We have configured it in our data center.

The best feature of Fortinet FortiGate is the IPS or IDS implementation. I appreciate most the agility or the flexibility to create hashes to block incoming threats, and I can integrate with third-party threat intelligence with our FortiGate.

SD-WAN is another beneficial feature of Fortinet FortiGate. It offers flexibility in terms of adding multiple network connectivity and building your own network. It's the replacement for traditional VPN solutions. With SD-WAN, I can connect my remote office quickly and add additional or multiple network connectivity to provide redundancy on my network. This is the simple part of that.

The effectiveness of Fortinet unified SASE in providing consistent security policies across multiple locations is very good. In FortiSASE, they have integration with FortiGate. As a network security individual in a company, you can provide a single view of policy, monitor them, audit them, or in one screen, you can see the activity of your users, the behavior of your users, and in contrast, you can see the possibility of tracing the users whenever they have some threats.

Whenever I perform a firmware upgrade or any upgrade on a VM, there are instances where the routing gets lost in the configuration itself on the running VM.

They have recently acquired a CNAP solution which should be integrated into FortiGate boxes natively for protection at any application layer. Since Fortinet FortiGate has Layer 7 protection, they should integrate that as soon as they can for threat detection and network detection. At the moment, if you don't integrate any third-party solution with a simple Fortinet FortiGate box, the box would not function as expected for superb protection. Compared to others, Palo Alto has more integration.

I'm waiting for Fortinet FortiGate to be more mature in terms of integrating AI. They already have AI automation in the configuration, but that's just the configuration. They need to address AI in threat intelligence and how they integrate with threat intelligence sources to protect customers using their Fortinet FortiGate boxes or Fortinet FortiGate VM instances.

I have been working with Fortinet FortiGate for more than six years.

Whenever I perform a firmware upgrade or any upgrade on a VM FortiGate, there are instances where the routing gets lost in the configuration itself on the running VM. Whenever we do any upgrade or patch, we ensure we have a latest backup, and then validate every single configuration whenever we finish the upgrade or deploy the patch. This ensures there are no concerns in terms of connectivity or services that get impacted after the upgrade.

This is not a criticism of FortiGate; it reflects my experience deploying several FortiGate instances across different public clouds such as AWS, OCI, Azure, and GCP. My main concern with FortiGate in OCI is its lack of support for features like auto-scaling. When you need additional CPU or bandwidth, it doesn't automatically provision those resources. Currently, in OCI, if you want to scale your FortiGate deployment, you have to shut down the instance and rebuild the virtual machine to accommodate increased capacity. For instance, when you purchase a VM instance, it may come with only four CPUs and a limited bandwidth of four Mbps. In scenarios where you need to scale up quickly, this can be a significant drawback compared to what can be achieved with Azure, AWS, and GCP.

However, I've deployed FortiGate on physical appliances in data centers in the past without any issues, as long as proper planning is done regarding the capacity of your firewall requirements. For example, if you need ten gigabits per second throughput, you should change the module and connect a ten-gig interface to the switch. The key lies in anticipating your design from the ground up, taking into account the growth in the number of users and the increase in the services you provide to your customers. This is my primary concern.

Their support is very good. They respond quickly through their hotline number with an active subscription.

I would rate the support from Fortinet FortiGate as a nine out of ten. Sometimes if I don't escalate to our account manager, it will take the next business day for the interaction.

I previously used Cisco ASA firewall but didn't find it to be as straightforward as Fortinet FortiGate.

The initial setup for Fortinet FortiGate is very straightforward. As long as you have the foundation of networking and understand the east-west and north-south firewall terminology, it's quick and easy.

The deployment would take a maximum of 30 minutes for edge layer protection and end-user protection. After that, you can enrich or enhance the policy, IPS, IDS tweaking, the built-in DDoS or UDP flooding integration.

I performed the deployment of Fortinet FortiGate myself, and it was very easy.

I appreciate how Fortinet FortiGate, particularly in Saudi Arabia, is not as expensive compared to other competitors. The investment value is good, and technically, the value invested is worthwhile. It's a very useful tool to mitigate and protect your enterprise. I cannot speak to the financial analysis as I'm not involved in finance.

It is cheaper and more competitive compared to other options. For example, when comparing Palo Alto products to others, Palo Alto tends to be more expensive. If you compare Cisco's platform, including Cisco Meraki, with Fortinet products, you'll notice that Cisco's offerings are generally higher priced than Fortinet's firewall solutions.

Before working with Fortinet FortiGate, I evaluated other firewalls such as the open-source firewall pfSense. pfSense is suitable only for small startup companies that need more financial consideration. However, in the long run, it's difficult to maintain and support without a subscription.

I also evaluated Sophos UTM, which was acquired by Sophos from Vyatta Networks, which began as open source but was later locked down for commercial purposes.

The biggest benefit of Fortinet FortiGate among other firewalls is the community. Many adopters and companies globally are already using FortiGates. Everyone in the community is sharing, and their support is very good.

I can recommend Fortinet FortiGate. It's a very stable next-generation firewall where the majority of the firewall features and services are in one box.

My total rating for Fortinet FortiGate is nine out of ten because there are still some missing pieces that need to be integrated with the box itself.

I use Fortinet FortiGate for SD-WAN, specifically for branches, and for firewall purposes.

Fortinet FortiGate is sold to everyone, including banks, mining companies, and oil companies, as it's one of the most popular SD-WAN products that we sell. These are mainly medium-sized businesses or enterprise businesses because we only sell business-to-business, B2B, and we don't sell to normal clients, only businesses.

We usually do not have any problems. It's a very easy-to-use product. We also have a SOC or service operations center. They are certified in Fortinet FortiGate.

From the point of view of a reseller, Fortinet FortiGate improves our business because it is one of the products that we sell the most. We also use it on our backend because the devices have many slots and support substantial bandwidth.

The most valuable features of Fortinet FortiGate are its SD-WAN capabilities, such as dynamic routing, and other features, including security options such as antivirus, IPS, and IDS—all integrated into one device.

Another beneficial aspect of using Fortinet FortiGate is that if you have a LAN network, you can integrate it with FortiSwitch. You can manage everything from Fortinet FortiGate. It is easy to manage and integrate with other Fortinet devices.

Fortinet FortiGate is a very good device overall, though it can be improved in certain areas regarding the licenses, particularly the big one called unified threat management, which has many capabilities. The big license options have web filtering, IDS, and a lot of other things, but it's not like they are all good. That's the only thing I would change because the rest is very good.

I have about 4 or 5 years of experience with Fortinet FortiGate.

I find Fortinet FortiGate to be quite stable, as I have never heard of any issues where they broke or malfunctioned; they are always working. I would rate the stability of Fortinet FortiGate a ten out of ten.

I would rate the scalability for Fortinet FortiGate as an eight out of ten

We don't usually use that service. We only engage with Fortinet support when a device is broken and needs RMA, so I am not familiar with their operational teams.

We used to use Cisco firewalls and devices, which are also quite good. However, Cisco is more expensive, approximately twice their prices, but they are similar in functionality. With Fortinet, we are partner experts, which is a big advantage, whereas with Cisco, we are premium partners, which is not the biggest status, so if we are going to resell to our clients, we don't have the best discount or prices.

I am not part of the initial setup or deployment process since I work in presales. The setup or deployment is quite easy, as you can do a one-touch deployment that automatically connects to the FortiManager cloud when you connect it to a broadband or dynamic IP, allowing you to start the configuration from that point.

We usually sell it for on-premises setups. It's on the cloud only when the client has virtual machines or their own service. Sometimes they have a service on the cloud like AWS, but it's more difficult to sell now because AWS has an e-commerce option where you can buy FortiGate directly. The only thing you need is someone to manage and configure.

For deployments at one site, it usually requires only one person, and if we are talking about 1 to 50 sites, it still only takes one person because the same template is used for all sites.

In Argentina, we service about 100 locations. There are about 200 companies in Colombia and Brazil.

We service about 100 locations with Fortinet FortiGate in Argentina, but if we account for all the company's clients, it can be around 2,000 across Colombia and Brazil, since we have clients in all of these countries.

Fortinet prices are around $600 for the small 40F model, and for licenses, the simplest option is about $300 for a year. They sell licenses that can last for 1, 2, 3, or 5 years.

Before using Fortinet, we evaluated other options such as Versa and Meraki, but Meraki is also from Cisco. Fortinet is better than Versa. One of the main differences between them is that we don't have many partners or distributors for Versa here in Argentina, making it difficult to sell something that you cannot pay for locally. It has been easier in the past to handle payments, but Versa doesn't have many providers or distributors in Latin America, making it a less viable option. Fortinet offers more products that are easier to integrate into our clients' networks, such as firewalls and access points, so that was one of the main reasons we didn't use Versa.

My advice to other businesses or people considering using Fortinet FortiGate is that it is the starting product from Fortinet, and when you start using Fortinet FortiGate, you can then move on to the next products they offer, which are numerous.

We sell the 40F, 60F, 80F, 100F, and 200F models. There are the ones we sell readily from the bottom to the top. Sometimes, we sell bigger ones such as the 300 model.

Overall, I would rate Fortinet FortiGate around a nine out of ten.

We use Fortinet FortiGate for the firewall as well as for the VPN. Any of the users outside the organization use the VPN. Any staff members working outside the office headquarters or our office location use the VPN.

The main aspect that I deal with is URL blocking and web access. I don't work with other aspects of this firewall.

It has upscaled our security posture, especially regarding external connectivity, because any access or connection from the company has to go through the Fortinet FortiGate firewall. It's doing a pretty good job. We do not have any complaints there.

Anything that we don't want to allow is not coming in. Anything we want to allow is not being blocked. We always have the granular control where we can block malicious IPs or subnets if needed.

Geofencing allows us to limit the countries from which we allow IP connections. There are many features that I may not even know or haven't explored, but in general, Fortinet FortiGate is doing a pretty good job for us.

The web controls are what I appreciate about Fortinet FortiGate. We have extensive controls over areas where we could block external-facing IPs, external URLs. We can do geo-fencing with the firewalls, which is a good feature.

There are too many updates coming for VPN, and the VPN keeps disconnecting frequently, which I find problematic. It does what it's supposed to do, but I practically face reconnection issues with the VPN.

Regarding the Fortinet FortiGate firewall, I don't have any input. My scope is limited.

I have been using Fortinet FortiGate for around three years.

Fortinet FortiGate is stable. We haven't seen any latency issues related to it, though we do experience latency from ISPs.

I would rate the scalability as eight out of ten based purely on my exposure to security controls relating to URL blocking and website access.

I haven't had a chance to work with Fortinet FortiGate technical support, but from my colleagues' experience, they say the Fortinet FortiGate people are easy to reach but hard to schedule time with. It's not as easy as having the Fortinet FortiGate engineer on the call and getting other teams involved; it requires careful arrangements to join in with the Fortinet team. I would give their support a neutral score of maybe five.

I don't know why we switched to Fortinet FortiGate from Juniper; it's a management decision.

I was not involved in the deployment. I think it's not that difficult; there's no complexity involved as long as we are clear on what we want to do.

We have it on both cloud and on-premises.

I was not part of the team that implemented it. I don't know how much they invested, but it would be worth the investment.

My overall experience with Fortinet FortiGate rates as eight out of ten.

We use the solution to secure our entire data, limiting user traffic from within the system, which needs to be assessed to be secure. That is the main motive behind choosing the solution.

Suppose I don't want to pay for the users. We would have done some whitelisting and content filtering on the FortiGate web gate. Based on the policies, any user traffic is filtered through the secure gateway.

It's a flexible solution.

What happens in FortiGate is that a lot of bugs come on a system-by-system basis, like when Fortinet launches new firmware in FortiGate. Most software launches with known or unknown bugs. When we go for upgradation, even after running a bug scoping exam, we don't know whether the BIOS for which we are upgrading would affect the end user. We don't know how the FortiGate firmware will behave in your environment. Whatever the known bug, FortiGate lists it in their documents, but you never know how the problem will impact your environment. That's a major disadvantage of FortiGate because, somewhere, it's very unstable.

Another issue is how deduplication services don't work reliably after enabling deduplication on Fortinet. When they launch any new firmware in the future, they have to ensure firmware functions.

I've worked with Fortinet FortiGate SWG for more than ten years now.

I rate the solution's stability a seven out of ten.

I rate the solution's scalability a seven out of ten. We have around 700 users on the platform.

If any issues arise, we have to log a ticket with Fortinet. By default, they log all the tickets in P3 or P4 priorities. For P1 or P2, they ask to call us on their phone numbers and lines. Whenever we try to call on the phone for any P1 or P2 issues, the next time, the number gets busy, or the email is unavailable. That's why

I feel the support is not up to the mark, and they must work on it.

I rate the solution's initial setup a seven out of ten. The deployment time depends on the scenario, such as your infrastructure size. To deploy the solution on a cloud, you have to buy it from the marketplace and deploy it on the cloud. But after that, you have to do a lot of configurations. That depends on the size of the operation.

One person is more than enough to implement the smaller version of the solution. But if the organization is bigger, with more than 500 or 600 users, we would need three to four people.

Fortinet is priced low.

We are exploring Netskope and evaluating it for the future.

I recommend Fortinet FortiGate SWG because it is flexible and cost-effective. I rate it an eight out of ten.

We use Fortinet FortiGate for end-to-end advanced firewall protection.

Fortinet FortiGate is deployed both on-premises and in the AWS and Azure clouds.

Fortinet FortiGate makes it extremely easy to manage the entire security system independently of our enterprise. In our company, we operate multiple networks, each with its own distinct layers of networking. Whether it is a small or large company, each network will consist of various layers, including the first, second, and third layers, as well as Wi-Fi access points. Additionally, we have different access switches, distribution switches, and core switches. FortiGate allows for direct management of all these options, which is one of its core advantages.

FortiGate is highly user-friendly and promptly addresses security threats and vulnerabilities commonly found in the modern technology world. Additionally, Fortinet offers the latest versions to cater to the needs of enterprises. They provide a range of firewalls, suitable for both small-scale businesses and larger enterprises. Overall, we are quite satisfied with their performance, and it has been working well for us so far.

Fortinet should focus on enhancing the capabilities of FortiGate by consolidating its various products, such as FortiGate Cloud, FortiManager, and FortiAnalyzer. Currently, these multiple products often confuse users and clients. It would be beneficial if Fortinet could offer a comprehensive integrated solution instead of separate products that cause user confusion. By providing an integrated solution, users would have access to all features and functionalities within a single window, eliminating the need to navigate through multiple windows. This approach would greatly improve the user experience.

I have been using Fortinet FortiGate for three years.

Fortinet FortiGate is extremely stable.

Fortinet FortiGate can easily scale using the cloud firewall option.

The technical support team is exceptional. They are consistently available and prompt in their responses, regardless of the region from which we open the ticket.

I used Cisco at my previous company and my new company uses FortiGate. FortiGate is better than Cisco. Where Cisco requires a person with great networking or programming knowledge, FortiGate does not. We can manage everything from its user interface. It provides comprehensive security fabric management, including Forti switches and access points. Additionally, FortiGate serves as a gate for our home, allowing us to monitor who enters and exits. Therefore, if we compare it to Cisco, monitoring the entire traffic becomes much easier.

The initial setup is straightforward. Fortinet provides step-by-step instructions in its documentation. The Fortinet engineers and support team are always available to assist, but even for a non-technical person, the deployment is easy.

The pricing depends on the FortiGate model we are using, ranging from $3,000 to $20,000 US dollars. We are using the FortiGate 600E, and its price falls within the midrange. The most expensive part is the renewal of the license subscription.

I give Fortinet FortiGate an eight out of ten.

Fortinet FortiGate offers a cloud trial that organizations can use in a test environment to evaluate the solution before making a purchase.

I used this solution while working with my last organization. I handled plain firewall deployment as well as SD-WAN deployment.

I was providing consulting services to various Telco customers. It helped customers save on the cost of highly expensive MPLS links. With the help of Secure SD-WAN, they were able to utilize broadband or even LTE connectivity, which saves costs. That's the flexibility that Secure SD-WAN gives to various customers. In addition to saving costs, they are also able to utilize active-active load balancing, where you can have two parallel links: primary and secondary. The secondary one used to sit idle in traditional scenarios, whereas now, the solution gives you the flexibility to configure both links as active-active, so you can prioritize critical traffic from link one and other traffic from link two. At the same time, you also have the option to maintain redundancy.

Secure SD-WAN is a great way to manage your entire organization network, especially the WAN network. Customers don't have to hop to multiple places. Fortinet has a solution called FortiManager. With the help of that, you can monitor, configure, and maintain your entire organization's network. It's a very convenient option. It's a single pane of glass from a customer's point of view. They don't have to log in to individual devices, and they can see the real traffic. They can see what's coming into the network, what sort of alerts or logs are there, and what sort of applications are being consumed.

Secure SD-WAN doesn't help with tool consolidation, but it's a secure way or mechanism they provide so that if branch users are accessing the internet, they can directly break out from the branch location rather than coming back to the data center. In that way, it improves the user experience while also giving security at the highest level.

I have not interacted much with Secure SD-WAN in terms of API integration or third-party integrations. However, they have pretty good integration with the RADIUS, LDAP, and AD servers. In that way, they have everything in-built. You can make the firewall a DNS server or some sort of DHCP server. Such features are included there. From a security standpoint, they have open API integration with their own SIEM or SOAR solutions. Third-party API integration is also possible, but the API details that are exposed are very limited.

The integrated application protection provided by Secure SD-WAN is a cool feature. They have real-time scanning of the application with the help of SSL inspection. You get to see the real-time traffic of applications, and you can protect your network from harmful websites. They have a signature database for that. This data also gets refreshed. It's a direct feed that the device takes from the central intelligence.

When you have Secure SD-WAN in place, you are more secure from the outside internet. They have a flavor of SASE, but I have not worked on it.

When you have a granular view of your entire network including users and security features being enabled, you get more visibility into your network. You get to know what's coming in and going out. If an administrator sees that some traffic is being hit repetitively from a particular location, functionality is available to block a region, country, or even an IP or domain.

In terms of Secure SD-WAN reducing our mean time to resolve, in the case of issues specific to SD-WAN, I've seen instances where customers can look into the dashboard and inform the support team that this is the issue they are facing. This helps them to have some visibility into these firewalls and isolate the entire issue from the technology perspective; for example, when a wireless client is facing some sort of challenge accessing the internet, whereas some of the wired users are able to access the internet. The testing tools given in the FortiGate GUI dashboard come in handy during troubleshooting. With the very user-friendly interface, it becomes very obvious and easy for any IT guy to simply follow the workflow to resolve any day-to-day operational issues.

The security features that they have are quite good. On top of that, their licensing model is quite nice where they don't charge you anything for the SD-WAN functionality for the firewall. The routing and firewall features are also good.

The unified view that they have built into this firewall is good. Within the same dashboard, you get to see the security profiles, the type of traffic that's passing through, the top applications that are being consumed, etc.

It's also very easy to use.

I was not looking after the operations part, but sometimes, I did get engaged in some critical activities related to operations. There are some caveats in every product. Tunnel flapping was one of the major things I had seen wherein your internet link remains but your VPN tunnel is down. However, since I got a fix from the TAC team, I have not noticed it, but the customer complained a few times that they couldn't access the internet because of this problem. There were tunnel issues where there was already established connectivity, but at the kernel level, there were some issues. For example, there's a feature for auto-site connectivity wherein whenever it automatically creates a new tunnel, at the kernel level, it also creates an interface. Sometimes, that interface crashes and a new interface could not be created, which results in connectivity loss.

Fortinet has established itself in the SMB market segment. It's doing pretty well in that space, but when it comes to the enterprise segment, they are lagging a little bit. It all boils down to the performance of the hardware. If I enable all of the security features available on my device, the throughput degrades quite a lot. If I have put 10 GBPS of throughput on a firewall and I enable all of these features available, such as IPS or UTM functionalities, the throughput comes down to 1 GBPS.

I used Fortinet FortiGate for seven months. I last used it in February of this year.

I'd rate it a seven out of ten in terms of stability.

The solution offers the option of deploying VMs or virtual machines to any public cloud, such as AWS or Azure. It provides such flexibility. If you have any application hosted in the cloud space, you can have a VM spin of the FortiGate over there and have a site-to-site tunnel established, so the scalability is there. Otherwise, at the site level, it's mostly hardware-based work. If you size it properly, then you have the option to expand. You might have chosen a low-end model because of the tight budget. In that case, it's not scalable on a specific site. However, if you have a certain number of sites, for example, if you have 400 of them and you want to expand to 500 or 1,000, there is simply a license that goes at the FortiManager level to support additional devices. FortiManager provides a single pane of management.

I'd rate it a seven out of ten in terms of scalability.

My experience was not that rewarding. It took me around three hours in total to get a simple issue identified and fixed. I escalated it to their L3 engineer, and after that, I was able to resolve the issue. The entire process took around three hours. First, their initial level person was troubleshooting, then it went to the next level, and then it went to the highest level.

From the security perspective, I have not used any other solution, but I did have a glance at Cisco's portfolio. Cisco Meraki is one of the solutions that you can compare it with. Others were more specific to the routing and switching domain. I know the concepts and theory of Cisco SD-WAN, but I have not used it in a real environment for any customer.

For one of the clients, it was deployed on the Azure public cloud. Initially, it was not easy. It was complex. Every product and technology requires a certain type of prerequisite, and when you have anything hosted on a public cloud, it becomes a tedious job to get things done quickly because multiple stakeholders are involved in that.

I have deployed Secure SD-WAN specifically for many customers. I find it easy, but you need one person to be at the site for remote connectivity. That person just needs to do the basic configuration. Once the device has IP reachability, you can easily discover it from FortiManager, which is the central controller. So, once you have the device on FortiManager, it takes a few clicks to onboard the device because you already would have a template in place.

The deployment duration depends on the number of sites. For a customer with ten sites, it would take a week's time because there are a lot of dependencies. It also depends on the customer's readiness and availability, but a week's time would be enough for the deployment of ten sites. If there is proper planning in place, you can also deploy 50 sites in a week, but that's something you cannot control from your side because there are a lot of dependencies on the customer and the service provider. If you have to integrate it into a customer's existing network, it becomes quite challenging to make them understand your prerequisites. There are instances where nobody is available from the customer side from the technical standpoint to help you. Those are the roadblocks, but from the solution perspective, it's quite easy to onboard devices.

The deployment can be done by one person if that person is dedicated to a single project, but if more projects are running in parallel, you would require a few more people.

It does require maintenance, which includes upgrading the operating system and installing patches. Two to three people would be enough for around 500 site maintenance but not in the 24/7 case. If it's 24/7, then nine people would be required for that.

By default, they give SD-WAN along with the firewall. They don't have separate licensing for the SD-WAN functionality. However, they have security licenses that are sold separately on a subscription basis. Customers can consume these security features to protect their users from internet traffic.

To those evaluating this solution, I'd advise doing a PoC of different vendors who are meeting their requirements. They can then decide for themselves after seeing the demo.

Overall, I'd rate it an eight out of ten. It's user-friendly. It's also good features-wise, but their support is weak, and on the architecture front, it's not true SD-WAN. It's not decoupling the control chain functionality from the device to the controller.

We are using Fortinet for administration over local users that need to connect with our wireless. We have users that come from different domains, and there are certain limits and restrictions that need to be implemented.

There is not much visible improvement, but it's a stable and reliable environment. We did not see anything critical in the production environment.

Reliability is the best feature. We faced some issues when we were setting it up, but the service, portal, and administration are good.

There is some development gap. We had experienced bugs in their operating system. When we were planning to upgrade it, there was no patch available for a bug, and the support team was saying that they need to work on that. That's the part they should work on.

There are some complex administration tasks in their administration portal. That needs to be improved.

It has been around two years since we set it up.

It's stable.

It's scalable. We have 1,500 to 2,000 people across the world. We have multiple regions and multiple sites.

We contacted them for a few cases. I would rate them a seven out of ten. They could be better at finding solutions.

This was the first option, but we'll try Cisco as well for our Wi-Fi setup for the next one to two years.

It was a management call to go for this. They know what is best for their business.

I was not exactly involved in its initial setup, but at a later stage, I had to jump into that. I was more into Cisco setup.

Overall, the setup was easy. There was a portal, and most of the things were similar to other hardware we use, such as Palo Alto. We found some bugs during the setup, and there was not much support available from the Fortinet support team

In terms of maintenance, there are upgrades available roughly every quarter.

It's worth the money.

The price range is quite acceptable and normal.

It's excellent. The services, administration, and reliability are up to the mark. They just need to improve it a bit.

I would recommend it if you want to set it up for your business. Overall, I would rate it a nine out of ten.