Both Fortinet and Palo Alto Networks provide next generation firewalls. Both provide similar, but substantially different feature sets. Both provide additional licenses for IDP, Anti-Virus, URL filtering and sandboxing solutions. Either can be viable for traditional firewall needs.
In the case of Fortinet, there is a bundle that contains all of the available protection features, it tends to add about 55% of the hardware list price. That ends up providing a good value when combining multiple protection features. The FortiGuard bundle includes: application control, IPS, AV, IP reputation/anti-bot, web filtering, anti-spam and vulnerability scanning. FortiSandbox integration is available with an additional purchase of a cloud or an on-premise private sandbox appliance. Virtual appliances are available as well. Centralized management for multiple units is available with optional FortiManager. Centralized logging is available via optional FortiAnalyzer.
Both companies have the similar concept of security zones, although Fortinet still has a more interface centric concept when doing policies.
NOTE: While both solutions are good for traditional firewall applications and port security, there are substantial differences, these include:
- Recurring costs
- Tracking configuration changes over time
- Applying per user changes
- Commit on demand versus immediate configuration changes for every GUI change
- Different feature sets, different performance impacts when enabling certain features
- Sophistication of user GUI and ability to use GUI versus the command line
The units mentioned for Palo Alto Networks are now older units. During the earlier part of 2017, Palo Alto Networks augmented the product line to include:
- A much improved and lower cost PA-220 versus the PA-200. It even has dual power source option!
- A much improved and similar cost PA-820 (compared to the PA-500) along with a PA-850 with redundant power supply option and improved performance
- Three new models in the PA-52xx product family filling the previous high end gap below the previous upper end chassis line
- Check our link for the complete product suite
In terms of converting from one platform to the other, at Altaware, Inc. we have the tools and expertise to make it happen.