OPNsense vs Palo Alto Networks NG Firewalls comparison

OPNsense and Palo Alto Networks are both solutions in the Firewalls category. OPNsense is ranked #3 with an average rating of 8.3, while Palo Alto Networks is ranked #7 with an average rating of 8.7. OPNsense holds a 14.5% mindshare in Firewalls, compared to Palo Alto Networks’s 3.2% mindshare. Additionally, 97% of OPNsense users are willing to recommend the solution, compared to 96% of Palo Alto Networks users who would recommend it.

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Jan 5, 2025

OPNsense and Palo Alto Networks NG Firewalls are competing products in the network security sector. Palo Alto Networks NG Firewalls generally have the upper hand with their extensive feature set tailored for enterprise-level environments.

Features: OPNsense offers open-source flexibility, frequent updates, and strong community support. Its open-source nature allows for customization, making it ideal for those needing a tailored solution. Palo Alto Networks NG Firewalls provide advanced threat prevention, comprehensive network visibility, and seamless integrations. They are equipped for high-level protection, providing enterprise clients with a feature-rich security platform.

Room for Improvement: OPNsense can enhance its offering with better integration with third-party solutions, a more user-friendly interface, and expanded commercial support options to appeal to larger organizations. Palo Alto Networks NG Firewalls could benefit from simplifying deployment and offering more cost-effective pricing to attract smaller businesses. Additionally, a more intuitive user interface could enhance usability.

Ease of Deployment and Customer Service: OPNsense is praised for easy deployment and community-based support, which is beneficial for self-sufficient users or smaller organizations. In contrast, Palo Alto Networks NG Firewalls offer more complex deployment but compensate with professional customer service that ensures successful setup and optimal configuration for enterprise clients.

Pricing and ROI: OPNsense is cost-effective, offering low setup costs suitable for budget-conscious users or smaller organizations looking to maximize ROI. On the other hand, Palo Alto Networks NG Firewalls require a higher initial investment but can provide substantial returns through superior security features that address the needs of high-security environments.

To learn more, read our detailed OPNsense vs. Palo Alto Networks NG Firewalls Report (Updated: January 2025).

Buyer's Guide

OPNsense vs. Palo Alto Networks NG Firewalls

January 2025

Download the complete report

Helped 831,158 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Fortinet FortiGate

Mindshare comparison

As of January 2025, in the Firewalls category, the mindshare of Fortinet FortiGate is 20.3%, up from 17.4% compared to the previous year. The mindshare of OPNsense is 14.5%, down from 18.1% compared to the previous year. The mindshare of Palo Alto Networks NG Firewalls is 3.2%, up from 3.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Firewalls

Featured Reviews

EhabAli

Sr. Cybersecurity Solutions Architect at BMB

Efficient, user-friendly, and affordable

In the past, NSS Labs was utilized to test files and verify the numbers and datasheets. It would be beneficial to have an organization or testing lab that can verify the numbers in our datasheets since changes are frequently made, which can be inconvenient for review. For instance, when comparing different competitors such as Forcepoint, Palo Alto, and Check Point, the throughput or numbers in the datasheet may be lower than the actual numbers. Conversely, Fortinet typically reports very high numbers, but they cannot be replicated in the real world. Therefore, it would be advantageous for them to partner with a neutral testing organization such as NSS Labs to validate these numbers, thus providing more credibility and comfort to everyone regarding the accuracy of the datasheets. For the migration, everyone has a firewall in use and I am selling Fortinet. Typically, I am replacing another firewall. Previously, there was a tool available to convert configurations from one firewall, such as Palo Alto, to Fortinet, but this tool is no longer free. If it could be made free again, it would be very beneficial. This tool shows a lot of promise and is very good. Making it free would help many companies deliver their products in a more efficient and integrated way. It would also be more valuable to include the tool with the firewall package or license instead of having to pay extra for it. Paying extra puts more pressure on small companies to deliver the firewall and complete the configuration, especially if they have hundreds or thousands of policies. It's very painful to move through these policies line by line. The stability has room for improvement. When it comes to Secure SD-WAN, everything is fine. They are going the right way. SD-WAN is very promising. They can provide the SD-WAN solution separately, but they will not take this approach because even the smallest firewall can support the features, so there is no need to have a separate service or appliance. They are following the right steps, and there is nothing to be improved. Feature-wise, I'm really satisfied with the new release, and the features they have added. For now, it's fine.

Read full review

Eddy Ramirez

IT Security Director at a financial services firm with 1,001-5,000 employees

Good interface and firewall capabilities and overall easy to use

The security has improved as we can isolate the network. We can do attrition prevention via a tool that comes with the solution. We can have a VPN solution in place for those that work from home, outside the network, in a secure manner. We also like that it offers good authentication. It offers radius-based authentication, which has been useful for the company. The main platform is under the Open VPN firewall. The solution has high availability. When we have different ISPs, we can actually load balance those links or actually put some priority or even classify the traffic that might go into one ISP or another.

Read full review

AmjadKhan1

Head of data centers at a non-profit with 10,001+ employees

Provides inline protection with a unified view and anti-spyware capabilities

I would rate Palo Alto Networks NG Firewalls ten out of ten because it is the best. Our disaster recovery site utilizes Palo Alto Networks Next-Generation Firewalls. We are also in the process of upgrading the firewalls at our 365 sites in Pakistan to Palo Alto Networks firewalls. While budget firewalls may advertise comparable features, they often fall short of effectively detecting viruses, threats, and ransomware. In contrast, Palo Alto Networks NG Firewalls, combined with Cortex XDR, provide comprehensive threat intelligence and detection capabilities, ensuring superior security coverage. I recommend conducting a proof of concept before selecting a firewall. This will allow you to evaluate different options and determine which best suits your needs. While Palo Alto offers robust firewall solutions, it's essential to compare them with other vendors to ensure you make an informed decision.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The most valuable features of Fortinet FortiGate are the ease of use and the UI. It has always provided me with what I needed. I have no need for additional costs that other solutions have, such as Sophos."

"It is useful for protecting and segregating the internal networks from the internet. Most of our customers also use the FortiGate client to connect to their offices by using the VPN client, and of course, they usually activate the antivirus, deep inspection, and intrusion prevention services. They are also using it for web filtering and implementing various policies dealing with forwardings, NAT, etc."

"Advanced routing (RIP, OSPF, BGP, PBR). It gives you a seamless and simple integration into a large network."

"The IPsec tunnels are very easily created, and quite interoperable with devices from other vendors."

"The security features are about the best that I've seen anywhere."

"Fortinet FortiGate is easy to use."

"I appreciate FortiGate's flexibility, which allows for centralized management through FortiManager."

"The most valuable features are that it is very simple to configure and to manage."

More Fortinet FortiGate pros

"It is a very good solution. I like the dashboard. I can see what is going on and manage it as I like it."

"It has an open license. It works very well, and there is an update every month."

"What I like best about OPNsense is that, as a firewall, it's pretty good. I'm quite impressed with it. I had an excellent experience with OPNsense, which helped me achieve the targets I wanted."

"I mostly rely on the solution's network intrusion detection and prevention system, along with other systems, CMs, and log management."

"The most valuable features are reporting, the Sensei plugin, and firewall capabilities."

"One of the most valuable features is the network checking. Additionally, the firewall and web filtering functionalities are highly useful."

"The solution is user-friendly and easy to configure."

"OPNsense is easy to use and open source."

More OPNsense pros

"The best features of this solution are URL filtering and traffic visibility."

"I like that Palo Alto does a good job of keeping the firewall updated with the latest threat signatures."

"The interface and dashboards are good."

"Our clients find the most valuable features in Palo Alto Networks NG Firewalls to be the user-friendly interface, extensive capabilities, and highly granular rule creation process."

"Palo Alto Networks NG Firewalls offer a comprehensive suite of security features, with Intrusion Prevention System and certificate inspection being among the most valuable."

"It has a solid network security with some robust tools. We can block unexpected attacks, especially zero-day attacks. Since they use the Pan-OS engine, they can collect attacks from all over the world and analyze them. They can then protect against zero-day attacks and unexpected attacks."

"One of the best firewalls on the market."

"It's very important that Palo Alto NG Firewalls embed machine learning into the core of the firewall to provide inline, real-time attack prevention. That increases our security posture... The firewall is able to capture it and flag it and it is easy to mitigate as soon as we see something like that happening, to secure the environment more, in real time."

More Palo Alto Networks NG Firewalls pros

Cons

"Improvement is needed in the Web Filter quotas to restrict users with allocated quotas."

"The security of Fortinet FortiGate could improve."

"There are mainly two areas of improvement in Fortinet FortiGate— the licensing cost and the timing of upgrading licenses for boxes."

"Fortinet FortiGate is not very easy to use. The navigation could be improved to make it easier to use."

"They need faster serviceability and more security features."

"Fortinet FortiGate needs to improve to be on par with its competitors, such as Palo Alto and Sophos. They are the market leaders. Fortinet FortiGate needs to improve its capabilities. However, we are happy with Fortinet FortiGate."

"Regarding challenges, customers initially faced issues like internet dropping, but after firmware upgrades, everything worked well."

"I could not configure sFlow from the FortiGate graphical user interface. I realized that the sFlow configuration is available only from the CLI, and discovered that sFlow is not supported on virtual interfaces, such as VDOM links, IPsec, or GRE."

More Fortinet FortiGate cons

"There should be more technical documentation."

"There are issues with stability and reliability."

"When using the solution at the beginning was difficult. There was a steep learning curve."

"Given that OPNsense plays a pivotal role as a firewall, safeguarding against various threats, having a reliable backup ensures uninterrupted protection even if unforeseen events impact the primary virtual machine."

"SD-WAN (software-defined wide area network) is integrated into some restricted service providers for OPNSense."

"I would like better documentation concerning the provided packages and their integration."

"I think the most important thing is that it should be easily accessible, but currently, that doesn't seem to be the case. We need a hardware platform that's based on common standards and open computing principles, which would be like a commodity and benefit us greatly."

"An area for improvement in OPNsense is the hardware, which needs to be updated more frequently. DNS blocking is another good feature I want to be added to the solution. pfSense has a peer-blocking feature that I also want to see in OPNsense."

More OPNsense cons

"Enhancements could potentially be made to the firmware to improve its inspectability."

"Its stability can be better. Their technical response from the support side can also be better."

"The configuration part could be improved. It's very difficult to configure. It doesn't have a user-friendly interface. You have to know Palo Alto deeply to use it."

"Need improvement with their logs, especially the command line interface."

"Palo Alto Networks NG Firewalls should be more flexible and user-friendly. There should be more comprehensive documentation, case histories, and technical training on new technologies available on their portal."

"The solution has normal authentication, but does not have two-factor or multi-factor authentication. There is room for development there."

"I would like more reporting and metrics in the solution."

"We use ACC which is a tool for verifying the activity or traffic within your network. Currently, in ACC, the time of the samples that they offer is about five minutes. When you try to go down to a shorter duration, you can't. You only have five minutes. They can provide samples for shorter durations, such as one minute."

More Palo Alto Networks NG Firewalls cons

Pricing and Cost Advice

"The price of Fortinet FortiGate is affordable. Most of our customers are on a three-year license to use the solution. All the features and support are included in the price."

"We have the full version of Fortinet FortiGate and we are on a three-year contract with a commitment of five years."

"The price is high compared to some of the other solutions."

"The price is highly competitive when compared to other brands that offer similar functionality."

"The pricing for this solution is good."

"We have the full license that included all of the features and support."

"Fortinet FortiGate is reasonably priced."

"The price for the device and software is high. However, the solution is of good quality and has a lot of features."

More Fortinet FortiGate pricing and cost advice

"There are no licensing costs for OPNsence."

"I would rate the pricing three out of ten."

"OPNsense is an open-source solution and it is free to use."

"I've used the free version. My computer with two network cards at home allows me to try as many different software options as I want. I did pay for the license, but it was for the Zenarmor license, which is the packet inspection tool. They use AI for packet inspection, which integrates with OPNsense and pfSense."

"OPNsense is open source software so at this time it is free for us to use."

"It is not an expensive product. Basically, I deployed it because it was the fastest solution to satisfy our needs in open source."

"We are not paying any licensing fees. OPNsense is completely free for us."

"It is free."

More OPNsense pricing and cost advice

"It could be less expensive."

"Palo Alto NGFW is relatively expensive compared to the competition."

"Palo Alto Networks NG Firewalls are expensive."

"The solution is worth the price, as it can be utilized without the need for high-processing CPUs and resources, thus saving us overall."

"It will be worth your time to hire a contractor to set it up and configure it for you, especially if you are not very knowledgeable with PA firewalls."

"While Palo Alto Networks NG Firewalls come at a premium, exceeding the cost of most competitors by 45 percent, their advanced security features, superior performance, and comprehensive threat prevention capabilities justify the investment."

"Cheap and faster are the opposite sides of security. Security inspections have some technical and money costs. If you just purchase some cheap, fast firewalls, then you will lose a lot of the security features and fraud protection capabilities."

"It is expensive as compared to other brands."

More Palo Alto Networks NG Firewalls pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Firewalls solutions are best for your needs.

See recommendations

831,158 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Educational Organization

22%

Computer Software Company

14%

Comms Service Provider

Manufacturing Company

Computer Software Company

16%

Comms Service Provider

11%

Government

Educational Organization

Computer Software Company

15%

Financial Services Firm

Manufacturing Company

Government

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

Which is the better NGFW: Fortinet Fortigate or Cisco Firepower?

When you compare these firewalls you can identify them with different features, advantages, practices and usage a...

See all answers

What is the biggest difference between Sophos XG and FortiGate?

From my experience regarding both the Sophos and FortiGate firewalls, I personally would rather use FortiGate. I know...

See all answers

What are the biggest technical differences between Sophos UTM and Fortinet FortiGate?

As a solution, Sophos UTM offers a lot of functionality, it scales well, and the stability and performance are quite ...

See all answers

What is the difference between PfSense and OPNsense?

Two of the most common and well recognized firewalls, PfSense and OPNsense both support site-to-site IPsec VPN and cl...

See all answers

What do you like most about OPNsense?

What I like the most about OPNsense is that it offers an easy-to-use dashboard for device management and control.

See all answers

What is your experience regarding pricing and costs for OPNsense?

I consider the pricing of OPNsense to be high when compared with other market products. However, as a free firewall p...

See all answers

What is a better choice, Azure Firewall or Palo Alto Networks NG Firewalls?

Azure Firewall Vs. Palo Alto Network NG Firewalls Both solutions provide stellar stability and security. Azure Firew...

See all answers

Features comparison between Palo Alto and Fortinet firewalls

In the best tradition of these questions, Feature-wise both are quite similar, but each has things it's better at, it...

See all answers

Which is better - Palo Alto Networks NG Firewalls or Sophos XG?

Palo Alto Networks NG Firewalls have both great features and performance. I like that Palo Alto has regular threat si...

See all answers

Comparisons

Sophos XG vs Fortinet FortiGate

Compared 23% of the time

Netgate pfSense vs Fortinet FortiGate

Compared 13% of the time

Cisco Secure Firewall vs Fortinet FortiGate

Compared 11% of the time

WatchGuard Firebox vs Fortinet FortiGate

Compared 5% of the time

Fortinet FortiOS vs Fortinet FortiGate

Compared 2% of the time

More Fortinet FortiGate Competitors

Netgate pfSense vs OPNsense

Compared 54% of the time

IPFire vs OPNsense

Compared 8% of the time

Sophos XG vs OPNsense

Compared 7% of the time

Untangle NG Firewall vs OPNsense

Compared 3% of the time

SonicWall TZ vs OPNsense

Compared 1% of the time

More OPNsense Competitors

Check Point NGFW vs Palo Alto Networks NG Firewalls

Compared 13% of the time

Azure Firewall vs Palo Alto Networks NG Firewalls

Compared 12% of the time

Meraki MX vs Palo Alto Networks NG Firewalls

Compared 10% of the time

Sophos XG vs Palo Alto Networks NG Firewalls

Compared 9% of the time

Sophos UTM vs Palo Alto Networks NG Firewalls

Compared 5% of the time

More Palo Alto Networks NG Firewalls Competitors

Product Reports

Buyer's Guide

Fortinet FortiGate

January 2025

Download Fortinet FortiGate product report

Buyer's Guide

OPNsense

January 2025

Download OPNsense product report

Buyer's Guide

Palo Alto Networks NG Firewalls

January 2025

Download Palo Alto Networks NG Firewalls product report

Also Known As

FortiGate 60b, FortiGate 60c, FortiGate 80c, FortiGate 50b, FortiGate 200b, FortiGate 110c, FortiGate, Fortinet Firewall

No data available

Palo Alto NGFW, Palo Alto Networks Next-Generation Firewall

Learn More

Fortinet

Video not available

OPNsense

Palo Alto Networks

Overview

Fortinet FortiGate offers comprehensive network security and firewall protection across multiple locations. It effectively manages data traffic and secures environments with features like VPN, intrusion prevention, and UTM controls.

Organizations rely on Fortinet FortiGate for its robust integration with advanced security policies, ensuring significant protection for enterprises, cloud environments, and educational sectors. It facilitates network segmentation, application-level security, and authentication management, securing communication within and between locations such as branches and data centers. Its efficient SD-WAN and UTM features enable streamlined data management and enhanced threat protection capabilities. Users appreciate its centralized management, facilitating seamless operations across diverse environments.

What are the key features of Fortinet FortiGate?

VPN Capabilities: Ensure secure remote access for users and seamless site-to-site connections.
Intrusion Prevention System (IPS): Detect and prevent security threats and vulnerabilities.
Advanced Firewall: Offers robust firewalling with application control and web filtering.
SD-WAN: Optimizes application performance and enhances bandwidth management.
SSL VPN: Provides reliable and secure access for remote workers.

What benefits should users expect from Fortinet FortiGate?

High-performance Security: Delivers effective threat mitigation with high availability.
Centralized Management: Simplifies network operations with cloud-based management tools.
Detailed Analytics: Provides comprehensive insights into network activity and security threats.
Load Balancing: Ensures optimal resource distribution and traffic management.

Fortinet FortiGate is crucial in sectors like education, offering robust networks for secure data flow between campuses and facilitating remote learning. In enterprise environments, it allows efficient management of application traffic and security across multiple branches, while in the cloud, it seamlessly integrates with diverse platforms to enhance security infrastructure.

OPNsense is widely used for firewall functionalities, intrusion detection, VPN and IPSec, content filtering, securing network traffic, and remote access. It protects internal networks and manages servers securely, suitable for small to medium-sized businesses.

OPNsense is a comprehensive firewall solution leveraging open-source technology. It integrates with third-party modules like WireGuard and CrowdSec, enhancing its security capabilities. Offering on-premises and cloud deployment, it features an intuitive graphical interface, advanced reporting, VPN functionality, IDS/IPS features, and high scalability. Users find it ideal for small businesses and home networks due to its stability and ease of use. Frequent updates and an active community support its continuous improvement. However, it needs advancements in VPN selection, scalability, and technical documentation. Enhanced high availability, threat intelligence, and integration with virtualization platforms are required. User feedback suggests improvements in connectivity, alerting, traffic monitoring, and antivirus protection.

What are the key features of OPNsense?

Strong Firewall: Robust firewall capabilities for securing network traffic.
Intrusion Detection and Prevention: Effective IDS/IPS for threat mitigation.
VPN Functionality: Comprehensive VPN support including WireGuard.
Content Filtering: DNS-level filtering for enhanced security.
Advanced Reporting: In-depth traffic analysis and reporting features.
High Scalability: Supports growing network demands.
Integration Capabilities: Works with third-party modules like CrowdSec.
Intuitive GUI: User-friendly graphical interface enhances usability.

What benefits should users look for in OPNsense reviews?

Security: High level of protection for internal networks.
Manageability: Easy management of servers and network traffic.
Cost-Effective: Open-source nature reduces costs.
Reliability: Stable performance suitable for small and medium-sized businesses.
Community Support: Active community and frequent updates.

OPNsense is implemented across various industries to secure network infrastructure and ensure reliable connectivity. In fintech, it safeguards sensitive financial data while maintaining compliance. Educational institutions deploy it to protect student information and enable secure remote learning environments. Healthcare organizations use it to secure patient data and comply with HIPAA regulations. By integrating with tools like WireGuard and CrowdSec, businesses enhance their cybersecurity posture and streamline network management, making OPNsense a versatile choice for diverse operational needs.

Palo Alto Networks NG Firewalls offer comprehensive security, including application control, traffic shaping, threat prevention, and load balancing, designed to secure internal networks, perimeter protection, VPN services, and cloud environments.

Palo Alto Networks NG Firewalls are a key choice for managing and protecting data centers, securing remote access, network segmentation, malware prevention, and ensuring high availability and performance for business-critical applications. Known for stability and strong security, these firewalls use application-aware identifiers and IPS/IDS subscriptions to offer advanced threat protection. The unified platform facilitates seamless integration, while GlobalProtect and centralized management via Panorama enhance ease of use. However, there are areas for improvement, including pricing strategies, training, user support, and integration with third-party applications.

What are the essential features?

Stability: Reliable performance in different environments.
Application Control: Identifies applications to manage traffic.
Advanced Threat Protection: Includes DNS security, WildFire, and machine learning.
GlobalProtect: Secure remote access for users.
Centralized Management: Managed via the Panorama platform.

What benefits or ROI should users expect?

Security: Protects against threats with robust features.
User-Friendly: Simplified interface and easy configuration.
High Availability: Ensures performance for critical applications.
Integration: Seamless with existing systems and applications.
Support: Reliable technical support and resources.

In industries like finance, healthcare, and retail, Palo Alto Networks NG Firewalls secure sensitive data and meet regulatory requirements. These firewalls help manage large-scale networks in these sectors, providing essential security features and maintaining high-performance standards. They are implemented to ensure compliance, protect patient information, secure financial transactions, and safeguard customer data.

Sample Customers

Amazon Web Services, Microsoft, IBM, Cisco, Dell, HP, Oracle, Verizon, AT&T, T-Mobile, Sprint, Vodafone, Orange, BT Group, Telstra, Deutsche Telekom, Comcast, Time Warner Cable, CenturyLink, NTT Communications, Tata Communications, SoftBank, China Mobile, Singtel, Telus, Rogers Communications, Bell Canada, Telkom Indonesia, Telkom South Africa, Telmex, Telia Company, Telkom Kenya

1. Deciso B.V. 2. iXsystems, Inc. 3. EuroBSDCon 4. Netgate 5. Claranet 6. Voleatech 7. Open Systems AG 8. Securebit AG 9. Proxmox Server Solutions GmbH 10. AVM Computersysteme Vertriebs GmbH Additional customers include: T-Systems International GmbH, Deutsche Telekom AG, Vodafone GmbH, 1&1 IONOS SE, OVHcloud, Hetzner Online GmbH, Strato AG, PlusServer GmbH, Host Europe GmbH, United Internet AG, 1&1 Versatel Deutschland GmbH, QSC AG, Bechtle AG, Cancom SE, Computacenter AG & Co. oHG, T-Systems Multimedia Solutions GmbH, Atos SE, Capgemini SE, Accenture plc, IBM Corporation, Hewlett Packard Enterprise Company, Cisco Systems, Inc.

SkiStar AB, Ada County, Global IT Services PSF, Southern Cross Hospitals, Verge Health, University of Portsmouth, Austrian Airlines, The Heinz Endowments

Buyer's Guide

OPNsense vs. Palo Alto Networks NG Firewalls

January 2025

Free Report: OPNsense vs. Palo Alto Networks NG Firewalls

Find out what your peers are saying about OPNsense vs. Palo Alto Networks NG Firewalls and other solutions. Updated: January 2025.

DOWNLOAD NOW

831,158 professionals have used our research since 2012.

See our OPNsense vs. Palo Alto Networks NG Firewalls report.

See our list of best Firewalls vendors.

We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.