We performed a comparison between Palo Alto Networks NG Firewalls and Sangfor NGAF based on real PeerSpot user reviews.
Find out in this report how the two Firewalls solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The VPN is the most valuable feature."
"FortiGate is very simple to manage and easy to use."
"The reporting and monitoring are very good."
"The most valuable feature of Fortinet FortiGate is URL filtering."
"The virtual firewall feature is the most valuable. We have around 1,500 firewalls. We did not buy individual hardware, and the virtual firewalls made sense because we don't have to keep on buying the hardware. FortiGate is easier to use as compared to Checkpoint devices. It is user friendly and has a good UI. You don't need much expertise to work on this firewall. You don't need to worry much about DCLA, commands, and things like that."
"The inspection and web security features are most valuable."
"The solution has very good threat and content filtering switches."
"It is easy to manage, and it doesn't need much knowledge from the team. It is a stable device, and there are many features that are included out of the box."
"Innovative, advanced threat protection is the most valuable feature."
"Decryption is one of Palo Alto Networks NG Firewalls' best features because we can decrypt by category. For instance, we can decrypt everything except for bank traffic so that we don't interfere with the passwords and two-factor authentication of those checking their bank accounts at work. We can still monitor for malware and other threats that come through a secure channel. It's seamless for users. The URL filtering and IPS are both great as well."
"The key aspect of this solution that provides the most value is its next-gen capabilities, which represented a significant change for us."
"When we put it on the border, it was blocking everything that we were getting ahead of time, and we weren't getting any hits. This includes URL filtering, spam prevention, and anti-virus."
"I like the sandbox feature, and it's very good. It kills each malware deployment in the sense of signatures within five minutes. So, we can secure our network and infrastructure very well within the stipulated time. The WildFire functionality is very good because a few files are also getting blocked. It's critical as malware attacks are also getting ignored, and the logging is very well maintained in this firewall. The most valuable solutions in this field are application-based firewalls. That is the main criteria of the firewall and functionality. We can get all the logs related to this and each and every packet. I like that the firewall is working as an application. The application-based entity we have deployed is well maintained and working very well. We were able to find lots of vulnerabilities when we deployed it, but we could not disclose all. But there were vulnerabilities we could block by updating the firewall and taking actions on clientside machines. So, we got to know that we have lots of vulnerabilities inside the organization too, and we took lots of steps and resolved the number of vulnerabilities. Palo Alto Networks NG Firewalls is an all-in-one solution. It provides every entity log, which is a very good functionality of this firewall. It gives every packet and aspect that the firewall is performing through its logs, and it does it very well. This firewall's unified platform helped eliminate multiple network security tools. If anyone uses P2P sites, cryptocurrency websites, or any illegal sites, we can block it easily. It gives us a proper alert for these kinds of sites, and it properly secures our network. Monitoring is the best thing we are doing here, and we can block this kind of vulnerability as soon as it comes to us."
"In general, its performance and ease of use are the most valuable. Its performance is good, stable, and reliable. The user interface is friendly and easy to use. Customers find it easy to work with and easy to learn."
"The most significant benefit is threat protection. Anti-malware uses signatures, so dynamic analyzers like WildFire are the best way to protect the company. It is a firewall based on application control, user ID, and security policy. We can use it based on user and application ID without a stateless firewall or TCPIP ports."
"This is arguably the best security protection that you can buy."
"Sangfor NGAF works accordingly with our customers. The solution has good performance, easy to use, and integrates well with the endpoints."
"Sangfor NGAF specializes in ransomware detection and helps to protect our network from ransomware threats and malware."
"I think Sangfor NGAF is more valuable than Cisco products because of its simplicity and ease of management. If I compare it with Palo Alto and Cisco, both are quite complex products. And if I compare it with FortiGate firewalls from Fortinet, I have also used all these products. Fortinet and Sangfor NGAF are similar products because the applications behind the application and policy layers are almost identical."
"The level of support provided to local companies is good. They transform their application control and other settings according to that country."
"While the features are not dissimilar to other brands, configuration is much more simple, which works out great for Indonesian people."
"The stability of Sangfor NGAF is good."
"SSL VPN is the best feature."
"In terms of the most valuable features, the IPS report is quick and updated. Performance is also valuable."
"I would like to have logs, monitoring, and reporting for a month without extra fees."
"The security of Fortinet FortiGate could improve."
"Fortinet Fortigate could benefit by simplifying some of their processes."
"The solution can have more features in a single box that can be multi-applied to integrate everything."
"For the migration, everyone has a firewall in use and I am selling Fortinet. Typically, I am replacing another firewall. Previously, there was a tool available to convert configurations from one firewall, such as Palo Alto, to Fortinet, but this tool is no longer free. If it could be made free again, it would be very beneficial."
"With FortiGate, the main complaint that I have heard is about the technical support."
"We had a minor problem where there was a major system upgrade on the hardware platfrom and the Mac client was not available as soon as it might have been. The PC client was available immediately, but we had to wait a month or so, before there was a mac client. I was slightly irritated that it was not ready on time, but it was eventually resolved."
"Quality control on their firmware versions needs improvement. When they introduce new firmware, there tend to be bugs."
"We are not happy with Palo Alto at all. It would be better if they provided more support for the firewall. We have a few pending issues with the configuration for each application. We cannot deploy them yet due to some support-related problems in the firewall. We have deployed a few policies for DNS spoofing and DNS attacks, but we could only block a few IP addresses through the policy. That's DNS security, and we have configured a few policies for DNS spoofing and more. URL categorization and URL filtering are not yet adequately maintained. For example, if you created a few rules in the rule-based configuration and made some rules downstairs, you will lose some of them if you give access upstairs. It's not giving us a proper solution for which route it is using. We need to apply the application-based policies and URL filtering-based policies. It creates more issues because we are not getting good support from the team."
"There is a web-based GUI to do management, but you need to know how the machine or firewall operates. There are hundreds of different menus and options. I have used other firewalls before. Just implementing or designing a policy with Palo Alto, if you want a certain port to be open to different IP addresses, then that could take 20 to 25 clicks. That is just testing it out. It is quite complex to do. Whereas, with other places, you tell it, "Okay, I want this specific port open and this IP address to have access to it." That was it. However, not with Palo Alto, which is definitely more complex."
"We use ACC which is a tool for verifying the activity or traffic within your network. Currently, in ACC, the time of the samples that they offer is about five minutes. When you try to go down to a shorter duration, you can't. You only have five minutes. They can provide samples for shorter durations, such as one minute."
"Palo Alto could do better with integrating the Palo Alto Next-Gen Firewall with SD-WAN. The biggest issue with Palo Alto is that they are expensive. They are very expensive for what they offer. They should improve their pricing."
"Palo Alto Networks NG Firewalls work slowly for vulnerability management. Its performance could be faster."
"The advanced manual protection needs to be improved a little bit because they used to make a cloud manual analysis for the cloud."
"The scalability of the firewalls could be improved."
"Technical support could be faster."
"Sangfor could improve their interface capacity on the 5100 series model and upgrade their hardware from one gig to 10 gig. This would improve the overall throughput."
"The interface and user experience are horrible."
"The reporting and log management could be improved."
"I believe that IAM and NGFW need to merge into a single box, instead of there being two separate box solutions."
"The product must provide more IPS features."
"I would be happy if Sangfor developed a firewall designed specifically for home use, as well as for small businesses such as clinics and so on. A household version of the Sangfor firewall for your personal computer or laptop would be ideal, in my opinion."
"Lacks consistency in terms of filtering certain websites and applications."
"An area for improvement would be the number of ports defined on the box. In the next release, I would like them to develop their provisioning stage of enrolling end devices."
More Palo Alto Networks NG Firewalls Pricing and Cost Advice →
Palo Alto Networks NG Firewalls is ranked 6th in Firewalls with 164 reviews while Sangfor NGAF is ranked 20th in Firewalls with 31 reviews. Palo Alto Networks NG Firewalls is rated 8.6, while Sangfor NGAF is rated 8.0. The top reviewer of Palo Alto Networks NG Firewalls writes "We get reports back from WildFire on a minute-by-minute basis". On the other hand, the top reviewer of Sangfor NGAF writes "Affordable, easy to configure firewall with fast, responsive support". Palo Alto Networks NG Firewalls is most compared with Check Point NGFW, Azure Firewall, Meraki MX, Sophos XG and Stormshield Network Security, whereas Sangfor NGAF is most compared with Sophos XG, Netgate pfSense, Check Point NGFW, Fortinet FortiOS and Huawei NGFW. See our Palo Alto Networks NG Firewalls vs. Sangfor NGAF report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.