We performed a comparison between Palo Alto Networks and pfSense based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: pfSense has an edge in this comparison as it is a free, open-source solution while Palo Alto Networks is considered expensive by its users.
"Fortinet FortiGate protects against internet-based threats, both internal and external. It is scalable, stable, easy to use, and easy to install."
"I am "headache free" that I don't have to categorize all the websites and that security has been pre categorized by the people, and that the services are getting updated. At least one part of my problem is over."
"The signature database and zero-day detection are Fortinet FortiGate's most valuable features."
"We use a southern institution that's audited for IT security and the reporting that automatically comes off the unit makes it much easier to meet compliance standards and makes it easier as far as the amount of time that has to be spent to compile that information. If you get your reporting set up correctly when you initially set it up, you just select the one you want and hit print. The auditing trail on it is the best feature."
"I like Fortinet's cloud management. It allows me to manage all my devices in different branches for three cloud accounts. Even though I use on-prem devices, I can manage everything on the cloud."
"The security fabric is excellent."
"One of the nice things about FortiGate is that it can be deployed on the cloud or on-premises. You can actually do both. That's the biggest reason why I stick with this solution as opposed to something like Cisco Meraki. Another nice thing is that I can log directly into a FortiGate or get to it through their FortiCloud access products. They're pretty reliable and consistent. One of the reasons why I started using the product was their single pane of management. I can deploy their line of firewalls in conjunction with their switching and access points, and I can manage the entire network from one interface. I don't have to log into one interface for the firewall, another one for the access points, and another one for the switches. These firewalls have access point controller functionality built right into the system, so I don't even have to purchase additional devices to manage them."
"The SD-WAN is the most valuable feature."
"The initial setup is not complex."
"We can run it on any hardware."
"Centralized administration with multiple services, which allows for execution in several important functionalities of information security."
"I have found pfSense to be stable."
"It is a very good solution for enterprises that need a VPN for their employees. It is the best way to provide a remote work facility to employees at a very low cost. Other solutions that I have had in the past were very expensive. Enterprises don't always have that kind of money to invest."
"The most valuable feature, for instance, is the ease of migrating configurations between different Netgate devices housed in the same box."
"It is effective. We have not had any problems."
"Creation of certificates and the facility to administer services are valuable features."
"One of the best firewalls on the market."
"We standardized on the product and got rid of several other types of firewalls from different vendors."
"The key aspect of this solution that provides the most value is its next-gen capabilities, which represented a significant change for us."
"The application control portion of the solution is its most valuable aspect."
"It has the typical features of a next-generation firewall. It can do application control, antivirus, content filtering, etc."
"It's quite nice. It's very user-friendly, powerful, and there are barely any bugs."
"Ability to log each and every application."
"In my opinion, Palo Alto has consistently been one of the best firewalls for enterprise security."
"Lacks training for new features."
"It claims it does DLP, but the degree and level of controls are very basic."
"My only complaint about FortiGate is a lack of QinQ VLAN tunneling. I haven't found this feature in any Fortinet product. You can do this on all Cisco routers, including the smaller models. However, QinQ isn't available on the biggest, most expensive Fortinet units. They still don't have that. I think now we're on software version 6.0, and they still haven't found a solution for QinQ. It isn't a dealbreaker, but that's my main complaint."
"Vulnerability scanning could be improved."
"The Wi-Fi controller needs a lot of improvement."
"The customization could be improved. Cisco, for example, is much better at this. They need to work to be at least as good as they are."
"There are mainly two areas of improvement in Fortinet FortiGate— the licensing cost and the timing of upgrading licenses for boxes."
"It should have a better pricing plan. It is too expensive. It should also have a more granular view of the attack. I don't have FortiAnalyzer, and it is difficult for me to have a complete view when there is an attack on my server."
"The hotspot and the portal feature in this solution are not stable for WiFi access. We use it at least once or twice every day and it crashes. Some modules can be better by improving detection and having new updates. Additionally, we have some issues with clustering and load balancing that could improve."
"We are at the moment looking to use it as a proxy service so that we can limit what websites people go and view and that sort of thing. That's an area I've struggled with a little bit at the moment and it could be a bit easier to set up."
"Netgate pfSense needs to improve the configuration for a VPN."
"The user interface can be improved to make it easier to add more features. And pfSense could be better integrated with other solutions, like antivirus."
"Ease of use is a problem for a user who is unfamiliar with this product because, in the interface, everything has to be set manually."
"The solution could be more user-friendly, and the graphical interface needs some work so that someone without an IT background can use the application. I would like the ability to manage the on-premise appliance from the cloud. When I'm not in the office, it would be great to connect to the pfSense server and administer the network remotely."
"They could improve their commercial stance and be more agile when it comes to the commercial pricing of enterprise deals."
"ClamAV AntiVirus can cause some crashes. That service should be improved."
"I would like them to improve their GUI interface, making it more user-friendly."
"The cost of the device is very high."
"Its reporting can definitely be improved. I would like to have better graphical dashboards and more widgets for more clarity in the reporting area. In a third-generation firewall, you can generate some dashboards. It provides the information that we need, but from the C-level or a higher-level perspective, it is kind of rough and incomplete. Its data loss prevention (DLP) feature is not good enough. Currently, this feature is very basic and not suitable for enterprises. It would be nice if they can include a better DLP feature like Fortinet. We would like to have a local depot of Palo Alto in Latin America. Competitors such as Cisco and Check Point have a local depot here. If there is an issue with their hardware, you can go to the depot, and in about four hours, you can get a replacement device, but that's not the case with Palo Alto Networks because we need to import from Miami. It takes about two to three weeks."
"As part of our internet filtering, we integrate heavily with Active Directory, and we use security groups to separate staff into two groups: those who should have full access to the internet and those who should have limited access. It may be just the way the topology is for our domain controllers and that infrastructure, but at peak usage, there seems to be a delay in reading back against the security group to find out what group the user is in."
"Support should be improved, wait times can be long."
"This is a difficult product to manage, so the administrator needs to have a good knowledge of it, otherwise, they will not be able to handle it properly."
"Everything has been great. More machine learning would be something great to see, but I don't know if it's a priority for Palo Alto."
"The customer-facing side needs to be improved in terms of the engagement and involvement of support staff."
More Palo Alto Networks NG Firewalls Pricing and Cost Advice →
Netgate pfSense is ranked 1st in Firewalls with 128 reviews while Palo Alto Networks NG Firewalls is ranked 6th in Firewalls with 161 reviews. Netgate pfSense is rated 8.6, while Palo Alto Networks NG Firewalls is rated 8.6. The top reviewer of Netgate pfSense writes "User-friendly, easy to manage the firewall, rule-wise and interface-wise". On the other hand, the top reviewer of Palo Alto Networks NG Firewalls writes "We get reports back from WildFire on a minute-by-minute basis". Netgate pfSense is most compared with OPNsense, Sophos XG, Sophos UTM, KerioControl and Check Point NGFW, whereas Palo Alto Networks NG Firewalls is most compared with Check Point NGFW, Azure Firewall, Meraki MX, Sophos XG and Cisco Secure Firewall. See our Netgate pfSense vs. Palo Alto Networks NG Firewalls report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.