAN solution, as it could lead to significant cost savings. However, proper planning and design are crucial before deployment to avoid incurring additional expenses due to rework. That's my suggestion.