We performed a comparison between Fortinet FortiGate and Palo Alto Networks VM-Series based on real PeerSpot user reviews.
Find out in this report how the two Firewalls solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Whenever I need something, Fortinet improves and updates the software for me."
"We were looking for the VPN feature and controlling the inflow and outflow of all the traffic within the site and across the sites. We are also using it for the VPN and VLANs."
"The most valuable feature is the FortiManager for centralized management."
"Offers good security and filtering."
"The network security and cloud security are most valuable."
"The performance is good."
"The tool is a nice product and easy to handle. The software's user interface is also good. You can easily implement remote access in the solution."
"Fortinet FortiGate is a scalable solution."
"Palo Alto Networks VM-Series has everything centralized. You have the VPN solution, firewall, routing, UDR, flexibility, updates, and full visibility of your traffic."
"With the improved visibility we now have, the traffic is being properly monitored, which means that we are better able to manage it. These are improvements that we saw very quickly."
"I like the UI. Most things are accessible from the user interface and it is quite user-friendly. With respect to both VM-based firewalls and physical firewalls, it's easy to create updates."
"The VM-Series reports how much bandwidth a particular IP is using. You don't need to regularly log into a website, like a Cisco command, to see what kind of ACL it's getting. There isn't an ACL use portal event. You can go there and see how much my ACL has been getting me."
"Centralized management is valuable because it allows us to configure settings in one location and apply them across all three locations."
"The main advantage of Palo Alto Networks VM-Series stems from the fact that you can access it with the help of cloud services."
"The most valuable feature is the CLI."
"The tool's cloud version makes application migration easy."
"With the addition of some features, it is possible that FortiGate can be used in all verticals."
"Fortinet FortiGate could improve by having more storage in the hardware for log data."
"Fortinet FortiGate needs to improve the logging and reporting. Additionally, the next-generation application's policies should be improved. When they were released they had bugs."
"Its reporting and pricing need improvement."
"The scalability could be better."
"Palo Alto has a feature called WildFire Analysis that is unavailable in FortiGate. WildFire is better than a sandbox because it can address zero-day threats and vulnerabilities. It can immediately identify zero-day threats from the cloud."
"Their software support needs improvement. I would prefer to have better support for bug fixes. Sometimes, we open a ticket, and it is very difficult to get a solution. Specifically, we are not at all happy with their support for load balancing."
"The solution could be more secure and stable."
"With Palo Alto Networks VM-Series, it is hard for me to manage its network configuration part."
"There could be dynamic DNS features similar to Fortinet in the product."
"We feel that the setup was complex. So, we asked the tech team about the setup process. They explained how to deploy it in the right way, which made it very simple."
"There are some delays that I have observed when my company communicates with Palo Alto's support engineers."
"Palo Alto Networks VM-Series needs to improve its order process."
"There's room for improvement in terms of integration with the load balancer. It isn't like Fortinet, which has a load balancer built into its firewall. It is effortless to integrate within the load balancer-plus-firewall solution."
"The product's AIOps process needs improvement."
"The web interface is very slow, and it needs to be faster."
Fortinet FortiGate is ranked 2nd in Firewalls with 110 reviews while Palo Alto Networks VM-Series is ranked 9th in Firewalls with 13 reviews. Fortinet FortiGate is rated 8.4, while Palo Alto Networks VM-Series is rated 8.6. The top reviewer of Fortinet FortiGate writes "Efficient, user-friendly, and affordable". On the other hand, the top reviewer of Palo Alto Networks VM-Series writes "Many features are optimized for troubleshooting real-time scenarios, saving a lot of time". Fortinet FortiGate is most compared with Sophos XG, Cisco Secure Firewall, Netgate pfSense, Meraki MX and Check Point NGFW, whereas Palo Alto Networks VM-Series is most compared with Azure Firewall, Fortinet FortiGate-VM, Cisco Secure Firewall, Palo Alto Networks NG Firewalls and Juniper SRX Series Firewall. See our Fortinet FortiGate vs. Palo Alto Networks VM-Series report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Hello Tarun, we have been designing solutions with Palo Alto Networks NGFW for 6 years now and we have 95%+ customer retention.
I would suggest looking into customer requirement on the basis of the following things, and priority is given by the customer:
1. Internet Bandwidth
2. No. Of users - In-house and users connecting from home/outside organization network.
3. Security features required - Sandoxing, DNS Security, etc.
4. Port density required on the firewall.
5. SSL decryption.
6. Deployment - On-prem or virtual DC or on Cloud.
7. HA requirement
8. MFA requirement
9. Local presence of Palo Alto/Fortinet expert team.
10. Integration for other (operational) solutions like SD-WAN, Load balancer, etc
11. Integration with other security solution like EDR/XDR or XSOAR
12. Customer's current solution (firewall/UTM and engineers/IT team working on it).
13. Customer's current IT Team strategy
14. Customer future IT strategy (to move on the cloud, etc)
15. Customer's growth and scalability in 5 years.
16. Reporting and logging requirement.
17. Customer's budget for IT Security.
Well, I guess with these parameters, and customer's priority you can recommend them a suitable solution.
Palo Alto NGFW will be best recommended for the following:
1. Deployment on the cloud - It has a very stable PANOS for VM-Series
2. Security Innovations - Considering security, in terms of today and future, Palo Alto is disruptive and groundbreaking.
3. Predictive Bandwidth - Palo Alto NGFW gives us Predictive bandwidth, and hence, once sized, it will last longer than defined. The throughput numbers are test cases of real-world scenarios, and after enabling all the features. It operates on its patented SP3 architecture and defines device throughput after enabling all security features and operational functionalities.
4. Integration with EDR/XDR and SOAR/XSOAR platforms.
5. User/SSL VPN - When you are planning for SSL VPN on Palo Alto NGFW, it will not charge you additionally for users connecting their Windows or MAC systems on NGFW over SSL VPN. For users that are Android/IOS/Linux/etc, and required additional HIP checks and Clientless VPN, there is a single subscription you will need to purchase.
6. Sandboxing - Palo Alto came up with Wildfire which is a threat intel cloud, which can be termed as Palo Alto Network's Sandboxing solution, but it does much more than that. it has a response SLA of 5 mins, where it can convert any unknown to known in 5 minutes or less. Also, after it identifies the file, it auto-updates other engines like URL filtering, DNS Security, Anti-Spyware, Bad IP and Domain list, CNC tunnel signatures.
7. Reporting and alerting - Foremost reason why users started implementing Palo Alto firewalls inside their network was to get the visibility - in terms of User-level visibility, Network traffic (depth to application layer), and Content (files and threats) level visibility. Also, logging and reporting is provisioned on the appliance itself and no additional subscription or any appliance is required, unless the customer requires the storage of logs for more time frame. The NGFW also co-relates all the events and alerts to give critical visibility like Botnets and hosts and users accessing malicious websites, or resolving malicious domains.
8. EDL - again external dynamic lists(EDL) helps you reduce the attack surface by minimizing the traffic to and from Malicious and Bad - IPs and Domains. This list is automatically updated by Palo Alto Networks by default by its threat research teams (Unit 42), Threat Intel (Wildfire), DNS Security module, and other sources. It has also a provision for you and/or the customer to integrate other third-party URL lists to be blocked.
9. Security features:
-- DNS filtering - by intercepting DNS traffic, you will not need any additional solution and/or modification in your current network for protection against threats related to DNS traffic. Its DNS module is cloud-based and tightly integrated with other modules and features of NGFW.
-- Credential phishing - This feature will avoid users sharing/uploading their credentials which are the same to access internal resources and external websites. This will prevent the leak of user credentials.
-- ML Powered NGFW - Currently, PA NGFW is the only firewall powered by ML to prevent unknown threats in real-time.
10. Application layer firewall - complete identification of all and any traffic based on application rather than port and protocol. Not only the known but also if the application is not identified it will classify that traffic as unknown. Also, you can create a custom application as required.
and many more...
Benefits in Fortigate firewall will be:
1. More port density.
2. Better SD-WAN configuration
3. Easy User interface and hence lacks granular controls.
4. Provides seamless integration with FortiToken for MFA(additional cost).
5. Seamless integration with Forti Load balancer.
6. Low cost (than Palo Alto least).
Thanks
Darshil Sanghvi
Palo Alto, Fortinet, and Checkpoint are the best NGFW. You can choose one of them.
The Fortinet advantage is the Security Fabric. Many other Fortinet's products (switches, AP, EDS, XDR, DDoS, FortiClient, etc) are integrated and a Fortigate can communicate with another product to block an attack.
Because PA has FPGA based architecture, which no other firewall has, due to this firewall processes the traffic from all the engines simultaneously. it increase efficiency of the product and provides way better throughput as compare to other vendors. The performance of security engines of PA are better then other vendors. PA provides on-box reporting, you have to purchase forti-analyzer separately for reporting in fortinet. PA provides granular view of policies, providing insight to you which policies are used in and which are not. it also provides you the feature, that tells you which of the firewall's features are not being utilized, this way you can plan your renewal to only purchase the feature you need.
I have FortiGates and the last upgrade of firmware cut internet traffic if you use Inspection Mode Proxy-Based, recommended and more secure, you have to use Flow-based, less secure. I don't work with Palo Alto
I strongly recommend Sophos XG Firewall.
Take a look
Sophos Firewall: Synchronized Next-Gen Firewall
I think you can go with Palo Alto...
Palo Alto
I would recommend Palo Alto