We just raised a $30M Series A: Read our story

Firewalls VM Reviews

Showing reviews of the top ranking products in Firewalls, containing the term VM
Juniper SRX: VM
Solutions Architect at a tech services company with 201-500 employees

Some models are scalable but you have to have VMs to modify resources to get better performance. 

View full review »
Fortinet FortiGate: VM
Director at a integrator with 11-50 employees

Good VPN, both IPSEC and SSL (web-mode, tunnel-mode). An engineer/network administrator has tools to debug VPN issues that can occur during tunnel setup with other vendors' equipment.

SD-WAN feature at no cost. This is really great feature for remote locations (branch offices) and HQ, application steering between many ISP links becomes a simple task. Steering can be done dynamically by measuring link quality (latency, jitter, packet loss, available bandwidth).

Wi-Fi and Switch controller at no cost. FortiSwitch and FortiAP can become a kind of port extender of the firewall, all its ports can be referenced in firewall policies. When you have such management plane consolidation it gives you a simpler way to operate.

Security Fabric Framework is helping in analyzing sudden and rapid changes in whole infrastructure, and gives the ability to simplify daily operations (e.g. address objects synchronization between all firewalls in Fabric, estimating overall security rating, single-sign-on for admin access and many more)

Single Sign On support with deep LDAP integration (several variants for environments with different scales), RADIUS authentication.

Can work as transparent and explicit web-proxy, the last option supports Kerberos authentication which requires no agents installed on any windows server.

Human readable firewall policies with editable security policies and
addresses in single page. This is very useful and time saving feature.

Firmware upgrade process is very simple, even for cluster configurations it is fully automated by default.

Straightforward SNAT and DNAT; you may work in two ways: with Central NAT rules configuration and by applying translation directly inside firewall policies.

Bulk CLI commands are uploaded via gui in script file (portions of config file).

VDOMs are very useful when you need to grant admin role to clients separately. VDOMs in FortiGate can be represented in FortiAnalyzer's ADOMs (administrative domain), which can have different log storage policies, event handling and alerting configurations. You can create one VDOM working in NAT/Route mode, and another VDOM working in Transparent mode.

If you don't want to create and use second VDOM you can still transparently inspect traffic at layer 2 level while having only one VDOM in NAT/Route mode. This is achived by configuring Virtual Wire Pair ports that work like a separate bridge.

Ability to capture packets going through any interface of device (and VM too). You can set number of packets, filter out packets by IP and port number for particular troubleshooting purposes, then download a .pcap file from web gui and analyze it in your favorite programm.

Advanced routing (RIP, OSPF, BGP, PBR). It gives you a seamless and simple integration into a large network.

IPS, AV, Web Filter, AppControl profiles are working very well.

SSL Inspection and CASI (Cloud Access Security Inspection) profiles.

Rich logging options allow you troubleshoot most problems.

Straightforward HA with different redundancy schemas.

IPv6 support.

View full review »
IT Infrastructure Engineer at Communication Progress

This solution is scalable. They have now built hyperscale firewalls and it's very easy. Also VMs, for example, is very easy to scale, you just need to adjust the licensing. 

View full review »
MH
Managing Director at FORESEC

Our primary use case for Fortinet FortiGate is for the center firewalls. We use the VMware server. That seems good and acceptable to the customers.

View full review »
KN
Service Delivery Engineer - Network Security Lead at a tech services company with 51-200 employees

The solution is highly scalable because they have devices that can handle a large amount of traffic. The VM version with the hardware appliances is widely scalable. It can handle small businesses to large scale enterprises. In terms of mode of deployment, you have VM, hardware appliance, and cloud. There is cloud management as well that is scalable. It can suit a number of deployment scenarios.

We currently have 50 employees using the solution, some of our clients that have deployed it has 1000 users and it has not given a problem.

View full review »
MS
Lead Architect at a computer software company with 51-200 employees

If you're a small-medium size business:

- Size your use case carefully as licensing price jumps significantly with HW changes. 

- Customizable Forticilent SW can be downloaded for free with FNDN membership

- If you have multi sites and require Fortigate based 2FA then consider getting a dedicated fortiauthenticator (VM) with fortiokens acting a central RADIUS server which can be cheaper than cloud tokens an with additional authentication flexibilities.

View full review »
pfSense: VM
Owner at IKON Business Group, Inc

We have a hosted platform with our client. We've built a VPN site and the solution is deployed as a VM. The client connects to it and it protects anything that's behind it like a regular firewall. Everything we have there is hosted in a data center, all our servers and things that clients connect to. So we're using it as our gateway device. We are customers of pfSense and I'm the owner of our company. 

View full review »
PG
Software Applications Manager at a engineering company with 201-500 employees

I've tried to scale the solution previously. I've got two hardware platforms running. I wasn't quite able to run everything I wanted on a small ARM based device. Therefore,  I build my own Super-micro platform based on Intel Denverton.

It's actually easy to scale. It's just moving over most of the configuration: exporting, importing, or even going right into the original XML export file.

There are six users, 3 dozen of devices and a homelab server with VM running behind the solution at this time.

View full review »
TW
Managing Director at Midgard IT

We have a client who's got a number of VMs on a single piece of hardware. They needed to have access over a VPN to those VMs from inside their network. We use pfSense to provide the VPN link using the IPsec.

In others, let's say smaller organizations, we will put a Mini ITX system that then connects into their broadband - typically sort of fiber or something like that - and just gives protection. 

The solution also allows us then to manage port forwarding and things like that.

View full review »
Sophos XG: VM
Revenue Development Manager at Integrity by CELT

My advice would be to download the VMware and get to know the interface because running one of these devices is probably not as difficult as you'd think. If you have an onsite level one user, YouTube has online training and Sophos support will help you through it. It's a very easy device for a level one engineer to manage. My advice is to download the free VMware for 30 days and then either buy the platform or install the VMware product.

I rate this solution a 10 out of 10. 

View full review »
MA
Technical Presales Consultant/ Engineer at a wholesaler/distributor with 10,001+ employees

You need to pay for the license. You need to pay for the hardware as well. The cost depends on the model of the hardware and on which license. They have different editions, and licenses you're going to go with. They have different modules, and the cost depends on which modules you'd like to activate for security features. Not everyone will buy Sophos to utilize all the features. Usually, it's just the firewall, and IPS, sandbox, and the web filter that people are looking for. Not many people have Sophos or VM servers on-prem to protect them.

View full review »
Kerio Control: VM
IT Manager at Flare Technologies

Our main customer base is superyachts, and they have the Kerio for traffic rules and bandwidth management of the various networks on board. They can optimize traffic for crew versus owners and guests, the VIPs that might be on board. They also use it for bandwidth sharing. They usually have a mixture of the VSAT satellite internet and 4G internet access. Sometimes they have WiFi, for example if they connect to a WiFi hotspot in a marina, as well as shoreline or fixed DSL. They use it to manipulate the internet traffic, so they can say the crew uses the slower VSAT and the guest gets the fast 4G or shoreline.

They also use it to see what's going on. If the boss complains that the internet's slow, they can quickly see if someone is downloading a load of updates or streaming Netflix and they can block them. They just want to have control, as the product name suggests, over the internet traffic.

In-house, we use the NG300, but because we are a partner, we use various hardware platforms. At the moment it's nearly all the NG series, the 100, 200, and 500. The most common that we use is the NG500. I'm interested in using the next-generation, which is due out in the next couple of months, but I've also used the virtual Kerio platform on a VMware hypervisor.

There's a virtual appliance, but also software installed on a Windows PC. We build our own virtual "guest" on a host, we've done a couple of those, and then attached it to a switch with VLANs, so we've covered all platforms.

We have these Kerios on anything from a 30-meter Sunseeker, with five or six crew members, four guest cabins, and a couple of master cabins, or a master and a VIP. They might have 20 guests so there would be a total of about 30 users and some 50 devices for those users. There is also all the AV equipment. And we've gone right up to a 120-meter superyacht, with 50 to 100 crew and space for about 200 guests. We've also got a couple of ski chalets, and a private island in Ibiza. A few hundred users is its top end, but as far as network-connected endpoints go, it could be in the few thousands of devices.

View full review »
IT Consultant at ArioRasaneh

We are working with VMware and we are using virtual machines for Kerio Control.

View full review »
Cisco Firepower NGFW Firewall: VM
Cyber Security Practice Lead at Eazi Security

The primary use case is mainly around perimeter security at the HQ and the branch. This will include using the Next-Generation Intrusion Prevention System (NGIPS), using advanced malware protection for networks on the firewall, and remote access VPN as well as site-to-site VPN.

I work for a Cisco partner and managed service provider. We have a number of customers. Typically, the standard setup that we have is a Firepower Management Center Virtual, running in VMware, with physical FTD appliances (as the firewalls) on-premises.

We work with more mid-size organizations who typically have email security, web security, endpoint security, and perimeter security. In terms of products, that would be:

  • Cisco Umbrella
  • Cisco Cloud Email Security
  • Cisco Secure Endpoint
  • Firepower, for the perimeter. 

That would be a typical technology mix. Sometimes, some customers will consume something like Duo Security for multi-factor authentication.

We are primarily running ASA Firewalls with the FTD image. We are also running some Firepower 1000 Series. 

View full review »
MS
Senior Systems Engineer at a tech services company with 201-500 employees

Technically, it is a very good firewall, but some improvements need to be done on the management side. I would advise getting a consultant or someone from Cisco to help you in implementing and using this firewall to its fullest extent.

We don't use workload integration as of now. We also don't use its dynamic policy capabilities to enable tight integration with a secure workload at the application workload level. Similarly, we don't use the solution's tags for VMware, AWS, or Azure for dynamic policies implementation in the cloud.

I would rate Cisco Firepower NGFW Firewall an eight out of 10.

View full review »
Network & Security Engineer at Oman LNG L.L.C.

We are using Firepower for outbound/inbound traffic control and management as well as for our internal security. We are using it for LAN security and VMware network security. It is a hardware device, and it is deployed on-prem.

Our target is to make our network 100% secure from the outside and inside traffic. For that, we are using the latest versions, updates, patches, and licenses. We have security policies to enable ports only based on the requirements. Any unnecessary ports are disabled, which is as per the recommendation from Cisco. For day-to-day activity monitoring and day-to-day traffic vulnerabilities, we have monitoring tools and devices. If there is any vulnerability, we can catch it. We are constantly monitoring and checking our outside and inside traffic. These are the things that we are doing to meet our target of 100% security.

We have a number of security tools. We have the perimeter firewalls and core firewalls. For monitoring, we have many tools such as Tenable, Splunk, etc. We have Cisco Prime for monitoring internal traffic. For malware protection and IPS, we have endpoint security and firewalls. The outside to inside traffic is filtered by the perimeter firewall. After that, it goes to the core firewall, where it gets filtered. It is checked at port-level, website-level, and host-level security.

We have the endpoint security updated on all devices, and this security is managed by our antivirus server. For vulnerabilities, we have a Tenable server that is monitoring all devices. In case of any vulnerability or attacks, we get updated. We are also using Splunk as SIEM. From there, we can check the logs. If any device is attacked, we get to know the hostname or IP address. We can then check our monitoring tool and our database list. We can see how this attack happened. We have configured our network into security zones. We have zone-based security.

View full review »
Engineering Services Manager at a tech services company with 201-500 employees

In some cases that I'm aware of, when moving from specific platforms like Check Point, Firepower has offered a much easier way of working with the platform and deploying changes. For the customer, it's a lot easier in the newer platform than it was in the previous one.

I've done network assessments, where we wanted to get visibility into all flows. I used Firepower boxes for some of those, where we tapped a line and let Firepower see all the traffic. It was incredibly helpful in picking up all of the flows of data. As a result, I was able to give information to the customer, saying, "This is what it's doing and this is what it's seeing in your network." I find it very helpful to get all that type of data. It's got a lot more information than NetFlow-type systems.

There have also been use cases where I'm doing east-west and north-south in the same firewall box. That is possible with SGTs and SD-Access and Firepower. That ability has been critical in some of the designs we've done. A scenario would be that we have an underlay, a corporate network, and a guest network VRF-routed zone; big macro security zones. We are doing micro-segmentation at the edge with SD-Access, but the macro-segmentation between the zones is handled by the firewall. Because we didn't want to split up our east-west and north-south, because there really wasn't a budget for it, they're on the same box. That box is able to do both flows that go towards the internet and flows that go between the different interfaces on the firewall. We're using SGTs in those policies and we're able to extend the logic from the SD-Access environment into the firewall environment, which creates a very unified approach to security.

We're also able to implement dynamic policies for dynamic environments with 7.0. That's becoming more and more important every day. IPs are becoming less important; names and locations and where things live in the cloud mean things are becoming a lot more fluid in the world of security. It's very helpful to have objects and groups that can follow that fluidity along, as opposed to me trying to do it old school and static everything up. No one has time for that. Dynamic policy capabilities enable tight integration with Secure Workload at the application workload level. The IP is less relevant and the application or the VMware tag can be tied to a specific ruleset. It's very helpful to be able to have it be so dynamic now. We're using more and more of those dynamic group concepts.

When it comes to the solution’s tags for dynamic policy implementation in cloud environments, VMware is the primary one I'm seeing these days, but I expect Azure to pick up significantly. The use of these tags for dynamic policy implementation in cloud environments simplifies things. We don't have to have so much static stuff pinned up. We can just have a single rule that says, "If it's this tag, then do this," as opposed to, "If it's this IP and this IP and this other IP, then you're allowed to do this thing." By disconnecting it from the IP address, we've made it very flexible.

View full review »
Palo Alto Networks VM-Series: VM
C.T.O at Sastra Network Solution Inc. Pvt. Ltd.

We have recently begun working with Palo Alto Networks VM-Series.

View full review »
System Administrator at a government with 201-500 employees

I have been using the Palo Alto VM-Series Firewall for a few months.

View full review »
ICT Infrastructure Specialist (E-Transform Project) at Ministry of Communications and Information

The Palo Alto VM-Series is a firewall that is part of our security solution.

View full review »
VG
IT Security Head with 1,001-5,000 employees

Palo Alto VM Series is a firewall that makes up part of our security solution, handing IPS, IDS, and other security measures.

View full review »
Technology Specialist at Accretive Technologies Pvt Ltd

I only have experience with Palo Alto; I don't know much about other VM firewall solutions.

View full review »
BK
Manager, Information Technology at SWPA Corp

The primary use case of this solution is as a firewall for our servers.

We are running a total of 12 servers. Four of them are hardware servers and the rest are VMware servers. We have about 80 clients running Windows 10.

View full review »
NK
Senior Manager Network Engineering at a manufacturing company with 10,001+ employees

I have been working with the Palo Alto VM-Series for four years.

View full review »
JL
Executive Cyber Security Consultant at a tech services company with 11-50 employees

Palo Alto VM-Series is something we recommend as a firewall solution in certain situations for clients with particular requirements who have the budget leeway.  

View full review »
KS
Senior Network Architect at a manufacturing company with 5,001-10,000 employees

The VM-Series firewall is part of our overall security solution.

View full review »
TD
Security Operations Specialist at a logistics company with 201-500 employees

I would definitely recommend this solution. It comes under the top industry leaders and is comparable to other top products in this category. 

I would rate Palo Alto Networks VM-Series a nine out of ten. 

View full review »
GA
Senior Network Engineer at a tech services company with 51-200 employees

It would be good if the common features work consistently in physical and virtual environments. There was an integration issue in the virtual deployment where it didn't report the interface counters, and we had to upgrade to the latest version, whereas the same thing has been working in the physical deployment for ages now. It seems that it was because of Azure. We were using VMware before, and we didn't have any such issues. We do see such small issues where we expect things to work, but they don't because of some incompatibilities. 

There also seems to be a limitation on how to do high availability in a virtualized environment. All features should be consistently available in physical and virtual environments. 

It is not always easy to integrate Palo Alto in the network management system. We would like to be able to compare two network management systems. They can maybe allow monitoring an interface through the GUI to create a reference or do a baseline check about whether your network monitoring system is actually giving you the correct traffic figures. You need traffic figures to be able to recognize the trends and plan the capacity.

View full review »
GA
Senior Network Engineer at a tech services company with 51-200 employees

What I like about the VM-Series is that you can launch them in a very short time. You don't have to wait for the hardware to route for them to be staged and installed. From that perspective, it's easy to launch and it's good because it is more scalable.

The product is quite responsive.

View full review »
RS
Network Security Engineer at a tech vendor with 51-200 employees

We are a solution provider and the Palo Alto VM-Series is one of the products that we implement for our customers. Our customers use this virtualized next-generation firewall as part of their security solution.

View full review »
Assistant Professor at Facultatea de Economie și Administrarea Afacerilor din Iași

I am the guy they call up first for the central infrastructure and configuration of the malware, firewall, and main applications, and I use Palo Alto Networks VM-Series for that.

View full review »
RS
IT Infrastructure Architect at a financial services firm with 10,001+ employees

With Palo Alto VM-Series, we are capable through a single point of management and visualization both in infrastructure and on premises and in the cloud. This allows us to improve the speed to create new rules, speed up the resolution of problems, having a holistic vision of our firewall infrastructure.

View full review »
Consultant at a tech services company with 501-1,000 employees

We use the solution for hands-on testing purposes and also for activating firewall re-entries, which is easy to accomplish. We only need to turn up the VM to the firewall. This serves users who are working at home due to the COVID-19 pandemic. We also utilize the solution in respect to several servers which are behind the firewall.

View full review »
Fortinet FortiGate-VM: VM
PB
Manager Information Technology at a media company with 51-200 employees

I have been personally using FortiGate-VM for two years.

View full review »
YO
Managing Director at a tech vendor with 11-50 employees

I have been using FortiGate-VM for just under a year. 

View full review »
RV
Network Engineer at a maritime company with 201-500 employees

FortiGate-VM is installed in our data centers and is used for site-to-site connections between offices. 

View full review »
Network Security Engineer at a government with 1,001-5,000 employees

I have been using FortiGate-VM for approximately one year.

View full review »
Director of Information Technology at KOTTO A.Ş.

The price of FortiGate-VM is high and should be more competitive.

In the next release, we would like to see full integration with VMware NSX virtualized networks.

View full review »
Sr. Project Consultant (IFS-Complex MRO Process) at a aerospace/defense firm with 201-500 employees

The solution has a moderate amount of scalability potential. I wouldn't say it's the best, however, it is possible to scale it if you need to.

We have about 25-30 people on the VM currently.

View full review »
MT
Network Enginner at a comms service provider with 10,001+ employees

I use FortiGate-VM for testing.

View full review »
Information Technology Solutions Manager at UBG

Data reporting could be improved and also in terms of performance, some improvement should be made on VM, it should be more optimized. Scalability of the solution could also be improved. 

For an additional feature, Fortinet should add more SD-WAN with caching as a special functionality. It should be integrated with Fortinet. 

View full review »
Team Leader Network & Security at Rogers Capital

The virtual and hardware versions of the solution are mostly the same. 

The VM it's very quick for deployment. If we need to have a POC for a customer, if we don't have any hardware physically at our premises, at our store, in our office, we can download the VM from Fortinet and install all the VM to their environment in order to run it. If we have a customer that says "let's start tomorrow" we are able to do that in a way that's not possible with a hardware version.

Normally Fortinet is very flexible that it supports almost all environments. 

The solution is user friendly.

The cost of the solution is pretty fair.

The documentation is very good.

The SD-WAN is very good, as compared to, for example, Citrix SD-WAN which has an overall lack of security and needs to leverage other devices, like Palo Alto, to cover this.

View full review »
JD
IT Director at a retailer with 1,001-5,000 employees

We have been using Fortinet FortiGate-VM for almost two years.

View full review »
MR
Junior Network Engineer at a tech services company with 11-50 employees

The installation process is very easy with FortiGate VM. We can easily deploy it. That said, we did run into issues with some customer requirements and our engineers were forced to get involved. Occasionally, it takes too much time to configure certain aspects. However, a basic configuration is pretty easy.

View full review »
TD
Owner at a financial services firm with 1-10 employees

I would rate Fortinet FortiGate-VM a nine out of ten.

View full review »
LM
Systems Engineer at a tech services company with 501-1,000 employees

Most of the use cases that we have are SD-WAN and perimeter firewall related.

Our clients are mostly small to medium-sized businesses. We also have large enterprise clients that range from 1,000 to 8,000 users. We haven't planned to increase the usage, but we are currently using Fortinet FortiGate-VM for perimeter firewalls and SD-WAN for our branch offices.

View full review »
JC
Project Coordinator at a marketing services firm with 201-500 employees

We use Fortinet FortiGate-VM as a firewall to deliver high-performance network security solutions that protect our network and data from evolving threats.

View full review »
Operario de doblez cnc at CIE

The solution is FortiGate 60D and FortiGate-VM is FortiOS 5.2.2. I'm not sure which version of the solution we are currently on.

Our company exports this solution to large customers. We're partners with Fortinet.

We have the solution on a local server.

I'd rate the solution at an eight out of ten.

View full review »
LM
CISO at a religious institution with 501-1,000 employees

We use Fortinet FortiGate-VM as a firewall, for intrusion detection and prevention to protect our Azure data center, principal operation sites and our mobile users. 

View full review »
IT Analyst at Comdados

We work with the government and the customers do not want the VM solution, they prefer appliance solutions.

View full review »
MV
Team leader technical support at a manufacturing company with 201-500 employees

I would definitely recommend this solution. I was advised to be very skeptical about the performance statistics as indicated in the documentation, but I didn't find that to be the case. It is very scalable with good performance.

I would rate Fortinet FortiGate-VM an eight out of ten.

View full review »
Network Security Engineer at a consumer goods company with 201-500 employees

I would recommend this solution to others. Especially if they are new to these types of solutions, it is easy to understand.

I rate Fortinet FortiGate-VM an eight out of ten.

View full review »
Technology consultant at a tech services company with 501-1,000 employees

I have been using Fortinet Fortigate-VM for the past two years. 

View full review »
Owner at Mindware Computer Solutions

We installed Fortinet FortiGate-VM for security purposes. Our main motivation is for security reasons and improving networking.

View full review »
Associate Pre Sales at a tech vendor with 51-200 employees

For firewall devices, Fortinet is very good. They can improve on other solutions, I have used some solutions in the past that did not have a good UI. There are other things that Fortinet as a whole can focus on.

I rate Fortinet FortiGate-VM a nine out of ten.

View full review »
SE
Network Security Engineer at a tech company with 201-500 employees

I have been an integrator for Fortinet FortiGate-VM for a couple of years. 

View full review »
MA
Consultant at a comms service provider with 11-50 employees

I have been using Fortinet FortiGate-VM for the past three years.

View full review »
AR
IT Specialist at a tech services company with 51-200 employees

It's very stable. I remember only one case in which we had issues with a routing protocol. This was the big problem that I had with FortiGate, as they had some issues and they reduced the equipment. However, in the last five years, it was the one lone situation that I opened a case for and they took a lot of time to get to the solution, which was an SBS and BGP routing protocol into the FortiGate. That said, that issue was on an appliance, not a VM solution.

View full review »
AZ
Project manager at a comms service provider with 10,001+ employees

I would rate Fortinet FortiGate-VM a 10 out of 10. It tops others in terms of performance.

View full review »
SM
Senior Security Engineer at a energy/utilities company with 1,001-5,000 employees

The use case for VMs is if you're going to deploy them like a SaaS edge, to protect your applications or provide deeper visibility into the traffic. Or you could use it in your data centers as well. However, that's not our preference.

We primarily use the solution for network segmentation at our data centers and remote connectivity to our distributed sites.

View full review »
Network Administrator Team Lead at a financial services firm with 51-200 employees

We use Fortinet FortiGate-VM for managing inbound and outbound internet traffic through our environment. Sometimes, we also use it for managing the site's internet outbound and routing. We also use it for IPSec on Azure. We also have an on-premises environment, and we're using it for IPSec on that environment. 

All the routing happens through it because we're swinging all the traffic on the Azure side through a firewall which is basically the gateway. It acts as the gateway and manages outbound traffic in that environment. We have also set up the SSL VPN for users. We do have FortiGate on-premise, and we set up the SSL VPN connection for users.

View full review »
Tech Security & Networking Support Lead at a venture capital & private equity firm with 51-200 employees

I have been using Fortinet FortiGate-VM for more than two years.

We are using the latest version.

View full review »
AM
Creative Head/Director at a marketing services firm with 1-10 employees

We use the solution for creating IPsec tunnels and web and application filters. We use it for monitoring virtual traffic on platforms including VMware solutions. 

View full review »
PB
Director Of Technology at a tech services company with 1,001-5,000 employees

Fortinet FortiGate-VM may be installed on Azure or AWS.

You can either install it in your data center alongside your virtual applications or put it in the public cloud to secure it.

View full review »
EB
Engineering Manager at Primatel Communication Snd Bhd

We're using FortiGate-VM on-prem for our firewalls. The Fortinet component in the cloud is FortiGuard. We get our virus definitions regularly updated from the cloud, but the FortiGate firewalls are all on-prem. While the virtual firewalls are created inside the physical firewall, there is an option for a virtual machine firewall where we'll give you the VHD file, and you can install it to a server.

Virtual machines aren't widely used in Brunei because the Brunei government isn't ready for these things yet. They're more confident in hardware, but everything is slowly starting to head in this direction. Others are watching what will happen when people use the apps before they try them.

View full review »
Director General CEO at SC Telecom

I've been using FortiGate-VM for six years.

View full review »
MA
Information Security Manager at a financial services firm with 501-1,000 employees

We use FortiGate-VM to access clients' networks. These are generally Azure cloud environments in which we set up resources for clients to use.

View full review »
Consultor Infraestructura, Networking y Seguridad en Seti Consulting at SETI CONSULTING

We use Fortinet FortiGate-VM as an SD-WAN solution and for security profiles.

I do not recall which version we are using. 

View full review »
Full support analyst at Gruppen

I have been working with FortiGate products for the past five years and with Fortinet FortiGate-VM for the past year. 

View full review »
Senior Network Engineer at SONDA

I occasionally implement Fortinet for clients. 

In the most recent instance, we had a cloud implemented and I was driving the infrastructure. The client had separate areas inside it purposely. They needed to implement a FortiGate solution in the same client, with different VMs, for different clients, to make different areas for these clients. 

View full review »
MS
User at a hospitality company with 10,001+ employees

Fortinet FortiGate-VM is easy to use.

View full review »
GB
Principal Network Engineer at a computer software company with 201-500 employees

FortiGate-VM has many valuable features: it's easy to use, it's intuitive, it's got very good traffic inspection features, it's got comprehensive filtering categories, and it has an extensive threat database, using FortiGuard. 

View full review »
OPNsense: VM
Support Engineer at Techaccess Pakistan

We have two people running the solution and another 50 to 80 people using the solution, so we have a relatively small setup.

The solution is scalable and can be deployed to multiple VMs.

View full review »
HP
Senior Network Architect at Virtua Technologies

This product is very scalable. I always buy hardware that can handle a lot of connections and a lot of users. So, in terms of scalability, all you have to do is upgrade your hardware. Or, it is especially scalable if you use the VM version because you only have to provision more resources.

We regularly have between 20 and 50 users, although sometimes it is as little as 5 or 10.        

View full review »
Check Point NGFW: VM
Network Security Consultant at Atos Syntel

It is easy to deploy or upgrade. There is no need to do this manually with commands. This solution can be set up online.

We have two devices. Right now, we are deploying and upgrading a new setup, where you can do management, management plus gateway on the device, or virtually you can install your management device on VMware or Hyper-V. With the Hyper-V and the Management Server, you can access all the gateways. For the Management Server and gateways, we have an activation key.

View full review »
Senior Network and Security Engineer at a computer software company with 201-500 employees

Our company works in developing and delivering online gambling platforms. The Check Point NGFWs are the core security solution we use to protect our DataCenter environment located in Asia (Taiwan). The environment has about ~50 physical servers as virtualization hosts, and we have two HA Clusters consist of 2x5400 hardware appliances, managed by an OpenServer Security Management Server on a Virtual Machine (KVM), all running on R80.10 with the latest JumboHotfix. The Clusters serve as firewalls for both inter-VLAN and external traffic.

View full review »
Lead Solution Advisor at a consultancy with 10,001+ employees

There are now more competitors in the market, like Palo Alto and VMware. 

Palo Alto is a bit more smooth and cost-efficient than Check Point. Palo Alto has Unified Threat Management (UTM) coupled with a dake lake database that is huge. Also, its migration is more smooth than Check Point's. 

View full review »
IT-Infrastruktur at Synthesa Chemie Ges.m.b.H

The most valuable feature is the centralized management, which gives us control over all of the Check Point gateways. This means that you do not need to connect to each gateway and make the necessary changes.

Cluster functionality, "ClusterXL", works like a charm. A rollover to the standby gateway does work with no noticeable delay in the network.

You can buy a Check Point appliance or install the Check Point NGFW as a VM on your own hardware.

The extremely wide function horizon covers almost every possible scenario.

View full review »
AU
Network and Security Specialist at a tech services company with 51-200 employees

The initial setup was straightforward. I told one of my colleagues in my last job, "Just follow the prompts and you should be able to install it. It is a very simple, basic thing. Just do it as a gateway, then that's it. You are done". 

Before, on R77.30, there were cluster IDs and people needed to know what they were doing. In the R80 cluster, the cluster ID is gone, so it is very straightforward and you don't have to be an expert to install it.

A new installation on the VMs (about a week ago) took me around 20 minutes or less. This was a lot faster than I imagined, and I've created quite a lot of resources to their management and Gateway as well.

View full review »
AR
Firewall Administrator at a tech services company with 1,001-5,000 employees

In our company we do setup of Check Point firewalls very frequently because we are a growing company and we are required to do them on a fresh basis for our new branches.

The initial setup for these firewalls is straightforward. There's nothing complex about Check Point firewalls. They are easy to install and configure. We have cloud-based VM firewalls. We configure them in our environment. It is easy to access them and it is also easy to implement the changes on them.

Deployment time depends on the condition and the space of the organization. In our case, it requires three to six months for the setup phase. We have the same implementation strategy for all our branches, which is very simple. It is a three-level hierarchy which is recommended by Check Point. We use the SmartConsole, we use the Security Gateway, and we use the Security Management Server.

In my organization there are six people who have the access to the Check Point firewalls. Two of them are network administrators and four are managers.

View full review »
AJ
Sr. Network Engineer at a tech services company with 51-200 employees

We are using this solution for the security enhancement of our internal company network. This is to protect our customers as well as internal users from the untrusted network or outside world.

I am using the physical appliances of Check Point Firewall as well as virtual machines (VMs). We are using the same versions of R80 on our VMs that we are using for our physical appliances.

View full review »
TL
Networking engineer at Hewlett Packard Enterprise

The solution should be evaluated and a trial run should be done in the lab as Check Point provides VM instances that can be installed on an open server box. Make sure to check with sales about the features and if they require additional licenses before purchasing.

View full review »
Palo Alto Networks NG Firewalls: VM
AB
Solutions Architect at a comms service provider with 501-1,000 employees

We use both the NG and VM series of Palo Alto firewalls. We sell and install them for clients to provide the best security that money can buy. Additionally, adding SD WAN on the same edge device has made an all-in-one, security-edge-intelligent routing solution possible without sacrificing performance or a secure environment.

View full review »
RA
Senior Network Engineer at a tech services company with 201-500 employees

The best feature of this solution is the GlobalProtect, followed by the App-ID feature which is very good. I also like the VMS feature. 

View full review »
SZ
Team Lead Network Infrastructure at a tech services company with 1-10 employees

The solution can be used in the data center it can be used as perimeter firewalls and gateways as well. It can be used anywhere. From the systems side, the data center side, or I typically recommend that it be deployed in a VM, as it may be able to see the internet traffic and specifically it would basically look into the details of a virtualized environment as well.

View full review »
Technology consultant at a tech services company with 501-1,000 employees

The initial setup is pretty straightforward. We just had to do the initial configuration of hardware, deploy our Panorama VM and integrate with hardware firewall, and it is pretty simple. It's also quite self-explanatory. 

View full review »
GH
CyberSecurity Network Engineer at a university with 5,001-10,000 employees

We're slowly migrating our on-premises solutions to the cloud. We implemented the next largest size VM for the PA-7050s because we're using 7050s on-premises, due to the bandwidth requirement of 100 GBS.

After changing our firewalls to 7050s last year and this year, both our internal firewalls and our border firewalls are 7050s.

View full review »
Fortinet FortiOS: VM
Chief Technology Officer at Future Point Technologies

I think Fortinet needs to improve their support. They are not one of the gold star rating support companies. There are a few big vendors like Cisco, EMC, VMware with gold star support rating. The support is sometimes not up to the mark. 

View full review »
SonicWall NSV: VM
NP
Network & System Support Engineer at a tech services company with 11-50 employees

The initial setup is straightforward. It is easy to deploy.

I've done a number of deployments for our clients. We haven't had any difficulties. It's working well.

I am familiar with the GUI, which helps with the deployment process.

The deployment is normally 20 to 30 minutes, but it depends on the hardware configuration.

For example, when we deploy in a VMware platform or a Hyper-V platform it can take anywhere from 25 to 45 minutes to complete.

View full review »
Check Point CloudGuard Network Security: VM
CISO and Senior Director Technical Operations at a insurance company with 201-500 employees

It's meeting our needs at this time. If I could make it better, it would be by making it more standalone. That would be beneficial to us. I say that because our current platform for virtualization is VMware. The issue isn't any fault of Check Point, it's more how the virtualization platform partners allow for that partnership and integration. There has to be close ties and partnerships between the vendors to ensure interoperability and sup-portability. There is only so far that Check Point, or any security vendor technology can go without the partnership and enablement of the virtualization platform vendor as it relies on "Service Insertion" to maintain optimal performance. 

We are frequently in contact with Check Point's Diamond Support, Product Development Managers as well as their sales team, as we look to keep apprised of where the product ius and should be going. Most of our requests have been around our physical assets, the physical UTM devices — Check Point Maestro, as an example — as well as their endpoint systems. There has not been anything at this time where we've said, "We wish CloudGuard did X differently." CloudGuard, in my opinion, having recently talked with them, is continously improving and is incorporating some of their recently acquired capabilities, such as Dome9 cloud compliance. Those are areas I have been evaluating and looking to add to my environment. My preference would be that it be included in my CloudGuard subscription licensing, and not an add-on; But that's the only thing that I could say that would be beneficial to us as an enhancement to the system.

View full review »
Senior Network/Security Engineer at Skywind Group

Our company works in the area of developing and delivering online gambling platforms. The Check Point Next-Generation Firewalls are the core security solution that we use for the protection of our DataCenter environment located in Asia (Taiwan).

The environment has about 50 physical servers as virtualization hosts, and we have two HA Clusters that consist of 2x5400 hardware appliances, managed by an OpenServer Security Management Server on a Virtual Machine (KVM), all running on R80.10 with the latest JumboHotfix.

The Check Point Virtual Systems are activated on the NGFWs to logically divide the firewall into two parts. One is for serving internal, intra-VLAN traffic, and the other is for serving the external traffic coming from the Internet.

View full review »
OP
Electronic Engineer at a tech vendor with 11-50 employees

We're solutions providers. We're partners with Check Point. We offer integrations and support. This is one of the products we offer to our clients.

We're using the latest version of the solution. The platform is R80.40. It's deployed on VMware's virtual environment.

I'd recommend the solution to other organizations. The likelihood of running into issues is low.

I'd rate the solution at a nine out of ten. We've largely been satisfied with the product.

View full review »
OO
DBA Team Lead with 51-200 employees

After I made up my mind to migrate it to another solution, I was kind of checking all the other firewalls, the FortiGate, Check Point, pfSense and OPNsense, and Check Point has pretty simple solutions, like the virtual appliance which you just download and it is imported into VMware and you just start using it. You just have to know Check Point's GUI so you can manage your IP addresses and access rules and stuff. But as I said, Check Point is really advanced and the GUI is kind of advanced, which the customer reports actually prove.

View full review »
PL
Firewall Engineer at a logistics company with 1,001-5,000 employees

Having the whole environment be under the same management is definitely is a plus.

Using a scale set to increase/decrease the amount of firewalls in the cloud helps with saving costs in the long run, as they will only increase if traffic increases and therefore saving us on licensing costs. For a normal Cloud Guard you pay for each core, so using the SS you don't have to fully size and pay for the maximum amount of traffic.

It's possible to sync the Check Point Management with the cloud portal, therefore allowing automated rules to be set in place whenever creating a new VM.

View full review »