Palo Alto Networks NG Firewalls vs WatchGuard XTM [EOL] comparison

Palo Alto Networks and WatchGuard are both solutions in the Firewalls category. Additionally, 96% of Palo Alto Networks users are willing to recommend the solution, compared to 90% of WatchGuard users who would recommend it.

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Jan 5, 2025

WatchGuard XTM and Palo Alto Networks NG Firewalls are competitive products in the firewall space. Users indicate a preference for Palo Alto Networks due to their advanced features, even though WatchGuard is favored for pricing and support.

Features: WatchGuard XTM is valued for ease of use, robust security, and comprehensive reporting tools, making it suited for businesses with limited technical teams. On the other hand, Palo Alto Networks provides innovative threat prevention, superior application control, and advanced analytics.

Room for Improvement: WatchGuard could benefit from enhancing its advanced threat prevention and real-time analytics features. Additionally, improvements in application control could broaden its appeal. Palo Alto Networks could improve cost-effectiveness, enhance user interface simplicity, and further streamline deployment processes to better serve smaller businesses.

Ease of Deployment and Customer Service: Deployment of WatchGuard XTM is straightforward with reliable support, ideal for businesses with limited technical teams. Conversely, Palo Alto Networks offers efficient deployment alongside comprehensive customer service, catering to complex environments.

Pricing and ROI: WatchGuard XTM is cost-effective, appealing to budget-conscious organizations with a strong ROI. Palo Alto Networks has higher upfront costs reflecting its advanced capabilities. Despite the investment, the ROI from Palo Alto is worthwhile due to enhanced security and suitability for high-value environments.

To learn more, read our detailed Firewalls Report (Updated: January 2025).

Buyer's Guide

Firewalls

January 2025

Download the complete report

Helped 831,265 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Fortinet FortiGate

Featured Reviews

EhabAli

Sr. Cybersecurity Solutions Architect at BMB

Efficient, user-friendly, and affordable

In the past, NSS Labs was utilized to test files and verify the numbers and datasheets. It would be beneficial to have an organization or testing lab that can verify the numbers in our datasheets since changes are frequently made, which can be inconvenient for review. For instance, when comparing different competitors such as Forcepoint, Palo Alto, and Check Point, the throughput or numbers in the datasheet may be lower than the actual numbers. Conversely, Fortinet typically reports very high numbers, but they cannot be replicated in the real world. Therefore, it would be advantageous for them to partner with a neutral testing organization such as NSS Labs to validate these numbers, thus providing more credibility and comfort to everyone regarding the accuracy of the datasheets. For the migration, everyone has a firewall in use and I am selling Fortinet. Typically, I am replacing another firewall. Previously, there was a tool available to convert configurations from one firewall, such as Palo Alto, to Fortinet, but this tool is no longer free. If it could be made free again, it would be very beneficial. This tool shows a lot of promise and is very good. Making it free would help many companies deliver their products in a more efficient and integrated way. It would also be more valuable to include the tool with the firewall package or license instead of having to pay extra for it. Paying extra puts more pressure on small companies to deliver the firewall and complete the configuration, especially if they have hundreds or thousands of policies. It's very painful to move through these policies line by line. The stability has room for improvement. When it comes to Secure SD-WAN, everything is fine. They are going the right way. SD-WAN is very promising. They can provide the SD-WAN solution separately, but they will not take this approach because even the smallest firewall can support the features, so there is no need to have a separate service or appliance. They are following the right steps, and there is nothing to be improved. Feature-wise, I'm really satisfied with the new release, and the features they have added. For now, it's fine.

Read full review

AmjadKhan1

Head of data centers at a non-profit with 10,001+ employees

Provides inline protection with a unified view and anti-spyware capabilities

I would rate Palo Alto Networks NG Firewalls ten out of ten because it is the best. Our disaster recovery site utilizes Palo Alto Networks Next-Generation Firewalls. We are also in the process of upgrading the firewalls at our 365 sites in Pakistan to Palo Alto Networks firewalls. While budget firewalls may advertise comparable features, they often fall short of effectively detecting viruses, threats, and ransomware. In contrast, Palo Alto Networks NG Firewalls, combined with Cortex XDR, provide comprehensive threat intelligence and detection capabilities, ensuring superior security coverage. I recommend conducting a proof of concept before selecting a firewall. This will allow you to evaluate different options and determine which best suits your needs. While Palo Alto offers robust firewall solutions, it's essential to compare them with other vendors to ensure you make an informed decision.

Read full review

it_user498942

Deputy Head of IT Department at a financial services firm with 501-1,000 employees

Helps me create firewall policies for networks and services.

1. It is difficult to configure WatchGuard with your internet settings. Actually, a normal internet setting/configuration is easy. However, I had a problem with multi WAN and multi LAN. I have a few different LAN subnet and two WAN. What I want to do is to route traffic from LAN1 through WAN1 and use WAN2 as failover. And for LAN2, it would route through WAN2 and use WAN1 as failover. So all traffic from LAN1 supposed to go through WAN1 only unless WAN1 is down, then it will go WAN2. However, I still could see some packet from LAN1 go through WAN2 at the same times. I checked the Traffic Monitoring in WatchGuard and I figured it out that is because of default “Outgoings” policy. Unfortunately, I could not disable default “Outgoings” policy and if I do “all clients could not access the internet even if I created another Outgoing Policy to replace the default one”. I used to ask my Vendor to help with this problem, but they could not do it. 2. I would like to see more granularity on each IP bandwidth that is used. I want to check which IP consume internet Bandwidth the most, but it is not convenient to check the total bandwidth that one IP is consuming. I need to go to “Traffic Management” to see which group IP that used most of the bandwidth, and then I go to “Hostwatch” to check bandwidth of each IP and sum the consumed bandwidth by myself. 3. It cannot block Internet Download Manager nor the Torrent application “BitComet” Internet Download Manager and BitComet are two applications that I cannot block in “Application Control”. I used to ask my vendor for help, but they still could not do it. Other application (Messenger, other peer-to-peer application, social network, VOIP .. etc), WatchGuard can block them.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"I like several features that this product has, such as antivirus and internet navigation inspection. It is also simple to use."

"The solution is extremely reliable."

"The most valuable feature is the ease of use."

"We've found the solution to be pretty stable."

"It is a one box solution, which covers most of the edge device’s requirements."

"It's very good and very stable for businesses. It works very well."

"It is very flexible to use."

"It has a good UI and overall integration, including FortiGate Manager for controlling all firewalls from a single place."

More Fortinet FortiGate pros

"It's quite nice. It's very user-friendly, powerful, and there are barely any bugs."

"The Palo Alto Networks NG Firewalls excel in their integration capabilities."

"The most valuable features include the usual firewall functionalities, such as IPS and antivirus, which are effective."

"When we put it on the border, it was blocking everything that we were getting ahead of time, and we weren't getting any hits. This includes URL filtering, spam prevention, and anti-virus."

"The tool's most valuable features are its security features, which are highly valued based on market standards and Gartner reports. We conducted a POC before procuring it, and from that perspective, it is very good. The machine learning feature helps prevent more threats, but no device or firewall can be 100 percent secure because threats evolve daily."

"The strengths of Palo Alto Networks NG Firewalls are application visibility and application awareness. Their strong point is identifying applications for traffic. So all of the policies that are configured are related to the application and not to a port."

"The most valuable feature of Palo Alto Networks NG Firewalls is its application visibility, which allows us to see all users and their accessed resources."

"I have found it to be reliable and very easy to use. I haven't really encountered many problems with it because its documentation is clear and readily available on their website."

More Palo Alto Networks NG Firewalls pros

"Reputation Enabled Defense indicates that some websites are so infested that it's not even worth visiting them, and therefore saving the bandwidth of going through the detection process."

"We have used technical support for WatchGuard many times and overall, we are satisfied with it. They are always listening and there is a good reaction time to our findings. When there are issues, they really try to resolve them."

"WatchGuard XTM is fairly basic. We use it as the perimeter firewall. The main point is to protect from attack software and hacking."

"They have a reporting system which can store data over a very long period of time. Not many other firewall vendors provide a reporting system, but if they do, like Fortinet does, then you've got buy that as an additional product and that can be more than twice as expensive as the initial investment in the firewall. And without reporting over a long-term period, you're just about wasting your time."

"SNMP status monitoring and the Central Management Software."

"Application Control is fantastic with over 2,500 applications and the granularity that we can either allow people to view but not be able to log on to Facebook; or view it and log onto it if they're in the marketing department, but not play Facebook games. There are all sorts of different options like that. So it's highly granular."

"Monitoring of network activity is included in the box."

"There is a site-to-site VPN configuration between others people."

More WatchGuard XTM [EOL] pros

Cons

"There are problems with the custom reporting of the unique traffic. The data is there, but it is too difficult for us to extract."

"It would be good if they had fewer updates."

"Vulnerability scanning could be improved."

"The Web-filter in this solution is not very good."

"We had a minor problem where there was a major system upgrade on the hardware platfrom and the Mac client was not available as soon as it might have been. The PC client was available immediately, but we had to wait a month or so, before there was a mac client. I was slightly irritated that it was not ready on time, but it was eventually resolved."

"Fortinet FortiGate can improve the integration with Active Directory. Additionally, I would like to have a Cloud Controller, such as they do in the Cisco Meraki solution."

"WAN load-balancing could be a lot better at detecting when a link is poor or inconsistent, and not just flat out dead."

"The way everything is set up could be easier. Currently, people need a lot of experience and knowledge to administer it and to link it to devices."

More Fortinet FortiGate cons

"Palo Alto can do a little bit better when it comes to the User-ID part. I've been facing problems related to double authentication. You have a computer user, but you also have a VPN user, and when you do a single sign-on to another page, these logs can sometimes generate a problem notification. It doesn't happen a lot, but in some networks, it could be a problem. It would be very helpful to have the ability to restrict the connections that you can have in your VPN. For example, if you have the credentials, you can connect with the same user account from different computers or devices. If you have the domain information, you can connect from different devices. That's a problem that they need to address and resolve. They should ensure that at any moment, only one person is connected through a specific user account."

"They can improve the handling and management of User-ID. They should also improve its price. Their technical support can also be improved."

"I would like integration with Evident.io and RedLock."

"Palo Alto Networks NG Firewalls offer best-in-breed security but could improve by reducing their pricing."

"The solution has normal authentication, but does not have two-factor or multi-factor authentication. There is room for development there."

"I would like them to bring in some features that would encourage traffic shaping or bandwidth routing, like other UTM firewalls, because the solution should be capable of limiting the bandwidth for rules."

"Unfortunately, Palo Alto Networks products aren't cheap, but you have to pay the price for good security technology. I don't know the exact price, but it's about $10,000 to $15,000 without a subscription. Cisco is priced similarly. FortiGate is inexpensive in Poland, so a lot of customers prefer that."

"Could also use better customer support."

More Palo Alto Networks NG Firewalls cons

"I would like them to improve the product's overall protections. This would be good for all product users."

"The initial setup is neither simple nor complex. If you know the base in networking and how the firewall works, you will be able to figure it out."

"WatchGuard doesn't have a product that allows them to get into the data center. And that's just because there is no hardware to do the job. The software could do it, but there's no hardware that allows that to happen at the moment. So it doesn't scale as well as some other products, that's for sure."

"The setting policies need improvement. It needs an easier way to do static NAT and check on what policy is being used for that specific traffic."

"The VPN errors are not helpful when troubleshooting."

"One huge issue with WatchGuard XTM is that I'm not getting reports in a readable format. Readable means, I don't want Excel online. We repeat auditing when we trigger the report or setup calendar. That functionality is what we are looking for from WatchGuard XTM here."

"Sometimes we have had issues with stability of the product."

"Syslog (Dimension) is focused on presentation, but needs more focus on utility like SonicWall syslog (GMS/Analyzer)."

Pricing and Cost Advice

"I would rate the pricing a five out of ten"

"The main reason we chose Fortinet FortiGate was that the price was better than the competition."

"Their licensing costs are annual. The UTM feature license along with their support is called FortiCare. We include that as a part of the annual maintenance cost. Palo Alto or Juniper also have an annual subscription charge for UTM. Price, of course, can always be more competitive, but it is not the most expensive product. The price-performance ratio is quite high for FortiGate."

"We pay for the solution annually."

"The price for the device and software is high. However, the solution is of good quality and has a lot of features."

"The price of Fortinet FortiGate is better than Cisco, Check Point, and Palo Alto. In terms of pricing, it's probably a better-priced firewall solution overall."

"No comment."

"Fortinet FortiGate allows you to purchase licenses for hardware and software."

More Fortinet FortiGate pricing and cost advice

"These firewalls are not cheap, but they have a reasonable licensing model."

"If you compare Palo Alto with other firewalls, it's a bit expensive."

"Pricing is yearly, but it depends. You could pay on a yearly basis, or every three years. If you want to add a device or two, there would be an additional cost. Also, if you want to do an assessment, or other similar add-on, you have to pay accordingly for the additional service."

"Palo Alto is one of the most expensive firewalls in the world. Everyone knows that. But you need at least one layer from Palo Alto to protect your environment because it is the strongest company in the security field."

"The pricing is competitive in the market."

"This is not the firewall to choose if you are looking for the cheapest and fastest solution. Palo Alto NGFWs are expensive. By the time you license them up and get them fully functional, you have spent quite a bit of money. If it is a small branch office with 10 to 15 users, that is hard to justify."

"The pricing for Palo Alto is very high. The price difference with other vendors is huge because Palo Alto has been the market leader for the last five or six years, and they have a reliable product."

"I am not sure about the specific licensing costs of Palo Alto Networks NG Firewalls, but FortiGate and Palo Alto are generally cheaper than some high-end Cisco devices."

More Palo Alto Networks NG Firewalls pricing and cost advice

"Like all other manufacturers, there are a lot of features and different pricing. The best is to talk to a representative."

"Get at least a maintenance contract for the updates and take a larger WatchGuard than you need. A WatchGuard creates new ways to secure your network."

"It costs less than the SO works and others (like SonicWall, Cisco, and Barracuda) without increasing so much CPU use."

"The licensing and renewal is very expensive."

See which vendors are best for you

Use our free recommendation engine to learn which Firewalls solutions are best for your needs.

See recommendations

831,265 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Educational Organization

22%

Computer Software Company

14%

Comms Service Provider

Manufacturing Company

Computer Software Company

15%

Financial Services Firm

Manufacturing Company

Government

No data available

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

Which is the better NGFW: Fortinet Fortigate or Cisco Firepower?

When you compare these firewalls you can identify them with different features, advantages, practices and usage a...

See all answers

What is the biggest difference between Sophos XG and FortiGate?

From my experience regarding both the Sophos and FortiGate firewalls, I personally would rather use FortiGate. I know...

See all answers

What are the biggest technical differences between Sophos UTM and Fortinet FortiGate?

As a solution, Sophos UTM offers a lot of functionality, it scales well, and the stability and performance are quite ...

See all answers

What is a better choice, Azure Firewall or Palo Alto Networks NG Firewalls?

Azure Firewall Vs. Palo Alto Network NG Firewalls Both solutions provide stellar stability and security. Azure Firew...

See all answers

Features comparison between Palo Alto and Fortinet firewalls

In the best tradition of these questions, Feature-wise both are quite similar, but each has things it's better at, it...

See all answers

Which is better - Palo Alto Networks NG Firewalls or Sophos XG?

Palo Alto Networks NG Firewalls have both great features and performance. I like that Palo Alto has regular threat si...

See all answers

Ask a question

Earn 20 points

Comparisons

Sophos XG vs Fortinet FortiGate

Compared 23% of the time

Netgate pfSense vs Fortinet FortiGate

Compared 13% of the time

Cisco Secure Firewall vs Fortinet FortiGate

Compared 11% of the time

WatchGuard Firebox vs Fortinet FortiGate

Compared 5% of the time

Meraki MX vs Fortinet FortiGate

Compared 5% of the time

More Fortinet FortiGate Competitors

Check Point NGFW vs Palo Alto Networks NG Firewalls

Compared 13% of the time

Azure Firewall vs Palo Alto Networks NG Firewalls

Compared 12% of the time

Meraki MX vs Palo Alto Networks NG Firewalls

Compared 10% of the time

Sophos XG vs Palo Alto Networks NG Firewalls

Compared 9% of the time

Netgate pfSense vs Palo Alto Networks NG Firewalls

Compared 8% of the time

More Palo Alto Networks NG Firewalls Competitors

No data available

Product Reports

Buyer's Guide

Fortinet FortiGate

January 2025

Download Fortinet FortiGate product report

Buyer's Guide

Palo Alto Networks NG Firewalls

January 2025

Download Palo Alto Networks NG Firewalls product report

Buyer's Guide

WatchGuard XTM [EOL]

December 2024

Download WatchGuard XTM [EOL] product report

Also Known As

FortiGate 60b, FortiGate 60c, FortiGate 80c, FortiGate 50b, FortiGate 200b, FortiGate 110c, FortiGate, Fortinet Firewall

Palo Alto NGFW, Palo Alto Networks Next-Generation Firewall

No data available

Learn More

Fortinet

Palo Alto Networks

WatchGuard

Overview

Fortinet FortiGate offers comprehensive network security and firewall protection across multiple locations. It effectively manages data traffic and secures environments with features like VPN, intrusion prevention, and UTM controls.

Organizations rely on Fortinet FortiGate for its robust integration with advanced security policies, ensuring significant protection for enterprises, cloud environments, and educational sectors. It facilitates network segmentation, application-level security, and authentication management, securing communication within and between locations such as branches and data centers. Its efficient SD-WAN and UTM features enable streamlined data management and enhanced threat protection capabilities. Users appreciate its centralized management, facilitating seamless operations across diverse environments.

What are the key features of Fortinet FortiGate?

VPN Capabilities: Ensure secure remote access for users and seamless site-to-site connections.
Intrusion Prevention System (IPS): Detect and prevent security threats and vulnerabilities.
Advanced Firewall: Offers robust firewalling with application control and web filtering.
SD-WAN: Optimizes application performance and enhances bandwidth management.
SSL VPN: Provides reliable and secure access for remote workers.

What benefits should users expect from Fortinet FortiGate?

High-performance Security: Delivers effective threat mitigation with high availability.
Centralized Management: Simplifies network operations with cloud-based management tools.
Detailed Analytics: Provides comprehensive insights into network activity and security threats.
Load Balancing: Ensures optimal resource distribution and traffic management.

Fortinet FortiGate is crucial in sectors like education, offering robust networks for secure data flow between campuses and facilitating remote learning. In enterprise environments, it allows efficient management of application traffic and security across multiple branches, while in the cloud, it seamlessly integrates with diverse platforms to enhance security infrastructure.

Palo Alto Networks NG Firewalls offer comprehensive security, including application control, traffic shaping, threat prevention, and load balancing, designed to secure internal networks, perimeter protection, VPN services, and cloud environments.

Palo Alto Networks NG Firewalls are a key choice for managing and protecting data centers, securing remote access, network segmentation, malware prevention, and ensuring high availability and performance for business-critical applications. Known for stability and strong security, these firewalls use application-aware identifiers and IPS/IDS subscriptions to offer advanced threat protection. The unified platform facilitates seamless integration, while GlobalProtect and centralized management via Panorama enhance ease of use. However, there are areas for improvement, including pricing strategies, training, user support, and integration with third-party applications.

What are the essential features?

Stability: Reliable performance in different environments.
Application Control: Identifies applications to manage traffic.
Advanced Threat Protection: Includes DNS security, WildFire, and machine learning.
GlobalProtect: Secure remote access for users.
Centralized Management: Managed via the Panorama platform.

What benefits or ROI should users expect?

Security: Protects against threats with robust features.
User-Friendly: Simplified interface and easy configuration.
High Availability: Ensures performance for critical applications.
Integration: Seamless with existing systems and applications.
Support: Reliable technical support and resources.

In industries like finance, healthcare, and retail, Palo Alto Networks NG Firewalls secure sensitive data and meet regulatory requirements. These firewalls help manage large-scale networks in these sectors, providing essential security features and maintaining high-performance standards. They are implemented to ensure compliance, protect patient information, secure financial transactions, and safeguard customer data.

Small businesses need big security, too, and the WatchGuard XTM Series firewall/VPN appliances deliver that strong protection, but without the hefty price tag. Enterprise-grade security includes full HTTPS content inspection, VoIP support, and optional security subscriptions like Application Control and Intrusion Prevention Service.

Sample Customers

Amazon Web Services, Microsoft, IBM, Cisco, Dell, HP, Oracle, Verizon, AT&T, T-Mobile, Sprint, Vodafone, Orange, BT Group, Telstra, Deutsche Telekom, Comcast, Time Warner Cable, CenturyLink, NTT Communications, Tata Communications, SoftBank, China Mobile, Singtel, Telus, Rogers Communications, Bell Canada, Telkom Indonesia, Telkom South Africa, Telmex, Telia Company, Telkom Kenya

SkiStar AB, Ada County, Global IT Services PSF, Southern Cross Hospitals, Verge Health, University of Portsmouth, Austrian Airlines, The Heinz Endowments

AVG, Cyren, Kaspersky Lab, Lastline, NCP engineering, Trend Micro, Websense

Find out what your peers are saying about Netgate, Fortinet, OPNsense and others in Firewalls. Updated: January 2025.

DOWNLOAD NOW

831,265 professionals have used our research since 2012.

See our list of best Firewalls vendors.

We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.