2021-08-19T07:45:00Z
Netanya Carmi - PeerSpot reviewer
Content Manager at PeerSpot (formerly IT Central Station)
  • 5
  • 707

How do I choose between Fortinet FortiGate and pfSense?

5
PeerSpot user
5 Answers
Real User
Top 5
2021-10-07T14:03:28Z
Oct 7, 2021

Fortinet’s Fortigate is a firewall solution we use and are very much satisfied with its performance. We find Fortigate both cost-effective and efficient. One of the features we like most is that Fortigate can secure our infrastructure against known and unknown attacks. Unlike other firewalls we tried, it has a user-friendly interface. It is easy to create policies, and we can define security profiles and rules. Other features include a remote VPN, advanced malware protection, comprehensive logging, and IPS.


Fortigate also has some room for improvement. The command line is not easy, so it requires expertise with CLI commands. Additionally, it is not easy to configure. All told, though, it is a robust firewall and gives value for the price.


Previously we tried pfSense, and although it is a strong solution, it doesn’t combine Fortigate’s advantages. Sure, pfSense is free and open-source. You cannot be more cost-effective than that. But sometimes you get what you pay for. PfSense’s main advantage is its flexibility as a firewall and routing platform. Another advantage you get with pfSense is that it is customizable.


PfSense offers most features basic firewalls offer, like stateful packet inspection. I find it a bit stuck in time, though, with almost none of the features you find in next-generation firewalls. The interface is a bit clumsy, it has lots of bugs, and there seems to be no documentation available.



Conclusions


If you are looking for a basic firewall at a lower possible price, you may go with PfSense. It offers basic features and is easy to configure, and if you don’t mind the bugs, it is an excellent place to start. However, if you are looking for something more powerful with advanced features, I would suggest you consider Fortinet’s Fortigate. It offers advanced firewall functions and is still cost-effective for small businesses. Yes, it has a bit of a learning curve, but in my opinion, it is worth it.

Product comparison that may be of interest to you
Leon Pinto - PeerSpot reviewer
Consultant and Head of Services at ILANZ LLC
Consultant
Top 10
2021-10-11T12:23:11Z
Oct 11, 2021

PFSense or Fortinet... That would depend on your used case....


We are using pfSense for the past two years and it does mostly what you would expect of a firewall... Captive portal, site-to-site VPN, TLS based VPN, IPsec VPN, SNORT, Suricata, ACME, port forwarding, NAT, CA, DHCP, DHCP relay, VLANS, Bridges, LAGG, LACP, etc... etc... 


Most of all, no paid licenses anywhere as it is open source and free... Support can be purchased but I personally never needed it so far...


The only downside is that you need to be highly technical to get it working as per your needs...  Also, a lot of docs in Google/YouTube (though a bit of scouting and navigating through bugs is required) to get things moving assuming you already know firewalls as a concept...  


With a Fortinet, in case you have the money to pay and justify the need for it, then it's worth going for because they will support you as long as they keep getting paid... In our case (in our small SMB), I have not yet come across a need to move away from pfSense because it basically does what it is supposed to do... 


It has been running with us for almost two years with no reasons for complaints... Again, it's my own personal opinion...

Richard Benfatto - PeerSpot reviewer
Networking Security Expert at SR Technologies
User
Top 5
2021-10-12T08:09:42Z
Oct 12, 2021

PfSense is the only product that would perform in a Symmetric NAT. Painful but OS-fingerprinting and impossible to do UDP NAT hole punching. Skype, Zoom uses that and even Kerio Operator, but that is all.


It is a very broken product and when you need IPS (the " free one" is 30 days old database) you need to pay Cisco for Snort... I would not use pfSense on its own. Period.


Fortinet is one of the best products. Lots of other things rely on one CPU to do the job. Sophos & pfSense (just to name a few) when you start adding inspection modes it is like having a 3 tonnes car with a 2 cylinder engine. The CPU goes to 90%.


Fortinet has been ultra clever from day number one to have custom chips to do the work in hardware, so throughput with all protection features can happen without suffering speed of service to users, compare to others.


The new OS7 is very good.


So, I would not touch pfSense. It Is like comparing a Toyota Yaris to a Kia K 900 car. Sort to speak.

JA
Project Manager at a tech services company with 51-200 employees
Real User
2021-10-12T15:07:21Z
Oct 12, 2021

I will choose FortIGate. It is a complete hardware and software and integrated solution for IT security and threat management

João Garcia - PeerSpot reviewer
Solutions Architect at a tech services company with 51-200 employees
Real User
Top 5
2021-10-12T15:04:34Z
Oct 12, 2021

Many people said that depends on your needs, and I agree.


Fortinet and many other vendors are more than a set of level 2 or level 3 rules. They also have IPS, Antivirus, SSL Inspection, stateful inspection.


If I have to choose between Fortinet and pfSense for my company, I would think twice. Fortinet.

Related Questions
MF
User at Sameh Electronics (SamehGroup)
Jun 6, 2022
Hi security and IT pros, Which firewall product would you choose for your company: FortiGate 200F or Sophos XG 310? Why this would be your choice? Thanks in advance. 
See 2 answers
MV
Consultant with 11-50 employees
May 25, 2022
FortiGate. Fortinet is in Gartner Leader Magic Quadrant (MQ).  Sophos is in Niche Player Quadrant if I remember right.  You can never go wrong picking a vendor in the Gartner Leader MQ. Show the Gartner MQ to your leadership to get them on board too.
fdiazm - PeerSpot reviewer
Product Manager at Entel Chile
Jun 6, 2022
Hi,  If I look at it only from the point of view of analytics and performance, I lean towards Fortinet, but if I look at it at the service level and with the possibility of being part of an even larger project, this is when I don't see competitors for Fortinet and I mean the component. of after-sales services, the local presence in my country has come from less to more, which makes the difference when choosing a partner to work with.
ID
User at Zm3
May 15, 2022
Hi community members, I'm considering replacing a Cisco ASA Firewall with Fortinet FortiGate FG 100F. This is in order to reduce the cost. Is this the right thing to do? What would be your advice? Please elaborate. Thank you for your help!
2 out of 8 answers
Luis Apodaca - PeerSpot reviewer
IT Support and Network Admin at Escuela Carlos Pereyra
May 9, 2022
Hi @Isaiah Dominic, ​I have a few questions:Does replace mean that you already have a Cisco device? What's the reason for replacing it if is working? So, I assume it's not working. In that case, I have the second question:I suppose you should have a configuration backup for using it, in case your device crashes. How much do you value all that job? Is the cost of the new different device worth it?  If you make the change you gonna need to config the whole thing from scratch!! Is it worth it?Both devices are good enough.I expect this could help you,  Good luck!
DanielValente - PeerSpot reviewer
Head of Platforms and Infrastructure at LOQR
May 9, 2022
Hi,  You are comparing a piece of old equipment with a true next-gen firewall.  Nevertheless, there is a specific use case where I did this exact exercise and went with Cisco ASA, if the main objective is to terminate IPsec tunnels, in this field (more close to routing) ASA is excellent.  But if you are looking for URL filtering application visibility, and easiness of management go with FortiGate, for sure.
Download Free Report
Download our FREE report comparing Fortinet FortiGate and pfSense based on reviews, features, and more! Updated: November 2022.
DOWNLOAD NOW
653,522 professionals have used our research since 2012.