We just raised a $30M Series A: Read our story

Fortinet FortiOS Competitors and Alternatives

Get our free report covering Fortinet, Zyxel, Microsoft, and other competitors of Fortinet FortiOS. Updated: November 2021.
552,136 professionals have used our research since 2012.

Read reviews of Fortinet FortiOS competitors and alternatives

Manuel Gellida
Owner at Dinamica en Microsistemas de Informatica, S.A. de C.V.
Reseller
Top 5
Easy to use and deploy with an improved pricing structure in place

Pros and Cons

  • "The initial setup is pretty easy."
  • "They need to allow their solution to integrate with other products and not just other Sophos solutions."

What is our primary use case?

My clients are mostly based in the government. They are my core clients. I install the solution for my clients.

What is most valuable?

The solution is very easy to use. 

Of course, we have the skills, however, it's very easy for us to deploy the solution. That's one of the valuable features. 

They have a communication between the endpoint and the firewall which is very, very useful for security purposes.

Pricing is now pretty good. They changed the pricing structure a few months ago.

The initial setup is pretty easy.

What needs improvement?

The integration could be a bit better. They need to allow their solution to integrate with other products and not just other Sophos solutions.

Sophos has a feature that in my opinion is very limited. They don't have enough VPNs on their models. They have the XG 750, which is a sizeable appliance. On those models, they used to have not enough VPNs. They always were short on that area. 

Pricing used to be very bad, however, they've adjusted their strategy recently. 

The product needs to improve its marketing in Mexico. It's not a well-recognized product in our country.

The solution's technical support is very bad.

There is an overall lack of documentation in relation to features and capabilities. We need these to help explain aspects of the solution to our clients. 

For how long have I used the solution?

I've used the solution since around 2014. I have about six years of experience at this point. It's been a while. I've definitely worked with the product in the last 12 months.

What do I think about the stability of the solution?

The solution is quite stable. There are no bugs and glitches. It doesn't crash and freeze. It's quite reliable. We don't have problems with it.

What do I think about the scalability of the solution?

The solution is very scalable. It is not a problem. Sometimes we have issues when we are trying to do something with a different traditional version of hardware as sometimes the new hardware has more ports. However, if we are talking about scalability in a huge customer, we can do it very easily. 

Mexico is very different than other countries and continents as here, when we say it's a big customer, we are talking about 2,000 to maybe 3,000 users. There aren't too many large-scale operations in the country. However, in general, for our area, we tend to deal with large-scale companies.

For a company that has maybe 1,000 users, Sophos seems to work very well. We have one operation with 10,000 endpoints and it is working quite well.

How are customer service and technical support?

Technical support from Sophos is very bad.

Sometimes we lose a project due to the fact that we need to solve some issues or answer questions. Things that may be technical but also involve the administrative side. I'm talking about licensing and the capabilities of the feature. We need some documentation, something we can show clients. They can better in those cases. They can either help us or supply us with what we need. 

In response time, they are terrible. In the area of technical knowledge, they are getting better, however, they aren't where they need to be. Right now, we are not satisfied with the level of support provided.

How was the initial setup?

The initial setup is not complex. However, here in Mexico, it's very complex to sell the product. The brand is not as well known.

That said, the process is pretty straightforward. 

The deployment times vary. It depends on the end-user and what they need. Sometimes, it's easy as they don't have too many policies. The more policies they have, the longer it takes.

In other cases, clients may have a lot of VPNs. We have to work on those VPNs, and we have to do a lot of routing. However, that depends on the customer. Not all are like that.

For one appliance, you just need one person for deployment and maintenance. If we are working a lot of VPNs, we would have to use more people. We need to involve maybe two or three individuals and re-apply the configuration in that case. 

What about the implementation team?

We handle the installation process ourselves. We do not need the assistance of consultants.

What's my experience with pricing, setup cost, and licensing?

The pricing has recently changed on Sophos. Their licensing and cost structures are much more clear now. It's much better than it was.

Which other solutions did I evaluate?

Clients, in many cases, evaluate for Check Point, Forcepoint, and sometimes Fortinet. Occasionally, they may look at SonicWall, or Palo Alto however, the others are the main big competitors. 

Palo Alto is very expensive as are Check Point and Forcepoint. That's why we sometimes win the projects. We find Fortinet, is very, very hard to beat as they have a lot of market share, have a lot of marketing. Sophos doesn't have that presence, that marketing. Also, when you have to think about prices, Fortinet gives customers everything and it's hard to beat.

The biggest issue I've found with Sophos is the small number of VPNs that we can do compared to a similar appliance with Fortinet or in the same level center. In fact, many other brands offer more VPNs than Sophos.

What other advice do I have?

I'm a Sophos reseller.

We use multiple versions. We have worked with XG 460 and XG 135 and some others -such as XG 230. In those cases, sometimes it has been Rev 1 and in other cases Rev 2 in terms of the hardware versions.

I mostly work with on-premise deployments. The only item I have installed in the cloud is an email solution by Sophos.

I'd recommend the solution to other organizations. Overall, I would rate it at a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Flag as inappropriate
Lipaz Hessel
Country Manager and Solution Architect at Gilat telecom
Real User
Top 5
Good console management, but the interface is not user-friendly and application filtering needs finer granularity

Pros and Cons

  • "The most valuable feature is the console management."
  • "If I want to allow access to Facebook, yet not allow the user to access videos, then I am not able to do it with this product."

What is our primary use case?

We had planned on using this product as our multi-tenant firewall. After one year, we stopped using it because there was a problem with supporting some of the protocols.

What is most valuable?

The most valuable feature is the console management. It is very good and the security was great.

What needs improvement?

The interface is not user-friendly.

We were told that we would receive training but it came late and we had already started to deal with the product, which ultimately caused problems because we did it incorrectly. If the vendor focused more heavily on training as opposed to implementation then it would be a big improvement.

The UTM features are missing.

Application filtering is supported at a high level, but not at a low level. If I want to allow access to Facebook, yet not allow the user to access videos, then I am not able to do it with this product. Essentially, I'm allowed to block but I'm not allowed to limit. With other vendors, I can impose limits.

They need to add support for the Routing Information Protocol, RIP.

There is no support for the Built.io NIC driver.

For how long have I used the solution?

I had been working with the Forcepoint Next Generation Firewall for about one year.

What do I think about the stability of the solution?

We had Forcepoint NGFW running on a virtual machine and it was very stable.

What do I think about the scalability of the solution?

From the design that we took, it had the ability to scale up to 250 clients. That was good for what we needed but we failed with the first customer and could not complete the implementation for the second one.

In our environment, we had ten users.

How are customer service and technical support?

We contacted technical support but it was not the typical support situation where we opened a ticket and they responded. We were in contact with them directly. Because it was irregular, I cannot judge how good or bad the support would normally be.

Which solution did I use previously and why did I switch?

We are currently using three other vendors including Check Point, Fortinet, and Palo Alto. These have always been there but we were hoping to add Forcepoint as another option.

How was the initial setup?

The initial setup is complicated and difficult to do.

By comparison, we have a very large number of products implemented in our environment and we can deploy most of them ourselves.

The deployment took almost seven months and ultimately, we failed. During our work on the deployment, we had two people handling the maintenance.

What about the implementation team?

We received assistance directly from the vendor. There were several people who took part in the implementation including five from our side, one from the vendor, and two from the distributor. The help that we received from them was awesome.

The distributor knows the product more from a theoretical point of view. When it comes to the hands-on experience, they know the basics. When the person from the vendor came, they knew more about the product but had no experience with the multi-tenant aspect. So, for the part that we needed, they were failing. We spent a lot of time and received help from different people, and it was still a failure in the end. We disposed of the product.

What's my experience with pricing, setup cost, and licensing?

We paid for a subscription license, vendor support, and the training.

Which other solutions did I evaluate?

We are a large service provider and we are always looking for new solutions. We had evaluated solutions by Sophos and SonicWall, although we decided that we were going to try Forcepoint.

We would not say No to another try with Forcepoint if, for example, they come back to us with a new version in another year. It would have to have documentation to show that what we want to do is now supported.

What other advice do I have?

We tried a few implementations and we did not have very much success because the interface is not user-friendly and the product is complicated. If we had the training on time then it may have been easy but that wasn't the case.

The biggest lesson that I learned from using this solution is that you can't trust what people tell you. When they say that they will take care of things and support it, that is not included.

My advice for anybody who is implementing this solution is to make sure that the training is completed first, ahead of trying to implement it.

I would rate this solution a four out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
RF
Data Analyst at a hospitality company with 201-500 employees
Real User
Top 20
User-friendly, provides good access, and is fairly easy to implement

Pros and Cons

  • "It is a very user-friendly product."
  • "I don't have to see all the object groups that have been created on that firewall. That's just something that I would really appreciate on the CLA, even though it already exists on the GUI."

What is our primary use case?

We primarily use the solution in order to create access rules. That's what I use it for mostly. Sometimes, if I need to do some mapping, I may also leverage this product.  

What is most valuable?

In terms of access, the solution is great at making sure that the firewall has the right IPs, or that the right IPs are passing through where they should be. 

The product does a good job of making sure that the connection is one that the user can trust. It keeps everything secure.

From what I've already done with ASA, I've noted that it's a very simple solution. 

It is a very user-friendly product. I started with the GUI version. There are different versions. You could have the CLA, and the GUI version if you like. Both are really user-friendly and they're easy to learn. 

What needs improvement?

We haven't been working with the product for too long, and therefore I haven't really found any features that are lacking. So far, it's been pretty solid.

One of the things that would make my life easier on ASA, especially for the CLA, is if it had an ASBN feature, specifically for the CLA. This would allow you to be able to see at once where a particular object group is being used without having to copy out all the object groups that have already been created.

I don't have to see all the object groups that have been created on that firewall. That's just something that I would really appreciate on the CLA, even though it already exists on the GUI.

For how long have I used the solution?

I've been using the solution for six months now. It's been less than a year. It hasn't been too long just yet.

What do I think about the stability of the solution?

The solution has been quite stable.

Most of the clients that we deal with use this solution. No one has ever complained about having a breach or anything, to the best of my knowledge, even though we see some people combine different firewalls together, and use them alongside Cisco ASA. So far, we've not had any issue with Cisco ASA. It's reliable and keeps our clients safe.

What do I think about the scalability of the solution?

I've never tried to scale the product. I haven't worked with it too long at this point. I wouldn't be able to comment on its scalability potential.

How are customer service and technical support?

I've never dealt with technical support yet. I can't speak to their level or response or their knowledge of the product.

Which solution did I use previously and why did I switch?

In the past, I've worked with Check Point and Fortinet as well.

How was the initial setup?

I've been handling the implementation. So far, it's been good, even with no prior knowledge of the solution itself. It's my first time working with it.

On my team, lots of people are working on different aspects, and most of the setup is being done by those that have more knowledge about the firewall than we have. We don't have anything to do with the setup, we just make sure that we implement whatever connections the clients already have. It's already broken down that way, just to avoid as many mistakes as possible.

We already have a process for implementation based on the number of connections. The maximum we normally work on each connection is maybe 20 to 30 minutes. However, the process could be as little as one minute. It depends on how many connections we want to add at a time.

What about the implementation team?

We're handing the implementation via our own in-house team.

What's my experience with pricing, setup cost, and licensing?

I'm just handling the implementation and therefore don't have any insights on the pricing aspect of the solution. I wouldn't be able to say how much the company pays or if the pricing is high or low.

That said, the pricing isn't an issue. It's more about what's best for the customer or the client. We want to give the client the best service, and very good protection. If a client begins to worry about pricing, we can't exactly guarantee the same level of safety.

What other advice do I have?

Our company has a partnership with Cisco.

We have different clients and therefore use different versions of the solution. Nobody wants to use an out-of-date version, and therefore, we work to keep everything updated.

Overall, I would rate the solution at a nine out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
SZ
Team Lead Network Infrastructure at a tech services company with 1-10 employees
Real User
Top 5Leaderboard
Stable with good performance and a fairly straightforward setup

Pros and Cons

  • "It's a next-generation firewall and it's pretty stable. You don't have to worry about if you restart it for some maintenance. It will just come back."
  • "Sometimes some of the applications the customer has do not respond as they normally should."

What is our primary use case?

The solution can be used in the data center it can be used as perimeter firewalls and gateways as well. It can be used anywhere. From the systems side, the data center side, or I typically recommend that it be deployed in a VM, as it may be able to see the internet traffic and specifically it would basically look into the details of a virtualized environment as well.

What is most valuable?

It's a next-generation firewall and it's pretty stable. You don't have to worry about if you restart it for some maintenance. It will just come back. Basically, it would come back in a straightforward manner. There are no stability issues.

The one thing that I like about Palo Alto is it's throughput is pretty straightforward. It supports bandwidth and offers throughput for the firewall.  The throughput basically decreases.

Palo Alto actually provides two throughput values. One is for firewall throughput and other is with all features. Whether you use one or all features, its throughput will be the same.

It's performance is better than other firewalls. That is due to the fact that it is based on SPD architecture, not FX. It basically provides you with the SB3 technology, a single path parallel processing. What other brands do is they have multiple engines, like an application engine and IPS engine and other even outside management engines. This isn't like that.

With other solutions, the traffic basically passes from those firewalls one after the other engine. In Palo Alto networks, the traffic basically passes simultaneously on all the engines. It basically improves the throughput and performance of the firewall. There's no reconfiguration required.

What needs improvement?

Palo Alto has all the features that any firewall should have. Other firewalls should actually copy Palo Alto so that they can provide better stability, performance, and protection - at levels that are at least at Palo-Alto's.

This isn't necessarily an issue with the product per se, however, sometimes basically there are some features, depending on the customer environment, do not work as well. Sometimes some of the applications the customer has do not respond as they normally should. Palo Alto support needs to understand the customer requirements and details so that they can resolve customer queries more effectively.

For how long have I used the solution?

I've been using the solution for the past six years at this point.

What do I think about the stability of the solution?

The solution offers very good stability. I don't have issues with bugs or glitches. It's reliable.

What do I think about the scalability of the solution?

We have a variety of customers ad they all have a different amount of users. Some have 50 users. Some have 100 users. Some have 1,000 users as well. It varies quite a bit. In that sense, it scales to meet the customer's needs.

How are customer service and technical support?

I've dealt with technical support in the past. Sometimes it is good and sometimes it's not as good. It depends on the complexity of the deployment. Overall, however, I would say that I have been satisfied with the level of service provided.

Which solution did I use previously and why did I switch?

There are multiple products from different vendors, and I basically deploy different firewalls from different vendors for the customers based on their needs. The solutions I work with include Cisco, Fortinet, and WatchGuard. There are a few others as well.

How was the initial setup?

The initial setup isn't too complex. It's pretty straightforward.

The deployment time basically depends on the deployment model. If it's a VMware model, it's pretty straightforward and you can basically deploy it in half an hour to one hour.

If it is in another deployment model, for example, if it's in Layer 3, it depends on the subnet environment, how many subnets they have, or how the traffic is routing from one end to the other end, etc. 

What about the implementation team?

I'm involved in system integration, so I basically deploy and manage the solution for the other customers.

What other advice do I have?

I'm an integrator. I work with many clients. My clients use both the cloud and on-premises deployment models.

I would recommend the solution to other organizations.

Overall, I would rate it at a nine out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Integrator
JR
Systems Architect at PHARMPIX CORP
User
Excellent support, great remote access, and very good reporting capabilities

Pros and Cons

  • "The support offers the best services I have experienced. It's better than any other IT vendor."
  • "Internet load balancing provides either active/passive or active/active load balancing, however, I would like to see more options that provide SD-WAN capabilities while also allowing for more than two links."

What is our primary use case?

Currently, I'm working as a Lead Security Architect in the healthcare industry. We have two data centers, multiple branch offices, multiple cloud subscriptions, and over 200 employees. Our operation is mission-critical and requires it to be up and running 24/7. We need to protect multiple applications that are developed in-house, sensitive data including PHI, Financial, intellectual property, et cetera.

Check Point NGFW and its security modules have been our security solution for the past six years to protect all of our assets, including our cloud subscriptions.

How has it helped my organization?

Check Point Next Generation Firewalls are key components in protecting our assets and information. Their security modules are very easy to use and understand. Also, it's one of the most user-friendly interfaces I’ve had the opportunity to use and I’ve had the chance to work with more than four firewall solutions.

Their reporting and logs modules are amazing. It provides a level of detail and visibility that we haven't had before. It’s useful to understand what is happening on our network and has been very successful in blocking attacks and providing options for executive summaries. 

Being able to manage all the security gateways for our multiple sites in a single management console and share policies has been very beneficial.

What is most valuable?

The Remote Access VPN has been crucial to us, especially during this pandemic. We had to be on lockdown for a couple of months and being able to deploy a remote workforce with Check Point VPN was a crucial part of our business continuity strategy.

The logs and reporting are very easy to use and manage. Also, the IPS and IDS are critical components to keeping our network secure. They are very easy to configure and there are multiple templates that can be used out of the box that provides maximum protection to our network.

The support offers the best services I have experienced. It's better than any other IT vendor.

What needs improvement?

Check Point Firewalls haven't failed me during the past six years that I have been using them. 

If I had to mention anything that I would like to see some improvement on, it’s on the internet load balancing options. Internet load balancing provides either active/passive or active/active load balancing, however, I would like to see more options that provide SD-WAN capabilities while also allowing for more than two links. I know this can be performed with other network devices, however, adding the option as part of the NGFW would be awesome.

For how long have I used the solution?

I have been using Check Point for 6 years now.

What do I think about the stability of the solution?

I've never had a single issue on any of my security gateways.

What do I think about the scalability of the solution?

I haven't had the opportunity to scale, however, I have seen many demos of maestro architecture, and it looks awesome.

How are customer service and technical support?

As I mentioned before, Check Point support is one of the best services from any IT vendor I have experienced. They answer very quickly and also provide solutions most of the time within the first call.

Which solution did I use previously and why did I switch?

I have used multiple solutions in the past. We migrated from Cisco ASA to Check Point six years ago and have never looked back. Our old ASA required additional hardware components for additional security services.

How was the initial setup?

The product is very easy to set up.

What about the implementation team?

The implementation was performed by a vendor team in combination with our in-house security team.

What was our ROI?

My peace of mind is the ROI.

What's my experience with pricing, setup cost, and licensing?

Check Point is not the cheapest firewall solution, but you get what you pay for. It's super reliable and their service is great.

Which other solutions did I evaluate?

I had the opportunity to review Palo Alto and Fortinet.

What other advice do I have?

I'd advise other users to give it a try.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Get our free report covering Fortinet, Zyxel, Microsoft, and other competitors of Fortinet FortiOS. Updated: November 2021.
552,136 professionals have used our research since 2012.