We performed a comparison between Fortinet FortiGate-VM and Palo Alto Networks NG Firewalls based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Fortinet FortiGate-VM is highly regarded for its robust security features, including geofencing, firewalling, IPS, antivirus, and a user-friendly interface. Palo Alto Networks NG Firewalls excel in embedded machine learning, real-time attack prevention, and the ability to accurately identify applications.
Fortinet FortiGate-VM needs enhancements in key activation, log management, cloud management, MFA offerings, web filter options, application inspection, GUI features, bandwidth issues, VPN connectivity, pricing, performance, and documentation. Palo Alto Networks NG Firewalls require improvements in SD-WAN customization, best practices, machine learning capabilities, troubleshooting tools,next-generation capabilities, rule creation, monitoring interface, bug fixing, configuration support, IoT security, traffic shaping, machine learning for virus prevention, security functions, usability, training programs, SSL inspection, external dynamic list feature, internet filtering, API integration, and bug fixing.
Service and Support: Some customers have praised the support team of Fortinet FortiGate-VM for their quick response times and knowledge. However, other customers have mentioned slow response times and difficulties in finding information quickly. Customer service for Palo Alto Networks NG Firewalls has received mixed reviews. Some customers have praised the knowledgeable support team and timely issue resolution. However, others have mentioned difficulties in reaching the support team and issues with the support ticketing system.
Ease of Deployment: The setup process for Fortinet FortiGate-VM is generally straightforward and easy, while Palo Alto Networks NG Firewalls is not complex and easy. Prior knowledge can simplify Fortinet's setup, whereas Palo Alto may require proper planning.
Pricing: Fortinet offers flexible pricing options with no extra expenses, while Palo Alto is considered pricier. Nevertheless, Palo Alto is known for its reliability and high performance as a firewall solution.
ROI: Fortinet FortiGate-VM offers enhanced stability and heightened security. Palo Alto Networks NG Firewalls provide greater visibility, reporting capabilities, and streamlined management.
Comparison Results: Fortinet FortiGate-VM is the preferred solution as it is highly recommended due to its easy setup, robust security features, cost-effectiveness, and satisfactory ROI. Users find it user-friendly, easy to deploy, and with an intuitive interface.
"The user interface is relatively easy. The devices are easy to deploy and figure out when you have experience with other security appliances."
"You can create multiple Virtual Domains (VDOMs), which are treated as separate firewall instances."
"It's user-friendly and easy to operate."
"This is a quality product with ok support, and it is better than the competition we've tried."
"Their interface is very easy to use, it is without bugs."
"We can use our devices to check all of the perimeters. It secures email websites."
"Anti-Spam web content filterinG."
"Virtual Domains (VDOMs) are a feature that we found valuable."
"One top feature is the ability to use the appliance as a WLAN controller for up to 10 access points with the new 5.6 firmware."
"FortiGate-VM has many valuable features: it's easy to use, it's intuitive, it's got very good traffic inspection features, it's got comprehensive filtering categories, and it has an extensive threat database, using FortiGuard."
"While the stability maybe isn't quite to the level of Cisco, it is a very cost-effective solution. It's cheap compared to Cisco."
"Overall, it's an excellent solution."
"The web GUI is easy to use."
"The user interface is the most valuable aspect of the solution."
"Its interface is good. It comes with a lot of features, and its performance is also very good."
"I rate the tool's stability a ten out of ten."
"Palo Alto Networks NG Firewalls saves us time."
"It's a next-generation firewall and it's pretty stable. You don't have to worry about if you restart it for some maintenance. It will just come back."
"All the features are valuable, but my main one is the straightforward and well-designed GUI. I'm over 50 and have been in this business since the internet started. I'm not a GUI guy; I prefer using the command line. The product's GUI is excellent, and so is the threat intelligence. It's also straightforward to configure and flexible. The solution even has good networking, such as VLAN and subinterfaces, which is great because, in my experience, if the firewall is good, then the router usually isn't and vice-versa, but Palo Alto has both."
"I like all the threat alerts and WildFire. I also like scanning because everything that comes into our network via customers is scanned. We're an electric company, so every one of the bills is scanned and emailed in and out of our network."
"The ease of use and the ease of configuration of our policies are the most valuable features."
"The application IDs, application controls, URL filtering, visibility, monitoring, and reporting are the most valuable features."
"The most valuable features are application inspection and sandboxing. Application inspection decides where traffic is transmitted. If I have a perimeter report for a particular service, then other services or malicious services cannot use an open port. In this way, application inspection is doing a fantastic job. We also have a very good sandbox with almost no rate limit. It will inspect any file that comes in and goes out in a dedicated patch to identify malware. Therefore, these two things help me to protect our organization from any bad actors."
"The most important part of this solution is its reliability, as it just works without any fancy features."
"The product does need better support in the cloud environment. It's not exactly cloud-native right now."
"The non-error conserve mode has room for improvement."
"We sometimes have issues with FortiGate's routing table in the latest firmware update. We had to downgrade the device because our customers complained about bugs."
"There are a lot of bugs I have found in the solution and it is difficult to upgrade. These areas need improvement."
"I think the only issue that needs improvement is the interface."
"It should provide better visibility over the network and more information in the form of reports for the end users. Its installation should also be easier."
"Its reporting and pricing need improvement."
"For the migration, everyone has a firewall in use and I am selling Fortinet. Typically, I am replacing another firewall. Previously, there was a tool available to convert configurations from one firewall, such as Palo Alto, to Fortinet, but this tool is no longer free. If it could be made free again, it would be very beneficial."
"The key activation is very complicated at times."
"New versions are complicated with a big configuration."
"The one thing that could be improved is the integration with the exchange. The gateway level controls can be enhanced a bit more. For example, it's still little here and there. You do get malicious attacks and suspicious emails like spam. It's not like Sophos where we got a lot of spam email, and yet, it's still relatively vulnerable. It can be upgraded, maybe with a fifth-generation firmware that it is ready for unknown threats."
"We have encountered certain issues with the bandwidth in respect of the security layer."
"They could provide more integration options with different platforms."
"Fortinet devices are acknowledged as highly potent and come with a notable cost. These devices offer extensive visibility, an array of configurations, and a range of security features. However, there's room for enhancement in their routing and switching security aspects, akin to Cisco's offerings. A noteworthy aspect here is Meraki, which offers cloud controllers. If FortiGate were to introduce a similar cloud management solution, it could strongly compete with both Meraki and Cisco products. Cisco operates in two sectors: enterprise and SMB. Particularly in the SMB market, they hold sway due to their convenient cloud management features. For instance, Meraki's cameras and wireless access points can be easily controlled through their cloud management portal. If FortiGate were to provide cloud-based management solutions for SMB customers, it could cater to a significant portion of the market, considering that a substantial number of customers fall within the SMB and mid-level enterprise categories."
"The solution is fairly complex."
"The GUI could be improved."
"In terms of what could be improved, comparatively the price is very high. That would be the one thing."
"We're working with the entry-level appliances, so I don't know what the higher-end ones are like, however, on the entry-level models I would say commit speeds need to be improved."
"Technical support can be faster at responding."
"The biggest thing that needs to be improved with them is their training. I took a training class for the 8.0 build, then I took it again for the 9.0 and 10 builds. They add new features every time that they do a new major release, but the training doesn't keep up. It is the same basic training that probably was with the 3.0 build, and they just change the screenshots. I would love to see them do some more work since they have all these bells and whistles, but we don't know how to use those features on a large scale."
"We are not happy with Palo Alto at all. It would be better if they provided more support for the firewall. We have a few pending issues with the configuration for each application. We cannot deploy them yet due to some support-related problems in the firewall. We have deployed a few policies for DNS spoofing and DNS attacks, but we could only block a few IP addresses through the policy. That's DNS security, and we have configured a few policies for DNS spoofing and more. URL categorization and URL filtering are not yet adequately maintained. For example, if you created a few rules in the rule-based configuration and made some rules downstairs, you will lose some of them if you give access upstairs. It's not giving us a proper solution for which route it is using. We need to apply the application-based policies and URL filtering-based policies. It creates more issues because we are not getting good support from the team."
"People sometimes find it more expensive as compared to other solutions. There are also fewer training opportunities for Palo Alto than Cisco and other vendors."
"The analysis of the ITS ID by Palo Alto Networks NG Firewalls could be improved."
"The performance of the Panorama interface needs to be improved. It tends to be very sluggish at times."
More Palo Alto Networks NG Firewalls Pricing and Cost Advice →
Fortinet FortiGate-VM is ranked 9th in Firewalls with 113 reviews while Palo Alto Networks NG Firewalls is ranked 6th in Firewalls with 163 reviews. Fortinet FortiGate-VM is rated 8.4, while Palo Alto Networks NG Firewalls is rated 8.6. The top reviewer of Fortinet FortiGate-VM writes "An easy-to-manage and configure tool that provides ample documentation to help with the setup phase". On the other hand, the top reviewer of Palo Alto Networks NG Firewalls writes "We get reports back from WildFire on a minute-by-minute basis". Fortinet FortiGate-VM is most compared with Azure Firewall, Palo Alto Networks VM-Series, Fortinet FortiOS, OPNsense and Cisco Secure Firewall, whereas Palo Alto Networks NG Firewalls is most compared with Check Point NGFW, Azure Firewall, Meraki MX, Sophos XG and Netgate pfSense. See our Fortinet FortiGate-VM vs. Palo Alto Networks NG Firewalls report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
In the best tradition of these questions, Feature-wise both are quite similar, but each has things it's better at, it kind of depends what you value most.
PA is good at app control, web filtering and such like, they have always been top of the pile there. The GUI is very good, and their product is very user-focused.
Fortinet is good for scalability and predictable high throughput (ASICs in the hardware), and useful things like authentication flexibility, CLI config (if you have any networking/Cisco people, they always seem to prefer CLI over GUI) and have better OT features, maybe relevant to your manufacturing use?
Fortinet seem to have a broader integration offering with their security fabric than PA do, plus they can do Fortinet-based wifi, switching, etc. Depends if you are prepared to go all-in with a single vendor.
Hi,
Both FT and PA have compelling features for large Enterprises. I would like to add a few good points about Fortinetwhich might be helpful ( from my 13 years of engagement with them as Distributor and Partner)
Fortinet:
Have higher throughput; which comes with competitive rates
Wide range of models to select to meet your requirement, without spending heavliy
Outstanding customer support and very active customer care team
Easly available skilled resources from the channel for deployment and post-implementation support
Regards
Abhilash
Hello. The question is what you are going to have as a result of application