Fortinet FortiGate (BYOL) Next-Generation Firewall (ARM64/Graviton)

I am the network administrator at THK Rhythm Automotive.

The features and capabilities of Fortinet FortiGate-VM  that I have found most valuable are not only specific to Fortinet FortiGate-VM , but generally for most sites: a valuable web filter and DNS filter work together. For some sites, application filtering is important. The most important feature is IPS, which is the main reason for using Fortinet FortiGate  firewalls. The current solution is only on the border of our network, between the company network and the internet.

I spent much time finding exact firmware on Aruba which was working with these guns, but it is not optimal because it is not the latest version, so there could be potential security problems. We decided to replace those access points with another one. I personally have trouble because I don't know the exact life cycle of Fortinet FortiGate-VM boxes. I don't know if the life of boxes is five years or something else; we moved from our previous company, which sold us to other companies.

Before 10 years, we had a special department that took care of core networks, including firewalls. After that, this responsibility fell to me and my colleague. It is not easy to set up these Fortinet FortiGate-VM boxes properly because we didn't have previous experience with this kind of solution. At first, we set up only a few rules that were not secure enough, and over a couple of years, we improved the settings and security of these Fortinet FortiGate-VM boxes.

Currently, I have one Fortinet FortiGate-VM that needs to be replaced next year, and this box is not so powerful, so I need to redirect some traffic to another Fortinet FortiGate-VM. It is stable, but because the CPU processor of this box is not powerful, I need to redirect some traffic to another box. In the future, I need to choose a higher-level box to prevent potential troubles with the power of this box.

We have been using this solution for more than 10 years. We are currently running version 7.2.

Currently each company needs a firewall. All types of firewalls such as Fortinet FortiGate-VM, Cisco, and others have different capabilities, but regarding our financial situation, when we compare the price of Fortinet FortiGate-VM firewalls against other firewalls from other companies, we choose Fortinet FortiGate-VM because of price. Other firewalls have better capabilities, but we have a limited amount of money for that.

I expect that many threats are blocked by the IPS system because dynamic temporary rules are created. It works adequately, but I am not a security expert to compare this kind of firewall against another.

The customer service experience has been rated 5 out of 5.

Ten years ago we started with Fortinet FortiGate-VM. I don't have experience with other firewalls.

General settings are very easy and could work in about half an hour. But after the initial setup, it is necessary to create security rules according to the company's needs. I am glad that the default settings block all traffic, and only directly set up traffic is allowed.

After 10 years, we had a special department that took care of core networks, including firewalls. After that, this responsibility fell to me and my colleague.

There are only initial costs and after that yearly maintenance for the exact level of hardware support and hardware and security support. I am from Czech Republic, and I have experience that prices for our area are a little bit lower than in other areas for some goods. I don't have this experience with Fortinet FortiGate-VM because my colleagues in Germany are reaching better prices than me.

In the past, we were using that technology, but we had a problem with some wireless guns and found a solution with Aruba Networks. We are using Microsoft 365 with some version E5 license. Regarding the network, we are mainly using Cisco systems. My colleague is working on the SIEM  and SOC system with some external companies that support us after the ransomware attack. I am referring to hardware boxes and also virtual machines.

I expect that generally logs can improve our security because currently we don't have someone who works through these firewall logs, so we don't have information about potential security problems. We are expecting that it will be better after these logs will be connected to the SIEM  system.

These firewalls are very easy to set up or manage. It is easy to set up each box individually, but currently, I don't have experience or training for central management of these Fortinet FortiGate-VM firewalls. I have been working as an IT specialist for about 30 years. I use it only for the backup of the firewall configuration. It is helpful because I have a backup of each firewall configuration every day, and I can return back several days. However, it is another difficulty because if the configuration of Fortinet FortiGate-VM changes, many other items will change. Generally, all passwords are regenerated, so it is not easy to find changes when comparing two configurations of one firewall. I can see this feature, but it is not so important because everything is working adequately. I start to focus on the logs only when I have problems or if I need to set up new applications or allow new traffic. I only look at how much percentage of connections are used, and if it is below some limits, it is acceptable. This solution has received a rating of 31 out of 100.

I have experience in deployment for banking processes and at the perimeter of a financial institution. I have experience in configuration for PCI DSS compliance.

The best feature of Fortinet FortiGate-VM  is the deployment. I applied best practices for deployment with Fortinet FortiGate-VM. By the VPN connection into the site, on-premise and cloud or hybrid for segmentation of level of security, the perimeter and inside zone.

It's very robust. It's a solution that is very complete with accessible support. The feature for deep inspection (DPI) for Fortinet FortiGate-VM is used for generating alerts or to automate threat response.

Licensing could be easier to understand.

I have been using Fortinet FortiGate-VM for around six years and Cisco for around 10 years.

The support deserves a rating of ten out of ten.

I have also worked with Cisco firewalls. The main differences between FortiNet and Cisco include the price, which is very different. The variant of Cisco ASA , Cisco Firepower, is more difficult for configuration. Firepower is more complicated. Fortinet FortiNet is easier to deploy and also less expensive.

I find that the initial setup of Fortinet FortiGate-VM is easy. Of course, I am very experienced in the area of telecom, and this setup and configuration is friendly. I see that other people find Fortinet FortiGate-VM to be user-friendly. The setup and learning curve is short.

I would rate Fortinet FortiGate-VM a 10 out of 10. It is very good.

Being a cloud service provider with data centers using VMware technology, we primarily use it as a firewall and for Disaster Recovery in Hybrid Cloud Solution. We faced some issues with changes from NSX-V to NSX-T on VMware Cloud Foundation  Infrastructure, which is no longer able to provide SSL VPN  remote connections for end-users, so we replaced it with Fortinet FortiGate-VM  for our customers as a new endpoint in the cloud, enabling us to create a VPN and utilize SSL VPN  solutions. My customers mostly deploy Fortinet FortiGate-VM  on the cloud.

We are using VM01 most of the time, as we have more customers, although sometimes we can use VM02. In the EMEA region, we mainly have customers related to Fortinet FortiGate-VM. My favorite capabilities are VM01 and VM02.

We use it in a hybrid cloud solution, meaning the customer on-premise is using another technology or the same. It's better for us if they are using Fortinet, and we don't face issues with this solution. For what we need to do, which is setting up a VPN connection between both sides and using it for SSL VPN connections for remote users, it works effectively and we haven't encountered vulnerabilities.

It's user-friendly and easy to set up. It's designed with the customer in mind. As someone who is precise, I understand the importance of selling the solution effectively while ensuring it meets the customer's needs. This means that my focus is on gathering customer feedback. It's not just about what I see; it's about understanding the customer's perspective. Customers often want to know how they can use the solution and how to set it up, which is the main concern I address.

Fortinet Security Fabric 's Real-time Threat Response capabilities are satisfactory; it's a good solution.

There are vulnerabilities to address regarding security, as customers often ask about that. The main concerns are vulnerability detection and identification. Regarding the effectiveness of Fortinet FortiGate-VM in providing high-level security for high-level customers, we have some visibility issues, so it doesn't seem high level; there's definitely room for enhancement.

I have been working with Fortinet FortiGate-VM for two years.

We provide reliability; if one VM is up, the other can be down, so if there's a problem with the first, the backup can be activated. It's more about the design than the solution itself.

For SMB customers, it is a very good solution; I am unsure about enterprise customers.

Flexibility and scalability are very important for our customers. They primarily use this solution for SSL VPN and VPN connections, and most of the time it's for disaster recovery as a service in our cloud, functioning as a hybrid solution where they use something in their on-premise environment and just need an endpoint in the cloud.

We provide managed services, handling the setup to create the necessary VPN connections for secure data transfer. If a customer wants to move from VM01 to VM02, it's not difficult for us to manage. Fortinet FortiGate-VM adapts effectively; for example, you have a limited number of VPN connections on VM01, accommodating around 1,000 remote users, and if the customer needs another endpoint, we can deploy VM02 and manage that transition effectively.

Our support is good; we are the ones providing technical support to our customers. As a cloud service provider, our value is in offering solutions with our expertise, so we don't rely on Fortinet for support.

We moved to this new solution at the end of 2024. I have three customers using Fortinet solutions and haven't faced any issues.

It's user-friendly, and we can set it up easily with customers.

Most of our customers appreciate FortiManager, as the tools are interesting for easy setup of the product. Feedback regarding the interface is good; it's easy to understand, and the documentation from the Fortinet partner portal provides comprehensive information on product setup and management, which is beneficial for them.

My customers mainly use a managed services solution, meaning they don't have a lot to do by themselves; our services provide the solution. If customers want to deploy it by themselves and are already Fortinet customers, we just provide resources on the cloud. They can directly set up what they want on the VM we provide in the cloud.

The price is interesting for the customer; if you compare this solution with Competitors, it is maybe more suitable for SMB customers. The price is better than the competition.

We also provide EDR, XDR , SD WAN  solutions around Fortinet, but we don't have customers in South EMEA using this solution.

I would rate Fortinet FortiGate-VM an eight out of ten.

Majorly, we have cloud migration solutions where we connect Fortinet FortiGate-VM  with, usually for the FortiGate of the customer, an in-house solution. We have been through many different kinds of projects where we had to adapt the customer firewall solution.

A significant portion of our clients comes from the retail sector, particularly grocery stores. In the grocery market here in Brazil, there is generally low maturity in IT solutions and cybersecurity overall. MikroTik is commonly used for networking. Many of our clients utilize MikroTik or pfSense as their primary solution for their stores. Occasionally, they may also use Sophos or Fortinet at their headquarters. Through numerous projects, we have identified various vulnerabilities during penetration tests conducted in their environments. One of the primary concerns is usually the firewall, which prompts us to explore different security options. For example, we have a strong partnership with Trend Micro for Endpoint Detection and Response (EDR).

From there, we establish a connection between the customer's solutions and Fortinet. Sometimes, we implement SD-WAN to connect every store securely. This allows them to connect even with firewalls and SASE solutions, enabling connections via 5G to integrate the entire company with our cloud solutions. In summary, the foundation of our projects typically revolves around cloud migration, starting with security solutions or penetration tests that identify vulnerabilities. This leads us to implement both physical appliances and VM appliances as needed.

Our visibility into network traffic has improved since implementing Fortinet FortiGate-VM, at least based on the feedback from the operations team.

Fortinet adapts to evolving threats based on what I've seen. With AI implemented, they can analyze how new threats behave, enhancing their ability to respond. Nowadays, the prevalence of AI as a threat vector makes security harder; therefore, having a partner that's developing AI features for improved security is commendable.

My background is primarily in cloud infrastructure rather than security. When considering Zero Trust Network Access (ZTNA) or SASE solutions, I believe it effectively closes many gaps in a customer's connectivity and environment. For me, this level of security is crucial.

There are areas for improvement because usually, most policies don't change much. There's always room for enhancements, whether for VM or physical appliances, because threats evolve, necessitating adaptation and a different approach to the security environment.

I have about two years of experience with Fortinet FortiGate-VM. We primarily used to work with open-source solutions. Three years ago, we established a strong partnership with Fortinet. Since then, we have been working with Fortinet FortiGate as our primary solution for firewalls. I am familiar with both Fortinet FortiGate-VM and FortiGate physical appliance.

I can't rate technical support or customer service because I'm in the commercial area. From my perspective, I would rate it an eight out of ten. We are primarily supported by our own sales team, and recently we gained help from a Fortinet partner account manager, who has been assisting us with key customers and opportunities.

Our clients used different solutions. I believe that Fortinet has a larger installed base, which means they are exposed to more threats. This exposure helps them evolve more quickly and develop new solutions and protections against emerging threats. As a result, their response to issues is generally faster than that of their competitors. While I wouldn’t say they have more features than all the others, they do tend to introduce new solutions, policies, and tools more rapidly because of their extensive installed base. This allows them to be more responsive to new threats than other companies.

The initial setup used to be complex, but with the addition of features, potentially involving AI, it has become more straightforward. As far as I know, that was a challenge previously, but with recent releases, the setup process is increasingly automated.

We have a direct contract with Fortinet, but we primarily use the OCI environment. While we also partner with AWS, Azure, and GCP, about 90% of our infrastructure is in OCI. We are an ISV for Oracle. We offer a platform that enhances scalability for client-server solutions in the cloud. Over time, we have developed capabilities in integration, data management, and AI agent building. Our platform not only manages the infrastructure but also incorporates security tools like Fortinet and other solutions for phishing protection. In terms of integration, we provide an iPad solution along with a data warehouse and lake house construction process. This allows users to create their own data pipelines and ultimately deliver information to Business Intelligence (BI) tools or DataView tools. Additionally, users can build their own AI agents that operate entirely within their environment, using their own data without the need to export it to external tools. Oracle recognized us as an ISV capable of managing our customers' environments within our own accounts. Currently, we have more than 20,000 companies integrated into our operations within OCI.

What's more important than just having good policies in place is to have a security operations center that monitors all the KPIs and thresholds. This allows us to use that feature wisely and take timely measures to position ourselves effectively. If all the policies are well-placed, we can even automate responses, locking parts of the network to prevent attacks based on vulnerabilities or threats detected within our policies.

I would rate Fortinet FortiGate-VM a nine out of ten. It's much better compared to the open source solutions we've used before. Not only is my average ticket a bit lesser due to the licensing and other factors, but I also experience fewer issues with my customers, at least when it comes to the Fortinet products.

My use cases primarily involve cloud environments for Azure  or AWS , and 90% of my usage would be in the Azure  environment.

What I appreciate the most about Fortinet FortiGate-VM  is that it is not much different than hardware appliances. I have worked with other VMs in Azure that are firewalls, and the SSH capabilities on those devices lack functionality, whereas I don't have that problem with Fortinet FortiGate-VM . I can SSH into the firewall without issues.

The Security Fabric  real-time threat response capabilities are great if customers have all the products to go with it. In most cases, they may have two firewalls or they may have one firewall and FortiAnalyzer. If a customer is utilizing FortiMail , all these components can integrate together, allowing logs to be centralized and feeding back to one another in the event of a potential threat. It's great, yet unfortunately, we don't have enough customers using different products from Fortinet to really take advantage.

In terms of room for improvement, logging could be improved. Sometimes the logs are more difficult to read and to identify root cause analysis. Another enhancement that would be great, but wouldn't just be on VMs, could target the VM—the addition of a syslog table we could view to better identify what to expect from logging.

I have been using it for the last three to four years in my career.

Fortinet FortiGate-VM is a very scalable product, especially from an HA standpoint.

I have contacted technical support and customer support. When I compare them to SonicWall, they are about equal in contrast, as we have about the same number of challenges between both of them.

I have used alternatives to this VM.

The initial deployment of Fortinet FortiGate-VM was easy for me. To deploy the VM took maybe an hour.

Fortinet FortiGate-VM requires ongoing maintenance on my end. I have to keep track of the CVEs that may be out there, and that's probably one thing that Fortinet is plagued by, having a number of CVEs out there. The good thing is they patch them quickly and let their customer base know about them as soon as they do, or at least as it appears compared to other vendors that try to hide them.

Deployment would be a team effort due to it being in the Azure environment. You have to have the Azure engineer deploy the VM itself, and then I would gain access and do the initial provisioning of the firewall.

Regarding the pricing, it tends to be a bit higher compared to SonicWall. That's why we end up having customers go the SonicWall path when they would be much better off going the Fortinet FortiGate-VM path.

The closest solution I would compare it to would be SonicWall NSVs, which I've worked with the most, although I wouldn't compare it in a positive light.

For a small office or a small company, the NSV may be fine, but I appreciate the granularity of Fortinet FortiGate-VM. Granularity in security policies is where Fortinet FortiGate-VM stands out. I prefer Fortinet FortiGate-VM over SonicWall NSV because of the granularity. The ability to have security policies is a major plus, as each firewall policy can have its own security policy, which I can't do with SonicWall. This makes Fortinet FortiGate-VM the much better product.

I do not use the Hybrid Mesh  Firewall feature by default. Regarding the downsides of the VM, I haven't run into any problems to suggest improvements. I use it just as if it's a physical appliance, and I don't have any offset differences.

I rate Fortinet FortiGate-VM a seven out of ten.