Thanks for this good video :) I have been working with palo Alto for years and am just starting with Fortigates :) a fair comparison. currently i can say, i would like to have a Pangate :) both devices have cool features
Its funny, we just completed a several weeks long POC for a customer, and the exact words from the customer regarding Panorama Vs. FortiManager were "Wow, FortiManager is SO much more clean, intuitive, and polished than PANW's, and others we've seen recently management platform". it really seems to all come down to each individual user these days, and their budget for a security solution. its like the Apple Android debate.
Funny ) You forget to say that you have to learn 3 different interfaces: GUI at FortiGate, FortiManager and FortiAnalyzer.. Panorama GUI and GUI at PA NGFW are equal by interface.
If you say so. Panorama's GUI is almost like the normal Palo Alto firewall with its templates and device groups so you don't need to learn things from the start. Also Panorama can collect logs and you do not need FortiManager/FortiAnalyzer or FortiAuthenticator as this all can be done with Panorama and the normal firewalls.
Fortinet announces the unprecedented speed of the 4200F at 800 Gb / s in a press release. However, they show an NGFW speed of 40 Gb / s. 800 Gb / s is the Fortinet 4200F speed in L4 firewall mode, which is no longer needed in corporate networks. With the same success, you can not buy any protection. 40 Gb / s is the Fortinet 4200F speed with the analysis of L7 applications, and in Flow Mode, which they did not write about. In Proxy Mode, it is usually 2 times slower. For comparison: 64 Gb / s - Palo Alto Networks NGFW PA-5260 Speed with L7 Application Analysis 51.5 Gb / s - Check Point 28000 speed with L7 application analysis Threat Prevention NGFW can be up to 10 times different when you expose traffic to sessions of different lengths: short or long. Compare: 1) 10 Gbit per second can be driven in one TCP session by downloading a 1.25 Gigabyte file in one transaction; 2) 10 Gbps per second can be driven as 10,000 TCP sessions by downloading files of 125 kilobytes. In routers, the length of a TCP session does not affect bandwidth in such a way, and in NGFW devices it becomes very critical, because in the first case you run inside the antivirus + IPS + URL filter, etc., and in the second case, run the antivirus 10,000 times + IPS + URL is a more serious workload in one second. When Palo Alto networks offered a measured NGFW speed on identical HTTP traffic with 64Kb transactions, everyone refused. Therefore, NSS Labs and NetSecOpen. For example, here they already began to publish such tests on different transaction sizes www.netsecopen.org/certifications
+ NFGW spec in Fortinet is APP+IPS vs NGFW spec in PAlo in only APP... again, you are not doing a fair comparison ;) ... So 4200F is a 135 Gbps equivalent at your 64/67 Gbps PA-5260...
@@li0n40 It means that Fortinet is 4120$ per Gigabyte (165000$/40) and Palo Alto Networks is 3850$ per Gigabyte for PA (250000$/65). So 5260 is cheaper and faster than 4200F with this prices and performance. ;-)
@@BDVSecurity Where have you found 40Gbps for NFGW on a 4200F ?. Please read datasheet carefully : APP Control for 4200F (NGFW equivalent of PA) is : Application Control Throughput (HTTP 64K) : 135 Gbps
@@BDVSecurity Because Flow is replacing proxy mode year after years, and 3/4 new deployment is done un Flow mode. I can return the question with SSL Performance on PA ? ;) Why ?
got a question, is it possible to own a firewall for home security? there are a lot in ebay but I bet non of them come with a license so is it even worth buying them?
Nice comparison. As I've worked on a very basic level with both, I lean towards Fortinet. In setting up both to access Internet and configuring Site to Site VPNs, the time to complete these is about one half the time it takes as compared to Palo Alto. Some pieces of configurations are automatically done, which saves time. Fortinet's GUI is arranged better than Palo Alto's. Fortinet has a built-in CLI on it's firewall without having to resort to downloading a third-party terminal emulator, or switch back to the console. As far as GNS3 VMs for example, Fortinet has a satisfactory memory limit of 2 gigs while to allow Palo Alto to run in a similar fashion, takes more than twice the amount of memory. Overall, as far as the two firewalls are concerned, even without price being a determining factor, more thought has been put into the construction of Fortinet firewalls.
FortiManager gets a thumb down from me, but fortunately the FortiGate Cloud gives us access to manage devices individually. The Global Protect VPN hosted by Palo Alto is also pretty slick and can be fairly easily protected with Duo Mobile.
I would need to look at numbers but I believe Fortinet already has a market share advantage. The numbers I was told with regards to that are dated though. Market share being number of units, not number of dollars. Palo cost more and can have higher revenue numbers without shipping the same quantity of units.
@@FortinetGuru Ah ok. I started to learn Palo Alto and I have been working with Fortinet for 4 years. They technology seems to be almost the same. However palo a lot seems to be a bit complicated but I like how they have the ability to revert back, commit and more granular stuff can be done in GUI compare to Fortinet.
In pure Firewall play they got the volume and the lower parts of market share for sure. Palo pricing and firewall range makes it difficult to compete there. But if you look at overall portfolio - Fortinet is like a hamster in a loop. They keep churning out ASIC based platforms as fast as they can at the price of loosing focus on everything else. Rest of their portfolio is really a me-too offering let's be honest. Palo is smarter - investing in cloud heavily (check out Prisma products), the Cortex XDR play is ambitious and looks like a new type of solution with an interesting proposition. In the long run Palo is really focusing on enterprise and all things cloud. Fortinet is a budget friendly sweetheart with some fundamental issues that I don't even see them trying to address. Code quality is one of them - latest code is consistently a dumpster fire even by this industry standards that are low enough you could trip over.
@@Traumatree it's by design - alpha/beta by customers so QA costs can be lowered. Not that it's new in the industry, but Fortinet's split architecture - running custom ASIC with SW makes it a real clusterfuck. Complexity comes fast at you...
What do you think on buying a used Palo Alto, what implications can come up with that. I wan't to build a lab and match as much to the Government infrastructure as possible to learn.
Used devices are fine as long as you can still snag support on them. Modern firewalls have licensing needs in order to use the full functionality as they rely on threat feeds and more.
I have used and managed all 3 including SonicWalls, Mikrotik and Sophos UTM's and they all have their own strengths and weaknesses. The easy to filter and read live log of the Sophos and Checkpoints are great but the checkpoints will drive you up the wall with just basic stuff like trying to white-list a URL and their support is not that great. They bricked our management server trying to do a storage update. Thankfully we had a backup from the night before we were able to restore but it was a huge inconvenience. Checkpoints are also expensive for what they are.
FortiGates and PA's are absolutely amazing. Keep in mind though, you'd still need someone who knows what they're doing with these devices. I like PanOS much better than FortiOS.
I supported Palo Alto Firewalls for quite a few years before a job change which introduced me to FortiGates. My personal view is FortiGates are the best firewalls out there, from an administrator perspective at least! It blows my mind that people still choose Cisco when there are much better and more affordable options out there.
Don’t even get me started on Cisco and check point. I’ve started the research for checkpoint comparisons and Jesus it isn’t close. Checkpoint makes Palo look inexpensive 😂
@@FortinetGuru I worked in a purely Cisco shop for ~15 years, that was PIX (it was a while ago), ASA, 6500, 3700, WISM and Nexus. At the time I didn't know any better and thought the kit was good but after some exposure to Palo Alto and HP switches I saw the light! ;-)
Bruh you can't even configure everything on Fortia via UI, that's why they have that CLI widget. I like some visibility knobs they have like being able to see traffic stats per ingress/egress but then tried to use on-board reporting and it's pretty much useless. Need to get FortManager and it's completely different workflow logic.
When you compare the _price per protected megabit_ you never say what exact models do you compare and what exact functions was enabled to protect his megabit. Can you say models where you get 2$ and 7$ per Megabit? In what operational modes do you compare the devices?
Fortinet has nothing on Palo Alto.. I have worked with both vendors and one thing that is absolutely clear is that when you looking at cost factor you'd probably go with Forti but if you looking functionality and better security Palo all the way...
Palo is 10 times better on marketing. I bought a FG for a company I was in and Palo still came out, did a demo and left me a Pa-200 and cupcakes :) I told the person upfront I am not buying anything but that still sticks in my head
I don't know about that, but what counts is the MARKET SHARE, because that translates to sales. Last I checked, Fortinet was king at 21.3% as far as security appliances are concerned, while Palo Alto was at 21%. The Gartner poll showed Fortinet in the top position by a small margin. So both of these are the top selling firewalls, but Fortinet holds the edge.
I've worked with Palo, Checkpoint, Cisco, Forcepoint, Sonic, Sophos and Fortinet and they had pro's and cons. I do like Fortinet for their price, I've rolled out it out at two different companies and for that price it's really hard to justify many others but companies like Palo Alto always are able to stay as a great contender while Checkpoint is that white glove and Cisco is... well... Cisco. Fortinet, has that price point, while some products are not as mature, I'm good friends with a guy with Cisco Viptella and after a late night of 'unf*cked this patch!', yeah, Fortinet's issues aren't that bad for it's price.
We have both, the PA 3220 at the outside perimeter with the UTM licenses and GlobalProtect for the VPN. It was selected for the mobile VPN clients specifically. So far into the deployment, I am not dissapointed. The OSPF work well, upgrades had no particular issues, did have one DOA which was replaced without the (yet) activated support contract. The UI on 10.1 can be considered busy, but it's hard when it has so many features. The FG 201F we use for the internal firewall/vlan router without UTM, and it works well, easily pushing 10gbit+. The OSPF works pertty well, but upgrades can sometimes be rough (7.0.7 -> 7.0.8). Then there are the WAD issues that bugged is from 7.0.3 to 7.0.6. The price comparison is a bust though, the PA was 80k euro with licenses, the FG was 13k euro with just premium support. So that's not a fair comparison. Also, the boxes are hardly comparable. The PA3220 has a genuine OOB port and management UI seperate from all forwarding planes. It doesn't look that way on the FG 201F atleast, it gave me hassle. Using in-band management here.
wtf this guy talking about? The firewall throughput advantage is because Palo Alto is L7 only and who does L7 only in these days anyways. The specs of the fortigate firewall looks promising but I promise you, if you enable all the features on a Fortigate on all the rules(even the block rules) that appliance will die.
X forward not supporting, on dns query if the request comes from dns server fortigate unable to found the actual host who genrate the query, cost is also hide fortigate asking about diff cost for every license and many type of support... performance is very poor firewall going in conservative mode
We let our f5 load balancers handle xff/true-ip so thats not an issue for us. As for DNS query, havent had that issue before. Not sure what version you were playing with. We running on 1500Ds, 500e and 80e's. Conserve mode? Maybe you under spec'd your firewall for the wrong environment?
Yes, I had the same issue with a HA cluster of 80E running 6.2.3 going in Conserve mode over the night when there was NO traffic. Mem usage was above 75% !! I scheduled a daily reset on IPS sensor , now memory is at 66-70% while there are just a couple of remote VPN users. Bad user experience.
I have my NSE 4 etc and I will never go back to Fortinet. It's cheaper, but since I work at an FI where down time needs to be minimal, fortinet is a poor option. They are still way less stable and more buggy, and there are constantly vulnerabilities needing to be patched. Our Palo has sat there for months not needing maintenance. It also didn't have a backdoor built in.
Where i work are planning to change to Fortinet in AP,switches and FW(for the price). but the interface sucks, you can do almost nothing in the GUI... honestly, we have a palo alto 32xx. and only with the website documentation and videos of youtube, i already know how to use it, without even use the terminal i can do whatever (im new in the firewall administration).... but with forti...bleh.... its a like a mac....not very intuitive..a lot..., poor documentation and video.. and you are the only one that post video..LOL.... the company need to get better...
Add more numbers and outside sources. While you did a great job balancing the two with accurate personal assessments, numbers help people. I would also get a “Palo Guy” to do the video with you. Way more eyes on something like that. I can introduce you to one if you’d like.
both offers laughable protections tho, once cyberattacks get in the network.. all you got to do is SHUTDOWN your network LOL, it's written in both of their guidelines.
Palo is only better than Fortinet when it comes to marketing. Palo has the WORST support across ALL all of IT. Hold times are avg 1.5 hrs on a normal day. Been that way for at least 5 yrs.
The content is undoubtedly worthy.
Appreciate the kind words
Currently using untangle / Sophos XG or pfsense at home, but looking at a PA-220 lab unit now.
Thanks for this good video :) I have been working with palo Alto for years and am just starting with Fortigates :) a fair comparison. currently i can say, i would like to have a Pangate :) both devices have cool features
Its funny, we just completed a several weeks long POC for a customer, and the exact words from the customer regarding Panorama Vs. FortiManager were "Wow, FortiManager is SO much more clean, intuitive, and polished than PANW's, and others we've seen recently management platform". it really seems to all come down to each individual user these days, and their budget for a security solution. its like the Apple Android debate.
Funny ) You forget to say that you have to learn 3 different interfaces: GUI at FortiGate, FortiManager and FortiAnalyzer.. Panorama GUI and GUI at PA NGFW are equal by interface.
If you say so. Panorama's GUI is almost like the normal Palo Alto firewall with its templates and device groups so you don't need to learn things from the start. Also Panorama can collect logs and you do not need FortiManager/FortiAnalyzer or FortiAuthenticator as this all can be done with Panorama and the normal firewalls.
Fortinet announces the unprecedented speed of the 4200F at 800 Gb / s in a press release. However, they show an NGFW speed of 40 Gb / s.
800 Gb / s is the Fortinet 4200F speed in L4 firewall mode, which is no longer needed in corporate networks. With the same success, you can not buy any protection.
40 Gb / s is the Fortinet 4200F speed with the analysis of L7 applications, and in Flow Mode, which they did not write about. In Proxy Mode, it is usually 2 times slower.
For comparison:
64 Gb / s - Palo Alto Networks NGFW PA-5260 Speed with L7 Application Analysis
51.5 Gb / s - Check Point 28000 speed with L7 application analysis
Threat Prevention NGFW can be up to 10 times different when you expose traffic to sessions of different lengths: short or long.
Compare:
1) 10 Gbit per second can be driven in one TCP session by downloading a 1.25 Gigabyte file in one transaction;
2) 10 Gbps per second can be driven as 10,000 TCP sessions by downloading files of 125 kilobytes.
In routers, the length of a TCP session does not affect bandwidth in such a way, and in NGFW devices it becomes very critical, because in the first case you run inside the antivirus + IPS + URL filter, etc., and in the second case, run the antivirus 10,000 times + IPS + URL is a more serious workload in one second.
When Palo Alto networks offered a measured NGFW speed on identical HTTP traffic with 64Kb transactions, everyone refused. Therefore, NSS Labs and NetSecOpen. For example, here they already began to publish such tests on different transaction sizes www.netsecopen.org/certifications
You need to compare the unit in the same priceband... a 4200F is 165k$ , a 5260 a 250k$ platform...
+ NFGW spec in Fortinet is APP+IPS vs NGFW spec in PAlo in only APP... again, you are not doing a fair comparison ;) ... So 4200F is a 135 Gbps equivalent at your 64/67 Gbps PA-5260...
@@li0n40 It means that Fortinet is 4120$ per Gigabyte (165000$/40) and Palo Alto Networks is 3850$ per Gigabyte for PA (250000$/65). So 5260 is cheaper and faster than 4200F with this prices and performance. ;-)
@@BDVSecurity Where have you found 40Gbps for NFGW on a 4200F ?. Please read datasheet carefully : APP Control for 4200F (NGFW equivalent of PA) is : Application Control Throughput (HTTP 64K) : 135 Gbps
@@BDVSecurity Because Flow is replacing proxy mode year after years, and 3/4 new deployment is done un Flow mode. I can return the question with SSL Performance on PA ? ;) Why ?
Was just asked to research this as we use Fortinet but there are talks to switch to Palo Alto! Thanks!
Subscribed and liked, great content overall, thanks guru!
What course would you recooment to help setup firewall. I am using watchguard firewall, interested in some guidance and help
got a question, is it possible to own a firewall for home security? there are a lot in ebay but I bet non of them come with a license so is it even worth buying them?
You can still do some app level things without a license. If you want the full power of the box though then licensing will be required.
@@FortinetGurufor a home network, does fortinet or palo alto firewall provide enough protection? or is it just spending money for nothing?
how does checkpoint compare with these two
Iitterally found this video after our palo alto refuses to boot after applying the latest extreme CVE patch.
We're moving to Fortinet
Nice comparison. As I've worked on a very basic level with both, I lean towards Fortinet. In setting up both to access Internet and configuring Site to Site VPNs, the time to complete these is about one half the time it takes as compared to Palo Alto. Some pieces of configurations are automatically done, which saves time. Fortinet's GUI is arranged better than Palo Alto's. Fortinet has a built-in CLI on it's firewall without having to resort to downloading a third-party terminal emulator, or switch back to the console. As far as GNS3 VMs for example, Fortinet has a satisfactory memory limit of 2 gigs while to allow Palo Alto to run in a similar fashion, takes more than twice the amount of memory. Overall, as far as the two firewalls are concerned, even without price being a determining factor, more thought has been put into the construction of Fortinet firewalls.
Thanks for the video. Trying to get away from Sophos firewalls (they die too often and are pretty slow)
fix the wpa3 on the 40Fwifi....just bought it and cannot use.
Great video, keep it up!
Useful comparison videos. You should continue. Thanks
Wow your channel is a rare find. Please make more tutorials. I bought and expensive course on fortinet and didn’t even cover much
Thanks for the kind words. I wish I had more time to do even more. Working on streamlining some things and being able to add more variety.
great video! would love to see also a comparison with check point. keep up the good work!
I’ll be drilling all the vendors
FortiManager gets a thumb down from me, but fortunately the FortiGate Cloud gives us access to manage devices individually. The Global Protect VPN hosted by Palo Alto is also pretty slick and can be fairly easily protected with Duo Mobile.
Hi there ,
What about the job market for both the products ? Do you think fortinet gonna beat Palo Alto in the near future ?
I would need to look at numbers but I believe Fortinet already has a market share advantage. The numbers I was told with regards to that are dated though. Market share being number of units, not number of dollars. Palo cost more and can have higher revenue numbers without shipping the same quantity of units.
@@FortinetGuru Ah ok. I started to learn Palo Alto and I have been working with Fortinet for 4 years. They technology seems to be almost the same. However palo a lot seems to be a bit complicated but I like how they have the ability to revert back, commit and more granular stuff can be done in GUI compare to Fortinet.
Mp S you can do the same with a Fortigate.
In pure Firewall play they got the volume and the lower parts of market share for sure. Palo pricing and firewall range makes it difficult to compete there. But if you look at overall portfolio - Fortinet is like a hamster in a loop. They keep churning out ASIC based platforms as fast as they can at the price of loosing focus on everything else. Rest of their portfolio is really a me-too offering let's be honest.
Palo is smarter - investing in cloud heavily (check out Prisma products), the Cortex XDR play is ambitious and looks like a new type of solution with an interesting proposition.
In the long run Palo is really focusing on enterprise and all things cloud.
Fortinet is a budget friendly sweetheart with some fundamental issues that I don't even see them trying to address. Code quality is one of them - latest code is consistently a dumpster fire even by this industry standards that are low enough you could trip over.
@@Traumatree it's by design - alpha/beta by customers so QA costs can be lowered.
Not that it's new in the industry, but Fortinet's split architecture - running custom ASIC with SW makes it a real clusterfuck. Complexity comes fast at you...
its been a year now, would like to know if it's still the same
Great video thank you
No problem
Really good video thanks
What do you think on buying a used Palo Alto, what implications can come up with that. I wan't to build a lab and match as much to the Government infrastructure as possible to learn.
Used devices are fine as long as you can still snag support on them. Modern firewalls have licensing needs in order to use the full functionality as they rely on threat feeds and more.
I would like to talk, where can I contact you?
Do you have a bullet point pros, cons in general vs Checkpoint? Thx
I have used and managed all 3 including SonicWalls, Mikrotik and Sophos UTM's and they all have their own strengths and weaknesses. The easy to filter and read live log of the Sophos and Checkpoints are great but the checkpoints will drive you up the wall with just basic stuff like trying to white-list a URL and their support is not that great. They bricked our management server trying to do a storage update. Thankfully we had a backup from the night before we were able to restore but it was a huge inconvenience.
Checkpoints are also expensive for what they are.
Is this possible wan failover with sdwan?
Yes. Will do a video explaining.
You are AWESOME !!!
Well spoken, it could have been better with comparison table.
Whats about Barracuda NGFW?
Oh there will be a video.
FortiGates and PA's are absolutely amazing. Keep in mind though, you'd still need someone who knows what they're doing with these devices.
I like PanOS much better than FortiOS.
Big fan of pan software
I cut my teeth on fortios, so of course I prefer that, but I’m sure panos is good too
I supported Palo Alto Firewalls for quite a few years before a job change which introduced me to FortiGates. My personal view is FortiGates are the best firewalls out there, from an administrator perspective at least! It blows my mind that people still choose Cisco when there are much better and more affordable options out there.
Don’t even get me started on Cisco and check point. I’ve started the research for checkpoint comparisons and Jesus it isn’t close. Checkpoint makes Palo look inexpensive 😂
@@FortinetGuru I worked in a purely Cisco shop for ~15 years, that was PIX (it was a while ago), ASA, 6500, 3700, WISM and Nexus. At the time I didn't know any better and thought the kit was good but after some exposure to Palo Alto and HP switches I saw the light! ;-)
Bruh you can't even configure everything on Fortia via UI, that's why they have that CLI widget. I like some visibility knobs they have like being able to see traffic stats per ingress/egress but then tried to use on-board reporting and it's pretty much useless. Need to get FortManager and it's completely different workflow logic.
Have you ever looked at Untangle..?
its trash
Palo can revert to previous config when Panorama disconnected while pushing config. Could Forti do the same with their FortiManager and Fortigate? tq
You can do the same on a FortiGate / FortiManager. Will do a video about it!
When you compare the _price per protected megabit_ you never say what exact models do you compare and what exact functions was enabled to protect his megabit. Can you say models where you get 2$ and 7$ per Megabit? In what operational modes do you compare the devices?
The urge I have after saw that hair, but don’t get me wrong, as usual, quality content dude !!!!!!!!
LOL
Fortinet has nothing on Palo Alto.. I have worked with both vendors and one thing that is absolutely clear is that when you looking at cost factor you'd probably go with Forti but if you looking functionality and better security Palo all the way...
Would you ever advise Fortinet on an electrical substation OT environment?
Excellent information, thank you for the video, will subscribe for the help.
Palo is 10 times better on marketing. I bought a FG for a company I was in and Palo still came out, did a demo and left me a Pa-200 and cupcakes :) I told the person upfront I am not buying anything but that still sticks in my head
I don't know about that, but what counts is the MARKET SHARE, because that translates to sales. Last I checked, Fortinet was king at 21.3% as far as security appliances are concerned, while Palo Alto was at 21%. The Gartner poll showed Fortinet in the top position by a small margin. So both of these are the top selling firewalls, but Fortinet holds the edge.
I’ve been trying to get my hands on a palo for ages, they won’t even call me back
The tech support is really frustrating in overseas, the third party‘s engineer is rookie
Cdw?
0:21 i thought
It ls like you compare the Ferrari with the Fiat.
😂
gee i wonder which you think is better, *fortinet guru*
Software wise Palo. Cost for what you get Fortinet.
I've worked with Palo, Checkpoint, Cisco, Forcepoint, Sonic, Sophos and Fortinet and they had pro's and cons. I do like Fortinet for their price, I've rolled out it out at two different companies and for that price it's really hard to justify many others but companies like Palo Alto always are able to stay as a great contender while Checkpoint is that white glove and Cisco is... well... Cisco. Fortinet, has that price point, while some products are not as mature, I'm good friends with a guy with Cisco Viptella and after a late night of 'unf*cked this patch!', yeah, Fortinet's issues aren't that bad for it's price.
And how about sonicwall from your perspective?
We have both, the PA 3220 at the outside perimeter with the UTM licenses and GlobalProtect for the VPN. It was selected for the mobile VPN clients specifically. So far into the deployment, I am not dissapointed. The OSPF work well, upgrades had no particular issues, did have one DOA which was replaced without the (yet) activated support contract. The UI on 10.1 can be considered busy, but it's hard when it has so many features.
The FG 201F we use for the internal firewall/vlan router without UTM, and it works well, easily pushing 10gbit+. The OSPF works pertty well, but upgrades can sometimes be rough (7.0.7 -> 7.0.8). Then there are the WAD issues that bugged is from 7.0.3 to 7.0.6.
The price comparison is a bust though, the PA was 80k euro with licenses, the FG was 13k euro with just premium support. So that's not a fair comparison. Also, the boxes are hardly comparable.
The PA3220 has a genuine OOB port and management UI seperate from all forwarding planes. It doesn't look that way on the FG 201F atleast, it gave me hassle. Using in-band management here.
wtf this guy talking about? The firewall throughput advantage is because Palo Alto is L7 only and who does L7 only in these days anyways. The specs of the fortigate firewall looks promising but I promise you, if you enable all the features on a Fortigate on all the rules(even the block rules) that appliance will die.
X forward not supporting, on dns query if the request comes from dns server fortigate unable to found the actual host who genrate the query, cost is also hide fortigate asking about diff cost for every license and many type of support... performance is very poor firewall going in conservative mode
We let our f5 load balancers handle xff/true-ip so thats not an issue for us. As for DNS query, havent had that issue before. Not sure what version you were playing with. We running on 1500Ds, 500e and 80e's. Conserve mode? Maybe you under spec'd your firewall for the wrong environment?
Yes, I had the same issue with a HA cluster of 80E running 6.2.3 going in Conserve mode over the night when there was NO traffic. Mem usage was above 75% !! I scheduled a daily reset on IPS sensor , now memory is at 66-70% while there are just a couple of remote VPN users. Bad user experience.
@@adipapaianus There's your issue, No one should be running 6.2.x in production! Stick with 6.0.8 until 6.2.4 is stable/tested
@@bryancromwell9625 Well if there is no known bug, it could be something else, so maybe your advice is not the solution.
Panorama license also isn't cheap
This is true. Let’s face it though...fortiguard keeps creeping up
We are China Supplier of Cisco-HPE-Dellemc- Oracle-Supermicro-Lenovo-IBM-Brocade-Supermicro-H3C- Huawei -F5- Juniper-Fortinet
I have my NSE 4 etc and I will never go back to Fortinet. It's cheaper, but since I work at an FI where down time needs to be minimal, fortinet is a poor option. They are still way less stable and more buggy, and there are constantly vulnerabilities needing to be patched. Our Palo has sat there for months not needing maintenance. It also didn't have a backdoor built in.
PICTURES MY GUY
Where i work are planning to change to Fortinet in AP,switches and FW(for the price). but the interface sucks, you can do almost nothing in the GUI... honestly, we have a palo alto 32xx. and only with the website documentation and videos of youtube, i already know how to use it, without even use the terminal i can do whatever (im new in the firewall administration).... but with forti...bleh.... its a like a mac....not very intuitive..a lot..., poor documentation and video.. and you are the only one that post video..LOL.... the company need to get better...
Add more numbers and outside sources. While you did a great job balancing the two with accurate personal assessments, numbers help people. I would also get a “Palo Guy” to do the video with you. Way more eyes on something like that. I can introduce you to one if you’d like.
Hey James, may be worth a live stream or a podcast I suppose!
❤️ ❤️ 🇵🇰 🇵🇰 🇵🇰 🇵🇰 🇵🇰 🇵🇰
I thought it says fortnite
both offers laughable protections tho, once cyberattacks get in the network.. all you got to do is SHUTDOWN your network LOL, it's written in both of their guidelines.
what would you suggest? please dont say xdr lol
Sorry that you keep getting Fortnite comments. I bet it’s annoying
Palo Alto Networks is better than Fortinet
We will agree to disagree when it comes to TCO. I have ran both and I can't personally justify the premium vs performance difference.
WTF wth that hair bro?
😂
Palo is only better than Fortinet when it comes to marketing. Palo has the WORST support across ALL all of IT. Hold times are avg 1.5 hrs on a normal day. Been that way for at least 5 yrs.
It was close to that when we deployed them
1.5 hrs ! Not acceptable when a customer is breathing down your neck.
your haircut is soooo distracting
Sorry for partying fake RDJ. 😂
pfSense i $0 per Gbit 😁😁😁