We performed a comparison between Palo Alto Networks and pfSense based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: pfSense has an edge in this comparison as it is a free, open-source solution while Palo Alto Networks is considered expensive by its users.
"The most valuable feature is the ease of configuration."
"The usage in general is pretty good."
"We can use our devices to check all of the perimeters. It secures email websites."
"This version is stable. I don't have any issues with this solution, in our environment, it works well."
"The most valuable features of Fortinet FortiGate are the different types of profiling. It has been the most effective for me. The WAF and the antivirus profile are the most effective in network protection."
"Whenever I need something, Fortinet improves and updates the software for me."
"The secure web gateway module and the application control module are valuable. HA operations are very easy."
"Fortinet has a very good solution for Secure SD-WAN. One very good feature is that they have robust and simple FortiOS through which they provide all solutions. That's their strength. There's not much complexity involved with the Secure SD-WAN solution of Fortinet as compared to Cisco's solution, which has a lot of flexibility but complexity also comes with that flexibility."
"Stability has been excellent. We have experienced no issues; it never fails."
"Its features rival many of the high cost solutions out there."
"The firewall sensor is highly effective, and it's easy to deploy. You can deploy pfSense with limited hardware resources. It's not necessary to have an appliance with much RAM to make it work. It's cost-effective and performs well."
"The redundancy and scalability ARE very nice."
"Its reliability and cost-effectiveness stand out."
"The solution is very robust."
"It is a good firewall with good performance."
"pfSense helped us during COVID-19 because we used OpenVPN to connect from home."
"We standardized on the product and got rid of several other types of firewalls from different vendors."
"Some of the valuable features in this solution are traffic monitoring, GUI functionality, and it very easy to troubleshoot if there is any problem that happens."
"The most significant benefit is threat protection. Anti-malware uses signatures, so dynamic analyzers like WildFire are the best way to protect the company. It is a firewall based on application control, user ID, and security policy. We can use it based on user and application ID without a stateless firewall or TCPIP ports."
"The management options are good."
"When we put it on the border, it was blocking everything that we were getting ahead of time, and we weren't getting any hits. This includes URL filtering, spam prevention, and anti-virus."
"Palo Alto NGFW’s unified platform has helped our customers eliminate security holes. With a unified platform, customers can deploy the NG Firewall both in the data center edge, inside the data center, and in the product/public cloud environments. They have the same user interfaces and platform, so they can be maintained by a single unified platform called Panorama. Customers can use Palo Alto Network NG Firewalls in all the places where they need to protect their environments. This helps to decrease security holes."
"Flexible and integrates well with apps and other security tools."
"It helps the organization function better by virtue of cleaner and more predictive Internet access and usage being conducted by the employees and constituents of the company. It helps ensure that they have a stronger security posture. It is preventive medicine If you have DNS Security in place. You will be happy you had it. If you don't have it, you may never need it. However, if you did need it, and didn't have it, you will wish that you did. It is one of those things, like insurance."
"Lacks sufficient security options."
"Currently, FortiGate is providing SSL VPN. But they're missing some features that are available in Palo Alto's SSL VPN."
"A lack of integration between our data centers."
"A couple of things I've seen that need improvement, especially in terms of a hard coding. The driver-level active moment really is out-of-the-box and we have to have contact the customer support and sometimes it is difficult to resolve."
"It claims it does DLP, but the degree and level of controls are very basic."
"A sandbox would be good in order to be able to inspect the emails containing spam and be able to validate the emails that contain malware, prior to delivering to the customer."
"There are SD-WAN network monitoring, SD-WAN features, Industrial Databases, Internet of Things, Detection, etc., however, we do have not licenses for those features. We thought that if you bought a product, you should have all of the features it offers. Why should you need to make so many extra purchases to enable features? They should have one price for the entire offering."
"They can do more tests before they release new versions because I would like to be more assured. We had some experiences where they release something new and great, but some of the old features are disabled or they don't work well, which impacts the product satisfaction. The manufacturer should be able to prove that everything works or not only that it might work. This is applicable to most of the other services, software, and hardware companies. They all should work on this. We cannot trust every new release, such as a beta release, on the first day. We wait for some comments on the forums and from other companies that we know. We always wait a few weeks before we use the updated version. They should also extend the VPN client application, especially for Linux versions. Currently, it has an application for Linux devices, but it doesn't work the way we want to connect to the VPN. They use only the old connection, not the new one. They have VPN client applications for Windows and Mac, but they can add more useful features to better manage the devices and monitor the current health of each device. Such features would be helpful for our company."
"Adjustment in the interfaces: I had to adjust those interfaces manually and of course that is a great feature that you can restore it but it is immediately also one point for improvement. If you don't have to adjust, if it's just stamped and it works, that's great."
"We would like to see ready-made profiles to cover most users' needs."
"The hotspot and the portal feature in this solution are not stable for WiFi access. We use it at least once or twice every day and it crashes. Some modules can be better by improving detection and having new updates. Additionally, we have some issues with clustering and load balancing that could improve."
"I tried pfSense, and it has a big issue with file system consistency, and this is what drove me to OPNsense. The file system stability is quite a big issue for us. We have a lot of outages related to power issues, and OPNsense is much more stable on this side."
"The solution could be more user-friendly, and the graphical interface needs some work so that someone without an IT background can use the application. I would like the ability to manage the on-premise appliance from the cloud. When I'm not in the office, it would be great to connect to the pfSense server and administer the network remotely."
"Other solutions provide more scope for growth. For instance, we can have only 10 to 20 employees on VPN, but other solutions can support more users. We also have more capabilities to increase the performance of the solution."
"It should integrate with LDAP, Active Directory, etc, to improve the way in which the traces and connections of each IP, or user connected through the firewall, are shown."
"Could be simplified for new users."
"Most other VPN clients include mobile VPNs but Palo Alto does not."
"When it comes to their support, we have to select every single component that we want to include in a particular bundle. That is a very tedious process. T"
"The price could be more friendly, which would be good for Palo Alto and us. If the price were a little lower, then it would be a viable option for mid-level businesses, who may not be able to deploy at the current price point."
"PA-220 Next-Generation Firewall would be perfect if it has spam filtering."
"The support could be improved."
"It's too expensive."
"The user interface is a bit clumsy and not very user-friendly."
"We would like to see the external dynamic list for this solution improved. The current version does not automatically block malicious IP addresses, which would be very useful."
More Palo Alto Networks NG Firewalls Pricing and Cost Advice →
Netgate pfSense is ranked 1st in Firewalls with 128 reviews while Palo Alto Networks NG Firewalls is ranked 6th in Firewalls with 162 reviews. Netgate pfSense is rated 8.6, while Palo Alto Networks NG Firewalls is rated 8.6. The top reviewer of Netgate pfSense writes "User-friendly, easy to manage the firewall, rule-wise and interface-wise". On the other hand, the top reviewer of Palo Alto Networks NG Firewalls writes "We get reports back from WildFire on a minute-by-minute basis". Netgate pfSense is most compared with OPNsense, Sophos XG, KerioControl, Sophos UTM and Meraki MX, whereas Palo Alto Networks NG Firewalls is most compared with Check Point NGFW, Azure Firewall, Meraki MX, Sophos XG and Cisco Secure Firewall. See our Netgate pfSense vs. Palo Alto Networks NG Firewalls report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.