Here it is… The matchup everyone’s been waiting to see. FortiGate vs Palo Alto. For any large-scale network, the next-generation firewall is a very important asset. It offers more than just a stateful network firewall. It has things like URL filtering, intrusion prevention, and application control. Plus, it will have frequently enhanced threat prevention features like Sandboxing. Two of the very best next-generation firewalls are Palo Alto and Fortinet. They have almost all the features of next-generation firewalls. But there are some differences.
Of course, instead of an exhaustive, winner-take-all contest, this is meant to be a helpful comparison between two very good choices. The goal is to provide clarity on what distinguishes these two product families.
Corporate Armor can happily recommend both FortiGate and Palo Alto security appliances readily. However, knowing what delineates them might be helpful when it comes time for you to shop for a firewall. These are both very popular lines. The FortiGate FG80F, from $999, and the PA-440 are both popular, and are fairly comparable in price and capability. In this case, the Palo Alto PA-440 is going to be over $200 higher in price, for the hardware. So keep this in mind.
FortiGate according to real users
FortiGate’s SSL-VPN is generally highly regarded and reliable. Plus, Fortinet Secure SD-WAN delivered comparably total cost of ownership per Mbps among other vendors. This dollar-value is often cited in customer reviews of FortiGates. And, being Fortinet, the actual security features will be about the best you’ll see. Customer’s also like Fortinet’s clear and straightforward pricing structure. When performance vs price is important in the decision making, Fortinet is tough to beat. The company has a robust firewall with high-quality hardware, visibility, reporting, and easy deployment.
Palo Alto according to real users
Palo Alto’s Application Command Center enables it to understand the flows and risks of applications quickly. Large and infrequent releases are named as a drawback, and also Palo Altos are known to be expensive. However, users generally declare great satisfaction and loyalty.
FortiGate vs PaloAlto Head to head
Both Fortinet and Palo Alto excel in independent tests. In comparable models, Palo Alto edged Fortinet in firewall performance, while Fortinet won out in security efficiency. This is according to NSS Labs.
In terms of implementation and management, Fortinet is a bit easier to understand, read, and afford. Palo Alto is more complex, but very feature-rich.
Also according to NSS, Fortinet wins the TCO metric handily. They came in at $2.00 per protected Mbps whereas Palo Alto was at $7.00.
Support
Palo Alto has pretty strong direct support from vendors, whereas Fortinet depends more on the quality of their partner channel. The stability of the fairly rare) major updates to Palo Alto has received complaints at times.
Palo Alto always rates well with analysts and end users, because of their numerous advanced features. However, you do pay for them. They compensate for their relatively high price with high performance, whereas Fortinet fairly dominates the metric of highest-value for the money. With Palo ALto, you pay for what you get, with Fortinet, you get (arguably) more than you pay for.
Performance
Most FortiGates have specialized acceleration hardware called Security Processing Units. These offload resource-intensive processing from the CPU. Most FortiGates also include specialized content processors that accelerate a wide range of essential security processes like virus scanning, attack detection, encryption, and decryption. Many also contain security processors that accelerate processing for specific security features like IPS and network processors. Hence the speed that Fortinets are known for.
The strength of the Palo Alto firewall is its single-pass parallel processing engine. Each feature in the device (antivirus, anti-spyware, data filtering, and vulnerability protection) uses the same stream-based signature format. As a result, the SP3 engine can search for all these risks simultaneously.
The advantage of this is that the traffic is scanned with a minimal amount of buffering as it traverses the firewall. This speed enables it to configure advanced features, such as scanning for viruses and malware, without slowing the firewall’s performance. Palo Alto also has processors dedicated to specific security functions that work in parallel.
And of course, Corporate Armor is quite happy and able to help you with any further questions you might have. We have years of experience with both Fortinet and Palo Alto. So email us or call 877-449-0458. Thanks for reading!
Comparables | FortiGate 80F | Palo Alto PA-440 |
Firewall Throughput | 10 Gbps | 3 Gbps |
SSL VPN Throughput | 950 Mbps | 850 Mbps |
IPsec VPN Throughput | 6.5 Gbps | 1.6 Gbps |
Threat Prevention Throughput | 900 Mbps | 1 Gbps |