We performed a comparison between Fortinet FortiGate-VM and Palo Alto Networks NG Firewalls based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Fortinet FortiGate-VM is highly regarded for its robust security features, including geofencing, firewalling, IPS, antivirus, and a user-friendly interface. Palo Alto Networks NG Firewalls excel in embedded machine learning, real-time attack prevention, and the ability to accurately identify applications.
Fortinet FortiGate-VM needs enhancements in key activation, log management, cloud management, MFA offerings, web filter options, application inspection, GUI features, bandwidth issues, VPN connectivity, pricing, performance, and documentation. Palo Alto Networks NG Firewalls require improvements in SD-WAN customization, best practices, machine learning capabilities, troubleshooting tools,next-generation capabilities, rule creation, monitoring interface, bug fixing, configuration support, IoT security, traffic shaping, machine learning for virus prevention, security functions, usability, training programs, SSL inspection, external dynamic list feature, internet filtering, API integration, and bug fixing.
Service and Support: Some customers have praised the support team of Fortinet FortiGate-VM for their quick response times and knowledge. However, other customers have mentioned slow response times and difficulties in finding information quickly. Customer service for Palo Alto Networks NG Firewalls has received mixed reviews. Some customers have praised the knowledgeable support team and timely issue resolution. However, others have mentioned difficulties in reaching the support team and issues with the support ticketing system.
Ease of Deployment: The setup process for Fortinet FortiGate-VM is generally straightforward and easy, while Palo Alto Networks NG Firewalls is not complex and easy. Prior knowledge can simplify Fortinet's setup, whereas Palo Alto may require proper planning.
Pricing: Fortinet offers flexible pricing options with no extra expenses, while Palo Alto is considered pricier. Nevertheless, Palo Alto is known for its reliability and high performance as a firewall solution.
ROI: Fortinet FortiGate-VM offers enhanced stability and heightened security. Palo Alto Networks NG Firewalls provide greater visibility, reporting capabilities, and streamlined management.
Comparison Results: Fortinet FortiGate-VM is the preferred solution as it is highly recommended due to its easy setup, robust security features, cost-effectiveness, and satisfactory ROI. Users find it user-friendly, easy to deploy, and with an intuitive interface.
"The SD-WAN function is very developed. It has SD-WAN functionality with security features in one device. We can manage from one single console SD-WAN and the security policy."
"The most valuable features of Fortinet FortiGate are remote access, web filtering, and IPS."
"Secure, user-friendly, stable, and scalable network security solution. Installation is straightforward."
"The stability and scalability of this solution are satisfactory. Its SD-WAN, VPN, and URL filtering features are very useful."
"Its user interface is good, and it is always working fine."
"The base firewall features are quite valuable to us."
"It's very easy to configure."
"Anti-Spam web content filterinG."
"Its interface is good. It comes with a lot of features, and its performance is also very good."
"Use of this product does not require daily interactions."
"The EPM bundle is a good feature."
"The most valuable features are the IPS and Antivirus."
"FortiGate integrates well."
"FortiGate-VM's firewall is excellent."
"The combination of SD-WAN and VPN capabilities is the most valuable feature."
"The initial setup was quite straightforward."
"I like the sandbox feature, and it's very good. It kills each malware deployment in the sense of signatures within five minutes. So, we can secure our network and infrastructure very well within the stipulated time. The WildFire functionality is very good because a few files are also getting blocked. It's critical as malware attacks are also getting ignored, and the logging is very well maintained in this firewall. The most valuable solutions in this field are application-based firewalls. That is the main criteria of the firewall and functionality. We can get all the logs related to this and each and every packet. I like that the firewall is working as an application. The application-based entity we have deployed is well maintained and working very well. We were able to find lots of vulnerabilities when we deployed it, but we could not disclose all. But there were vulnerabilities we could block by updating the firewall and taking actions on clientside machines. So, we got to know that we have lots of vulnerabilities inside the organization too, and we took lots of steps and resolved the number of vulnerabilities. Palo Alto Networks NG Firewalls is an all-in-one solution. It provides every entity log, which is a very good functionality of this firewall. It gives every packet and aspect that the firewall is performing through its logs, and it does it very well. This firewall's unified platform helped eliminate multiple network security tools. If anyone uses P2P sites, cryptocurrency websites, or any illegal sites, we can block it easily. It gives us a proper alert for these kinds of sites, and it properly secures our network. Monitoring is the best thing we are doing here, and we can block this kind of vulnerability as soon as it comes to us."
"The performance of Palo Alto Networks NG Firewalls is the most valuable feature."
"I'm using most of its features such as antivirus, anti-spam, and WAF. I'm also using its DNS Security and DNS sinkhole features, as well as the URL filtering and application security features."
"With App-ID, we can identify exact traffic. Even if someone tries to fool the firewall with a different port number, or with the correct port number, Palo Alto is able to identify what kind of traffic it is."
"I like to install Palo Alto mainly on the data center side to have visibility into all VLANs. That gives full visibility into the core."
"Innovative, advanced threat protection is the most valuable feature."
"I like all the functions and features."
"You can easily integrate it with Active Directory, and you can use the GlobalProtect VPN for internal and external purposes. The URL Filtering is also clear and the application filtering is a plus. The application filtering is much better when you compare it to FortiGate or other firewall vendors."
"A lack of integration between our data centers."
"Bandwidth usage in reporting could be improved for Fortinet FortiGate."
"Fortinet could improve the windows opener or the virtual IP solutions for opening windows. The virtual IP settings need improvement as firewalls are trending in new development directions."
"I could not configure sFlow from the FortiGate graphical user interface. I realized that the sFlow configuration is available only from the CLI, and discovered that sFlow is not supported on virtual interfaces, such as VDOM links, IPsec, or GRE."
"Lacks training for new features."
"There is room for improvement related to the logging and reporting aspect."
"Fortinet FortiGate could improve by adding FortiAnalyzer to its solution, we should not have to use another solution. FortiAnalyzer can provide more detailed information."
"Fortinet FortiGate can be integrated with different platforms. They have integrations in place, but I can't say they're 100%."
"The users must buy FortiSIEM to get advanced analytics."
"We have had some stability issues."
"The solution is fairly complex."
"To improve FortiGate-VM, Fortinet needs to harden it more. For example, if you are using Hyper-V, then you need guidelines for hardening FortiGate-VM that are specific to the Hyper-V environment. If it's VMware, there should be at least a guideline on how to harden the firewall."
"The one thing that could be improved is the integration with the exchange. The gateway level controls can be enhanced a bit more. For example, it's still little here and there. You do get malicious attacks and suspicious emails like spam. It's not like Sophos where we got a lot of spam email, and yet, it's still relatively vulnerable. It can be upgraded, maybe with a fifth-generation firmware that it is ready for unknown threats."
"The solution's web-filtering configuration could be better."
"The product's initial setup phase is a bit complex."
"VM should be more optimized."
"Lacks mobility between on-prem and cloud based."
"I would like them to improve their GUI interface, making it more user-friendly."
"In the last three years at least, they have been lagging behind their competitors. The main issue is the support that we can get... You have to wait for them to get back to you and sometimes it's random. And the biggest problem I have is that you have to wait hours on the line when you're calling them to get a hold of the next available engineer."
"With new features and applications you get bugs."
"Its reporting can definitely be improved. I would like to have better graphical dashboards and more widgets for more clarity in the reporting area. In a third-generation firewall, you can generate some dashboards. It provides the information that we need, but from the C-level or a higher-level perspective, it is kind of rough and incomplete. Its data loss prevention (DLP) feature is not good enough. Currently, this feature is very basic and not suitable for enterprises. It would be nice if they can include a better DLP feature like Fortinet. We would like to have a local depot of Palo Alto in Latin America. Competitors such as Cisco and Check Point have a local depot here. If there is an issue with their hardware, you can go to the depot, and in about four hours, you can get a replacement device, but that's not the case with Palo Alto Networks because we need to import from Miami. It takes about two to three weeks."
"I would like integration with Evident.io and RedLock."
"Once in a while, they have new features being released that can be buggy. My criticism is more general to all sorts of network or security devices. In general, everybody is releasing less-tested software. Then, it usually ends up that the first few customers who get a new release need to end up troubleshooting it."
"As things are evolving, we want to make sure that Palo Alto is able to keep up with what is going on outside. They should continue to do more intelligence-related enhancements and integrate with some of the other security tools. We want to have a more intelligent toolset down the road."
More Palo Alto Networks NG Firewalls Pricing and Cost Advice →
Fortinet FortiGate-VM is ranked 9th in Firewalls with 113 reviews while Palo Alto Networks NG Firewalls is ranked 6th in Firewalls with 162 reviews. Fortinet FortiGate-VM is rated 8.4, while Palo Alto Networks NG Firewalls is rated 8.6. The top reviewer of Fortinet FortiGate-VM writes "An easy-to-manage and configure tool that provides ample documentation to help with the setup phase". On the other hand, the top reviewer of Palo Alto Networks NG Firewalls writes "We get reports back from WildFire on a minute-by-minute basis". Fortinet FortiGate-VM is most compared with Azure Firewall, Palo Alto Networks VM-Series, Fortinet FortiOS, OPNsense and Cisco Secure Firewall, whereas Palo Alto Networks NG Firewalls is most compared with Check Point NGFW, Azure Firewall, Meraki MX, Sophos XG and Netgate pfSense. See our Fortinet FortiGate-VM vs. Palo Alto Networks NG Firewalls report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
In the best tradition of these questions, Feature-wise both are quite similar, but each has things it's better at, it kind of depends what you value most.
PA is good at app control, web filtering and such like, they have always been top of the pile there. The GUI is very good, and their product is very user-focused.
Fortinet is good for scalability and predictable high throughput (ASICs in the hardware), and useful things like authentication flexibility, CLI config (if you have any networking/Cisco people, they always seem to prefer CLI over GUI) and have better OT features, maybe relevant to your manufacturing use?
Fortinet seem to have a broader integration offering with their security fabric than PA do, plus they can do Fortinet-based wifi, switching, etc. Depends if you are prepared to go all-in with a single vendor.
Hi,
Both FT and PA have compelling features for large Enterprises. I would like to add a few good points about Fortinetwhich might be helpful ( from my 13 years of engagement with them as Distributor and Partner)
Fortinet:
Have higher throughput; which comes with competitive rates
Wide range of models to select to meet your requirement, without spending heavliy
Outstanding customer support and very active customer care team
Easly available skilled resources from the channel for deployment and post-implementation support
Regards
Abhilash
Hello. The question is what you are going to have as a result of application