Beruflich Dokumente
Kultur Dokumente
In the Gartner Magic Quadrant for Enterprise Firewall (2015) and Unified Threat Management, Fortinet is in
both research and ranks #1 and top 3 vendors. Gartner validates Fortinets growth in the enterprise,
recommends us to the vendors shortlist, and acknowledges that Fortinet is a significant threat to
competitors.
Gartner mentioned its clients report Palo Alto Networks direct sales and resellers being overly optimistic about
the performance. Also, the clients complaints received regarding Palo Alto Networks usually relates to
management console issues and scale. This confirms suspicions that PAN cannot scale into large global
accounts. Fortinet can provide cyber-security protection to customers in both Gartner MQ.
In the IDC research, it provides overall market growth in the different price bands. Fortinet has grown in the
data center, enterprise, and distributed branch/ retail segments. Fortinet continues to outpace other
competitors in this market segment. In the Infonetics Research, Fortinet is a top security vendor for the Data
Center segment.
Fortinets revenue of each segment is fairly balanced with entry, mid-range, and high-
end models at 37%, 26%, and 37%, respectively. Palo Alto Networks is focused in the
mid-enterprise markets. The product revenue shows Fortinets ability to execute and
service these different customer market segments. In the high-end, customers are
requiring high-performance security. In both the high-end and mid-range, these
customers are looking for best of breed and NGFW. The entry-level requires more
consolidated and cost-effective security appliances.
There are a few architectures for security. There is the software-based architecture, which relies on a general
CPU, and it tends to have performance issues. Using a CPU, with other off the shelf silicon, which offloads
some of the security tasks, to increase performance is another approach. However, merchant chip vendors
are not close to enough to the end customer to obtain feedback to improve its silicon.
PAN has challenges with its Single Pass Architecture, because it only scans
based on stream based, which has a number of limitations. It lacks not
support a wide range of compression file types malware uses to propagate.
PAN uses DSRI to increase performance in one-way scanning, but the
performance dramatically drops with bi-directional scanning is enabled. PAN
relies heavily on the hash antivirus signatures to make its detection. This can
lead to a high number of false positives and performance issue. PANs
architecture sacrifices performance and security in business networks, which
leads to negative business continuity and uptime.
2
COMPETITIVE BATTLECARD: Fortinet vs. Palo Alto Networks
delivers predictable high performance, ultra-low latency, port density, acceleration of content security
compared to any competitor in the market.
It allows Fortinet to penetrate the different market segments for the network.
As a result of the different architecture, Fortinet delivers more performance, capacity, and session ramp up to
the Palo Alto Networks price band model. Palo Alto is known to attempt to oversize its appliances in order to
make it appear it can handle the performance. PAN has Disable Server Response Inspection (DSRI), which
increases performance but only scans one direction.
The Fortinet Technical Marketing group conducted performance test on the Palo Alto PA 5060 and found
shocking performance issues. The test report called Competitive Edge against Palo Alto Networks provides
the details on the testing configuration and results. The report can be located at, https://goo.gl/nkUUgc
Palo Alto has taken a Pay to Play performance testing for its PA 7050. The
testing methodology does not provide real world performance. The report can
be found at https://goo.gl/hJn8j5
4
FortiGate 1500D Tested
Best of Breed Security
Earned a NSS Labs NGFW
Recommend Status
99.2% Security Effectiveness
11.7 Gbps NSS Tested
performance
Better TCO than any of the
competitors than Palo Alto
Networks
Fortinet can be deployed inline or in transparent mode. We do have a Cyber Threat Assessment Program,
which provides an evaluation unit and visibility to applications, threats, and users for customers PoC. For more
information, email ctap@fortinet.com.
Network visibility has become critical in the enterprise to provide protection and productivity. On the FortiGate,
the FortiView provides visibility to applications, users, devices, and threats. Fortinet supports and optimized
with over 3,300 application signatures, and the visibility continues to grow. Customers can create custom
application signatures for their in-house application development. It is easy to deploy a FortiGate with feature
rich visibility.
PAN has the Application Command Center (ACC), which provides network visibility with a limited number of
application signatures, which leaves the customer blind to unknown traffic.
PAN lacks security innovation in the Unified Threat Management, which addresses the distributed enterprise
and retail branch. PAN is missing a number of consolidated security functionalities. PAN does not offer full
wireless or WAN optimization solution for the SMB, branch, and retail distributed locations.
6
In the Service Provider segment, they are providing services to their customers, which requires high
performance, virtualization, and availability.
There are different models variants, a la carte security subscription, and support packages for the different
vendors. In the Service Provider Comparison, it compares the FortiGate 5000 series to the Palo Alto Networks
PA 7050. The Fortinet FortiGate 5000 series delivers close to 10x performance compared to the PA 7050. In
addition, it has the next generation of network connectivity for 100G, 40G, and density 10G interface. Palo
Alto Networks does not support the 100G or 40G. The PA 7050 has not made in roads to the service
providers; because of the performance issues and the $1.3M U.S list price for a 120Gbps firewall, which does
not perform at the datasheet specification in real-world deployments. PAN had commissioned Network Test
for a performance report on its configuration of the PA 7050. The PA 7050 network processing cards (NPC)
are based upon the PA 5060 appliance, with some small improvements. Each NPC would have similar
performance behaviors as a PA 5060 appliance.
There is the Enterprise and Mid Enterprise segments, which have dedicated security administrators and are
interested in best of breed Next Generation Firewall with advanced threat protection. Fortinet would
compete with the Palo Alto PA 3000 and 5000 series. The PA-4000 (4020, 4050, & 4060) series has been
End of Life (EOL). The PA 3060, 5050, and 5060 has 2x 10G network connectivity, which are not able to
provide line rate.
COMPETITIVE BATTLECARD: Fortinet vs. Palo Alto Networks
In the distributed enterprise, there are a number of requirements, which ranges from consolidated security,
Unified Threat Management, integrated wireless, 3G/4G support, PoE, ease of use, management, and other
features. Palo Alto is missing a number of consolidated security, networking, and wireless requirements.
Fortinet provides variants to accommodate the different requirements with the retail, branch office, and
distributed enterprise.
Resources
Fortinet Next Generation Firewall (NGFW) and Advanced Threat Protection (ATP) Overview PowerPoint,
https://www.myfortinet.com/Tag.aspx?tid=93
Fortinet Data Center PowerPoint Overview, https://www.myfortinet.com/Tag.aspx?tid=94
Competitive Inquiry, competitive@fortinet.com
Demonstration of competitive security effectiveness SecurityEffectivenessDemo@fortinet.com
Customer Reference Program, CRP@fortinet.com
Online Competitive Database, https://competitive.myfortinet.com
Competitive Edge against Palo Alto PA 5060, https://goo.gl/nkUUgc
Network World Test Review Palo Alto PA 5060, http://goo.gl/IEjYge
o UTM performance at 108 Mbps
o SSL performance at 986 Mbps
Pay to Play Testing PA 7050 Test Report, https://goo.gl/hJn8j5
Palo Alto Network Disable Server Response Inspection (DSRI)
Fortinet Cyber Threat Assessment Program, ctap@fortinet.com
NSS Labs NGIPS 2015
o Test Report on the FortiGate 1500D, http://goo.gl/CUA5EU
NSS Labs NGFW 2014 Security Value Map, http://goo.gl/KmiTCX
o FortiGate 3600C, http://goo.gl/KmiTCX
o Palo Alto failed the test.
Palo Alto Networks IPS evasion DEMO, NSS Labs, https://goo.gl/yChFQN
Palo Alto Networks IPS Evasion By After NSS Labs Patch 6.05H3
o https://goo.gl/DcPVH8
Gartner Magic Quadrant for
o Enterprise Firewall 2015, http://www.gartner.com/technology/reprints.do?id=1-2CGLBR6&ct=150327&st=sb
o Unified Threat Management 2014, http://goo.gl/aCF1lY
10