Excellent feature set, but not without its quirks
Use Cases and Deployment Scope
We use FortiManager to quickly manage 10 fortigates at our company. Previously we were manually managing fortigates by directly logging into them. FortiManager has helped us save time in upgrading firmware, and pushing new configs to our firewalls. We also wanted centralized log collection and parsing, which the inbuilt version of FortiAnalyzer provides.
Pros
- Centralized management of fortigates
- Dynamic objects and per device mapping of objects
- Scheduled and centralized firmware updating system for Fortigates
- Simple log collection and browsing
Cons
- Various bugs: The software is buggy, and if you don't have a good understanding of it's underlaying operation, you can get confused or stuck when pushing a configuration. There are lots of little quirks you will have to learn, which are not described in any documentation.
- Conflict resolution: Occasionally, during larger changes, bringing new devices in, pushing a config will fail due to dependencies, conflicts, or other software bugs. This is somewhat time consuming because the error messages provided aren't descriptive
- CLI Options: Some configuration changes require creating scripts that execute on each device, and can't be done via the GUI
Likelihood to Recommend
FortiManager is well suited for larger organizations which require unified configurations and IT departments that need quick turn around on firewall related tickets. I believe MSPs can also benefit with the use of the VDOM feature, if strict separation between clients is needed. FortiManager wouldn't be ideal for 1-3 site operations, unless their configurations are extremely complex or have a high number of active users.
