We just raised a $30M Series A: Read our story

Compare Fortinet FortiGate vs. Fortinet FortiGate-VM

Cancel
You must select at least 2 products to compare!
Comparison Summary
Question: How is FortiGate-VM different from the physical FortiGate firewall?
Answer: The root of all is VM. A virtual environment is software running on someone else machine/s. Welcome to the the cloud. Sadly, no one stops to think but with the excuse of "lower costs" many fall for it. Performance is the key word. Avoid VMware and the likes. What appears cheap may have a big price in the end. There is no way performance on your own physical machine will be close to the cloud, and there are heaps more things in the equation. Fortinet appliances have their own semiconductors chips to handle in hardware traffic and other duties. Harry Potter does not exist. Costs or prices, are figures in invoices, but the coefficient of elasticity with time may be a surprise. Needless to say the networking traffic handling and the security implication in multi tenancy instances. Yes, in some things could work, but I personally avoid them as much as I can.
Featured Review
Find out what your peers are saying about Fortinet FortiGate vs. Fortinet FortiGate-VM and other solutions. Updated: November 2021.
552,305 professionals have used our research since 2012.
Quotes From Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros
"The Firepower+ISE+AMP for endpoint integration is something that really stands it out with other vendor solutions. They have something called pxGrid and i think it is already endorsed by IETF. This allows all devices on the network to communicate.""You do not have to do everything through a command line which makes it a lot easier to apply rules.""I have access to the web version of Cisco Talos to see the reputation of IP addresses. I find this very helpful. It provides important information for my company to obtain the reputation of IP addresses. The information in Talos is quite complete.""Being able to determine our active users vs inactive users has led us to increased productivity through visibility. Also, if an issue was happening with our throughput, then we wouldn't know without research. Now, notifications are more proactively happening.""One of the nice things about Firepower is that you can set it to discover the environment. If that is happening, then Firepower is learning about every device, software operating system, and application running inside or across your environment. Then, you can leverage the discovery intelligence to get Firepower to select the most appropriate intrusion prevention rules to use for your environment rather than picking one of the base policies that might have 50,000 IPS rules in it, which can put a lot of overhead on your firewall. If you choose the recommendations, as long as you update them regularly, you might be able to get your rule set down to only 1,000 or 1,500, which is a significant reduction in a base rule set. This means that the firewall will give you better performance because there are less rules being checked unnecessarily. That is really useful.""If configured, Firepower provides us with application visibility and control.""Firepower has been used for quite a few enterprise clients. Most of our clients are Fortune 500 and Firepower is used to improve their end to end firewall functionality.""The Adversity Malware Protection (AMP) feature is the most valuable. It is also very easy to use. Every technical user can operate this solution without any difficulty. The dashboard of Cisco Firepower has every tool that a security operator needs. You can find every resource that you need to operate through this dashboard."

More Cisco Firepower NGFW Firewall Pros »

"The solution is very user friendly. The user interface in particular is quite nice.""We use a lot of function on the IPS and it works well for us.""The features that I have found most valuable are that it is good to use, and most importantly, the pricing. The customer especially likes the discount when they trade up or something like that.""I like Fortinet FortiGate's antispam filter, SPN, and clustering features.""The most valuable feature is the SSL VPN, as it allows us to connect and it separates this product from other firewalls.""The virtual firewall feature is the most valuable. We have around 1,500 firewalls. We did not buy individual hardware, and the virtual firewalls made sense because we don't have to keep on buying the hardware. FortiGate is easier to use as compared to Checkpoint devices. It is user friendly and has a good UI. You don't need much expertise to work on this firewall. You don't need to worry much about DCLA, commands, and things like that.""The solution is extremely reliable.""We are a visual effects company, and there have been a number of high profile security issues in our industry. This has brought us to a higher standard of security, which our clients are very keen on these days."

More Fortinet FortiGate Pros »

"The most valuable features of this solution are the integration within the environment, with centralized reporting.""Primarily, the VPN solution is most valuable. It allows you to have more flexibility in terms of what is there on the end-user device, and what is not there. You can check and make sure that they're current. It has more flexibility than just a straight VPN solution. It works really well. It has the features that 99% of people need.""The solution is very easy to set up. It doesn't take a lot of time and offers a quick deployment, so you can start using it almost right away.""The most valuable features are locking applications from in and out of my test network and testing malware on different devices. I use malware detection, antivirus, and basic firewall policies to check for different types of security breaches. The UI is really nice and easy to use.""It's a relatively simple product that is easy to use. It's not overly complex.""The standard features, including the filtering, are quite good. All the basic features are pretty useful for us.""It is very versatile.""Its performance is adequate. We are quite satisfied with its performance. The fact that it is a complete ecosystem with all kinds of integrations is valuable. It did take us a couple of months to get a grip on the new software, but all in all, it replaced our on-premise and single-point solution environment."

More Fortinet FortiGate-VM Pros »

Cons
"I would like it to have faster deployment times. A typical deployment could take two to three minutes. Sometimes, it depends on the situation. It is better than it was in the past, but it could always use improvement.""My team tells me that other solutions such as Fortinet and Palo Alto are easier to implement.""An area of improvement for this solution is the console visualization.""On the VPN side, Firepower could be better. It needs more monitoring on VPNs. Right now, it's not that good. You can set up a VPN in Firepower, but you can't monitor it.""The change-deployment time can always be improved. Even at 50 seconds, it's longer than some of its competitors. I would challenge Cisco to continue to improve in that area.""There is limited data storage on the appliance itself. So, you need to ship it out elsewhere in order for you to store it. The only point of consideration is around that area, basically limited storage on the machine and appliance. Consider logging it elsewhere or pushing it out to a SIEM to get better controls and manipulation over the data to generate additional metrics and visibility.""When you make any changes, irrespective of whether they are big or small, Firepower takes too much time. It is very time-consuming. Even for small changes, you have to wait for 60 seconds or maybe more, which is not good. Similarly, when you have many IPS rules and policies, it slows down, and there is an impact on its performance.""Report generation is an area that should be improved."

More Cisco Firepower NGFW Firewall Cons »

"I don't like that anything more than very basic reporting is not included.""They've become quite expensive.""The pricing could be a bit better, especially when you consider how they have the most basic offering priced.""The biggest "gotcha" is that if the client purchases what they call the UTM shared bundle, which has unified threat management on both, it's not as easy to manage if you have more than one firewall.""There are some license issues. Not every feature must have a separate license. There must be some of kind synergy between the license so we don't have to pay for every individual license that we would like to have.""Technical support could be better. You don't always get the level of help you need right away.""The customization could be improved. Cisco, for example, is much better at this. They need to work to be at least as good as they are.""Difficult to add or define, and not that easy to configure and manage."

More Fortinet FortiGate Cons »

"Compatibility and integration with other products or vendors such as Cisco SD-WAN products need improvement.""In the next release, I would like to see integration capability with SIEM tools, such as QRadar, and LogRhythm.""It should have the SD-WAN feature. This would increase the number of features that are available in the box.""To improve FortiGate-VM, Fortinet needs to harden it more. For example, if you are using Hyper-V, then you need guidelines for hardening FortiGate-VM that are specific to the Hyper-V environment. If it's VMware, there should be at least a guideline on how to harden the firewall.""Web filtering is a feature that needs some improvement. There should be some additional features to allow active users to change their own passwords.""The reporting is not as good as it is with other firewalls and it should be improved.""There should be a bit more automation.""The price model is not transparent by any means and should be made more clear. What's included in the packages is often not very obvious."

More Fortinet FortiGate-VM Cons »

Pricing and Cost Advice
"Cisco is not for a small mom-and-pop shop because of the cost, but if you're in a regulated industry where a breach could cost you a million dollars, it's a bargain.""The price of Firepower is not bad compared to other products.""This solution is expensive and other solutions, such as FortiGate, are cheaper.""For me, personally, as an individual, Cisco Firepower NGFW Firewall is expensive.""I like the Smart Licensing, because it is more dynamic and easier to keep track of where you are at. If we have a high availability firewall pair and they are deployed in active/standby rather than active/active, I would expect that we would only pay for one set of licenses because you are using only one firewall at any one time. The other is there just for resiliency. The licensing, from a Firepower perspective, still requires you to have two licenses, even if the firewalls are in active/standby, which means that you pay for the two licenses, even though you might only be using one firewall any one time. This is probably not the best way to do it and doesn't represent the best value for money. This could be looked at to see if it could be done in a fairer way.""We normally license on a yearly basis. The hardware procurement cost should be considered. If you're virtual maybe that cost is eradicated and just the licensing cost is applied. If you have hardware the cost must be covered by you. All the shipping charges will be paid by you also. I don't thing there are any other hidden charges though.""I know that licensing for some of the advanced solutions, like Intrusion Prevention and Secure Malware Analytics, are nominal costs.""This product requires licenses for advanced features including Snort, IPS, and malware detection."

More Cisco Firepower NGFW Firewall Pricing and Cost Advice »

"The license is too expensive to renew. The license renewal process is also complex.""It's a very full-featured and it's priced well solution.""The price is okay.""It's expensive, but compared to the competition it's okay.""Fortinet is the least expensive solution.""The price of FortiGate support is too expensive.""If you purchase a one-year subscription with the hardware and then you want to renew for the second year, it is very costly.""It's an expensive solution."

More Fortinet FortiGate Pricing and Cost Advice »

"The price of this product is great compared to others.""At present, the SD-WAN licenses are on an annual basis.""With Fortinet FortiGate-VM you can bring your own licensing, or it can be paid on a yearly basis.""Our license is yearly, but we're thinking of going monthly. I think it's somewhere around 100,000 for VM04. Nowadays, everyone wants to be a hacker, so we believe in security. That's why we also have third-party people that we involve to make sure that we're secure. I don't think the costs are too bad. You still want to get advice from people who worked in security for many years, so you add a third party. The third party also said they would give their share like 100K, or 200K or something like that, so I don't think it's too expensive for security. I think it just adds more trust.""The customer must buy his own license.""This solution is very expensive.""The cost of this product is too high.""There is a benefit in terms of the cost of using this solution because the price is very good."

More Fortinet FortiGate-VM Pricing and Cost Advice »

report
Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
552,305 professionals have used our research since 2012.
Answers from the Community
Rose Taherzadeh
author avatarLindsay Mieth
Real User

Purpose-built appliances offer tested performance measures and provide proven results for the specified traffic and service configuration.  


VM can only provide vCPUs, RAM, and hard disk resources.  However, in some cloud environments, you only have the VM option, no appliances accepted.  


We have several Fortigate VM firewalls operating for 3 years now in the cloud and appliances in our centers that handle the traffic just fine. We have not had to increase the resources above the recommendations and they work just fine.

author avatarABHILASH TH
Reseller

FortiGate VM 



  • FortiGate-VM delivers the same FortiOS and FortiGuard real-time threat intelligence as the hardware models, in a virtual form factor.

  • FortiGate-VM offers flexible licensing and provisioning for virtual network deployments.

  • Support for multiple virtualizations and cloud platforms.

  • Full support for Forti Hypervisor deployments enabling line-speed security in vCPE requirement.

  • The architecture of a VM is a little more complex than that of Hardware.


  • Virtual machines are less efficient than real machines because they access the hardware indirectly.


FortiGate Hardware



  • The hardware firewall is an ASIC-based device.

  • It has hardware limitation, for example, Memory, CPU, etc

  • Easy deployment in the network

  • No complexity

author avatarWilliam Yragui
User

Fortigate appliance is purpose built with NPU and SPUs designed to increase throughput while maximizing the ability to decrypt packets in search of malware. 


VM deployments are software only and do not include the NPU and SPUs. 

Questions from the Community
Top Answer:  When you compare these firewalls you can identify them with different features, advantages, practices and… more »
Top Answer:  The Cisco Firepower NGFW Firewall is a very powerful and very complex piece of anti-viral software. When one considers… more »
Top Answer: It is easy to integrate Cisco ASA with other Cisco products and also other NAC solutions. When you understand the Cisco… more »
Top Answer: In my opinion and as a result of years of experience: - Both are great firewalls with excellent performance and a… more »
Top Answer: In the best tradition of these questions, Feature-wise both are quite similar, but each has things it's better at, it… more »
Top Answer: Hi, This really gets to two things: - how fast your internet access is and how much are you planning to grow in the… more »
Top Answer: Both of these solutions are excellent options that provide flexible scalability and solid security. Fortinet Fortigate… more »
Top Answer: Fortinet-VM is more scalable than the hardware version. If you're using an appliance, there are limitations in terms of… more »
Top Answer: Like most similar products in the market, Fortinet's enterprise customers need to pay for annual support. They call it… more »
Comparisons
Also Known As
Cisco Firepower NGFW, Cisco Firepower Next-Generation Firewall, FirePOWER, Cisco NGFWv
FortiGate 60b, FortiGate 60c, FortiGate 80c, FortiGate 50b, FortiGate 200b, FortiGate 110c, FortiGate
FortiGate Virtual Appliance, FortiGate-VM
Learn More
Overview

Cisco NGFW firewalls deliver advanced threat defense capabilities to meet diverse needs, from
small/branch offices to high performance data centers and service providers. Available in a wide
range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Advanced threat
defense capabilities include Next-generation IPS (NGIPS), Security Intelligence (SI), Advanced
Malware Protection (AMP), URL filtering, Application Visibility and Control (AVC), and flexible VPN
features. Inspect encrypted traffic and enjoy automated risk ranking and impact flags to reduce event
volume so you can quickly prioritize threats. Cisco NGFW firewalls are also available with clustering
for increased performance, high availability configurations, and more.
Cisco Firepower NGFWv is the virtualized version of Cisco's Firepower NGFW firewall. Widely
deployed in leading private and public clouds, Cisco NGFWv automatically scales up/down to meet
the needs of dynamic cloud environments and high availability provides resilience. Also, Cisco NGFWv
can deliver micro-segmentation to protect east-west network traffic.
Cisco firewalls provide consistent security policies, enforcement, and protection across all your
environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is
delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco
SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables
greater simplicity, visibility, and efficiency.
Learn more about Cisco’s firewall solutions, including virtual appliances for public and private cloud.

The FortiGate family of NG firewalls provides proven protection with unmatched performance across the network, from internal segments, to data centers, to cloud environments. FortiGates are available in a large range of sizes and form factors and are key components of the Fortinet Security Fabric, which enables immediate, intelligent defense against known and new threats throughout the entire network.

FortiGate Virtual Appliances allow you to mitigate blind spots by implementing critical security controls within your virtual infrastructure. They also allow you to rapidly provision security infrastructure whenever and wherever it is needed. FortiGate virtual appliances feature all of the security and networking services common to traditional hardware-based FortiGate appliances. With the addition of virtual appliances from Fortinet, you can deploy a mix of hardware and virtual appliances, operating together and managed from a common centralized management platform.

Offer
Learn more about Cisco Firepower NGFW Firewall
Learn more about Fortinet FortiGate
Learn more about Fortinet FortiGate-VM
Sample Customers
Rackspace, The French Laundry, Downer Group, Lewisville School District, Shawnee Mission School District, Lower Austria Firefighters Administration, Oxford Hospital, SugarCreek, Westfield
Pittsburgh Steelers, LUSH Cosmetics, NASDAQ, Verizon, Arizona State University, Levi Strauss & Co. Whitepaper and case studies here
Security7 Networks, COOPENAE
Top Industries
REVIEWERS
Comms Service Provider22%
Financial Services Firm16%
Manufacturing Company8%
Non Profit8%
VISITORS READING REVIEWS
Comms Service Provider32%
Computer Software Company21%
Government7%
Manufacturing Company4%
REVIEWERS
Comms Service Provider14%
Computer Software Company10%
Financial Services Firm8%
Manufacturing Company6%
VISITORS READING REVIEWS
Comms Service Provider36%
Computer Software Company19%
Government5%
Educational Organization4%
REVIEWERS
Comms Service Provider19%
Financial Services Firm13%
Retailer6%
Manufacturing Company6%
VISITORS READING REVIEWS
Comms Service Provider32%
Computer Software Company30%
Government5%
Energy/Utilities Company4%
Company Size
REVIEWERS
Small Business43%
Midsize Enterprise28%
Large Enterprise29%
VISITORS READING REVIEWS
Small Business21%
Midsize Enterprise13%
Large Enterprise66%
REVIEWERS
Small Business48%
Midsize Enterprise25%
Large Enterprise28%
VISITORS READING REVIEWS
Small Business35%
Midsize Enterprise25%
Large Enterprise40%
REVIEWERS
Small Business54%
Midsize Enterprise26%
Large Enterprise20%
Find out what your peers are saying about Fortinet FortiGate vs. Fortinet FortiGate-VM and other solutions. Updated: November 2021.
552,305 professionals have used our research since 2012.

Fortinet FortiGate is ranked 1st in Firewalls with 96 reviews while Fortinet FortiGate-VM is ranked 12th in Firewalls with 54 reviews. Fortinet FortiGate is rated 8.4, while Fortinet FortiGate-VM is rated 8.2. The top reviewer of Fortinet FortiGate writes "Stable, easy to set up, and offers good ROI". On the other hand, the top reviewer of Fortinet FortiGate-VM writes "Slightly unstable, needs a better user interface, and lacks good monitoring capabilities ". Fortinet FortiGate is most compared with Cisco ASA Firewall, pfSense, Meraki MX, Check Point NGFW and SonicWall TZ, whereas Fortinet FortiGate-VM is most compared with Azure Firewall, Palo Alto Networks VM-Series, OPNsense, Cisco ASA Firewall and Meraki MX. See our Fortinet FortiGate vs. Fortinet FortiGate-VM report.

See our list of best Firewalls vendors.

We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.