Palo Alto Networks’ and Fortinet’s next-generation firewalls (NGFWs) both made eSecurity Planet‘s list of top NGFW vendors, so both have plenty to offer enterprise security buyers. There are important differences between the two, however. What follows is a look at the key features of each company’s offerings, as well as their strengths and weaknesses.
The Bottom Line
Fortinet and Palo Alto firewalls are highly rated by analysts and users and in independent tests, but there are key differences between the two in price, performance and cloud features. Fortinet is hard to beat for users whose top criteria is price/performance, while Palo Alto is more expensive – but frequently comes out of buyer evaluations with the highest overall score because of its advanced features.
NSS Labs rated Fortinet the top value of the firewalls it tested (at a total cost of ownership per protected Mbps of just $2), while still offering strong security and performance. Palo Alto’s firewalls are pricier, but customers say they make up for it with their ability to meet performance requirements in production environments, as well as their cloud features and support. The decision between the two thus comes down to a buyer’s needs and budget.
Palo Alto Product Highlights
Overview: Palo Alto Networks’ NGFWs inspect all traffic (including applications, threats and content), and tie it to the user, regardless of location or device type. The company’s NGFWs are available in purpose-built hardware appliances, ranging from the PA-200 to the high-end PA-7000 Series (with threat prevention throughput of 100 Gbps), and as virtual appliances supporting a wide range of cloud environments.
Recent developments: Palo Alto recently released version 8.1 of the PAN-OS operating system, adding more than 60 new features, including more granular control of SaaS applications and expanded SSL decryption capabilities.
Analysts’ take: Gartner reports that Palo Alto’s WildFire sandboxing option is one of the best among firewall vendors, and its Application Command Center makes it easy to understand application flows and risks. Drawbacks include the stability of large, infrequent releases, as well as price and performance hits when managing a large number of appliances, but the research firm says users generally report high satisfaction and loyalty.
Fortinet product highlights
Overview: Fortinet’s FortiGate NGFWs provide full visibility into users, devices, applications and threats on the network, reducing complexity and improving overall security posture. The company’s appliances are available with multiple 100 GbE interfaces to deliver scalable security services at high speeds.
Recent developments: Fortinet recently launched version 6.0 of its FortiOS operating system, adding enhanced management and analytics, extended multi-cloud support, advanced threat protection, unified access, and extended support for Web applications, email, IoT and endpoint security.
Analysts’ take: Gartner says that when price/performance is rated highly in the evaluation, Fortinet is hard to beat – the company offers a strong firewall, with quality hardware, reporting, visibility, and ease of deployment. Still, Fortinet often comes in second to other top competitors in technical evaluations when core features like intrusion prevention, VPN, management, application control and sandboxing are heavily weighted, and lack of direct vendor support is a drawback for large enterprises.
NGFW Product Ratings and Comparisons
Here is eSecurity Planet‘s take on some key features of each product.
Security: Both vendors excel. Fortinet’s FortiGate 500E received a 99.3% security effectiveness rating from NSS Labs in just-released test results, while Palo Alto’s PA-5220 received a 98.7% rating.
Performance: Both pretty much rock. Palo Alto topped all firewalls tested by NSS Labs with 7,888 Mbps performance, while Fortinet’s 6,753 Mbps was impressive for a lower-cost solution.
Value: Fortinet’s $2 TCO per protected Mbps bested the competition in NSS evaluations, while Palo Alto’s $7 TCO came in fifth of 10 solutions tested.
Implementation and management: Fortinet users generally report an easier time. One Fortinet customer summed it up thusly: “The system is easy to understand, has great data presentation, and is affordable.” Palo Alto users might face more complexity, but praise the product’s rich features.
Support: Palo Alto comes out ahead because of direct vendor support, while Fortinet customers are largely dependent on the quality of their channel partner. The stability of Palo Alto’s large, infrequent updates is one complaint, while Fortinet users report that firmware upgrades and new features can be unequal in quality.
Cloud features: Palo Alto had a head start here – cloud application control and visibility is a particular strength – but Fortinet is investing more in its virtual firewall capabilities.
Gartner Peer Insights users give both Fortinet FortiGate and Palo Alto Networks the same average rating: 4.6 out of 5, among the highest scores. IT Central Station users give FortiGate an average rating of 8.1 out of 10, though there aren’t enough reviews posted for us to provide an average rating for Palo Alto Networks.
Fortinet FortiGate reviewers said the solution is “very stable, easy to troubleshoot and configure,” “the graphical interface is complete and easy to use,” and the company boasts a “prompt and knowledgeable” support team. Still, some reviewers said the throughput on smaller appliances could be better.
Palo Alto Networks VM Series reviewers said the solution is “reliable and the support is very good.” Others said it’s “very stable” and noted that they “now know a lot more detail about what our users are doing on the network.” Some reviewers complained about the user interface, saying it can be sluggish.
Palo Alto’s NGFWs are available as hardware appliances (PA Series), as well as the VM Series for use in a virtualized or cloud environment.
Fortinet’s NGFWs are available as an appliance, virtual machine, and in the cloud, with the same solution available across top public cloud platforms.
Palo Alto Networks offers a wide range of NGFW options. The company’s most recently released appliances, the PA-220R (ruggedized), PA-3200 Series and PA-5280, range in price from $2,900 to $200,000, while the base PA-220 lists at $1,000. The 220 offers 100 Mbps VPN throughput and 64,000 sessions; the 5280 offers 24 Gbps VPN throughput and 64 million sessions. The PA-5220 tested by NSS sells for around $70,000, with support packages extra.
Fortinet’s entry-level hardware appliances start at around $500, and high-end enterprise pricing can reach $350,000 in the case of the 7060E-8. Pricing includes base pricing for hardware and services, which include FortiGuard subscription licenses and FortiCare support options. Hardware and services can be purchased as bundles or individually (a la carte). Virtual machine and cloud offerings follow a similar pricing model. The 500E tested by NSS sells from $5,000 to $22,000, depending on warranty and support level.