We performed a comparison between pfSense and Fortinet Fortigate based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Based on the parameters we compared, it seems that pfSense is the more favorable solution because it is open source and also offers great features.
"The most valuable feature would be ASDM. The ability to go in, visualize and see the world base in a clear and consistent manner is very powerful."
"The initial setup was not complex."
"This solution helped us to identify the key areas where we need to focus to block traffic that is malicious to our organization."
"The most valuable features of this solution are advanced malware protection, IPS, and IDS."
"The clusters in data centers are great."
"If configured, Firepower provides us with application visibility and control."
"Cisco ASA provides us with very good application visibility and control."
"The command line is the same as it is on the Cisco iOS router."
"The user interface (UI) is very, very good."
"The most valuable features of Fortinet FortiGate are the ability to work in proxy mode, which other solutions, such as Palo Alto cannot. There are some features that are better that come at no extra license or subscriptions cost, such as basic SD-WAN. The DLT is useful, other solutions have the same feature too, such as Palo Alto."
"The integration with Active Directory is one of the good features. Most of the customers are now looking for the Single Sign-on feature. So, being able to integrate Active Directory with the firewall is useful. It is also easy."
"The solution is extremely reliable."
"The most useful functionality of Fortinet FortiGate is the user interface, multiple engines, and their cloud with the latest integrations. Additionally, the Security Fabric tool is very good."
"It is easy to manage, and it doesn't need much knowledge from the team. It is a stable device, and there are many features that are included out of the box."
"Fortinet FortiGate has many valuable features, such as IDS, and intrusion detection. It has security features that are in part with the technologies that are available in the market."
"It's user-friendly and easy to operate."
"A valuable feature is that the solution is open source."
"I have found pfSense to be stable."
"I'm the expert when it comes to Linux systems, however, with the pfSense, due to the web interface, the rest of the staff can actually make changes to it as required without me worrying about whether they've opened up ports incorrectly or not. The ease of use for non-expert staff is very good."
"It is a very good solution for enterprises that need a VPN for their employees. It is the best way to provide a remote work facility to employees at a very low cost. Other solutions that I have had in the past were very expensive. Enterprises don't always have that kind of money to invest."
"pfSense is easy to use, has user-friendly dashboards, and useful blocking features."
"I especially like the VPN part. It works like a charm."
"The intrusion detection feature is the most valuable. It is an open-source firewall, so there is a lot of material on it. I also find the open VPN capability very nice. It is pretty customizable. The clustering and the high availability are the two biggest things to be able to get out of a firewall."
"The solution has good customization abilities and plenty of features."
"The price and SD-WAN capabilities are the areas that need improvement."
"If the implementation was easier, it would be a lot better for us."
"It's mainly the UI and the management parts that need improvement. The most impactful feature when you're using it is the user interface and the user experience."
"The initial setup could be simplified, as it can be complex for new users."
"If they want to add better features to the current Cisco ASA, they can start by increasing the encryption. That is the only thing they need to improve."
"Cisco Firepower NGFW Firewall can be more secure."
"It can be improved when it comes to monitoring. Today, the logs from the firewalls could be improved a bit more without integrating with other devices."
"Cisco makes horrible UIs, so the interface is something that should be improved."
"Fortinet FortiGate is a firewall solution and once it's deployed, you can rest assured that your system is secure."
"FortiGate support could do some improvements on their IPv6 configuration. Right now it's still in the very early stage for utilizing in an enterprise level network environment."
"The integration with third-party tools may be something that they should work on."
"The solution needs to improve its integration with cybersecurity."
"The solution could be more evenly structured."
"Currently, FortiGate is providing SSL VPN. But they're missing some features that are available in Palo Alto's SSL VPN."
"It is very expensive, and their support is not very good. I hope that their technical support will be better in the future."
"Fortinet FortiGate can be integrated with different platforms. They have integrations in place, but I can't say they're 100%."
"ClamAV AntiVirus can cause some crashes. That service should be improved."
"The integration of pfSense with EPS and EDS could be better. Also, it should be easier to get reports on how many users are connecting simultaneously and how sections connect in real-time."
"In terms of areas of improvement, the interface seemed like it had a lot. The GUI interface that I had gotten into was rather elaborate. I don't know if they could zero in on some markets and potentially for small, medium businesses specifically, give them a stripped-down version of the GUI for pfSense."
"The stability could be improved."
"Also, the GUI is helpful, but it's not user-friendly. It's complicated. It should be more intuitive for the average user and have an excellent graphical view. Of course, the user will typically know about network administration, but it still should be easy to understand."
"This solution is good for small businesses but it is not as stable as other competitors such as Fortinet."
"The user interface can be improved to make it easier to add more features. And pfSense could be better integrated with other solutions, like antivirus."
"Their support could be better in terms of the response time."
Fortinet FortiGate is ranked 1st in Firewalls with 149 reviews while pfSense is ranked 3rd in Firewalls with 54 reviews. Fortinet FortiGate is rated 8.4, while pfSense is rated 8.6. The top reviewer of Fortinet FortiGate writes "Stable, easy to set up, and offers good ROI". On the other hand, the top reviewer of pfSense writes "Feature-rich, well documented, and there is good support available online". Fortinet FortiGate is most compared with Sophos XG, Check Point NGFW, Meraki MX, WatchGuard Firebox and SonicWall TZ, whereas pfSense is most compared with OPNsense, Sophos XG, Untangle NG Firewall, Sophos UTM and WatchGuard Firebox. See our Fortinet FortiGate vs. pfSense report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
PFSense or Fortinet... That would depend on your used case....
We are using pfSense for the past two years and it does mostly what you would expect of a firewall... Captive portal, site-to-site VPN, TLS based VPN, IPsec VPN, SNORT, Suricata, ACME, port forwarding, NAT, CA, DHCP, DHCP relay, VLANS, Bridges, LAGG, LACP, etc... etc...
Most of all, no paid licenses anywhere as it is open source and free... Support can be purchased but I personally never needed it so far...
The only downside is that you need to be highly technical to get it working as per your needs... Also, a lot of docs in Google/YouTube (though a bit of scouting and navigating through bugs is required) to get things moving assuming you already know firewalls as a concept...
With a Fortinet, in case you have the money to pay and justify the need for it, then it's worth going for because they will support you as long as they keep getting paid... In our case (in our small SMB), I have not yet come across a need to move away from pfSense because it basically does what it is supposed to do...
It has been running with us for almost two years with no reasons for complaints... Again, it's my own personal opinion...
PfSense is the only product that would perform in a Symmetric NAT. Painful but OS-fingerprinting and impossible to do UDP NAT hole punching. Skype, Zoom uses that and even Kerio Operator, but that is all.
It is a very broken product and when you need IPS (the " free one" is 30 days old database) you need to pay Cisco for Snort... I would not use pfSense on its own. Period.
Fortinet is one of the best products. Lots of other things rely on one CPU to do the job. Sophos & pfSense (just to name a few) when you start adding inspection modes it is like having a 3 tonnes car with a 2 cylinder engine. The CPU goes to 90%.
Fortinet has been ultra clever from day number one to have custom chips to do the work in hardware, so throughput with all protection features can happen without suffering speed of service to users, compare to others.
The new OS7 is very good.
So, I would not touch pfSense. It Is like comparing a Toyota Yaris to a Kia K 900 car. Sort to speak.
Many people said that depends on your needs, and I agree.
Fortinet and many other vendors are more than a set of level 2 or level 3 rules. They also have IPS, Antivirus, SSL Inspection, stateful inspection.
If I have to choose between Fortinet and pfSense for my company, I would think twice. Fortinet.
Fortinet’s Fortigate is a firewall solution we use and are very much satisfied with its performance. We find Fortigate both cost-effective and efficient. One of the features we like most is that Fortigate can secure our infrastructure against known and unknown attacks. Unlike other firewalls we tried, it has a user-friendly interface. It is easy to create policies, and we can define security profiles and rules. Other features include a remote VPN, advanced malware protection, comprehensive logging, and IPS.
Fortigate also has some room for improvement. The command line is not easy, so it requires expertise with CLI commands. Additionally, it is not easy to configure. All told, though, it is a robust firewall and gives value for the price.
Previously we tried pfSense, and although it is a strong solution, it doesn’t combine Fortigate’s advantages. Sure, pfSense is free and open-source. You cannot be more cost-effective than that. But sometimes you get what you pay for. PfSense’s main advantage is its flexibility as a firewall and routing platform. Another advantage you get with pfSense is that it is customizable.
PfSense offers most features basic firewalls offer, like stateful packet inspection. I find it a bit stuck in time, though, with almost none of the features you find in next-generation firewalls. The interface is a bit clumsy, it has lots of bugs, and there seems to be no documentation available.
Conclusions
If you are looking for a basic firewall at a lower possible price, you may go with PfSense. It offers basic features and is easy to configure, and if you don’t mind the bugs, it is an excellent place to start. However, if you are looking for something more powerful with advanced features, I would suggest you consider Fortinet’s Fortigate. It offers advanced firewall functions and is still cost-effective for small businesses. Yes, it has a bit of a learning curve, but in my opinion, it is worth it.