We just raised a $30M Series A: Read our story

Compare Fortinet FortiGate vs. Palo Alto Networks VM-Series

You must select at least 2 products to compare!
Comparison Summary
Question: Which product do you recommend: Palo Alto Network VM-Series vs Fortinet FortiGate?
Answer: I am an enterprise user of Fortigate and PA compares favorable to Fortinet. I have used Fortigate for a variety of reasons, but here are the most important reasons we use them (compared to PA)1. Price versus performance2. Fortinet has a strategic security view that is focused on security requirements rather than marketing. (PA has a distinct advantage in marketing)3. Fortinet leadership (CEO and CTO) are focused on value and long term relationships.
Featured Review
Find out what your peers are saying about Fortinet FortiGate vs. Palo Alto Networks VM-Series and other solutions. Updated: November 2021.
554,529 professionals have used our research since 2012.
Quotes From Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

"We get the Security Intelligence Feeds refreshed every hour from Talos, which from my understanding is that they're the largest intelligence Security Intelligence Group outside of the government.""Feature-wise, we mostly use IPS because it is a security requirement to protect against attacks from outside and inside. This is where IPS helps us out a bunch.""You do not have to do everything through a command line which makes it a lot easier to apply rules.""Provides good integrations and reporting.""When it comes to the integration among Cisco tools, we find it easy. It's a very practical integration with other components as well.""The most important features are the intrusion prevention engine and the application visibility and control. The Snort feature in Firepower is also valuable.""One of the most valuable features of Firepower 7.0 is the "live log" type feature called Unified Event Viewer. That view has been really good in helping me get to data faster, decreasing the amount of time it takes to find information, and allowing me to fix problems faster. I've found that to be incredibly valuable because it's a lot easier to get to some points of data now.""The most valuable feature that Cisco Firepower NGFW provides for us is the Intrusion policy."

More Cisco Firepower NGFW Firewall Pros »

"It's super reliable. I don't think I've ever had a reliability issue with it.""The next-generation firewall is great.""Its user interface is good, and it is always working fine.""What's most important is the ease of use.""The most valuable features are the possibility of having one fabric for switching on security.""The initial installation is very straightforward.""I like how we can achieve total integration.""The solution is extremely reliable."

More Fortinet FortiGate Pros »

"The most valuable feature is that you can launch it in a very short time. You don't have to wait for the hardware to arrive and get it staged and installed. From that perspective, it is easy to launch. It is also scalable.""The most valuable feature is the Posture Assessment.""The most valuable feature is that you can control your traffic flowing out and coming it, allowing you to apply malware and threat protection, as well as vulnerability checks.""The initial setup was straightforward.""The most valuable features are web control and IPS/IDS.""The most valuable features are security and support.""Palo Alto Networks VM-Series is very easy to use.""What I like about the VM-Series is that you can launch them in a very short time."

More Palo Alto Networks VM-Series Pros »

"The configuration in Firepower Management Center is very slow. Deployment takes two to three minutes. You spend a lot of time on modifications. Whereas, in FortiGate, you press a button, and it takes one second.""The solution could offer better control that would allow the ability to restrictions certain features from a website.""The intelligence has room for improvement. There are some hackers that we haven't seen before and its ability to detect those types of attacks needs to be improved.""We're getting support but there's a big delay until we get a response from their technical team. They're in the USA and we're in Africa, so that's the difficulty. When they're in the office, they respond.""FirePOWER does a good job when it comes to providing us with visibility into threats, but I would like to see a more proactive stance to it.""The product line does not address the SMB market as it is supposed to do. Cisco already has an on-premises sandbox solution.""The performance should be improved.""The central management tool is not comfortable to use. You need to have a specific skill set. This is an important improvement for management because I would like to log into Firepower, see the dashboard, and generate a real-time report, then I question my team."

More Cisco Firepower NGFW Firewall Cons »

"The solution could be more evenly structured.""I don't like that anything more than very basic reporting is not included.""Sometimes you do need to know some CLI commands, so it's a bit harder for technicians or new people that don't know it.""It should have a better pricing plan. It is too expensive. It should also have a more granular view of the attack. I don't have FortiAnalyzer, and it is difficult for me to have a complete view when there is an attack on my server.""The biggest "gotcha" is that if the client purchases what they call the UTM shared bundle, which has unified threat management on both, it's not as easy to manage if you have more than one firewall.""Some of the features in the graphical user interface do not work, which requires that we used the command-line-interface.""In terms of what could be improved, the SD-WAN is quite difficult, because if you install the new box, 15 is okay, but if you change from an old configuration, if there is already configuration and a policy when you change to SD-WAN, you must change the whole policy that you see in the interface.""In the next release, maybe the documentation on how to use this solution could be improved."

More Fortinet FortiGate Cons »

"The command-line interface is something that some people struggle with and I think that they should have an option to go straight to the GUI.""Palo Alto is that it is really bad when it comes to technical support.""It would be good if the common features work consistently in physical and virtual environments. There was an integration issue in the virtual deployment where it didn't report the interface counters, and we had to upgrade to the latest version, whereas the same thing has been working in the physical deployment for ages now. It seems that it was because of Azure. We were using VMware before, and we didn't have any such issues. We do see such small issues where we expect things to work, but they don't because of some incompatibilities. There also seems to be a limitation on how to do high availability in a virtualized environment. All features should be consistently available in physical and virtual environments. It is not always easy to integrate Palo Alto in the network management system. We would like to be able to compare two network management systems. They can maybe allow monitoring an interface through the GUI to create a reference or do a baseline check about whether your network monitoring system is actually giving you the correct traffic figures. You need traffic figures to be able to recognize the trends and plan the capacity.""The one issue that I didn't like is that the SNMP integration with interfaces didn't record the interface counters.""The implementation should be simplified.""They made only a halfhearted attempt to put in DLP (Data Loss Prevention).""It'll help if Palo Alto Networks provided better documentation.""I would like to have automatic daily reporting, such as how many users have connected via SSL VPN."

More Palo Alto Networks VM-Series Cons »

Pricing and Cost Advice
"Cisco pricing is premium. However, they gave us a 50 to 60 percent discount.""I know that licensing for some of the advanced solutions, like Intrusion Prevention and Secure Malware Analytics, are nominal costs.""This product is expensive.""The solution was chosen because of its price compared to other similar solutions.""The price of Firepower is not bad compared to other products.""Pricing is the same as other competitors. It is comparable. The licensing has gotten better. It has been easier with Smart Licensing.""It definitely competes with the other vendors in the market.""Cisco is not for a small mom-and-pop shop because of the cost, but if you're in a regulated industry where a breach could cost you a million dollars, it's a bargain."

More Cisco Firepower NGFW Firewall Pricing and Cost Advice »

"Its price is affordable and lesser than Cisco. Cisco is expensive. In terms of licensing, there is only one issue. If a customer's license has expired a month ago and they do the renewal after one month, Fortinet renews the license from the start of the previous month. The activation of the product is done from the previous month, not from the date of renewal. The customers usually shout and complain that because they are paying today, the renewal should start from today. The support contract renewals or licensing should be renewed from the date of renewal, but Fortinet starts from the day it had expired. It is a loss for customers. They might have had some problems because of which they did not take the license one month before. Fortinet should work on this. Cisco doesn't do this. Cisco always starts from the day they apply for the license.""It's expensive, but compared to the competition it's okay.""It has a competitive price.""The Indian market is different than the European and American markets. When you compare they need to be a bit more aggressive on pricing.""It is not a very costly product if you compare it with other products. The return on investment is also good. If you compare the return of investment and money that you are spending on this product with Palo Alto, Cisco, Check Point, and other solutions, the investment is very less. We are happy with this solution. The optional licenses are there, and you can choose which one you want and which one to avoid.""Fortinet FortiGate's price can be reduced.""We just pay a flat monthly fee to the vendor for the support.""When you look at these end security systems and firewalls, these firewalls even five years ago were $50,000 or perhaps $25,000 to implement in some types of customer sites. Now we're talking about tools that are $1,000. In this case, it might have been $500 or something like that."

More Fortinet FortiGate Pricing and Cost Advice »

"The price of this solution is very high for some parts of Africa, which makes it a challenge.""It is not the cheapest on the market. The total cost for two firewall instances is $75,000. This includes licenses, deployment fees, and support for two years.""Because I work for a university and the URL is for the institution, it's a free license for us.""The cost of this product varies from customer to customer and the relationship with IBM, including how many offerings from IBM are already being used.""The VM series is licensed annually.""Palo Alto can be as much as two times the price of competing products that have twice the capabilities."

More Palo Alto Networks VM-Series Pricing and Cost Advice »

Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
554,529 professionals have used our research since 2012.
Answers from the Community
Tarun Mehta
author avatarDarshil Sanghvi

Hello Tarun, we have been designing solutions with Palo Alto Networks NGFW for 6 years now and we have 95%+ customer retention. 

I would suggest looking into customer requirement on the basis of the following things, and priority is given by the customer:

1. Internet Bandwidth
2. No. Of users - In-house and users connecting from home/outside organization network.
3. Security features required - Sandoxing, DNS Security, etc.
4. Port density required on the firewall.
5. SSL decryption.
6. Deployment - On-prem or virtual DC or on Cloud.
7. HA requirement
8. MFA requirement
9. Local presence of Palo Alto/Fortinet expert team.
10. Integration for other (operational) solutions like SD-WAN, Load balancer, etc
11. Integration with other security solution like EDR/XDR or XSOAR
12. Customer's current solution (firewall/UTM and engineers/IT team working on it).
13. Customer's current IT Team strategy
14. Customer future IT strategy (to move on the cloud, etc)
15. Customer's growth and scalability in 5 years.
16. Reporting and logging requirement.
17. Customer's budget for IT Security.

Well, I guess with these parameters, and customer's priority you can recommend them a suitable solution.

Palo Alto NGFW will be best recommended for the following:
1. Deployment on the cloud - It has a very stable PANOS for VM-Series
2. Security Innovations - Considering security, in terms of today and future, Palo Alto is disruptive and groundbreaking.
3. Predictive Bandwidth - Palo Alto NGFW gives us Predictive bandwidth, and hence, once sized, it will last longer than defined. The throughput numbers are test cases of real-world scenarios, and after enabling all the features. It operates on its patented SP3 architecture and defines device throughput after enabling all security features and operational functionalities.
4. Integration with EDR/XDR and SOAR/XSOAR platforms.
5. User/SSL VPN - When you are planning for SSL VPN on Palo Alto NGFW, it will not charge you additionally for users connecting their Windows or MAC systems on NGFW over SSL VPN. For users that are Android/IOS/Linux/etc, and required additional HIP checks and Clientless VPN, there is a single subscription you will need to purchase.
6. Sandboxing - Palo Alto came up with Wildfire which is a threat intel cloud, which can be termed as Palo Alto Network's Sandboxing solution, but it does much more than that. it has a response SLA of 5 mins, where it can convert any unknown to known in 5 minutes or less. Also, after it identifies the file, it auto-updates other engines like URL filtering, DNS Security, Anti-Spyware, Bad IP and Domain list, CNC tunnel signatures.
7. Reporting and alerting - Foremost reason why users started implementing Palo Alto firewalls inside their network was to get the visibility - in terms of User-level visibility, Network traffic (depth to application layer), and Content (files and threats) level visibility. Also, logging and reporting is provisioned on the appliance itself and no additional subscription or any appliance is required, unless the customer requires the storage of logs for more time frame. The NGFW also co-relates all the events and alerts to give critical visibility like Botnets and hosts and users accessing malicious websites, or resolving malicious domains.
8. EDL - again external dynamic lists(EDL) helps you reduce the attack surface by minimizing the traffic to and from Malicious and Bad - IPs and Domains. This list is automatically updated by Palo Alto Networks by default by its threat research teams (Unit 42), Threat Intel (Wildfire), DNS Security module, and other sources. It has also a provision for you and/or the customer to integrate other third-party URL lists to be blocked.
9. Security features:
-- DNS filtering - by intercepting DNS traffic, you will not need any additional solution and/or modification in your current network for protection against threats related to DNS traffic. Its DNS module is cloud-based and tightly integrated with other modules and features of NGFW.
-- Credential phishing - This feature will avoid users sharing/uploading their credentials which are the same to access internal resources and external websites. This will prevent the leak of user credentials.
-- ML Powered NGFW - Currently, PA NGFW is the only firewall powered by ML to prevent unknown threats in real-time.
10. Application layer firewall - complete identification of all and any traffic based on application rather than port and protocol. Not only the known but also if the application is not identified it will classify that traffic as unknown. Also, you can create a custom application as required.
and many more...

Benefits in Fortigate firewall will be:
1. More port density.
2. Better SD-WAN configuration
3. Easy User interface and hence lacks granular controls.
4. Provides seamless integration with FortiToken for MFA(additional cost).
5. Seamless integration with Forti Load balancer.
6. Low cost (than Palo Alto least).

Darshil Sanghvi

author avatarJoão Garcia
Real User

Palo Alto, Fortinet, and Checkpoint are the best NGFW. You can choose one of them.

The Fortinet advantage is the Security Fabric. Many other Fortinet's products (switches, AP, EDS, XDR, DDoS, FortiClient, etc) are integrated and a Fortigate can communicate with another product to block an attack.  

author avatarreviewer1461459 (Team Lead Network Infrastructure at a tech services company with 1-10 employees)
Real User

Because PA has FPGA based architecture, which no other firewall has, due to this firewall processes the traffic from all the engines simultaneously. it increase efficiency of the product and provides way better throughput as compare to other vendors. The performance of security engines of PA are better then other vendors. PA provides on-box reporting, you have to purchase forti-analyzer separately for reporting in fortinet. PA provides granular view of policies, providing insight to you which policies are used in and which are not. it also provides you the feature, that tells you which of the firewall's features are not being utilized, this way you can plan your renewal to only purchase the feature you need. 

author avatarCesar Beut
Real User

I have FortiGates and the last upgrade of firmware cut internet traffic if you use Inspection Mode Proxy-Based, recommended and more secure, you have to use Flow-based, less secure. I don't work with Palo Alto

author avatarCristianoLima

I strongly recommend Sophos XG Firewall.
Take a look
Sophos Firewall: Synchronized Next-Gen Firewall

author avatarAnkitMittal
Real User

I think you can go with Palo Alto...

author avatarAlejandro Ortega
Real User

Palo Alto

Questions from the Community
Top Answer:  When you compare these firewalls you can identify them with different features, advantages, practices and… more »
Top Answer:  The Cisco Firepower NGFW Firewall is a very powerful and very complex piece of anti-viral software. When one considers… more »
Top Answer: It is easy to integrate Cisco ASA with other Cisco products and also other NAC solutions. When you understand the Cisco… more »
Top Answer: As a solution, Sophos UTM offers a lot of functionality, it scales well, and the stability and performance are quite… more »
Top Answer: In the best tradition of these questions, Feature-wise both are quite similar, but each has things it's better at, it… more »
Top Answer: I have experience on both from Disti and channel experience. Please find below my comments (nothing new as such)… more »
Top Answer: Both products are very stable and easily scalable. The setup of Azure Firewall is easy and very user-friendly and the… more »
Top Answer: The initial setup was straightforward.
Top Answer: The VM series is licensed annually. The option exists to procure a basic license. With this, the firewall feature comes… more »
Also Known As
Cisco Firepower NGFW, Cisco Firepower Next-Generation Firewall, FirePOWER, Cisco NGFWv
FortiGate 60b, FortiGate 60c, FortiGate 80c, FortiGate 50b, FortiGate 200b, FortiGate 110c, FortiGate
Learn More

Cisco NGFW firewalls deliver advanced threat defense capabilities to meet diverse needs, from
small/branch offices to high performance data centers and service providers. Available in a wide
range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Advanced threat
defense capabilities include Next-generation IPS (NGIPS), Security Intelligence (SI), Advanced
Malware Protection (AMP), URL filtering, Application Visibility and Control (AVC), and flexible VPN
features. Inspect encrypted traffic and enjoy automated risk ranking and impact flags to reduce event
volume so you can quickly prioritize threats. Cisco NGFW firewalls are also available with clustering
for increased performance, high availability configurations, and more.
Cisco Firepower NGFWv is the virtualized version of Cisco's Firepower NGFW firewall. Widely
deployed in leading private and public clouds, Cisco NGFWv automatically scales up/down to meet
the needs of dynamic cloud environments and high availability provides resilience. Also, Cisco NGFWv
can deliver micro-segmentation to protect east-west network traffic.
Cisco firewalls provide consistent security policies, enforcement, and protection across all your
environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is
delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco
SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables
greater simplicity, visibility, and efficiency.
Learn more about Cisco’s firewall solutions, including virtual appliances for public and private cloud.

The FortiGate family of NG firewalls provides proven protection with unmatched performance across the network, from internal segments, to data centers, to cloud environments. FortiGates are available in a large range of sizes and form factors and are key components of the Fortinet Security Fabric, which enables immediate, intelligent defense against known and new threats throughout the entire network.

The VM-Series is a virtualized form factor of our next-generation firewall that can be deployed in a range of private and public cloud computing environments based on technologies from VMware, Amazon Web Services, Microsoft, Citrix and KVM.

The VM-Series natively analyzes all traffic in a single pass to determine the application identity, the content within, and the user identity. These core elements of your business can then be used as integral components of your security policy, enabling you to improve your security efficacy through a positive control model and reduce your incident response time though complete visibility into applications across all ports.

In both private and public cloud environments, the VM-Series can be deployed as a perimeter gateway, an IPsec VPN termination point, and a segmentation gateway, protecting your workloads with application enablement and threat prevention policies.

Learn more about Cisco Firepower NGFW Firewall
Learn more about Fortinet FortiGate
Learn more about Palo Alto Networks VM-Series
Sample Customers
Rackspace, The French Laundry, Downer Group, Lewisville School District, Shawnee Mission School District, Lower Austria Firefighters Administration, Oxford Hospital, SugarCreek, Westfield
Pittsburgh Steelers, LUSH Cosmetics, NASDAQ, Verizon, Arizona State University, Levi Strauss & Co. Whitepaper and case studies here
Warren Rogers Associates
Top Industries
Comms Service Provider22%
Financial Services Firm16%
Manufacturing Company8%
Non Profit8%
Comms Service Provider32%
Computer Software Company21%
Manufacturing Company4%
Comms Service Provider14%
Computer Software Company10%
Financial Services Firm8%
Energy/Utilities Company6%
Comms Service Provider36%
Computer Software Company19%
Educational Organization4%
Financial Services Firm23%
Manufacturing Company15%
Healthcare Company8%
Computer Software Company29%
Comms Service Provider19%
Financial Services Firm5%
Company Size
Small Business43%
Midsize Enterprise28%
Large Enterprise29%
Small Business21%
Midsize Enterprise13%
Large Enterprise66%
Small Business48%
Midsize Enterprise25%
Large Enterprise28%
Small Business35%
Midsize Enterprise25%
Large Enterprise40%
Small Business38%
Midsize Enterprise31%
Large Enterprise31%
Find out what your peers are saying about Fortinet FortiGate vs. Palo Alto Networks VM-Series and other solutions. Updated: November 2021.
554,529 professionals have used our research since 2012.

Fortinet FortiGate is ranked 1st in Firewalls with 97 reviews while Palo Alto Networks VM-Series is ranked 11th in Firewalls with 16 reviews. Fortinet FortiGate is rated 8.4, while Palo Alto Networks VM-Series is rated 8.6. The top reviewer of Fortinet FortiGate writes "Stable, easy to set up, and offers good ROI". On the other hand, the top reviewer of Palo Alto Networks VM-Series writes "An excellent solution for the right situations and businesses". Fortinet FortiGate is most compared with Cisco ASA Firewall, pfSense, Meraki MX, Check Point NGFW and SonicWall TZ, whereas Palo Alto Networks VM-Series is most compared with Azure Firewall, Cisco ASA Firewall, Juniper SRX, Fortinet FortiGate-VM and Palo Alto Networks NG Firewalls. See our Fortinet FortiGate vs. Palo Alto Networks VM-Series report.

See our list of best Firewalls vendors.

We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.