Every organisation must be able to keep up with the rapid increase in technological demands, such as; remote working, lower latency and increased availability whilst protecting the infrastructure from the never ending list of threats and vulnerabilities. Implementing features like AI powered security and zero-touch approaches can drastically help to avoid breaches and this is something that needs to be considered by every IT director/manager. The use of these new products allow for reduced maintenance and out-dated manual tasks subsequently giving engineers time to focus on network improvement and business growth.
Table of Contents
Who is Fortinet?
Founded in 2000 by brothers Ken Xie and Michael Xie, Fortinet is a cybersecurity company with products including physical firewalls, antivirus software and endpoint security systems. The name is based on the phrase “Fortified Networks”. Via multiple acquisitions and smart business moves the company has grown extremely well and built a solid reputation along the way. FortiOS is the operating system for hardware which plays a key role in their security fabric. Consolidating multiple technologies and use cases into a simplified, single policy and management framework. Also offering cloud security solutions including securing applications, email and web in public and private cloud environments such as AWS, Azure, Google Cloud and Alibaba Cloud. Gartner awarded Fortinet top place in Unified Threat Management (UTM), and it was named a Leader in Next-Gen Firewalls (NGFW), stating “One of the best threat protection solutions against cyber-security attacks. They rank number one in the most security appliances shipped worldwide with over 500,000 customers trusting Fortinet to protect their organizations.
Read Fortinet research on the Netify marketplace to learn more about their products. Go to marketplace
Source: Fortinet documents; sample report
Who is Palo Alto Networks?
Palo Alto is a global cybersecurity company based out of Santa Clara, California, with the goal of shaping the cloud-centric future with technology that is transforming the way people and organisations operate. Core products include advanced firewalls and cloud based security offerings which they supply to over 85,000 customers in 150+ countries. Their security operating platform keeps the unwanted out of the network by the use of powerful analytics that automate routine tasks whilst simplifying overall security. More than 85 of the Fortune 100 companies utilize Palo Alto’s advanced firewalls and cloud-based products. On the 31st July 2021 they reported $4.26 Billion in revenue which is a 25% increase from the previous year and forecast between $5.3 Billion in fiscal 2022. Back in November of 2020 they announced a new product offering, 5G security, with the goal of helping service providers and enterprises secure global 5G network traffic whilst increasing overall visibility.
The rest of this article is going to be a comparison between the two companies, with more insight into product offerings and features. After reading you will be able to decide which provider is best for your network security requirements.
Read Palo Alto research on the Netify marketplace to learn more about their products. Go to marketplace
Source: Palo Alto documents; sample report
Fortinet vs Palo Alto: LAN and WAN
Fortinet LAN/WAN | Palo Alto LAN/WAN |
Fortinet has a wide range of LAN and WAN products, specifically network Edge. LAN including secure ethernet switching, security driven wireless and FortiAIOps which delivers dynamic visibility and increased network speed using AI. FortiSwitch provides secure, simple, and scalable Ethernet switches ideal for Secure SD-Branch. WAN offerings are made up of secure SD WAN (FortiGate) and 5G/LTE wireless WAN (FortiExtender). Leveraging these products allows you to have a secure LAN edge without the need for high priced and complex subscriptions. | Palo Alto Networks have a purely security based product offering and only offer next-generation firewalls (both hardware and virtual) network equipment. Their focus on security is extensive and covers all areas, but they don’t offer general network hardware equipment such as routers, switches and access points. What they lack in hardware they more than make up for in cloud-based products which include NGFW, SD WAN, virtual machines and threat detection and response. Partnerships with companies such as Commscope, Arista and Aryaka allow for their security services to be pushed to LAN/WAN easier. |
Fortinet vs Palo Alto: Wireless
Fortinet Wireless | Palo Alto Wireless |
Placed in Gartner’s Magic Quadrant for enterprise wired and wireless LAN infrastructure. Fortinet realizes that the most common form of access to a network is via Wi-Fi. With this in mind, their wireless equipment leverages security-driven networking to provide secure wireless access. Their access points (FortiAP) are Fortinet Security Fabric enabled to guarantee advanced visibility and protection. Wireless controllers are available in both physical and virtual form factors. Using FortiWLC to configure and control the wireless network and FortiWLM to manage. | In September 2021, Palo Alto revealed their secure Wi-Fi 6 home access point, the Okyo Grande, pre-integrated with their cybersecurity threat intelligence solution. The target audience for this product is the increased number of employees who are now working from home and require a secure connection into their enterprise environment. In addition, the Okyo is capable of having multiple networks configured so multiple users in the same household can take advantage. Following their virtual offering approach, they offer wireless network controllers to monitor and secure your IoT devices through third-party providers such as Aruba and Cisco. |
Fortinet vs Palo Alto: SD WAN and SASE (Secure Access Service Edge)
Fortinet SD WAN and SASE | Palo Alto SASE |
The company’s SD WAN offering, FortiGate, consolidates SD WAN, NGFW, and advanced routing to deliver fast, scalable and flexible network coverage. With five hardware models to choose from; 40F, 60F, 80F, 100F and 200F user’s can utilise these to provide fast and secure SD WAN access. Advanced models (100F & 200F) come with built in NGFW for added protection. FortiGate secure SD WAN allows for; overall increased WAN security, simplified branch and hybrid worker connectivity, enhanced hybrid/multi cloud and the potential to achieve efficient operations easier. FortiSASE is their scalable cloud-based SASE offering which is fully integrated into Fortinet Security Fabric, rather than an isolated service. They’ve realized that networks are more distributed and depend on cloud applications, which creates more opportunities for threats. FortiSASE provides secure access for user’s and applications wherever at any time, without having to rely on legacy VPN-only solutions. | Prisma SD WAN is Palo Alto’s software defined product which simplifies the network whilst reducing cost, using machine learning and automation. Allowing for seamless integration of applications regardless of location, unlock cloud-scale savings to reduce WAN costs and ensure high performance access whilst maintaining industry-leading security. Customers can upgrade legacy routers with smarter, lightweight appliances wherever and enable integrated 5G and Zero Touch Provisioning capabilities reducing the hours needed for manual, labor intensive provisioning. The Forrester Total Economic Impact (TEI) claims Prisma SD WAN provides customers with a return of investment of 243%, whilst increasing bandwidth by a multiple of 10x and a 99% reduction in network trouble tickets. This is largely due to an autonomous approach to simplify network operations with automatic problem avoidance, powered by their AIOps and machine learning. Prisma SASE, in their words, is “the industry’s most complete SASE offering” and is unique in offering; coverage without compromise, the best in-class security regardless of application or location and an exceptional user experience. |
Fortinet vs Palo Alto: Customer Support
Fortinet customer support | Palo Alto customer support |
Technical support is available via their FortiCare service. This also provides customers with Return Merchandise Authorization (RMA), 24×7 toll-free call centres in every geographical region and online web chat for instant answers. User reviews show that as the company grows the quality of support is increasing, which is good to see. | Palo Alto Networks support services provide extended resources to help enterprises with protecting and optimising their infrastructure. Customers can choose from three plans, these being Standard, Premium and Platinum. 24×7 is only available to those with Premium and Platinum and the difference between the two is Platinum offers quicker response times and planned event assistance. |
Fortinet vs Palo Alto: Managed Services
Fortinet managed services | Palo Alto managed services |
Fortinet does not directly offer managed services but they provide MSSP partners with the means to do so. These partners reduce risk and minimize the impact of cyberattacks by providing managed security and monitoring technologies. Available services include; managed firewalls, intrusion detection, VPN and vulnerability scanning. | Only offering managed services through an MSSP partner, customers can reap the benefits of easier deployment, support from security professionals, streamlined tasks, incident management and interactive proactive investigations. |
Fortinet vs Palo Alto: Deployment
Fortinet deployment | Palo Alto deployment |
Following the same naming convention, FortiDeploy is their deployment solution for fast and easy implementation of NGFWs and wireless APs. There are multiple guides to best practices for deployment, including zero-touch provisioning for revolutionized onboarding and provisioning. | Their main product offering, NGFW, can be deployed either physically or virtually. Allowing for a majority of requirements to be met. Multiple guides and best practices for completing deployment can be found on their website. These guides are filled with images providing step-by-step instructions. |
Fortinet vs Palo Alto: Reporting and Management
Fortinet reporting and management | Palo Alto reporting and management |
FortiManager can be used to monitor and manage FortiGate appliances and is also available in different form factors including hardware, virtual and SaaS. Offering automation-driven network management, FortiManager provides central management and best practice compliances allowing for better protection against threats and breaches. Their logging and reporting tool, FortiAnalyzer, integrates logging, analytics and reporting into one system. Available in both hardware and virtual form factors. FortiAnalyzer reduces the effort required to monitor and maintain user policies, as well as identify possible threats/attacks. | Panorama is Palo Alto’s network security management platform which provides consumers with an easy to implement and centralized view of their network. Power features allow for increased insight into network traffic and simplified configurations and maintenance. On their website you can request a test demo of this platform. Similar to their other products, Panorama can be deployed on a hardware management appliance, virtually on a VM or hosted on a public cloud. There is no need for another solution for logging and reporting as this is built into Panorama, collecting logs and generating reports on all firewalls providing visibility across all the traffic on the network. |
Fortinet vs Palo Alto: Cost
Fortinet cost | Palo Alto cost |
The price of Fortinet devices vary, entry level appliances start at $500 USD and can go as high as $400,000 when incorporating licensing. Support pricing depends on your plan, whether you choose 24×7 or 8×5 for example. But appears to start at $100 for basic and can reach $1500 for all the additional features and services. The Total Cost of Ownership (TCO) is the lowest of all NGFW providers and is as low as $6 per protected Mbps for a FortiGate 1500D. | Palo Alto’s firewalls vary from $2000 to $300,000 when taking additional features and licensing into mind. NSS Labs reports that Palo Alto Networks PA-3020 has a reported TCO of $63 per protected Mbps, more than 10x the Fortinet equivalent. But being the security/firewall industry leader, they are open to charge what they desire. |