Fortinet is a firewall-first business. The company’s main product is its next-generation firewall, called FortiGate. While firewalls were workaday products for decades, their position on the boundary of a network has become hot in the past few years. With the advent of cloud services, there is a lot more traffic traveling in and out of the network, and the gthe4 firewall is well-positioned to control all of it.
In response to the opportunities presented by the cloud, Fortinet has adapted FortiGate from a network appliance out to an edge service. As a result, buyers now have a range of deployment options for this security service. Whether stationed on the network or in the cloud, a Fortinet firewall can be extended with a long list of benefits, from data loss prevention to DDoS protection.
About Fortinet
Fortinet, Inc. started up in 2000. Its first product was the FortiGate firewall, and that product is still the company’s key offering. For decades, the FortiGate firewall was only offered as a physical device. Fortinet redesigned the network firewall’s physical properties and even commissioned its chips to ensure that its equipment could process traffic faster than any competing firewall.
The company’s CEO is Ken Xie, and the Chief Technical Officer of Fortinet is Michael Xie, Ken’s brother. These two were the founders of Fortinet, and they masterminded the creation of the FortiGate next-generation firewall.
The company is based in Sunnyvale, California, USA, and it now has more than 8,200 employees working in offices around the globe.
FortiGate
In its original format, the FortiGate firewall is hosted on a network appliance. However, Fortinet created a network box that could process data faster than a standard network gateway. That box can also host other functions, including network security monitoring. In addition, Fortinet has created its operating system for its devices, called FortiOS.
The functions of the FortiGate appliance include:
- SSL inspection for connection authentication
- Web filtering
- Virus blocking
- Sandboxing for suspicious files
- Image classifying
- Intrusion prevention
- DHCP and DNS servers
- Network Address Translation
- DDoS protection
- IPSec VPN management
- IoT connection management
- Remote endpoint OS detection
The appliance is offered in a long list of models that are categorized as:
- Datacenter firewalls
- Chasis-based firewalls
The capacity of these systems ranges from a data throughput rate of 198 Gbps for the FortiGate 1800F model to 540 Gbps for the FortiGate 7121F appliance.
Fortinet also offers its FortiGate system as a virtual appliance. These options are the VM Series, and they can be hosted on-premises, on a dedicated server, or on a cloud platform.
Fortinet classifies its hosted firewall as Security-as-a-Service. Hosted firewalls are usually termed “Firewall-as-a-Service,” or FWaaS. However, Fortinet can combine functions from its range of security and connection management services in a plan for subscribers. The package offers more than just a firewall, which is why Fortinet prefers to use the Security-as-a-Service label.
FortiGate deployment options
FortiGate is a very flexible system with three deployment options:
- Hardware appliance
- Virtual appliance
- Hosted subscription service
Although the range of options and additional services creates the possibility of a tailored service, it also makes it very difficult to decide exactly what functions are categorized as part of the firewall and which are standalone products. For example, the sandboxing function is identified as part of the firewall and a separate system. You can also choose to have the NGFW without sandboxing.
It is possible to mix deployment options as well. For example, you can have firewall functions hosted on a physical appliance, others hosted on your cloud account, and others delivered as subscription services hosted by Fortinet. The firewall appliance doesn’t need to be dedicated to firewall functions. Fortinet also offers network management services, such as its software-defined vast area network (SD-WAN), which can be hosted on the appliance alongside the firewall.
The boundaries between the FortiGate firewall and other Fortinet products are blurred, making the precise functions of the firewall and how they will be deployed challenging to define.
FortiGate prices
Fortinet doesn’t publish its prices for any of its products. This is partly because there is no fixed definition of the firewall service; therefore, each customer gets a customized package based on a consultation with a Fortinet representative.
You need to fill out the contact form on the FortiGate NGFW web page to request a demo and start your inquiry for the price of a suitable firewall solution.
FortiGate strengths and weaknesses
Fortinet is a highly respected brand, and the FortiGate firewall is its leading product. We have identified several good and bad points to consider when investigating the Fortinet firewall.
Pros:
- Options for a physical appliance, a virtual appliance, or a hosted subscription service
- A menu of functions to select from
- The ability to combine a firewall purchase with other network and security services
- Network traffic management as well as security protection
Cons:
- Blurred boundaries between the firewall and other Fortinet products
- A confusing list of deployment and service options
- No standard price list
Fortinet firewall alternatives
Although the Fortinet firewall is a very technically competent service, non-technical buyers will struggle to understand all available options. Therefore, although combining SaaS services from Fortinet could provide a beneficial virtual infrastructure for startups, the Fortinet firewall is more likely to appeal to larger enterprises that have in-house IT Operations departments.
Several other firewall providers offer very similar services to those of the Fortinet firewall, which are often easier to understand. As a result, they would appeal to small businesses and large organizations.
Here is our list of the best alternatives to the Fortinet firewall:
- Palo Alto NGFW This firewall system is very similar to the FortiGate service because it has a range of deployment options, including physical and virtual appliances and an FWaaS. This service provides threat detection and traditional firewall virus-blocking services. A unique feature of the Palo Alto system is that it performs SSL encryption on behalf of all protected endpoints. This means that it can inspect the contents of data packets that pass through the firewall in both directions. That deep packet inspection function allows the system to identify data theft attempts and block them. It also enables network managers to specify the types of content that should be stopped. While Palo Alto offers complementary services, the boundary of the firewall package is easy to understand.
- Perimeter 81 Firewall as a Service This is a hosted subscription service ideal for businesses of any size because it removes the need for any on-premises servers or equipment to host the service. The cloud-based system is also ideal for companies with home-based staff or permanently roaming consultants and contractors. In addition, large businesses with multiple sites would benefit from centralizing the firewall management of all of their locations. This is a comprehensive service that is well-presented and easy to understand.
- Forcepoint NGFW This firewall is implemented as a physical appliance that can perform internal network monitoring and perimeter defense services. The firewall includes SSL encryption services to inspect the contents of all communications in and out of the network, implementing data protection measures and content filtering. Additionally, the system is not limited to servicing the network on which it is resident. It can manage internet connections between sites and include individual home-based workers in the company network.
- CrowdStrike Falcon Firewall Management This option is slightly different from the others on the list because it doesn’t include a firewall. Instead, you use this package to coordinate the activity of all of the firewalls you have already installed on your systems, which could consist of free OS-native systems, such as Windows Defender. The CrowdStrike solution welds those existing systems together to act as a unified, centralized system protection service.
- SecurityHQ Managed Firewall Small businesses that don’t have IT, specialists on the books, or large companies that need to cut costs or find it challenging to recruit the right expertise can benefit from this package that includes the technicians to run the firewall for you. This service can be tailored towards compliance with any data security standards, including HIPAA, PCI DSS, SOX, NERC, and CIP.
- Zscaler Cloud Firewall This cloud-based firewall can protect assets anywhere, including multiple sites, cloud resources, and individual home-based staff. The FWaaS operates as a front for the whole organization and creates an internal private network, using the internet for infrastructure to link all sites and endpoints together. So this is a combined firewall and SD-WAN package.
