I'm researching two firewall products for a company with 1000+ employees and I'm looking for a technical comparison between Palo Alto Network VM-Series and Fortinet FortiGate Firewall.
Hello Tarun, we have been designing solutions with Palo Alto Networks NGFW for 6 years now and we have 95%+ customer retention.
I would suggest looking into customer requirement on the basis of the following things, and priority is given by the customer:
1. Internet Bandwidth2. No. Of users - In-house and users connecting from home/outside organization network.3. Security features required - Sandoxing, DNS Security, etc.4. Port density required on the firewall.5. SSL decryption.6. Deployment - On-prem or virtual DC or on Cloud.7. HA requirement8. MFA requirement9. Local presence of Palo Alto/Fortinet expert team.10. Integration for other (operational) solutions like SD-WAN, Load balancer, etc11. Integration with other security solution like EDR/XDR or XSOAR12. Customer's current solution (firewall/UTM and engineers/IT team working on it).13. Customer's current IT Team strategy14. Customer future IT strategy (to move on the cloud, etc)15. Customer's growth and scalability in 5 years.16. Reporting and logging requirement.17. Customer's budget for IT Security.
Well, I guess with these parameters, and customer's priority you can recommend them a suitable solution.
Benefits in Fortigate firewall will be:1. More port density.2. Better SD-WAN configuration3. Easy User interface and hence lacks granular controls.4. Provides seamless integration with FortiToken for MFA(additional cost).5. Seamless integration with Forti Load balancer.6. Low cost (than Palo Alto least).
I might sound biased on Palo Alto NGFW, but I have tried the features, used them, tested them in my lab, customer labs, and real-time environment, and I am happy to see the solution deliver the features and uptime that it says and document.
Palo Alto, Fortinet, and Checkpoint are the best NGFW. You can choose one of them.
The Fortinet advantage is the Security Fabric. Many other Fortinet's products (switches, AP, EDS, XDR, DDoS, FortiClient, etc) are integrated and a Fortigate can communicate with another product to block an attack.
Because PA has FPGA based architecture, which no other firewall has, due to this firewall processes the traffic from all the engines simultaneously. it increase efficiency of the product and provides way better throughput as compare to other vendors. The performance of security engines of PA are better then other vendors. PA provides on-box reporting, you have to purchase forti-analyzer separately for reporting in fortinet. PA provides granular view of policies, providing insight to you which policies are used in and which are not. it also provides you the feature, that tells you which of the firewall's features are not being utilized, this way you can plan your renewal to only purchase the feature you need.
I have FortiGates and the last upgrade of firmware cut internet traffic if you use Inspection Mode Proxy-Based, recommended and more secure, you have to use Flow-based, less secure. I don't work with Palo Alto
I am an enterprise user of Fortigate and PA compares favorable to Fortinet. I have used Fortigate for a variety of reasons, but here are the most important reasons we use them (compared to PA)1. Price versus performance2. Fortinet has a strategic security view that is focused on security requirements rather than marketing. (PA has a distinct advantage in marketing)3. Fortinet leadership (CEO and CTO) are focused on value and long term relationships.
I strongly recommend Sophos XG Firewall.Take a lookSophos Firewall: Synchronized Next-Gen Firewall
I think you can go with Palo Alto...
@AnkitMittal, any insights why?
@Alejandro Ortega, can you please specify some tecnical reasons why?
I would recommend Palo Alto
@reviewer1461459 , could you please explain why?