Which product do you recommend: Palo Alto Network VM-Series vs Fortinet FortiGate?

Tarun Mehta - PeerSpot reviewer
  • 8
  • 266
PeerSpot user

9 Answers

Apr 29, 2021

Hello Tarun, we have been designing solutions with Palo Alto Networks NGFW for 6 years now and we have 95%+ customer retention. 

I would suggest looking into customer requirement on the basis of the following things, and priority is given by the customer:

1. Internet Bandwidth
2. No. Of users - In-house and users connecting from home/outside organization network.
3. Security features required - Sandoxing, DNS Security, etc.
4. Port density required on the firewall.
5. SSL decryption.
6. Deployment - On-prem or virtual DC or on Cloud.
7. HA requirement
8. MFA requirement
9. Local presence of Palo Alto/Fortinet expert team.
10. Integration for other (operational) solutions like SD-WAN, Load balancer, etc
11. Integration with other security solution like EDR/XDR or XSOAR
12. Customer's current solution (firewall/UTM and engineers/IT team working on it).
13. Customer's current IT Team strategy
14. Customer future IT strategy (to move on the cloud, etc)
15. Customer's growth and scalability in 5 years.
16. Reporting and logging requirement.
17. Customer's budget for IT Security.

Well, I guess with these parameters, and customer's priority you can recommend them a suitable solution.

Palo Alto NGFW will be best recommended for the following:
1. Deployment on the cloud - It has a very stable PANOS for VM-Series
2. Security Innovations - Considering security, in terms of today and future, Palo Alto is disruptive and groundbreaking.
3. Predictive Bandwidth - Palo Alto NGFW gives us Predictive bandwidth, and hence, once sized, it will last longer than defined. The throughput numbers are test cases of real-world scenarios, and after enabling all the features. It operates on its patented SP3 architecture and defines device throughput after enabling all security features and operational functionalities.
4. Integration with EDR/XDR and SOAR/XSOAR platforms.
5. User/SSL VPN - When you are planning for SSL VPN on Palo Alto NGFW, it will not charge you additionally for users connecting their Windows or MAC systems on NGFW over SSL VPN. For users that are Android/IOS/Linux/etc, and required additional HIP checks and Clientless VPN, there is a single subscription you will need to purchase.
6. Sandboxing - Palo Alto came up with Wildfire which is a threat intel cloud, which can be termed as Palo Alto Network's Sandboxing solution, but it does much more than that. it has a response SLA of 5 mins, where it can convert any unknown to known in 5 minutes or less. Also, after it identifies the file, it auto-updates other engines like URL filtering, DNS Security, Anti-Spyware, Bad IP and Domain list, CNC tunnel signatures.
7. Reporting and alerting - Foremost reason why users started implementing Palo Alto firewalls inside their network was to get the visibility - in terms of User-level visibility, Network traffic (depth to application layer), and Content (files and threats) level visibility. Also, logging and reporting is provisioned on the appliance itself and no additional subscription or any appliance is required, unless the customer requires the storage of logs for more time frame. The NGFW also co-relates all the events and alerts to give critical visibility like Botnets and hosts and users accessing malicious websites, or resolving malicious domains.
8. EDL - again external dynamic lists(EDL) helps you reduce the attack surface by minimizing the traffic to and from Malicious and Bad - IPs and Domains. This list is automatically updated by Palo Alto Networks by default by its threat research teams (Unit 42), Threat Intel (Wildfire), DNS Security module, and other sources. It has also a provision for you and/or the customer to integrate other third-party URL lists to be blocked.
9. Security features:
-- DNS filtering - by intercepting DNS traffic, you will not need any additional solution and/or modification in your current network for protection against threats related to DNS traffic. Its DNS module is cloud-based and tightly integrated with other modules and features of NGFW.
-- Credential phishing - This feature will avoid users sharing/uploading their credentials which are the same to access internal resources and external websites. This will prevent the leak of user credentials.
-- ML Powered NGFW - Currently, PA NGFW is the only firewall powered by ML to prevent unknown threats in real-time.
10. Application layer firewall - complete identification of all and any traffic based on application rather than port and protocol. Not only the known but also if the application is not identified it will classify that traffic as unknown. Also, you can create a custom application as required.
and many more...

Benefits in Fortigate firewall will be:
1. More port density.
2. Better SD-WAN configuration
3. Easy User interface and hence lacks granular controls.
4. Provides seamless integration with FortiToken for MFA(additional cost).
5. Seamless integration with Forti Load balancer.
6. Low cost (than Palo Alto least).

Darshil Sanghvi

Apr 29, 2021

I might sound biased on Palo Alto NGFW, but I have tried the features, used them, tested them in my lab, customer labs, and real-time environment, and I am happy to see the solution deliver the features and uptime that it says and document.

PeerSpot user
Product comparison that may be of interest to you
Real User
May 11, 2021

Palo Alto, Fortinet, and Checkpoint are the best NGFW. You can choose one of them.

The Fortinet advantage is the Security Fabric. Many other Fortinet's products (switches, AP, EDS, XDR, DDoS, FortiClient, etc) are integrated and a Fortigate can communicate with another product to block an attack.  

Real User
Apr 29, 2021

Because PA has FPGA based architecture, which no other firewall has, due to this firewall processes the traffic from all the engines simultaneously. it increase efficiency of the product and provides way better throughput as compare to other vendors. The performance of security engines of PA are better then other vendors. PA provides on-box reporting, you have to purchase forti-analyzer separately for reporting in fortinet. PA provides granular view of policies, providing insight to you which policies are used in and which are not. it also provides you the feature, that tells you which of the firewall's features are not being utilized, this way you can plan your renewal to only purchase the feature you need. 

Real User
Apr 30, 2021

I have FortiGates and the last upgrade of firmware cut internet traffic if you use Inspection Mode Proxy-Based, recommended and more secure, you have to use Flow-based, less secure. I don't work with Palo Alto

Real User
Oct 5, 2021

I am an enterprise user of Fortigate and PA compares favorable to Fortinet. I have used Fortigate for a variety of reasons, but here are the most important reasons we use them (compared to PA)

1. Price versus performance
2. Fortinet has a strategic security view that is focused on security requirements rather than marketing. (PA has a distinct advantage in marketing)
3. Fortinet leadership (CEO and CTO) are focused on value and long term relationships.

Apr 30, 2021

I strongly recommend Sophos XG Firewall.
Take a look
Sophos Firewall: Synchronized Next-Gen Firewall

Find out what your peers are saying about Fortinet FortiGate vs. Palo Alto Networks VM-Series and other solutions. Updated: November 2023.
745,775 professionals have used our research since 2012.
Real User
Apr 30, 2021

I think you can go with Palo Alto...

Community Manager
Apr 30, 2021

@AnkitMittal, any insights why?

PeerSpot user
Real User
Apr 29, 2021

Palo Alto

Community Manager
Apr 30, 2021

@Alejandro Ortega, can you please specify some tecnical reasons why?

PeerSpot user
Real User
Apr 29, 2021

I would recommend Palo Alto 

Community Manager
Apr 29, 2021

@reviewer1461459 , could you please explain why?

PeerSpot user

Related Q&As

Firewalls experts

Adriamcam - PeerSpot reviewer
Diana Alvarado - PeerSpot reviewer
Jonathan Ramos G. - PeerSpot reviewer
Sachin Vinay - PeerSpot reviewer
Nadeem Syed - PeerSpot reviewer
Hugo Alexis Espinoza Naranjo - PeerSpot reviewer
Nagendra Nekkala - PeerSpot reviewer
Edwin Solano Salmeron - PeerSpot reviewer