We performed a comparison between Palo Alto Networks and pfSense based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: pfSense has an edge in this comparison as it is a free, open-source solution while Palo Alto Networks is considered expensive by its users.
"From the firewall perspective, the rules and policies are very sufficient and easy to use."
"Fortinet FortiGate is stable. It's used across all the countries, this is the way most multinationals run their system."
"It works very well. It has a lot of different functionalities. Its cost is also fine for our customers."
"The inspection and web security features are most valuable."
"Security solution with a straightforward and quick setup. It's a stable and scalable product."
"Fortinet FortiGate is a stable solution."
"We purchased Fortinet because of the pricing, its functionality, because it met our requirements, and the total cost of ownership over five years was quite reasonable. In the market, Fortinet is rated quite well."
"Their interface is very easy to use, it is without bugs."
"I like pfSense's security features."
"The initial setup was simple and fast."
"Some of the terminologies were more familiar to me than it was when I first encountered Cisco."
"It is very easy to use. The interface is quite understandable. There is a good community, and I can take over at any time I want. If there is anything wrong with it, I could just reinstall the whole thing and start all over again, and I'll be up again in less than a few minutes"
"What I found most valuable is the cost of the platform, the flexibility of the platform, and the fact that the ongoing fees are not there as they are with the competitor. Some people may think you're taking a risk with using Opensource. I think it just provides the end user, specifically for us small, medium business providers of services, the flexibility we need at the right cost to provide them a higher end, almost enterprise type service."
"Technical support is perfect, excellent."
"I have found pfSense to be stable."
"pfSense allows us to spread the hours of connection and do the filtering on the pfSense site."
"I like all the threat alerts and WildFire. I also like scanning because everything that comes into our network via customers is scanned. We're an electric company, so every one of the bills is scanned and emailed in and out of our network."
"The packet level inspection is the most valuable feature. The traffic restriction features allow us to restrict the sub-features of any platform."
"The WildFire reporting and Cortex XDR platform have huge infrastructures in the cloud that secures the network against threats. So, we have the potential on the system, specifically for users, where we take care of this since the user is the most dangerous. We get reports back from WildFire on a minute-by-minute basis, rather than a daily or weekly update like I used to with different AV vendors. These features can detect viruses and malware more quickly, which is super important."
"Decryption is one of Palo Alto Networks NG Firewalls' best features because we can decrypt by category. For instance, we can decrypt everything except for bank traffic so that we don't interfere with the passwords and two-factor authentication of those checking their bank accounts at work. We can still monitor for malware and other threats that come through a secure channel. It's seamless for users. The URL filtering and IPS are both great as well."
"I can enable the features I want and configure the policies based on the user and not all users and network traffic, making firewall management much easier."
"Palo Alto Networks NG Firewalls enabled us to have better visibility overall."
"It has a unique approach to packet processing. It has single-pass architecture. We can easily perform policy lookups, application decoding, and integration or merging. This can be all done with a single pass. It effectively reduces the amount of processing required to perform multiple actions. This is the main advantage of using Palo Alto."
"The centralization capability is the most valuable feature of this solution as it enables us to monitor our systems efficiently."
"There can be more security in hybrid implementations. When a customer has a hybrid environment where some parts are in the cloud, we need a consistent security solution for such scenarios."
"When we cluster the two Fortinet FortiGate boxes together we have some issues."
"Fortinet FortiGate is a firewall solution and once it's deployed, you can rest assured that your system is secure."
"The pricing could always be better."
"The solution can have more features in a single box that can be multi-applied to integrate everything."
"The firmware needs improvement because there are bugs when a new release comes through. Sometimes, the configuration changes, and it's a bit harder to see where the fail is. The first time that you have the firmware, it tends to have some issues, and it's better to wait a bit to update the equipment."
"The support system could be improved."
"Fortinet should focus on enhancing the capabilities of FortiGate by consolidating its various products, such as FortiGate Cloud, FortiManager, and FortiAnalyzer."
"It was difficult to configure our web printer through the solution. This process could be easier. Additionally, integration with SD-WAN solution."
"Other solutions provide more scope for growth. For instance, we can have only 10 to 20 employees on VPN, but other solutions can support more users. We also have more capabilities to increase the performance of the solution."
"In terms of areas of improvement, the interface seemed like it had a lot. The GUI interface that I had gotten into was rather elaborate. I don't know if they could zero in on some markets and potentially for small, medium businesses specifically, give them a stripped-down version of the GUI for pfSense."
"The solution’s interface must be improved."
"The solution could improve by having centralized management and API support online."
"pfSense could improve by having a sandboxing feature that I have seen in SonicWall. However, maybe it is available I am not aware of it."
"The integration should be improved."
"There could be a way to remote to it through a mobile app. You can always browse through your browser on your mobile phone or tablet, but it would be good to have a dedicated app. I understand that iOS and Android developers are expensive, but there should be a mobile app."
"When we looked at it originally, we needed to host the Panorama environment ourselves. I would prefer it if we could take this as a service. It might be that it is available, but for some reason we didn't choose it. The downsides of hosting are that we need to feed and water the machines. We are trying to move to a more SaaS environment where we have less things in our data centers, whether they be in our cloud data centers or physical data centers, which can reduce our physical data center footprint."
"The performance of the Panorama interface needs to be improved. It tends to be very sluggish at times."
"There is a bit of limitation with its next-generation capabilities. They could be better. In terms of logs, I feel like I am a bit limited as an administrator. While I see a lot of logs, and that is good, it could be better."
"The reporting and visibility are phenomenal, but you don't get that information out of the box. They can email reports regularly, and the functionality is all there. However, a lot of it is based on an older model for email, where customers have in-house email servers. The small and medium-sized business customers I deal with are moving toward Office 365 or some other cloud-based mail and not maintaining their own internal mail servers."
"It is a complete product, but the SSL inspection feature requires some improvements. We need to deploy certificates at each end point to completely work out the UTM solutions. If you enable SSL encryption, it is a tedious process. It takes a lot of time to deploy the certificates to all endpoints. Without SSL inspection, UTM features will not work properly. So, we are forced to enable this SSL inspection feature."
"Palo Alto Networks NG Firewalls don't provide a unified platform that natively integrates all security capabilities. It's missing some features for geofencing and understanding locations."
"Palo Alto is like Microsoft. It has varied features, but it's too technical. A lot of the features could be simplified. The procedure, process, features, and usability could be more simple."
"The pricing could be improved. They need to work on the setup over the firewall, VLAN, and PPPoE."
More Palo Alto Networks NG Firewalls Pricing and Cost Advice →
Netgate pfSense is ranked 2nd in Firewalls with 22 reviews while Palo Alto Networks NG Firewalls is ranked 6th in Firewalls with 79 reviews. Netgate pfSense is rated 8.6, while Palo Alto Networks NG Firewalls is rated 8.8. The top reviewer of Netgate pfSense writes "Feature-rich, well documented, and there is good support available online". On the other hand, the top reviewer of Palo Alto Networks NG Firewalls writes "Provides zero trust implementation, more visibility, and eliminated security holes". Netgate pfSense is most compared with OPNsense, Sophos XG, Untangle NG Firewall, Sophos UTM and Check Point NGFW, whereas Palo Alto Networks NG Firewalls is most compared with Azure Firewall, Check Point NGFW, Meraki MX, Sophos XG and Cisco Secure Firewall. See our Netgate pfSense vs. Palo Alto Networks NG Firewalls report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.