We performed a comparison between Palo Alto Networks NG Firewalls and Palo Alto Networks VM-Series based on real PeerSpot user reviews.
Find out in this report how the two Firewalls solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
"Virtual Domains (VDOMs) are a feature that we found valuable."
"LinkGreat firewall capabilities"
"Anti-Spam web content filterinG."
"Whenever we raise a complaint with FortiGate, their response and resolution times are minimal."
"Fortinet FortiGate is a security device. It can optimize security on the networks of a company. It actually protects the company from attacks from outside. With FortiGate, you can categorize the users. You can create a group of users that can access all of the websites for their work. You can limit other users' access."
"It is easy to use. We chose this product for the possibility to have virtual domains (VDOMs). We are building another company in the group, and we would like to split the firewalling rules and policies between these two companies. Each company would be able to manage its own policies and security rules, which is an advantage of Fortinet FortiGate. We can define VDOMs, and every company can manage its own VDOM as if it has its own physical firewall, but in fact, we would be using the same physical appliance because we are also using the same internet lines. So, it allows us to reuse the existing resources without the disadvantage of having to compromise on policies and security. Each company can choose its own way of working."
"From the firewall perspective, the rules and policies are very sufficient and easy to use."
"The most valuable features are the enterprise modeling and the simple interface."
"It is critical that Palo Alto Networks NG Firewalls embeds machine learning in the core of the firewall to provide inline, real-time attack prevention. In my environments, we have an integration with a third-party vendor. As soon as there is new information about new threats and the destination that they are trying to reach on any of our network devices, that traffic will be stopped."
"The structure is much faster and more sophisticated than Cisco."
"It is very scalable."
"We have found the SSL decryption within this solution to be great; you can enable this feature and have the ability to see more of what is happening across your network."
"Palo Alto offers better Layer 7 protection than competing solutions by Cisco and Fortinet. I also like the VPN client more. The interface is simple, so administrators can deploy and configure it much faster than other firewalls"
"The most valuable features are the IPS/IDS subscriptions."
"The solution is very stable."
"The WildFire reporting and Cortex XDR platform have huge infrastructures in the cloud that secures the network against threats. So, we have the potential on the system, specifically for users, where we take care of this since the user is the most dangerous. We get reports back from WildFire on a minute-by-minute basis, rather than a daily or weekly update like I used to with different AV vendors. These features can detect viruses and malware more quickly, which is super important."
"The VM-Series reports how much bandwidth a particular IP is using. You don't need to regularly log into a website, like a Cisco command, to see what kind of ACL it's getting. There isn't an ACL use portal event. You can go there and see how much my ACL has been getting me."
"The most valuable feature is the Posture Assessment."
"A solid operating system with all the necessary data center security features."
"The tool's cloud version makes application migration easy."
"The most effective features of the solution for threat prevention are Layer 7 inspection, SSL decryption, IPS, and the web filtering profile."
"The VM-Series scalability is fast and easy to implement, improving our security posture as our Azure network grows."
"What I like about the VM-Series is that you can launch them in a very short time."
"The interface with Panorama makes it very easy to use."
"Its reporting and pricing need improvement."
"Quality control on their firmware versions needs improvement. When they introduce new firmware, there tend to be bugs."
"The firewall engine is not so strong as of now, in my opinion... My second concern is that, while they have Zero-day vulnerability and anti-malware features, the threat engine needs to be strengthened, its efficiency can be increased."
"There are a lot of bugs I have found in the solution and it is difficult to upgrade. These areas need improvement."
"Scalability for Fortinet FortiGate needs to be improved. SD-WAN security for this solution also needs some improvement."
"MTBF: Hardware failure is more common when compared to SonicWall or Cisco ASA."
"I would suggest that Fortinet add sandboxing to their solution."
"Application management can be improved."
"The biggest thing that needs to be improved with them is their training. I took a training class for the 8.0 build, then I took it again for the 9.0 and 10 builds. They add new features every time that they do a new major release, but the training doesn't keep up. It is the same basic training that probably was with the 3.0 build, and they just change the screenshots. I would love to see them do some more work since they have all these bells and whistles, but we don't know how to use those features on a large scale."
"The scalability of the firewalls could be improved."
"There is a web-based GUI to do management, but you need to know how the machine or firewall operates. There are hundreds of different menus and options. I have used other firewalls before. Just implementing or designing a policy with Palo Alto, if you want a certain port to be open to different IP addresses, then that could take 20 to 25 clicks. That is just testing it out. It is quite complex to do. Whereas, with other places, you tell it, "Okay, I want this specific port open and this IP address to have access to it." That was it. However, not with Palo Alto, which is definitely more complex."
"The solution could be more cost-effective."
"Everything has been great. More machine learning would be something great to see, but I don't know if it's a priority for Palo Alto."
"Personally, I feel that their dashboards for reporting and things like that need some improvement."
"They could improve their support and pricing and maybe integration. It's a little more expensive that Check Point but the quality is better. Integration with firewall endpoints could be better. Palo Alto does have very good malware or antivirus protection. I think they could improve on that front."
"Its price can be better. They should also provide some more examples of configurations online."
"There's room for improvement in terms of integration with the load balancer. It isn't like Fortinet, which has a load balancer built into its firewall. It is effortless to integrate within the load balancer-plus-firewall solution."
"The solution's licensing could be improved, and training should be included before installation."
"There could be dynamic DNS features similar to Fortinet in the product."
"There should be an option for direct integration with the Azure platform."
"The command-line interface is something that some people struggle with and I think that they should have an option to go straight to the GUI."
"There is no proper support channel to follow up on cases."
"The solution must improve Zero Trust integration and use cases."
"Palo Alto is that it is really bad when it comes to technical support."
More Palo Alto Networks NG Firewalls Pricing and Cost Advice →
Palo Alto Networks NG Firewalls is ranked 6th in Firewalls with 161 reviews while Palo Alto Networks VM-Series is ranked 10th in Firewalls with 52 reviews. Palo Alto Networks NG Firewalls is rated 8.6, while Palo Alto Networks VM-Series is rated 8.6. The top reviewer of Palo Alto Networks NG Firewalls writes "We get reports back from WildFire on a minute-by-minute basis". On the other hand, the top reviewer of Palo Alto Networks VM-Series writes "Many features are optimized for troubleshooting real-time scenarios, saving a lot of time". Palo Alto Networks NG Firewalls is most compared with Check Point NGFW, Azure Firewall, Meraki MX, Sophos XG and Netgate pfSense, whereas Palo Alto Networks VM-Series is most compared with Azure Firewall, Fortinet FortiGate-VM, Cisco Secure Firewall, Juniper SRX Series Firewall and Huawei NGFW. See our Palo Alto Networks NG Firewalls vs. Palo Alto Networks VM-Series report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
In the best tradition of these questions, Feature-wise both are quite similar, but each has things it's better at, it kind of depends what you value most.
PA is good at app control, web filtering and such like, they have always been top of the pile there. The GUI is very good, and their product is very user-focused.
Fortinet is good for scalability and predictable high throughput (ASICs in the hardware), and useful things like authentication flexibility, CLI config (if you have any networking/Cisco people, they always seem to prefer CLI over GUI) and have better OT features, maybe relevant to your manufacturing use?
Fortinet seem to have a broader integration offering with their security fabric than PA do, plus they can do Fortinet-based wifi, switching, etc. Depends if you are prepared to go all-in with a single vendor.
Hi,
Both FT and PA have compelling features for large Enterprises. I would like to add a few good points about Fortinetwhich might be helpful ( from my 13 years of engagement with them as Distributor and Partner)
Fortinet:
Have higher throughput; which comes with competitive rates
Wide range of models to select to meet your requirement, without spending heavliy
Outstanding customer support and very active customer care team
Easly available skilled resources from the channel for deployment and post-implementation support
Regards
Abhilash
Hello. The question is what you are going to have as a result of application