We performed a comparison between Fortinet Fortigate and Palo Alto Networks NG Firewalls based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison of Results: Based on the parameters we compared, Fortinet Fortigate seems to be a slightly superior solution. All other things being more or less equal, our reviewers found Palo Alto Networks NG Firewalls to be one of the most expensive products on the market. Some also felt that the user interface and the documentation could be improved.
"With Cisco, there are a lot of features such as the network map. Cisco builds the whole network map of the machines you have behind your firewall and gives you insight into the vulnerabilities and attributes that the host has. Checkpoint and Fortinet don't have that functionality directly on the firewall."
"The most valuable feature would be ASDM. The ability to go in, visualize and see the world base in a clear and consistent manner is very powerful."
"The most valuable feature is the access control list (ACL)."
"We have not had to deal with stability issues."
"The most valuable feature is stability."
"The most important feature is the intensive way you can troubleshoot Cisco Firepower Firewalls. You can go to the bit level to see why traffic is not handled in the correct way, and the majority of the time it's a networking issue and not a firewall issue. You can solve any problem without Cisco TAC help, because you can go very deeply under the hood to find out how traffic is flowing and whether it is not flowing as expected. That is something I have never seen with other brands."
"If you compare the ASA and the FirePOWER, the best feature with FirePOWER is easy to use GUI. It has most of the same functionality in the Next-Generation FirePOWER, such as IPS, IPS policies, security intelligence, and integration and identification of all the devices or hardware you have in your network. Additionally, this solution is user-friendly."
"Cisco's technical support is the best and that's why everybody implements their products."
"The features that I have found most valuable are that it is good to use, and most importantly, the pricing. The customer especially likes the discount when they trade up or something like that."
"The management console is pretty simple, so anyone who understands networking can initially deploy the solution."
"User-friendly and affordable security solution that's recommended for SMB customers. This solution has good technical support."
"The most valuable feature is the SSL VPN, as it allows us to connect and it separates this product from other firewalls."
"The initial installation is very straightforward."
"The interface is very user-friendly and I like it very much."
"The most valuable features of Fortinet FortiGate are the rules and quality of service."
"The customization potential is quite impressive."
"The feature that I like the most is its IPS model, the WildFire model. I really like how the whole threat protection model functions, including the vulnerability and anti-spyware aspects. That is really awesome."
"Overall, it is a good solution. It is stable. We use URL filtering, which is useful for blocking undesired URLs."
"The most important thing is that it's really user-friendly. I have almost stopped using the CLI because I like the graphical interface. You can do whatever you want on a single screen, including all the configuration and implementation, using Panorama. You don't have to switch from one place to another."
"Flexible and integrates well with apps and other security tools."
"The App-ID, Content-ID, User-ID, and encryption and decryption are valuable features."
"We have found the DPI ability to understand web applications and build access rules on web application categories first to be a great feature."
"The technology's very good. We have had a lot of good experience with this solution."
"It's a next-generation firewall and it's pretty stable. You don't have to worry about if you restart it for some maintenance. It will just come back."
"The performance should be improved."
"They could improve by having more skilled, high-level engineers that are available around the clock. I know that's an easy thing to say and a hard thing to do."
"I'm not a big fan of the FDM (Firepower Device Manager) that comes with Firepower. I found out that you need to use the Firepower Management Center, the FMC, to manage the firewalls a lot better. You can get a lot more granular with the configuration in the FMC, versus the FDM that comes out-of-the-box with it. FDM is like Firepower for dummies."
"The visibility for VPN is one big part. The policy administration could be improved in terms of customizations and flexibility for changing it to our needs."
"One of the few things that are brought up is that for the overall management, it would be great to have a cloud instance of that. And not only just a cloud instance, but one of the areas that we've looked at is using an HA type of cloud. To have the ability to have a device file within a cloud. If we had an issue with one, the other one would pick up automatically."
"My team tells me that other solutions such as Fortinet and Palo Alto are easier to implement."
"Report generation is an area that should be improved."
"One issue with Firepower Management Center is deployment time. It takes seven to 10 minutes and that's a long time for deployment. In that amount of time, management or someone else can ask me to change something or to provide permissions, but during that time, doing so is not possible. It's a drawback with Cisco. Other vendors, like Palo Alto or Fortinet do not have this deployment time issue."
"Lacks training for new features."
"Difficult to add or define, and not that easy to configure and manage."
"When we cluster the two Fortinet FortiGate boxes together we have some issues."
"The cloud features and integration could be improved."
"Some of the software stability could improve."
"Fortinet FortiGate could improve by having more storage in the hardware for log data."
"The cloud features can be improved."
"We would like to see better pricing."
"The machine learning in Palo Alto NG Firewalls for securing networks against threats that are able to evolve and morph rapidly is good, in general. But there have been some cases where we get false positives and Palo Alto has denied traffic when there have been new updates and signature releases. Valid traffic gets blocked. We have had some bad experiences with this. If there were an ability, before it denies traffic, to get some kind of notification that some traffic is going to be blocked, that would be good."
"Its price can be better. They should also provide some more examples of configurations online."
"Based on the features that I have seen so far, I do not see any room for improvement, but they can improve their CLI documentation. I haven't really seen much when it comes to CLI documentation."
"There are some advanced features that we aren't able to use, which include active IP authentication and app ID. We are facing challenges with implementing those two features."
"Palo Alto has introduced new features in their next-generation firewall, such as SD-WAN. However, the technique of SD-WAN implementation is not easy to understand. It is not easy to deploy at this moment. Maybe, in the future, they can improve the process and how the administrators, partners, or support team can easily deploy this SD-WAN solution on their next-generation firewall. The SD-WAN solution from Fortinet is easy to do. It does not take more than five or 10 minutes. When we talk about Palo Alto, it takes extra effort to implement SD-WAN."
"This solution cannot be implemented on-premises; it's only a cloud solution. The price is high as well."
"People sometimes find it more expensive as compared to other solutions. There are also fewer training opportunities for Palo Alto than Cisco and other vendors."
"The SD-WAN product is fairly new. They could probably improve that in terms of customizing it and making the configuration a little bit easier."
More Cisco Firepower NGFW Firewall Pricing and Cost Advice →
More Palo Alto Networks NG Firewalls Pricing and Cost Advice →
Fortinet FortiGate is ranked 1st in Firewalls with 166 reviews while Palo Alto Networks NG Firewalls is ranked 7th in Firewalls with 77 reviews. Fortinet FortiGate is rated 8.4, while Palo Alto Networks NG Firewalls is rated 8.6. The top reviewer of Fortinet FortiGate writes "Stable, easy to set up, and offers good ROI". On the other hand, the top reviewer of Palo Alto Networks NG Firewalls writes "The product stability and level of security are second to none in the industry". Fortinet FortiGate is most compared with pfSense, Cisco ASA Firewall, Sophos XG, Check Point NGFW and Sophos UTM, whereas Palo Alto Networks NG Firewalls is most compared with Azure Firewall, Check Point NGFW, Meraki MX, Sophos XG and Sophos UTM. See our Fortinet FortiGate vs. Palo Alto Networks NG Firewalls report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
In the best tradition of these questions, Feature-wise both are quite similar, but each has things it's better at, it kind of depends what you value most.
PA is good at app control, web filtering and such like, they have always been top of the pile there. The GUI is very good, and their product is very user-focused.
Fortinet is good for scalability and predictable high throughput (ASICs in the hardware), and useful things like authentication flexibility, CLI config (if you have any networking/Cisco people, they always seem to prefer CLI over GUI) and have better OT features, maybe relevant to your manufacturing use?
Fortinet seem to have a broader integration offering with their security fabric than PA do, plus they can do Fortinet-based wifi, switching, etc. Depends if you are prepared to go all-in with a single vendor.
Hi,
Both FT and PA have compelling features for large Enterprises. I would like to add a few good points about Fortinetwhich might be helpful ( from my 13 years of engagement with them as Distributor and Partner)
Fortinet:
Have higher throughput; which comes with competitive rates
Wide range of models to select to meet your requirement, without spending heavliy
Outstanding customer support and very active customer care team
Easly available skilled resources from the channel for deployment and post-implementation support
Regards
Abhilash
Hello. The question is what you are going to have as a result of application