SonicWall’s and Fortinet’s next-generation firewalls (NGFWs) both appear on eSecurity Planet’s list of 10 top NGFW vendors, and both are highly rated by users and analysts, particularly for cost-conscious purchasers. While they share similar strengths, the biggest difference between the two is in support for cloud and virtualization technologies, where Fortinet holds a clear edge.
SonicWall Product Highlights
Overview: The SonicWall Network Security Appliance (NSA) next-generation firewalls leverage the company’s patented single-pass Reassembly-Free Deep Packet Inspection (RFDPI) engine, which examines every byte of every packet, checking both inbound and outbound traffic simultaneously. The firewalls also perform full decryption and inspection of TLS/SSL and SSH encrypted connections.
Recent Developments: SonicWall recently added more than 50 new features to its SonicOS, and updated its Capture Advanced Threat Protection (ATP) service, a cloud-based multi-engine firewall sandbox, to include a new Real-Time Deep Memory Inspection engine.
Analysts’ Take: Gartner says SonicWall is a good fit for value-conscious enterprises looking for more throughput at a reasonable price and a solid appliance that’s easy to manage. Still, the research firm says the company has been slow in providing differentiating new features and in enhancing existing capabilities, and its cloud security is less mature than that of its leading competitors.
Fortinet Product Highlights
Overview: Fortinet’s FortiGate NGFWs are designed to reduce complexity and improve overall security posture by providing full visibility into users, devices, applications and threats on the network. FortiGate appliances are built using custom-designed security processors (SPUs), and provide a fully redundant architecture to eliminate any single point of failure.
Recent Developments: Fortinet recently released version 6.0 of the FortiOS network security operating system with over 200 added features, including enhanced management and analytics as well as extended multi-cloud support.
Analysts’ Take: Gartner says Fortinet is a good shortlist candidate for all enterprise firewall appliance use cases, particularly those for whom price/performance is a key factor. Still, the research firm notes that Fortinet doesn’t offer direct vendor support, meaning that the support experience is directly impacted by the quality of the channel partner.
NGFW Product Ratings
Here is eSecurity Planet’s take on each product’s key features.
Security performance: Both products rock. SonicWall’s NSA 2650 received a 98.8% security effectiveness rating from NSS Labs in recent test results, while Fortinet’s FortiGate 500E got a 99.3% rating.
Performance: For lower-cost solutions, both perform well. SonicWall’s NGFW was rated by NSS Labs at 1,028 Mbps, while the higher-priced Fortinet appliance was rated at 6,753 Mbps.
Value: Both offerings provide very good value. Fortinet’s $2 total cost of ownership per protected Mbps led NSS Labs’ rankings, and SonicWall came in second at $4 per protected Mbps.
Implementation and management: Ease of use and implementation is a strong point for both solutions, with an edge to SonicWall. Users of both products have asked for more sophisticated reporting.
Support: SonicWall customers generally report positive experiences with support, which has improved over the past few years. Some Fortinet users say the lack of direct vendor support can be an issue, forcing issues to be escalated before they can be resolved.
Cloud features: Fortinet has a significant edge over SonicWall, with support for multiple virtualization and cloud environments.
IT Central Station users give FortiGate an average rating of 8.3 out of 10 and SonicWall NSA a 7.0 out of 10. Gartner Peer Insights users give Fortinet an average rating of 4.5 out of 5, and SonicWall an average of 4.2 out of 5.
SonicWall NSA reviewers said that after an initial learning curve, the UI is efficient and easy to use. One reviewer called the solution “easy to manage and work with,” and another noted, “Once network and firewall rules (80 percent of the complexity) were configured, content filtering, IDS/IPS and other security services were enabled with check boxes.”
FortiGate reviewers described the solution as “very stable, easy to troubleshoot and configure,” giving you a “seamless, simple integration into a large network” with a UI that’s “complete and easy to use.” Another reviewer noted that they chose Fortinet FortiGate because it’s easy to manage and uses a single OS for the entire product.
SonicWall’s NGFWs are sold as either a hardware or virtual appliance, and security services are delivered automatically from the SonicWall Capture Cloud Platform.
Fortinet’s NGFWs are available as an appliance, virtual machine, and in the cloud, with the same solution available across all leading public cloud platforms.
SonicWall’s NGFWs are sold with one-, two- or three-year Advanced Gateway Security Suite subscriptions (after a 30-day free trial) that provide a continuously updated sandbox, gateway anti-virus, intrusion prevention, content filtering, application control and technical support. Pricing for firewalls largely depends on the size of network, number of security subscription services purchased, etc. It ranges from around $500 for a small business or branch office up to around $80,000 for a large organization central office for hardware and a single year of security subscription services. The NSA 2650 tested by NSS Labs has a base list price of $2,495, though it’s widely available for under $2,000.
Each Fortinet model has a base price with service and support options available. The company’s entry-level NGFW appliances range from $430-$1,400, while mid-range enterprise NGFWs range from $2,000 to $14,000. The FortiGate 500E tested by NSS is available online starting at just over $5,400.