Fortinet FortiGate FG-60F Software Experience
The software experience is largely the same as the FG-40F. Logging in, Fortinet’s default IP is 192.168.1.99, and the default username is admin with no password. You are immediately required to change the password.

We logged into our unit and saw the FortiOS 7.6.6 dashboard. This looks a lot like the same version on the FG-40F, which is expected.

Just a quick note: we ended up having issues with updating this box, which meant we needed to hook up a console cable and screw around with recovery.
Once you are set up and have registered your device, there are UIs and wizards for a ton of features. The interface setup is relatively intuitive, and Fortinet has the gateway diagram with port labels and connection status on top. If you configure hundreds of these, you probably do not notice little features like this.

In the FG-40F review, we went into more detail around the FortiLink interfaces and so forth, but since the boxes are fairly similar
VPNs are a big deal for Fortinet and this entire segment. It turns out that both CyPerf and IxNetwork, which we use, have great VPN testing tools, but we are going to add that into future reviews.

On the security side, Fortinet is well known for its security features, including its IPS.

With a subscription, you have access to a great default set of IPS signatures. We will look at the performance of turning many of the security features on in our performance testing section.

There is an application sensor feature as well. Here is a quick look at the signatures for that:

Fortinet also has SSL and SSH inspection features.

There are, of course, web filters, antivirus features, and more that we looked at in the FG-40F piece. Something we wanted to show here is the logs of traffic being blocked. When we ran our Keysight CyPerf tool through the gateway, it is not just uniform packets, so the logs look fairly neat.

There is a CLI for Fortinet, which is how we did most of the configuration of these units. On both the FG-30G (both units) and FG-60F we ended up having to use the console port to fix firmware updates or to fix an update gone poorly. Since we did all the performance testing for these boxes back-to-back, we ended up using console access on three of the four boxes on hand just to update firmware, so it is an important feature.
Next, let us talk about onboarding.
A Word on Onboarding
To do this review, we purchased the FG-60F-BDL-809-12 bundle. The FG-60F is the hardware. 12 is for the duration. The 809 means we have 1 Year FortiCare Premium and FortiGuard Enterprise Protection. These boxes have a ton of features and various license levels. We were doing a batch of four of these at the same time, but needless to say, onboarding is focused on ensuring you have licenses and that data is captured for sales operations to correctly attribute your purchase to a Fortinet partner. We had both Patrick and Rohit do this, and the SonicWall back-to-back, and SonicWall felt much easier from an onboarding perspective since the workflow was basically sign up for MySonicWall and then register products. If you are coming from a solution like pfSense, OPNsense, or even Ubiquiti, both will feel very rough from a customer experience side.
Now, let us get to the performance.



Speaking of updates, fortigates can’t be directly updated to every version – you have to go in their required sequence. The ideal use case for the 60F might be, in addition to the extra ports, the ability to do a couple more things unlicensed than the 40F does. If you maintain a license, it matters less, of course. But then if you’re buying new, maybe you’ll be considering the G series anyway. And for other purposes you might jump directly to a used 100F or something depending on what you want. BTW the connector these and the sonicwalls use is a known standard which I’ve forgotten, but while YMMV I have found it to be cross compatible. Saves cost if you’re buying used ones and running unlicensed.