We performed a comparison between Palo Alto Networks and pfSense based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: pfSense has an edge in this comparison as it is a free, open-source solution while Palo Alto Networks is considered expensive by its users.
"UTM/NGFW features and FortiCloud for logs and backups are awesome."
"It works very well. It has a lot of different functionalities. Its cost is also fine for our customers."
"It has improved our organization with control data."
"FortiGate is flexible and easy to use."
"The most valuable feature is the web filter."
"The product offers very good security."
"Their proxy-based inspection is responsive and secure."
"The payment function for applications is good."
"The product’s documentation is good."
"Improved service performance and availability through redundancy."
"I use pfSense because it gives me the flexibility to greatly expand basic firewall features."
"Some of the terminologies were more familiar to me than it was when I first encountered Cisco."
"One of the advantages of pfSense is that it is very easy to work with. It is a very good open-source solution, and it works really well. pfSense provides a complete package. For some features, it could be the first solution in the world. It is a very good alternative in the market for a firewall solution. You don't need to go to Cisco or other brands with expensive firewalls. pfSense also allows us to offer some support services."
"I have found pfSense to be stable."
"The most valuable features are the VPN and the capture photo."
"An incomparable stability is achieved with other firewall systems."
"One of the things I really like about it is that we have the same features and functions available on the entry-level device (PA-220), as do large corporations with much more costly appliances."
"We have found the application control to be the most valuable feature. Also, Layer 7, because all other products are working up to the maximum capacity. But Palo Alto is benefiting us, especially in application control management. We are able to differentiate between Oracle traffic and SQL traffic."
"The solution is very stable."
"The Unified Threat Management (UTM) module, which consists of the basic firewall and IPS services, is what the majority of our customers use in Palo Alto Firewall."
"The DNS sync code in your filtering is the most valuable feature of the Palo Alto Networks NG Firewalls."
"One of the most valuable features of Palo Alto Networks NG Firewalls is application symmetries."
"Innovative, advanced threat protection is the most valuable feature."
"I like that they are more stable than the previous ones, and they allow a lot of other features."
"The platform's interface could improve."
"The setup is pretty complex and not easy to implement."
"I have to say that the initial setup was complex. The deployment took a few days to get set up. Initially, we were using an IPVanish. We switched to this tool since we thought it would be easier. But it turns out it wasn't easier to set up and run."
"The user interface could be improved to make it less confusing and easier to set up."
"FortiGate should have a better way of detecting and managing the system memory because otherwise if the memory is too low, a system restart is required."
"Its customer service could be better."
"It needs more available central management."
"The sniffing packets or packet captures, can be simplified and improved because it's a little confusing."
"I have been using WireGuard VPN because it is a lot faster and more secure than an open VPN. However, in the latest version of pfSense, they have removed this feature, which is one of the main features that I need. They should include this feature."
"It requires more attention to provide a better alternative for open source to small government or educational institutions with reduced budgets in terms of technology."
"It needs to be more secure."
"I'd like to find something in pfSense that is more specific to URL filtering. We have customers who would like to filter their web traffic. They would like to be able to say to their employees, "You can surf the web, but you cannot get access to Facebook or other social media," or "You can surf the web, but you're not allowed to gamble or watch porn on the web." My technicians say that doing this kind of stuff with pfSense nowadays is not easy. They can implement some filters using IP addresses but not by using the names of the domains and categories. So, we are not able to exclude some categories from the allowed traffic, such as porn, gambling, etc. To do that, we have to use another product and another web filter that uses DNS. I know that there are some third-party products that could work with pfSense, but I'd like the native pfSense solution to do that."
"The solution requires a lot of administration."
"The solution could improve by having centralized management and API support online."
"Ultimately, we'd like something stronger, and something that can handle threats better in real-time."
"It could use a little bit of improvement in the reporting."
"When we looked at it originally, we needed to host the Panorama environment ourselves. I would prefer it if we could take this as a service. It might be that it is available, but for some reason we didn't choose it. The downsides of hosting are that we need to feed and water the machines. We are trying to move to a more SaaS environment where we have less things in our data centers, whether they be in our cloud data centers or physical data centers, which can reduce our physical data center footprint."
"The VPN has room for improvement."
"Palo Alto has introduced new features in their next-generation firewall, such as SD-WAN. However, the technique of SD-WAN implementation is not easy to understand. It is not easy to deploy at this moment. Maybe, in the future, they can improve the process and how the administrators, partners, or support team can easily deploy this SD-WAN solution on their next-generation firewall. The SD-WAN solution from Fortinet is easy to do. It does not take more than five or 10 minutes. When we talk about Palo Alto, it takes extra effort to implement SD-WAN."
"Generating reports is not so easy."
"The solution's VPN, called GlobalProtect, could be improved as I've had a few issues with that."
"It would be better to have more tools to control Palo Alto Networks NG Firewalls. We don't have too many tools to access Palo Alto. For example, the IT team doesn't have access to it. We can see it physically and see if it's running or not. We need to contact a special team to receive that information. I would also like to see more reporting in the next release."
"There is room for improvement in the area of customer service."
"For an upcoming release, they could improve on the way to build security rules per user."
More Palo Alto Networks NG Firewalls Pricing and Cost Advice →
Netgate pfSense is ranked 1st in Firewalls with 128 reviews while Palo Alto Networks NG Firewalls is ranked 6th in Firewalls with 162 reviews. Netgate pfSense is rated 8.6, while Palo Alto Networks NG Firewalls is rated 8.6. The top reviewer of Netgate pfSense writes "User-friendly, easy to manage the firewall, rule-wise and interface-wise". On the other hand, the top reviewer of Palo Alto Networks NG Firewalls writes "We get reports back from WildFire on a minute-by-minute basis". Netgate pfSense is most compared with OPNsense, Sophos XG, KerioControl, Sophos UTM and Check Point NGFW, whereas Palo Alto Networks NG Firewalls is most compared with Check Point NGFW, Azure Firewall, Meraki MX, Sophos XG and Cisco Secure Firewall. See our Netgate pfSense vs. Palo Alto Networks NG Firewalls report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.