Fortinet FortiGate vs Palo Alto Networks NG Firewalls comparison

Cancel
You must select at least 2 products to compare!
Comparison Buyer's Guide
Executive Summary
Updated on Mar 17, 2022

We performed a comparison between Fortinet Fortigate and Palo Alto Networks NG Firewalls based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.

  • Ease of Deployment: Most users of Fortinet Fortigate feel that deploying it is relatively easy and straightforward. One reviewer noted that Fortinet Fortigate is so easy to set up that it could be deployed in just a couple of clicks. Users of Palo Alto Networks NG Firewalls feel that for the most part its deployment is straightforward as well.
  • Features: Fortinet Fortigate users find it to be reliable and point out that it has many valuable features, including its ability to be deployed either on the cloud or on-premises and its user interface. However, reviewers say that its monitoring and reporting features leave room for improvement.

    Users of Palo Alto Networks NG Firewalls note that it is a stable solution. Furthermore, they note that its ability to be centrally managed is valuable. They also note that the user interface could be improved.
  • Pricing: Users of Fortinet Fortigate feel that it is pretty affordable. Reviewers of Palo Alto Networks NG Firewalls feel that it is one of the most expensive products on the market.
  • Service and Support: Users of both solutions note that, for the most part, they are supported by excellent technological support teams. Reviewers of Palo Alto Networks NG Firewalls note that the documentation that they provide could be better.

Comparison of Results: Based on the parameters we compared, Fortinet Fortigate seems to be a slightly superior solution. All other things being more or less equal, our reviewers found Palo Alto Networks NG Firewalls to be one of the most expensive products on the market. Some also felt that the user interface and the documentation could be improved.

To learn more, read our detailed Fortinet FortiGate vs. Palo Alto Networks NG Firewalls Report (Updated: January 2023).
670,331 professionals have used our research since 2012.
Q&A Highlights
Question: Features comparison between Palo Alto and Fortinet firewalls
Answer: Hi PaloAlto is better when working on app control feature and special virtual wire links. Execpt that specific point, Fortinet is above. Best Regards, Damien
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"It is one of the fastest solutions, if not the fastest, in the security technology space. This gives us peace of mind knowing that as soon as a new attack comes online that we will be protected in short order. From that perspective, no one really comes close now to Firepower, which is hugely valuable to us from an upcoming new attack prevention perspective.""You can also put everything into a nice, neat, little package, as far as configuration goes. I was formerly a command-line guy with the ASA, and I was a little nervous about dealing with a GUI interface versus a command line, but after I did my first deployment, I got a lot more comfortable with doing it GUI based.""Web filtering is a big improvement for us. The previous version we used, the AC520, did not have that feature included. It was not very easy for us, especially because the environment had to be isolated and we needed to get updates from outside, such as Windows patches. That feature has really helped us when we are going outside to pull those patches.""Cisco ASA provides us with very good application visibility and control.""There are no issues that we are aware of. It does its job silently in the background.""I have experience with URL filtering, and it is very good for URL filtering. You can filter URLs based on the categories, and it does a good job. It can also do deep packet inspection.""The most important features are the intrusion prevention engine and the application visibility and control. The Snort feature in Firepower is also valuable.""Another benefit has been user integration. We try to integrate our policies so that we can create policies based on active users. We can create policies based on who is accessing a resource instead of just IP addresses and ports."

More Cisco Secure Firewall Pros →

"Some of the key features of the solution is that it has good reporting, you can receive many details from the connection, for example, clients and website information.""The performance is good.""I like Fortinet's cloud management. It allows me to manage all my devices in different branches for three cloud accounts. Even though I use on-prem devices, I can manage everything on the cloud.""The most valuable features are the enterprise modeling and the simple interface.""The SD-WAN is the most valuable feature.""FortiGate has a strong security topic which allows all of the Fortinet devices to communicate and share information which makes their security more powerful.""FortiGate has a very strong unified threat management system.""User-friendly and affordable security solution that's recommended for SMB customers. This solution has good technical support."

More Fortinet FortiGate Pros →

"You just need a web browser to manage it, unlike Cisco, which requires another management system.""I can enable the features I want and configure the policies based on the user and not all users and network traffic, making firewall management much easier.""There are plenty of features available in this solution, such as attack blocker and spam blocker. Additionally, it is very robust and in-depth.""The scalability is very good.""Palo Alto NGFW’s unified platform has helped our customers eliminate security holes. With a unified platform, customers can deploy the NG Firewall both in the data center edge, inside the data center, and in the product/public cloud environments. They have the same user interfaces and platform, so they can be maintained by a single unified platform called Panorama. Customers can use Palo Alto Network NG Firewalls in all the places where they need to protect their environments. This helps to decrease security holes.""A feature introduced by Palo Alto with the version 10-OS is embedded machine learning in the core of the firewall to provide inline, real-time attack prevention. Machine learning analyzes the network traffic and detects if there is any usual traffic coming from outside to inside. Because of Palo Alto, organizations detect around 91% of malicious attacks using machine learning. The machine learning helps customers by implementing firewalls in critical and air gap areas so there is no need to integrate with the cloud sandbox.""It is pretty important to have embedded machine learning in the core of the firewall to provide inline, real-time attack prevention, because all these different attacks and threats are constantly evolving. So, you want to have something beyond just hard pass rules. You want it to learn as it is going along. Its machine learning seems pretty good. It seems like it is catching quite a few things.""Operationally, it is easier, and the manageability and their security features are good."

More Palo Alto Networks NG Firewalls Pros →

Cons
"Cisco wasn't first-to-market with NGFWs... they should look at what other vendors are doing and try not only to be on the same wavelength but a little bit better.""The change-deployment time can always be improved. Even at 50 seconds, it's longer than some of its competitors. I would challenge Cisco to continue to improve in that area.""The virtual firewalls don't work very well with Cisco AnyConnect.""Cisco is not cheap, however, it is worth investing in these technologies.""We wanted to integrate Firepower with our solution, but it didn't have the capability to accommodate our bandwidth since they only had two 10 gig interfaces on the box. We run way more than that through our network because we are a service provider, providing Internet to our customers.""The configuration in Firepower Management Center is very slow. Deployment takes two to three minutes. You spend a lot of time on modifications. Whereas, in FortiGate, you press a button, and it takes one second.""It lacks management. For me, it still doesn't have a proper management tool or GUI for configuration, logging, and visualization. Its management is not that easy. It is also not very flexible and easy to configure. They used to have a product called CSM, but it is no longer being developed. FortiGate is better than this solution in terms of GUI, flexibility, and user-friendliness.""There are some limitations with SSL. Regarding the security assessment for the ISO 27000 standard, there are certain features that Cisco needs to scale up. Not all products support it, so you need to be slightly careful, especially on the site track."

More Cisco Secure Firewall Cons →

"I'm not sure if it's something that they already have or are developing something, however, we need some dedicated features for container security.""The security of Fortinet FortiGate could improve.""The logs need to be better. They need to be more visible and easier to access.""The scalability could be better.""The stability of Fortinet FortiGate could improve.""There can be more security in hybrid implementations. When a customer has a hybrid environment where some parts are in the cloud, we need a consistent security solution for such scenarios.""Fortinet FortiGate could improve by having a frequent ask questions(FAQ) area for people to receive quick answers to popular questions. Additionally, it would be beneficial to have an SMS notification feature. For example, if you cannot access your email you could receive an SMS message.""The support from Fortinet FortiGate could improve. They are not easily accessible when we need them. They could improve their response time."

More Fortinet FortiGate Cons →

"The biggest thing that needs to be improved with them is their training. I took a training class for the 8.0 build, then I took it again for the 9.0 and 10 builds. They add new features every time that they do a new major release, but the training doesn't keep up. It is the same basic training that probably was with the 3.0 build, and they just change the screenshots. I would love to see them do some more work since they have all these bells and whistles, but we don't know how to use those features on a large scale.""I am in GCC in the Middle East. The support that we are getting from Palo Alto is disastrous. The problem is that the support ticket is opened through the distributor channel. Before opening a ticket, we already do a lot of troubleshooting, and when we open a ticket, it goes to a distributor channel. They end up wasting our time again doing what we have already done. They execute the same things and waste time. The distributor channel's engineer tries to troubleshoot, and after spending hours, they forward the ticket to Palo Alto. It is a very time-consuming process. The distributor channels also do not operate 24/7, and they are very lazy in responding to the calls.""We use ACC which is a tool for verifying the activity or traffic within your network. Currently, in ACC, the time of the samples that they offer is about five minutes. When you try to go down to a shorter duration, you can't. You only have five minutes. They can provide samples for shorter durations, such as one minute.""They can improve the handling and management of User-ID. They should also improve its price. Their technical support can also be improved.""The reports it provides are not helpful.""Currently, they don't have email protection. They can maybe add it in the future. Currently, if you want to do so, you need to go with another solution.""The cost of the device is very high.""Based on the features that I have seen so far, I do not see any room for improvement, but they can improve their CLI documentation. I haven't really seen much when it comes to CLI documentation."

More Palo Alto Networks NG Firewalls Cons →

Pricing and Cost Advice
  • "The price is comparable."
  • "We sell Cisco ASA Firewall as a bundle — the price is very cheap. If a customer were to go for renewal direct from Cisco, then the price would be quite high."
  • "It definitely competes with the other vendors in the market."
  • "The price for Firepower is more expensive than FortiGate. The licensing is very complex. We usually ask for help from Solutel because of its complexity. I have a Cisco account where I can download the VPN client, then connect. Instead, I create an issue with Solutel, then Solutel solves the case."
  • "I know that licensing for some of the advanced solutions, like Intrusion Prevention and Secure Malware Analytics, are nominal costs."
  • "It is affordable. The hardware is not that expensive anymore. It is a matter of licensing these days."
  • "Cisco is not for a small mom-and-pop shop because of the cost, but if you're in a regulated industry where a breach could cost you a million dollars, it's a bargain."
  • "I like the Smart Licensing, because it is more dynamic and easier to keep track of where you are at. If we have a high availability firewall pair and they are deployed in active/standby rather than active/active, I would expect that we would only pay for one set of licenses because you are using only one firewall at any one time. The other is there just for resiliency. The licensing, from a Firepower perspective, still requires you to have two licenses, even if the firewalls are in active/standby, which means that you pay for the two licenses, even though you might only be using one firewall any one time. This is probably not the best way to do it and doesn't represent the best value for money. This could be looked at to see if it could be done in a fairer way."
  • More Cisco Secure Firewall Pricing and Cost Advice →

  • "The pricing of the solution is very competitive."
  • "Pricing and licensing is a little bit complicated in FortiGate. They are always on the higher side. This is one issue that we always raise with the company that they should reduce the price according to Indian market requirements. There are no costs in addition to the standard licensing fees."
  • "The price of the license and warranty can be better because it is very expensive."
  • "It's expensive, but compared to the competition it's okay."
  • "In terms of the market, it's not a cheap product, but it's cost-effective."
  • "Fortinet Secure SD-WAN delivered the lowest total cost of ownership (TCO) per Mbps among all other vendors."
  • "I had to pay for the license for the firewall, but it is guaranteed to have updates. I expect a good service for it. It was about €1000 for a year, and there was no additional cost."
  • "It is more expensive than Sophos. Fortinet is overall more expensive than Sophos. The small range of Fortinet, such as 60F and 80F, is more expensive than the small range of Sophos. Sophos is cheaper. In addition, if you jump from 80F Series to 100F Series, the price doubles."
  • More Fortinet FortiGate Pricing and Cost Advice →

  • "The pricing is very high."
  • "The device is very expensive compared to Cisco and Fortinet."
  • "It's an expensive product."
  • "It is an expensive solution."
  • "Paul Alto is the most expensive solution in this category."
  • "On the lower end, it's likely to cost $15,000 for renovation and support."
  • "We pay for the licensing annually and the price could be cheaper."
  • "After the hardware and software are procured, it is the AMC support that has to be renewed yearly."
  • More Palo Alto Networks NG Firewalls Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
    670,331 professionals have used our research since 2012.
    Answers from the Community
    Donny Lee
    ABHILASH TH - PeerSpot reviewerABHILASH TH
    Reseller

    Hi,


    Both FT and PA have compelling features for large Enterprises. I would like to add a few good points about Fortinetwhich might be helpful ( from my 13 years of engagement with them as Distributor and Partner)


    Fortinet: 


    Have higher throughput; which comes with competitive rates


    Wide range of models to select to meet your requirement, without spending heavliy


    Outstanding customer support and very active customer care team


    Easly available skilled resources from the channel for deployment and post-implementation support 


    Regards


    Abhilash



    Alexander Denisenko - PeerSpot reviewerAlexander Denisenko
    User

    Hello. The question is what you are going to have as a result of application

    Questions from the Community
    Top Answer: When you compare these firewalls you can identify them with different features, advantages, practices and… more »
    Top Answer:One of our favorite things about Fortinet Fortigate is that you can deploy on the cloud or on premises. Fortinet… more »
    Top Answer:It is easy to integrate Cisco ASA with other Cisco products and also other NAC solutions. When you understand the Cisco… more »
    Top Answer:From my experience regarding both the Sophos and FortiGate firewalls, I personally would rather use FortiGate. I know… more »
    Top Answer:As a solution, Sophos UTM offers a lot of functionality, it scales well, and the stability and performance are quite… more »
    Top Answer:We have Meraki Mx devices now, we are looking to replace them. But that is because the Meraki MX platform lacks SSL… more »
    Top Answer:Azure Firewall Vs. Palo Alto Network NG Firewalls Both solutions provide stellar stability and security. Azure… more »
    Top Answer:In the best tradition of these questions, Feature-wise both are quite similar, but each has things it's better at, it… more »
    Top Answer:Palo Alto Networks NG Firewalls have both great features and performance. I like that Palo Alto has regular threat… more »
    Comparisons
    Also Known As
    Cisco ASA Firewall, Cisco Adaptive Security Appliance (ASA) Firewall, Cisco ASA NGFW, Cisco ASA, Adaptive Security Appliance, ASA, Cisco Sourcefire Firewalls, Cisco ASAv, Cisco Firepower NGFW Firewall
    FortiGate 60b, FortiGate 60c, FortiGate 80c, FortiGate 50b, FortiGate 200b, FortiGate 110c, FortiGate
    Palo Alto NGFW, Palo Alto Networks Next-Generation Firewall, Palo Alto Networks PA-Series
    Learn More
    Overview

    The Cisco Secure Firewall portfolio delivers greater protections for your network against an increasingly evolving and complex set of threats. With Cisco, you’re investing in a foundation for security that is both agile and integrated- leading to the strongest security posture available today and tomorrow.

      From your data center, branch offices, cloud environments, and everywhere in between, you can leverage the power of Cisco to turn your existing network infrastructure into an extension of your firewall solution, resulting in world class security controls everywhere you need them.

      Investing in a Secure Firewall appliance today gives you robust protections against even the most sophisticated threats without compromising performance when inspecting encrypted traffic. Further, integrations with other Cisco and 3rd party solutions provides you with a broad and deep portfolio of security products, all working together to correlate previously disconnected events, eliminate noise, and stop threats faster.

      Fortinet FortiGate is an innovative line of firewalls that aim to protect organizations from all types of web-based network threats. They come in a wide variety of product types. Fortinet FortiGate’s solutions are available in a large range of sizes and form factors and are key components of the Fortinet Security Fabric, which enables immediate, intelligent defense against known and new threats throughout the entire network.

      Fortinet FortiGate provides users with next-generation firewall solutions that provide proven protection with unmatched performance across the network, from internal segments to data centers to cloud environments. You can protect every part of your network without exception. Additionally, your protections can be managed from a single central location. This ensures that the task of protecting your network is infinitely easier to accomplish.

      Benefits of Fortinet FortiGate

      Some of the benefits of using Fortinet FortiGate include:

      • The ability to manage your firewalls from a centralized automated control console. Fortinet FortiGate’s FortiManager enables administrators to exercise control of their firewalls in a streamlined manner. Administrators have full visibility and control over their system from a single location. It utilizes automation that collects information in real time, which greatly simplifies and reduces the cost of running various types of workflows. Administrators can free up resources by automating the most basic tasks.
      • The ability to produce uniform, appropriate, and coordinated responses to threats across networks. Fortinet FortiGate’s FortiGuard feature generates system protections in near real time. This allows administrators to address threats to the system with custom-made solutions that can be uniformly enforced.
      • The ability to scale up your security to fit your changing security needs. Fortinet FortiGate’s design allows users to accelerate the transfer of data between users and escalate the number of users that are covered without compromising security of performance. This means that users can grow their networks and continue to collaborate without worrying about the system slowing down or coming under attack.

      Reviews from Real Users

      Fortinet FortiGate’s firewall solutions are cutting edge. They stand out from competitors for a number of reasons. Two major ones are the robustness and power of their firewalls. Fortinet FortiGate’s firewall provides users with many valuable features that allow them to maximize what they can do with the solution. These firewalls enable users to use a single piece of software to accomplish tasks that often require the use of multiple pieces of software.

      PeerSpot user Eric S., a Solutions Engineer and Consultant at a tech-services company, notes the robustness of this solution when he writes, "One of the nice things about FortiGate is that it can be deployed on the cloud or on-premises. You can actually do both. That's the biggest reason why I stick with this solution as opposed to something like Cisco Meraki. Another nice thing is that I can log directly into a FortiGate or get to it through their FortiCloud access products. They're pretty reliable and consistent. One of the reasons why I started using the product was their single pane of management. I can deploy their line of firewalls in conjunction with their switching and access points, and I can manage the entire network from one interface.”

      PeerSpot user Jim M., a network admin at Penobscot Valley Hospital, notes the power of Fortinet FortiGate’s security software when he writes, "It does a lot for you for intrusion protection and as an antivirus. The threat management bundle is worth the money. You don't need another company to monitor your web traffic for you. You can do everything yourself on the firewall. You restrict your own black list for people on the firewall.”

      Palo Alto Networks NG Firewalls is a firewall solution designed for security teams that provides them with full visibility and control over all networks via powerful traffic identification, malware prevention, and threat intelligence technologies. In order to determine which applications, users, and content traversing the network are safe, the solution offers companies a variety of advanced security tools and strategies.

      Palo Alto Networks NG Firewalls Features

      Palo Alto Networks NG Firewalls has many valuable key features. Some of the most useful ones include:

      • Secure Application Enablement (App-ID, User-ID, Content-ID)
      • Malware Detection and Prevention (threat prevention service, buffer overflows and port scans, anti-malware capabilities, command-and-control protection, and WildFire)
      • DNS Security (URL filtering, predict and block malicious domains, signature-based protection, extensible cloud-based architecture)
      • Panorama Security Management (including graphical views and analytics, manage rules and dynamic updates, customizable application command center (ACC), log collection mode, physical or virtual appliance)
      • Threat Intelligence (high-fidelity threat intelligence, priority alerts, automatic extraction and sharing of prevention indicators, native integration with Palo Alto Networks products)

      Palo Alto Networks NG Firewalls Benefits

      There are several benefits to implementing Palo Alto Networks NG Firewalls. Some of the biggest advantages the solution offers include:

      • Dedicated management interface for managing and initial configuration of the device
      • Regular threat signatures and updates
      • Import addresses and URL objects from the external server
      • Configure and manage with REST API integration
      • Great throughput and connection speed is fair even in high traffic load
      • Deep visibility into the network activity through Application and Command Control
      • Easy to manage and very user friendly

      Reviews from Real Users

      Below are some reviews and helpful feedback written by Palo Alto Networks NG Firewalls users.

      A Solutions Architect at a communications service provider says, “The product stability and level of security are second to none in the industry. We value the security of our client's infrastructure so these features are valuable to us. An example of a very valuable feature behind Palo Alto is the application-aware identifiers that help the firewall know what its users are trying to do. It can block specific activities instead of just blocking categories. For example, you can block an application, or all unknown applications.”

      PeerSpot user Gerry H., CyberSecurity Network Engineer at a university, mentions that the solution has a “Nice user interface, good support, is stable, and has extensive logging capabilities.” He also adds, “Wildfire has been a very good feature. This solution provides a unified platform that natively integrates all security capabilities, which is 100% important to us. This is a great feature.”

      Eric S., Network Analyst at a recreational facilities/services company, states, "With its single pane of glass, it makes monitoring and troubleshooting a bit more homogeneous. We are not looking at multiple platforms and monitoring management tools. It is more efficient from that perspective. It is more of a common monitoring and control system for multiple aspects of what used to be different systems. It provides efficiency and time savings."

      Offer
      Learn more about Cisco Secure Firewall
      Learn more about Fortinet FortiGate
      Learn more about Palo Alto Networks NG Firewalls
      Sample Customers
      There are more than one million Adaptive Security Appliances deployed globally. Top customers include First American Financial Corp., Genzyme, Frankfurt Airport, Hansgrohe SE, Rio Olympics, The French Laundry, Rackspace, and City of Tomorrow.
      Pittsburgh Steelers, LUSH Cosmetics, NASDAQ, Verizon, Arizona State University, Levi Strauss & Co. Whitepaper and case studies here
      SkiStar AB, Ada County, Global IT Services PSF, Southern Cross Hospitals, Verge Health, University of Portsmouth, Austrian Airlines, The Heinz Endowments
      Top Industries
      REVIEWERS
      Financial Services Firm16%
      Comms Service Provider13%
      Computer Software Company9%
      Government8%
      VISITORS READING REVIEWS
      Computer Software Company20%
      Comms Service Provider18%
      Government7%
      Educational Organization5%
      REVIEWERS
      Comms Service Provider17%
      Financial Services Firm10%
      Computer Software Company9%
      Manufacturing Company7%
      VISITORS READING REVIEWS
      Comms Service Provider20%
      Computer Software Company19%
      Government6%
      Educational Organization5%
      REVIEWERS
      Comms Service Provider19%
      Computer Software Company17%
      Financial Services Firm13%
      Educational Organization9%
      VISITORS READING REVIEWS
      Computer Software Company20%
      Comms Service Provider11%
      Government7%
      Financial Services Firm6%
      Company Size
      REVIEWERS
      Small Business35%
      Midsize Enterprise25%
      Large Enterprise40%
      VISITORS READING REVIEWS
      Small Business28%
      Midsize Enterprise18%
      Large Enterprise53%
      REVIEWERS
      Small Business47%
      Midsize Enterprise24%
      Large Enterprise29%
      VISITORS READING REVIEWS
      Small Business30%
      Midsize Enterprise20%
      Large Enterprise50%
      REVIEWERS
      Small Business36%
      Midsize Enterprise27%
      Large Enterprise37%
      VISITORS READING REVIEWS
      Small Business25%
      Midsize Enterprise17%
      Large Enterprise58%
      Buyer's Guide
      Fortinet FortiGate vs. Palo Alto Networks NG Firewalls
      January 2023
      Find out what your peers are saying about Fortinet FortiGate vs. Palo Alto Networks NG Firewalls and other solutions. Updated: January 2023.
      670,331 professionals have used our research since 2012.

      Fortinet FortiGate is ranked 1st in Firewalls with 92 reviews while Palo Alto Networks NG Firewalls is ranked 5th in Firewalls with 75 reviews. Fortinet FortiGate is rated 8.4, while Palo Alto Networks NG Firewalls is rated 8.8. The top reviewer of Fortinet FortiGate writes "SSL proxy makes URL filtering easier because the encryption is done before the packet ever leaves ". On the other hand, the top reviewer of Palo Alto Networks NG Firewalls writes "Provides zero trust implementation, more visibility, and eliminated security holes". Fortinet FortiGate is most compared with pfSense, Sophos XG, Check Point NGFW, Meraki MX and OPNsense, whereas Palo Alto Networks NG Firewalls is most compared with Azure Firewall, Check Point NGFW, Meraki MX, Sophos XG and Sophos UTM. See our Fortinet FortiGate vs. Palo Alto Networks NG Firewalls report.

      See our list of best Firewalls vendors.

      We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.