Fortinet FortiGate vs Palo Alto Networks VM-Series comparison

You must select at least 2 products to compare!
Comparison Buyer's Guide
Executive Summary

We performed a comparison between Fortinet FortiGate and Palo Alto Networks VM-Series based on real PeerSpot user reviews.

Find out in this report how the two Firewalls solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed Fortinet FortiGate vs. Palo Alto Networks VM-Series Report (Updated: November 2023).
745,341 professionals have used our research since 2012.
Q&A Highlights
Question: Which product do you recommend: Palo Alto Network VM-Series vs Fortinet FortiGate?
Answer: I am an enterprise user of Fortigate and PA compares favorable to Fortinet. I have used Fortigate for a variety of reasons, but here are the most important reasons we use them (compared to PA)1. Price versus performance2. Fortinet has a strategic security view that is focused on security requirements rather than marketing. (PA has a distinct advantage in marketing)3. Fortinet leadership (CEO and CTO) are focused on value and long term relationships.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
"Whenever I need something, Fortinet improves and updates the software for me.""We were looking for the VPN feature and controlling the inflow and outflow of all the traffic within the site and across the sites. We are also using it for the VPN and VLANs.""The most valuable feature is the FortiManager for centralized management.""Offers good security and filtering.""The network security and cloud security are most valuable.""The performance is good.""The tool is a nice product and easy to handle. The software's user interface is also good. You can easily implement remote access in the solution.""Fortinet FortiGate is a scalable solution."

More Fortinet FortiGate Pros →

"Palo Alto Networks VM-Series has everything centralized. You have the VPN solution, firewall, routing, UDR, flexibility, updates, and full visibility of your traffic.""With the improved visibility we now have, the traffic is being properly monitored, which means that we are better able to manage it. These are improvements that we saw very quickly.""I like the UI. Most things are accessible from the user interface and it is quite user-friendly. With respect to both VM-based firewalls and physical firewalls, it's easy to create updates.""The VM-Series reports how much bandwidth a particular IP is using. You don't need to regularly log into a website, like a Cisco command, to see what kind of ACL it's getting. There isn't an ACL use portal event. You can go there and see how much my ACL has been getting me.""Centralized management is valuable because it allows us to configure settings in one location and apply them across all three locations.""The main advantage of Palo Alto Networks VM-Series stems from the fact that you can access it with the help of cloud services.""The most valuable feature is the CLI.""The tool's cloud version makes application migration easy."

More Palo Alto Networks VM-Series Pros →

"With the addition of some features, it is possible that FortiGate can be used in all verticals.""Fortinet FortiGate could improve by having more storage in the hardware for log data.""Fortinet FortiGate needs to improve the logging and reporting. Additionally, the next-generation application's policies should be improved. When they were released they had bugs.""Its reporting and pricing need improvement.""The scalability could be better.""Palo Alto has a feature called WildFire Analysis that is unavailable in FortiGate. WildFire is better than a sandbox because it can address zero-day threats and vulnerabilities. It can immediately identify zero-day threats from the cloud.""Their software support needs improvement. I would prefer to have better support for bug fixes. Sometimes, we open a ticket, and it is very difficult to get a solution. Specifically, we are not at all happy with their support for load balancing.""The solution could be more secure and stable."

More Fortinet FortiGate Cons →

"With Palo Alto Networks VM-Series, it is hard for me to manage its network configuration part.""There could be dynamic DNS features similar to Fortinet in the product.""We feel that the setup was complex. So, we asked the tech team about the setup process. They explained how to deploy it in the right way, which made it very simple.""There are some delays that I have observed when my company communicates with Palo Alto's support engineers.""Palo Alto Networks VM-Series needs to improve its order process.""There's room for improvement in terms of integration with the load balancer. It isn't like Fortinet, which has a load balancer built into its firewall. It is effortless to integrate within the load balancer-plus-firewall solution.""The product's AIOps process needs improvement.""The web interface is very slow, and it needs to be faster."

More Palo Alto Networks VM-Series Cons →

Pricing and Cost Advice
  • "I had to pay for the license for the firewall, but it is guaranteed to have updates. I expect a good service for it. It was about €1000 for a year, and there was no additional cost."
  • "It is more expensive than Sophos. Fortinet is overall more expensive than Sophos. The small range of Fortinet, such as 60F and 80F, is more expensive than the small range of Sophos. Sophos is cheaper. In addition, if you jump from 80F Series to 100F Series, the price doubles."
  • "The license is yearly. We pay for the top end. It's called 360."
  • "Here in Brazil, we're going through difficult economic times and the tax on the dollar is high. All the solutions from minor competitors are growing in the market. The prices have come more competitive."
  • "Licensing for Fortinet FortiGate is on a yearly basis. Pricing for it is a bit high. It could be cheaper."
  • "The licensing scheme of Fortinet is better than Cisco. It is more logical."
  • "The solution requires a license annually, it is not a user license, you can have as many users as your want. I must renew the license regularly per device."
  • "It was probably about $2,500 per firewall. It was all included. It included support, services, threat management software, and 24/7 FortiCare on it. Cisco products are more expensive."
  • More Fortinet FortiGate Pricing and Cost Advice →

  • "Palo Alto definitely needs to be more competitive compared to other products. The problem that I have faced is that the price of licensing is very high and not very competitive."
  • "Initially, pricing was high. Later on, we were able to negotiate the pricing and get something that fits our budget."
  • "This is not the cheapest firewall but it's not the most expensive of the options on the market."
  • "Palo Alto Networks VM-Series is notably cheaper than other firewall vendors, except Fortigate."
  • "The product's most valuable feature is pricing."
  • "It is an expensive product."
  • "The solution is expensive. I rate its pricing a three out of ten."
  • "I rate Palo Alto Networks VM-Series pricing an eight out of ten."
  • More Palo Alto Networks VM-Series Pricing and Cost Advice →

    Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
    745,341 professionals have used our research since 2012.
    Answers from the Community
    Tarun Mehta
    Darshil Sanghvi - PeerSpot reviewerDarshil Sanghvi

    Hello Tarun, we have been designing solutions with Palo Alto Networks NGFW for 6 years now and we have 95%+ customer retention. 

    I would suggest looking into customer requirement on the basis of the following things, and priority is given by the customer:

    1. Internet Bandwidth
    2. No. Of users - In-house and users connecting from home/outside organization network.
    3. Security features required - Sandoxing, DNS Security, etc.
    4. Port density required on the firewall.
    5. SSL decryption.
    6. Deployment - On-prem or virtual DC or on Cloud.
    7. HA requirement
    8. MFA requirement
    9. Local presence of Palo Alto/Fortinet expert team.
    10. Integration for other (operational) solutions like SD-WAN, Load balancer, etc
    11. Integration with other security solution like EDR/XDR or XSOAR
    12. Customer's current solution (firewall/UTM and engineers/IT team working on it).
    13. Customer's current IT Team strategy
    14. Customer future IT strategy (to move on the cloud, etc)
    15. Customer's growth and scalability in 5 years.
    16. Reporting and logging requirement.
    17. Customer's budget for IT Security.

    Well, I guess with these parameters, and customer's priority you can recommend them a suitable solution.

    Palo Alto NGFW will be best recommended for the following:
    1. Deployment on the cloud - It has a very stable PANOS for VM-Series
    2. Security Innovations - Considering security, in terms of today and future, Palo Alto is disruptive and groundbreaking.
    3. Predictive Bandwidth - Palo Alto NGFW gives us Predictive bandwidth, and hence, once sized, it will last longer than defined. The throughput numbers are test cases of real-world scenarios, and after enabling all the features. It operates on its patented SP3 architecture and defines device throughput after enabling all security features and operational functionalities.
    4. Integration with EDR/XDR and SOAR/XSOAR platforms.
    5. User/SSL VPN - When you are planning for SSL VPN on Palo Alto NGFW, it will not charge you additionally for users connecting their Windows or MAC systems on NGFW over SSL VPN. For users that are Android/IOS/Linux/etc, and required additional HIP checks and Clientless VPN, there is a single subscription you will need to purchase.
    6. Sandboxing - Palo Alto came up with Wildfire which is a threat intel cloud, which can be termed as Palo Alto Network's Sandboxing solution, but it does much more than that. it has a response SLA of 5 mins, where it can convert any unknown to known in 5 minutes or less. Also, after it identifies the file, it auto-updates other engines like URL filtering, DNS Security, Anti-Spyware, Bad IP and Domain list, CNC tunnel signatures.
    7. Reporting and alerting - Foremost reason why users started implementing Palo Alto firewalls inside their network was to get the visibility - in terms of User-level visibility, Network traffic (depth to application layer), and Content (files and threats) level visibility. Also, logging and reporting is provisioned on the appliance itself and no additional subscription or any appliance is required, unless the customer requires the storage of logs for more time frame. The NGFW also co-relates all the events and alerts to give critical visibility like Botnets and hosts and users accessing malicious websites, or resolving malicious domains.
    8. EDL - again external dynamic lists(EDL) helps you reduce the attack surface by minimizing the traffic to and from Malicious and Bad - IPs and Domains. This list is automatically updated by Palo Alto Networks by default by its threat research teams (Unit 42), Threat Intel (Wildfire), DNS Security module, and other sources. It has also a provision for you and/or the customer to integrate other third-party URL lists to be blocked.
    9. Security features:
    -- DNS filtering - by intercepting DNS traffic, you will not need any additional solution and/or modification in your current network for protection against threats related to DNS traffic. Its DNS module is cloud-based and tightly integrated with other modules and features of NGFW.
    -- Credential phishing - This feature will avoid users sharing/uploading their credentials which are the same to access internal resources and external websites. This will prevent the leak of user credentials.
    -- ML Powered NGFW - Currently, PA NGFW is the only firewall powered by ML to prevent unknown threats in real-time.
    10. Application layer firewall - complete identification of all and any traffic based on application rather than port and protocol. Not only the known but also if the application is not identified it will classify that traffic as unknown. Also, you can create a custom application as required.
    and many more...

    Benefits in Fortigate firewall will be:
    1. More port density.
    2. Better SD-WAN configuration
    3. Easy User interface and hence lacks granular controls.
    4. Provides seamless integration with FortiToken for MFA(additional cost).
    5. Seamless integration with Forti Load balancer.
    6. Low cost (than Palo Alto least).

    Darshil Sanghvi

    João Garcia - PeerSpot reviewerJoão Garcia
    Real User

    Palo Alto, Fortinet, and Checkpoint are the best NGFW. You can choose one of them.

    The Fortinet advantage is the Security Fabric. Many other Fortinet's products (switches, AP, EDS, XDR, DDoS, FortiClient, etc) are integrated and a Fortigate can communicate with another product to block an attack.  

    reviewer1461459 - PeerSpot reviewerreviewer1461459 (Team Lead Network Infrastructure at a tech services company with 1-10 employees)
    Real User

    Because PA has FPGA based architecture, which no other firewall has, due to this firewall processes the traffic from all the engines simultaneously. it increase efficiency of the product and provides way better throughput as compare to other vendors. The performance of security engines of PA are better then other vendors. PA provides on-box reporting, you have to purchase forti-analyzer separately for reporting in fortinet. PA provides granular view of policies, providing insight to you which policies are used in and which are not. it also provides you the feature, that tells you which of the firewall's features are not being utilized, this way you can plan your renewal to only purchase the feature you need. 

    Cesar Beut - PeerSpot reviewerCesar Beut
    Real User

    I have FortiGates and the last upgrade of firmware cut internet traffic if you use Inspection Mode Proxy-Based, recommended and more secure, you have to use Flow-based, less secure. I don't work with Palo Alto

    CristianoLima - PeerSpot reviewerCristianoLima

    I strongly recommend Sophos XG Firewall.
    Take a look
    Sophos Firewall: Synchronized Next-Gen Firewall

    AnkitMittal - PeerSpot reviewerAnkitMittal
    Real User

    I think you can go with Palo Alto...

    Alejandro Ortega - PeerSpot reviewerAlejandro Ortega
    Real User

    Palo Alto

    Questions from the Community
    Top Answer: When you compare these firewalls you can identify them with different features, advantages, practices and usage at large. In my opinion, Fortinet would be the best option and l use Fortinet too.… more »
    Top Answer:From my experience regarding both the Sophos and FortiGate firewalls, I personally would rather use FortiGate. I know the firewalls change every 5 to 7 years as stated but you really do need to… more »
    Top Answer:As a solution, Sophos UTM offers a lot of functionality, it scales well, and the stability and performance are quite good. The most valuable features for me are their web and email filtering. I would… more »
    Top Answer:In the best tradition of these questions, Feature-wise both are quite similar, but each has things it's better at, it kind of depends what you value most PA is good at app control, web filtering and… more »
    Top Answer:Both products are very stable and easily scalable The setup of Azure Firewall is easy and very user-friendly and the overall cost is reasonable. Azure Firewall offers a solid threat awareness, can… more »
    Top Answer:The main advantage of Palo Alto Networks VM-Series stems from the fact that you can access it with the help of cloud services.
    out of 54 in Firewalls
    Average Words per Review
    out of 54 in Firewalls
    Average Words per Review
    Also Known As
    FortiGate 60b, FortiGate 60c, FortiGate 80c, FortiGate 50b, FortiGate 200b, FortiGate 110c, FortiGate
    Learn More

    Fortinet FortiGate is an innovative line of firewalls that aim to protect organizations from all types of web-based network threats. They come in a wide variety of product types. Fortinet FortiGate’s solutions are available in a large range of sizes and form factors and are key components of the Fortinet Security Fabric, which enables immediate, intelligent defense against known and new threats throughout the entire network.

    Fortinet FortiGate provides users with next-generation firewall solutions that provide proven protection with unmatched performance across the network, from internal segments to data centers to cloud environments. You can protect every part of your network without exception. Additionally, your protections can be managed from a single central location. This ensures that the task of protecting your network is infinitely easier to accomplish.

    Benefits of Fortinet FortiGate

    Some of the benefits of using Fortinet FortiGate include:

    • The ability to manage your firewalls from a centralized automated control console. Fortinet FortiGate’s FortiManager enables administrators to exercise control of their firewalls in a streamlined manner. Administrators have full visibility and control over their system from a single location. It utilizes automation that collects information in real time, which greatly simplifies and reduces the cost of running various types of workflows. Administrators can free up resources by automating the most basic tasks.
    • The ability to produce uniform, appropriate, and coordinated responses to threats across networks. Fortinet FortiGate’s FortiGuard feature generates system protections in near real time. This allows administrators to address threats to the system with custom-made solutions that can be uniformly enforced.
    • The ability to scale up your security to fit your changing security needs. Fortinet FortiGate’s design allows users to accelerate the transfer of data between users and escalate the number of users that are covered without compromising security of performance. This means that users can grow their networks and continue to collaborate without worrying about the system slowing down or coming under attack.

    Reviews from Real Users

    Fortinet FortiGate’s firewall solutions are cutting edge. They stand out from competitors for a number of reasons. Two major ones are the robustness and power of their firewalls. Fortinet FortiGate’s firewall provides users with many valuable features that allow them to maximize what they can do with the solution. These firewalls enable users to use a single piece of software to accomplish tasks that often require the use of multiple pieces of software.

    PeerSpot user Eric S., a Solutions Engineer and Consultant at a tech-services company, notes the robustness of this solution when he writes, "One of the nice things about FortiGate is that it can be deployed on the cloud or on-premises. You can actually do both. That's the biggest reason why I stick with this solution as opposed to something like Cisco Meraki. Another nice thing is that I can log directly into a FortiGate or get to it through their FortiCloud access products. They're pretty reliable and consistent. One of the reasons why I started using the product was their single pane of management. I can deploy their line of firewalls in conjunction with their switching and access points, and I can manage the entire network from one interface.”

    PeerSpot user Jim M., a network admin at Penobscot Valley Hospital, notes the power of Fortinet FortiGate’s security software when he writes, "It does a lot for you for intrusion protection and as an antivirus. The threat management bundle is worth the money. You don't need another company to monitor your web traffic for you. You can do everything yourself on the firewall. You restrict your own black list for people on the firewall.”

    Palo Alto Networks VM-Series is a highly effective advanced threat protection (ATP) solution and firewall that can be hosted on cloud computing technologies designed by many different companies. It decreases the amount of time that it will take administrators to respond to threats. Users that deploy VM-series have 70% less downtime than those who use similar firewalls. Neither protection nor efficiency are concerns when this next-generation firewall is in play.

    Palo Alto Networks VM-Series Benefits

    Some of the ways that organizations can benefit by choosing to deploy Palo Alto Networks VM-Series include:

    • Deployment flexibility. VM-Series can be deployed to protect both public and private cloud environments. This level of flexibility empowers organizations to run the environment or environments that best meet their needs without worrying that they are going to be exposed to digital threats due to the environment that they chose. 
    • Ease of use. In the public cloud, users of Palo Alto Networks VM-Series can automate their deployment and dynamically scale up their environment while experiencing a consistent level of protection. This dynamic scalability means that they also integrate their security into their DevOps workflows so that their security can keep up with their activities and requirements. Users of private cloud environments can set up security policies that can be automated to be provisioned as the need arises. Organizations don’t need to slow down when they deploy VM-Series because it makes the task of defending them so simple that they can set their defenses and forget that they are even there.
    • Detect and stop even the trickiest threats. Users gain a deep level of visibility when they deploy Palo Alto Networks VM-Series. App-ID technology enables organizations to see their network traffic on the application level and spot threats that might be trying to sneak in through vulnerable points in their defenses. It also leverages Palo Alto Networks WildFire and advanced threat protection to block the threats before they can escalate.

    Palo Alto Networks VM-Series Features

    Some of the many features Palo Alto Networks VM-Series offers include:

    • Central management system.  It comes with a central management system that enables users to set up and control their security operations from one location. Users don’t need to search for the tools that they need. This system allows for security consistency and complete control without requiring businesses to spend large periods of time to do so.
    • Blacklisting and whitelisting. Organizations can utilize blacklisting and whitelisting tools to ensure that their network traffic only contains the type of traffic that they want to be present. These tools make it possible for them to set specific web traffic sources as being either undesirable and thus blocked from entering their network or desirable and thus allowed to enter. 
    • Automation feature. The product’s automation feature can automate many critical functions that users would otherwise have to handle manually. Security policy updates are an example of a function that users can automate.

    Reviews from Real Users

    Palo Alto Networks VM-Series is a solution that stands out when compared to other similar solutions. Two major advantages that it offers are its ability to protect users without degrading the efficiency with which their networks perform and its centralized management system. 

    Jason H., the director of information technology at Tavoca Inc, writes, “There is no noticeable trade-off between security and network performance. In fact, so far, we've not seen any negative network performance with it. We're very impressed in that regard.”

    An information technology manager at a tech services company says, “We use Palo Alto’s Panorama centralized management system. We have an on-prem firewall where Panorama is very good for pulling logs in from the cloud so we can see what is going on. It gives us visibility into that as well as shows us what attacks are coming in. Palo Alto’s Panorama centralized management system simplifies our security posture based on our requirements. Instead of manually pulling logs, then generating them into readable formats, it gives us the console in a readable format to view.”

    Learn more about Fortinet FortiGate
    Learn more about Palo Alto Networks VM-Series
    Sample Customers
    Pittsburgh Steelers, LUSH Cosmetics, NASDAQ, Verizon, Arizona State University, Levi Strauss & Co. Whitepaper and case studies here
    Warren Rogers Associates
    Top Industries
    Comms Service Provider16%
    Computer Software Company9%
    Financial Services Firm8%
    Manufacturing Company7%
    Educational Organization21%
    Computer Software Company15%
    Comms Service Provider8%
    Manufacturing Company5%
    Computer Software Company18%
    Manufacturing Company18%
    Financial Services Firm14%
    Computer Software Company16%
    Financial Services Firm10%
    Manufacturing Company6%
    Company Size
    Small Business48%
    Midsize Enterprise23%
    Large Enterprise30%
    Small Business27%
    Midsize Enterprise32%
    Large Enterprise41%
    Small Business39%
    Midsize Enterprise27%
    Large Enterprise34%
    Small Business24%
    Midsize Enterprise14%
    Large Enterprise61%
    Buyer's Guide
    Fortinet FortiGate vs. Palo Alto Networks VM-Series
    November 2023
    Find out what your peers are saying about Fortinet FortiGate vs. Palo Alto Networks VM-Series and other solutions. Updated: November 2023.
    745,341 professionals have used our research since 2012.

    Fortinet FortiGate is ranked 2nd in Firewalls with 110 reviews while Palo Alto Networks VM-Series is ranked 9th in Firewalls with 13 reviews. Fortinet FortiGate is rated 8.4, while Palo Alto Networks VM-Series is rated 8.6. The top reviewer of Fortinet FortiGate writes "Efficient, user-friendly, and affordable". On the other hand, the top reviewer of Palo Alto Networks VM-Series writes "Many features are optimized for troubleshooting real-time scenarios, saving a lot of time". Fortinet FortiGate is most compared with Sophos XG, Cisco Secure Firewall, Netgate pfSense, Meraki MX and Check Point NGFW, whereas Palo Alto Networks VM-Series is most compared with Azure Firewall, Fortinet FortiGate-VM, Cisco Secure Firewall, Palo Alto Networks NG Firewalls and Juniper SRX Series Firewall. See our Fortinet FortiGate vs. Palo Alto Networks VM-Series report.

    See our list of best Firewalls vendors.

    We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.