We performed a comparison between Fortinet FortiGate and Palo Alto Networks VM-Series based on real PeerSpot user reviews.
Find out in this report how the two Firewalls solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."There are great templates, so you don't have to customize them if you don't want to. You do have the option to custom create some folders and some reports, however, with what is there, you don't really need to go through extra effort, as they already give you a lot of predefined views of reports and so forth."
"There are lots of features and most of them are deployed for internet security. Users are protected if they accidentally go to some malicious sites."
"Overall, the pricing of the solution is very good. The product offers good value."
"The technical support is great."
"It's inexpensive compared to some of the other technology out there."
"All of the features of Fortinet FortiGate are useful and the security protection is good."
"It does a lot for you for intrusion protection and as an antivirus. The threat management bundle is worth the money. You don't need another company to monitor your web traffic for you. You can do everything yourself on the firewall. You restrict your own black list for people on the firewall. You don't need to pay some other company for another product to do that for you. The firewall can do that for you. So, it's an easy-to-use product for people to be independent. They don't need to rely on other vendors to do what the firewall can do. They can do everything."
"The simplicity of the configuration and the stability of the product are most valuable. The VPN concentrator is very useful."
"The most valuable features are security and support."
"Palo Alto Networks VM-Series's most valuable feature is the visibility of the environment."
"The VM-Series reports how much bandwidth a particular IP is using. You don't need to regularly log into a website, like a Cisco command, to see what kind of ACL it's getting. There isn't an ACL use portal event. You can go there and see how much my ACL has been getting me."
"The most effective features for threat prevention are application-based prevention and WildFire. These features cover various threats, such as ransomware, malware, etc. They provide real-time visibility. By applying appropriate policies, threats can be blocked."
"In terms of security breaches, the product aids in categorizing and monitoring traffic, allowing for the identification of potentially malicisous or incorrectly formatted applications."
"The technical support for the solution is very good."
"Palo Alto Networks VM-Series is easy to maintain...From a security point of view, I find Palo Alto Networks VM-Series to be a better product compared to the other solutions in the market."
"What I like about the VM-Series is that you can launch them in a very short time."
"WAN load-balancing could be a lot better at detecting when a link is poor or inconsistent, and not just flat out dead."
"The firewall engine is not so strong as of now, in my opinion... My second concern is that, while they have Zero-day vulnerability and anti-malware features, the threat engine needs to be strengthened, its efficiency can be increased."
"One area for improvement is the performance on bandwidth demands for smaller devices, as well as better web filtering."
"We were not able to build a full-mesh VPN; however, I am not sure if this was the fault of Fortinet FortiGate."
"Fortinet could improve the windows opener or the virtual IP solutions for opening windows. The virtual IP settings need improvement as firewalls are trending in new development directions."
"FortiGate support could do some improvements on their IPv6 configuration. Right now it's still in the very early stage for utilizing in an enterprise level network environment."
"The inability to scale the FortiAnalyzer to match our growth necessitates the purchase of new hardware."
"Sometimes you do need to know some CLI commands, so it's a bit harder for technicians or new people that don't know it."
"We don't know how it will scale once we start putting more load on it."
"It'll help if Palo Alto Networks provided better documentation."
"The current licensing model can be a sore point as we're paying for features we're not fully utilizing."
"Palo Alto is that it is really bad when it comes to technical support."
"It would be helpful if we had a direct number for the support manager or the supporting engineer. That would be better than having to email every time because there would be less wait."
"The product needs improvement in their Secure Access Service Edge."
"We have run into some issues with scaling and limitations associated with some of the configurations."
"The reporting part of the product is an area of concern where improvements are required."
Fortinet FortiGate is ranked 2nd in Firewalls with 306 reviews while Palo Alto Networks VM-Series is ranked 10th in Firewalls with 53 reviews. Fortinet FortiGate is rated 8.4, while Palo Alto Networks VM-Series is rated 8.6. The top reviewer of Fortinet FortiGate writes "It's a reliable solution that's easy to install and cheaper than competitors ". On the other hand, the top reviewer of Palo Alto Networks VM-Series writes "Many features are optimized for troubleshooting real-time scenarios, saving a lot of time". Fortinet FortiGate is most compared with Sophos XG, Cisco Secure Firewall, Netgate pfSense, Meraki MX and WatchGuard Firebox, whereas Palo Alto Networks VM-Series is most compared with Azure Firewall, Fortinet FortiGate-VM, Cisco Secure Firewall, Palo Alto Networks NG Firewalls and Juniper SRX Series Firewall. See our Fortinet FortiGate vs. Palo Alto Networks VM-Series report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Hello Tarun, we have been designing solutions with Palo Alto Networks NGFW for 6 years now and we have 95%+ customer retention.
I would suggest looking into customer requirement on the basis of the following things, and priority is given by the customer:
1. Internet Bandwidth
2. No. Of users - In-house and users connecting from home/outside organization network.
3. Security features required - Sandoxing, DNS Security, etc.
4. Port density required on the firewall.
5. SSL decryption.
6. Deployment - On-prem or virtual DC or on Cloud.
7. HA requirement
8. MFA requirement
9. Local presence of Palo Alto/Fortinet expert team.
10. Integration for other (operational) solutions like SD-WAN, Load balancer, etc
11. Integration with other security solution like EDR/XDR or XSOAR
12. Customer's current solution (firewall/UTM and engineers/IT team working on it).
13. Customer's current IT Team strategy
14. Customer future IT strategy (to move on the cloud, etc)
15. Customer's growth and scalability in 5 years.
16. Reporting and logging requirement.
17. Customer's budget for IT Security.
Well, I guess with these parameters, and customer's priority you can recommend them a suitable solution.
Palo Alto NGFW will be best recommended for the following:
1. Deployment on the cloud - It has a very stable PANOS for VM-Series
2. Security Innovations - Considering security, in terms of today and future, Palo Alto is disruptive and groundbreaking.
3. Predictive Bandwidth - Palo Alto NGFW gives us Predictive bandwidth, and hence, once sized, it will last longer than defined. The throughput numbers are test cases of real-world scenarios, and after enabling all the features. It operates on its patented SP3 architecture and defines device throughput after enabling all security features and operational functionalities.
4. Integration with EDR/XDR and SOAR/XSOAR platforms.
5. User/SSL VPN - When you are planning for SSL VPN on Palo Alto NGFW, it will not charge you additionally for users connecting their Windows or MAC systems on NGFW over SSL VPN. For users that are Android/IOS/Linux/etc, and required additional HIP checks and Clientless VPN, there is a single subscription you will need to purchase.
6. Sandboxing - Palo Alto came up with Wildfire which is a threat intel cloud, which can be termed as Palo Alto Network's Sandboxing solution, but it does much more than that. it has a response SLA of 5 mins, where it can convert any unknown to known in 5 minutes or less. Also, after it identifies the file, it auto-updates other engines like URL filtering, DNS Security, Anti-Spyware, Bad IP and Domain list, CNC tunnel signatures.
7. Reporting and alerting - Foremost reason why users started implementing Palo Alto firewalls inside their network was to get the visibility - in terms of User-level visibility, Network traffic (depth to application layer), and Content (files and threats) level visibility. Also, logging and reporting is provisioned on the appliance itself and no additional subscription or any appliance is required, unless the customer requires the storage of logs for more time frame. The NGFW also co-relates all the events and alerts to give critical visibility like Botnets and hosts and users accessing malicious websites, or resolving malicious domains.
8. EDL - again external dynamic lists(EDL) helps you reduce the attack surface by minimizing the traffic to and from Malicious and Bad - IPs and Domains. This list is automatically updated by Palo Alto Networks by default by its threat research teams (Unit 42), Threat Intel (Wildfire), DNS Security module, and other sources. It has also a provision for you and/or the customer to integrate other third-party URL lists to be blocked.
9. Security features:
-- DNS filtering - by intercepting DNS traffic, you will not need any additional solution and/or modification in your current network for protection against threats related to DNS traffic. Its DNS module is cloud-based and tightly integrated with other modules and features of NGFW.
-- Credential phishing - This feature will avoid users sharing/uploading their credentials which are the same to access internal resources and external websites. This will prevent the leak of user credentials.
-- ML Powered NGFW - Currently, PA NGFW is the only firewall powered by ML to prevent unknown threats in real-time.
10. Application layer firewall - complete identification of all and any traffic based on application rather than port and protocol. Not only the known but also if the application is not identified it will classify that traffic as unknown. Also, you can create a custom application as required.
and many more...
Benefits in Fortigate firewall will be:
1. More port density.
2. Better SD-WAN configuration
3. Easy User interface and hence lacks granular controls.
4. Provides seamless integration with FortiToken for MFA(additional cost).
5. Seamless integration with Forti Load balancer.
6. Low cost (than Palo Alto least).
Thanks
Darshil Sanghvi
Palo Alto, Fortinet, and Checkpoint are the best NGFW. You can choose one of them.
The Fortinet advantage is the Security Fabric. Many other Fortinet's products (switches, AP, EDS, XDR, DDoS, FortiClient, etc) are integrated and a Fortigate can communicate with another product to block an attack.
Because PA has FPGA based architecture, which no other firewall has, due to this firewall processes the traffic from all the engines simultaneously. it increase efficiency of the product and provides way better throughput as compare to other vendors. The performance of security engines of PA are better then other vendors. PA provides on-box reporting, you have to purchase forti-analyzer separately for reporting in fortinet. PA provides granular view of policies, providing insight to you which policies are used in and which are not. it also provides you the feature, that tells you which of the firewall's features are not being utilized, this way you can plan your renewal to only purchase the feature you need.
I have FortiGates and the last upgrade of firmware cut internet traffic if you use Inspection Mode Proxy-Based, recommended and more secure, you have to use Flow-based, less secure. I don't work with Palo Alto
I strongly recommend Sophos XG Firewall.
Take a look
Sophos Firewall: Synchronized Next-Gen Firewall
I think you can go with Palo Alto...
Palo Alto
I would recommend Palo Alto