Netgate pfSense vs Sangfor NGAF comparison

Netgate and Sangfor are both solutions in the Firewalls category. Netgate is ranked #1 with an average rating of 8.7, while Sangfor is ranked #19 with an average rating of 7.9. Netgate holds a 14.4% mindshare in Firewalls, compared to Sangfor’s 1.3% mindshare. Additionally, 94% of Netgate users are willing to recommend the solution, compared to 90% of Sangfor users who would recommend it.

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Jan 5, 2025

Netgate pfSense and Sangfor NGAF compete in the network security and firewall category. Netgate pfSense appears to have the upper hand with its strong community support and open-source flexibility, while Sangfor NGAF stands out for ease of use and integrated management.

Features: Netgate pfSense provides robust firewall capabilities, extensive VPN functionalities, and scalability, making it suitable for various business sizes and offering a rich support network via plugins. In contrast, Sangfor NGAF emphasizes user experience and management simplicity, focusing on security features such as intrusion detection, application control, and WAN optimization.

Room for Improvement: Netgate pfSense could enhance support for modern hardware, offer more intuitive graphical interfaces, and improve centralized management. Sangfor NGAF could benefit from better application control, interface usability, and increased port numbers, as well as enhanced SD-WAN functionalities.

Ease of Deployment and Customer Service: Netgate pfSense is accessible for on-premises and public cloud deployments with community-based support, while Sangfor NGAF is focused on ease of deployment with considerable customer service aiding users during setup and maintenance.

Pricing and ROI: Netgate pfSense is recognized as cost-effective due to its open-source nature and lack of subscription fees, providing a favorable ROI on diverse hardware. Sangfor NGAF is competitively priced, generally more affordable than some key competitors, though its licensing fees can add to costs. Its ROI is enhanced by low maintenance fees and competitive pricing in the market.

To learn more, read our detailed Netgate pfSense vs. Sangfor NGAF Report (Updated: March 2025).

Buyer's Guide

Netgate pfSense vs. Sangfor NGAF

March 2025

Download the complete report

Helped 845,406 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Fortinet FortiGate

Mindshare comparison

As of April 2025, in the Firewalls category, the mindshare of Fortinet FortiGate is 21.1%, up from 17.7% compared to the previous year. The mindshare of Netgate pfSense is 14.4%, down from 22.1% compared to the previous year. The mindshare of Sangfor NGAF is 1.3%, up from 0.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Firewalls

Featured Reviews

EhabAli

Sr. Cybersecurity Solutions Architect at BMB

Efficient, user-friendly, and affordable

In the past, NSS Labs was utilized to test files and verify the numbers and datasheets. It would be beneficial to have an organization or testing lab that can verify the numbers in our datasheets since changes are frequently made, which can be inconvenient for review. For instance, when comparing different competitors such as Forcepoint, Palo Alto, and Check Point, the throughput or numbers in the datasheet may be lower than the actual numbers. Conversely, Fortinet typically reports very high numbers, but they cannot be replicated in the real world. Therefore, it would be advantageous for them to partner with a neutral testing organization such as NSS Labs to validate these numbers, thus providing more credibility and comfort to everyone regarding the accuracy of the datasheets. For the migration, everyone has a firewall in use and I am selling Fortinet. Typically, I am replacing another firewall. Previously, there was a tool available to convert configurations from one firewall, such as Palo Alto, to Fortinet, but this tool is no longer free. If it could be made free again, it would be very beneficial. This tool shows a lot of promise and is very good. Making it free would help many companies deliver their products in a more efficient and integrated way. It would also be more valuable to include the tool with the firewall package or license instead of having to pay extra for it. Paying extra puts more pressure on small companies to deliver the firewall and complete the configuration, especially if they have hundreds or thousands of policies. It's very painful to move through these policies line by line. The stability has room for improvement. When it comes to Secure SD-WAN, everything is fine. They are going the right way. SD-WAN is very promising. They can provide the SD-WAN solution separately, but they will not take this approach because even the smallest firewall can support the features, so there is no need to have a separate service or appliance. They are following the right steps, and there is nothing to be improved. Feature-wise, I'm really satisfied with the new release, and the features they have added. For now, it's fine.

Read full review

Vincent Hamm

CIO and President at Aim High! Inc.

I appreciate the depth of what the solution can do and the simplicity of the initial setup

We do a lot of managed services and are currently trying to get people off of L2TP VPN. Apparently, we can download a mobile config file from a configured NetGate device, and we're primarily Apple. We've experimented with it on a device that's not a production device, and we can't seem to get the phase one IPSec set correctly so that the Apple config will accept it. We've tried looking at the documentation but haven't found anything. While it's not the highest priority, it is rather frustrating. We'd like to do this, and the feature is right there, but we can't get it configured. We certainly don't want to try it on a production machine because it will break the current VPN. I would like to download the Apple mobile config so that I can tell it to configure my VPN connection to do that. We have some cross-platform things. So there's also a Windows VPN. You can download a script or a PowerShell, put it on a Windows machine, and it can connect to the VPN. It would be nice if I could say I want Mac only, Windows only, or both. I wish it could configure the IPSec phase one and phase two, or at least give me solid instructions on how to configure that. It doesn't supply out-of-the-box visibility to drive decisions. You get 75 log lines, so if you're trying to troubleshoot something, you have to look at one log and then another. It integrates with SysLog systems, but our customers are not at the level where they want to pay for some third-party SysLog system. Usually, we can get things taken care of fairly quickly. I would like to have the ability to control all my devices from one place. With Ubiquiti, you can get a controller that allows you to control all of your Wi-Fi devices, switches, and routers. From one area, you can switch to that customer and see what's happening in their environment. That's not part of pfSense. I understand why it's not because pfSense is open source and community supported. That's something that someone in the community needs to pick up and run with. It's not something the pfSense can easily implement. If they could, that'd be great.

Read full review

Zaid Farooqui

CIO at Indus Motor Company

Enhanced threat detection with integrated security features and good support

We are using application firewalling, WAF, and SD-WAN. The capabilities are mostly within the box. For example, you will get web application firewall WAF as part and parcel of this. SD-WAN is also bundled. It integrates with their SIEM and SOAR solutions very nicely. Lastly, the pricing point is very cost-efficient as well.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"We can detect any attack of viruses or malware at the first point of contact."

"The most valuable feature is the VDOM, which allows the customer to have multiple firewalls in a single campus."

"The integration with Active Directory is one of the good features. Most of the customers are now looking for the Single Sign-on feature. So, being able to integrate Active Directory with the firewall is useful. It is also easy."

"We have been able to offer several services to customers in a single box."

"The solution is easy to configure and maintain remotely."

"Fortinet FortiGate is a scalable solution."

"The most valuable feature is the policy routing and application control."

"Valuable features include the Web Application Firewall, and it even has DLP (data leak prevention)."

More Fortinet FortiGate pros

"It is a better firewall than others and it has better features."

"The most valuable aspect of pfSense for me is its firewall functionality."

"I like pfBlocker and the ability to install more packages from the pfSense console."

"It is easy to use and has integrity with other systems, such as proxies and quality of service."

"The visibility in pfSense helps optimize performance."

"The solution's most valuable features are high availability and the VPN options."

"It is much simpler than other solutions such as Fortinet."

"If you have full logging turned on you can get a pretty good idea of what kind of traffic is going in from where to where."

More Netgate pfSense pros

"In terms of the most valuable features, the IPS report is quick and updated. Performance is also valuable."

"It offers application control features."

"We can utilize our own network rather than paying for a private one."

"Sangfor NGAF works accordingly with our customers. The solution has good performance, easy to use, and integrates well with the endpoints."

"Sangfor's tech features and technologies are more powerful than those of the other solution providers in terms of security. They also have big solutions in terms of cybersecurity."

"While the features are not dissimilar to other brands, configuration is much more simple, which works out great for Indonesian people."

"The top functionality is the reporting feature."

"The most valuable feature of Sangfor NGAF is its integration."

More Sangfor NGAF pros

Cons

"We had a minor problem where there was a major system upgrade on the hardware platfrom and the Mac client was not available as soon as it might have been. The PC client was available immediately, but we had to wait a month or so, before there was a mac client. I was slightly irritated that it was not ready on time, but it was eventually resolved."

"I don't really have anything negative to say as far as Fortinet firewalls are concerned. If anything, they can support a user a little bit better. They can stop being so time-sensitive about how much time the support call has taken, and they can help you do it yourself."

"The integration with third-party tools may be something that they should work on."

"The cloud features can be improved."

"There are mainly two areas of improvement in Fortinet FortiGate— the licensing cost and the timing of upgrading licenses for boxes."

"Fortinet FortiGate is not very easy to use. The navigation could be improved to make it easier to use."

"Fortinet FortiGate could improve by having a frequent ask questions(FAQ) area for people to receive quick answers to popular questions. Additionally, it would be beneficial to have an SMS notification feature. For example, if you cannot access your email you could receive an SMS message."

"They should make the rule sets more understandable for the end user. When you're trying to explain to somebody how a computer network is secured, sometimes it's difficult for an end user or customer to understand. If there was a way to make the terminology more accessible to the end user, the set up could be easier. They should translate the technical jargon to an easily relatable and understandable conversation for the end user, the customer, that would be brilliant. Particularly in an environment where the IT structure is audited regularly, there's always pressure from the auditor to up the standards and up the security and you get your USCERT's that come out and there's a warning about this and the customer will want to lock out so much and when you apply it they run into issue where they can't search the internet or print to their remote office. Of course they can't print to your remote office, they just locked it up. They should make the language more understandable for the customer. If there's a product out there that made the jargon understandable to John Q. Public, I would buy that."

More Fortinet FortiGate cons

"I would like a management console to manage multiple pfSense installs. We have five or six pfSense hardware devices installed. As far as I know, there is no single, unified pane of glass that I can use to manage multiple appliances. That's the one thing I wish I had, just having a good single unified configuration interface for each install."

"The solution could be more user-friendly, and the graphical interface needs some work so that someone without an IT background can use the application. I would like the ability to manage the on-premise appliance from the cloud. When I'm not in the office, it would be great to connect to the pfSense server and administer the network remotely."

"Also, the GUI is helpful, but it's not user-friendly. It's complicated. It should be more intuitive for the average user and have an excellent graphical view. Of course, the user will typically know about network administration, but it still should be easy to understand."

"They have abandoned the Community edition. There has not been an update in a year."

"It would be nice for the code optimization to run on even slower processes."

"Maybe Netgate needs to see if a medium-level Netgate pfSense Plus can be created for smaller organizations."

"There are several levels of firewall configuration such as beginner, advanced, and expert configurations. At each level, it becomes more complex and more tricky to set up the firewall. For example, if you want to install the firewall on your computer system, it would be a lot easier if it just tells you that this is the internet NIC and this is the Wi-Fi NIC."

"Ultimately, we'd like something stronger, and something that can handle threats better in real-time."

More Netgate pfSense cons

"Sangfor NGAF could improve by refining its application control policies, especially in addressing challenges with certain types of applications."

"The GUI needs to be improved, lacks logic in some areas."

"Occasional issues with breaches which are dealt with expediently."

"The setup phase is quite complex."

"Sangfor could improve by providing better real-time reporting, as the current reports don't offer the level of detail we need, especially for runtime insights."

"The cost of licensing is very high compared to other firewalls available here."

"Our experience with its customer support was quite challenging."

"The cost of licensing is very high compared to other firewalls available here. There should be improvements in hardware scalability, allowing for more storage and memory capacity."

More Sangfor NGAF cons

Pricing and Cost Advice

"Our licensing costs are on a yearly basis."

"Setup cost may be not so low, as you expect, because it depends on different factors, but TCO for 5 years may pleasantly surprise you."

"These boxes are not that expensive compared to what they can do, their functionality, and the reporting you receive. Fortinet licensing is straightforward and less confusing compared to Cisco."

"Fortinet is the least expensive solution."

"The price of Fortinet FortiGate is reasonable."

"It's very affordable."

"The price is highly competitive when compared to other brands that offer similar functionality."

"The price is fine."

More Fortinet FortiGate pricing and cost advice

"I think Netgate pfSense's TAC or support is a little expensive, considering how inexpensive everything else is."

"Hardware costs more than $500. The cloud version costs me $50 a month."

"We just have a yearly support subscription."

"pfSense is open-source."

"It works quite well for an open source product."

"The price point is highly competitive."

"I would like to see the solution's price reduced."

"It's highly cost-effective for both the average consumer and business users."

More Netgate pfSense pricing and cost advice

"-"

"Sangfor is cheaper than competing vendors."

"The price could be more competitive."

"If one is very cheap and ten is very expensive, I rate the tool's price as three out of ten."

"The price falls in the mid-range, neither exceptionally low nor high."

"Price-wise, I would not consider Sangfor NGAF to be a cheap product. It is an expensive firewall solution, though not as expensive as something like Palo Alto, which is costly. However, the higher price point is justifiable given the feature set the tool provides that other firewalls may not offer in a single dedicated appliance."

"The pricing is reasonable."

"Sangfor NGAF price is reasonable and there is an annual license. However, the maintenance cost can be a bit high."

More Sangfor NGAF pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Firewalls solutions are best for your needs.

See recommendations

845,406 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Educational Organization

22%

Computer Software Company

14%

Comms Service Provider

Manufacturing Company

Computer Software Company

15%

Comms Service Provider

11%

Educational Organization

Government

Computer Software Company

13%

Manufacturing Company

10%

Financial Services Firm

Educational Organization

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

Which is the better NGFW: Fortinet Fortigate or Cisco Firepower?

When you compare these firewalls you can identify them with different features, advantages, practices and usage a...

See all answers

What is the biggest difference between Sophos XG and FortiGate?

From my experience regarding both the Sophos and FortiGate firewalls, I personally would rather use FortiGate. I know...

See all answers

What are the biggest technical differences between Sophos UTM and Fortinet FortiGate?

As a solution, Sophos UTM offers a lot of functionality, it scales well, and the stability and performance are quite ...

See all answers

Help me find the best open source router

You don't really specify what type of router you are looking for but if you are talking about a gateway router I reco...

See all answers

How do I choose between Fortinet FortiGate and pfSense?

Fortinet’s Fortigate is a firewall solution we use and are very much satisfied with its performance. We find Fortigat...

See all answers

What is the difference between PfSense and OPNsense?

Two of the most common and well recognized firewalls, PfSense and OPNsense both support site-to-site IPsec VPN and cl...

See all answers

What do you like most about Sangfor NGAF?

I think Sangfor NGAF is more valuable than Cisco products because of its simplicity and ease of management. If I comp...

See all answers

What is your experience regarding pricing and costs for Sangfor NGAF?

The licensing cost is quite high compared to other available firewalls in the market.

See all answers

What needs improvement with Sangfor NGAF?

The cost of licensing is very high compared to other firewalls available here. There should be improvements in hardwa...

See all answers

Comparisons

Sophos XG vs Fortinet FortiGate

Compared 23% of the time

Cisco Secure Firewall vs Fortinet FortiGate

Compared 10% of the time

WatchGuard Firebox vs Fortinet FortiGate

Compared 5% of the time

SonicWall TZ vs Fortinet FortiGate

Compared 5% of the time

Fortinet FortiGate-VM vs Fortinet FortiGate

Compared 2% of the time

More Fortinet FortiGate Competitors

OPNsense vs Netgate pfSense

Compared 34% of the time

Sophos XG vs Netgate pfSense

Compared 9% of the time

KerioControl vs Netgate pfSense

Compared 4% of the time

Cisco Secure Firewall vs Netgate pfSense

Compared 3% of the time

Sophos UTM vs Netgate pfSense

Compared 2% of the time

More Netgate pfSense Competitors

Sophos XG vs Sangfor NGAF

Compared 17% of the time

Sophos XGS vs Sangfor NGAF

Compared 5% of the time

Palo Alto Networks NG Firewalls vs Sangfor NGAF

Compared 4% of the time

Fortinet FortiGate-VM vs Sangfor NGAF

Compared 3% of the time

Check Point NGFW vs Sangfor NGAF

Compared 3% of the time

More Sangfor NGAF Competitors

Product Reports

Buyer's Guide

Fortinet FortiGate

March 2025

Download Fortinet FortiGate product report

Buyer's Guide

Netgate pfSense

March 2025

Download Netgate pfSense product report

Buyer's Guide

Sangfor NGAF

March 2025

Download Sangfor NGAF product report

Also Known As

FortiGate 60b, FortiGate 60c, FortiGate 80c, FortiGate 50b, FortiGate 200b, FortiGate 110c, FortiGate, Fortinet Firewall

No data available

Sangfor NGAF Firewall Platform

Overview

Fortinet FortiGate offers comprehensive network security and firewall protection across multiple locations. It effectively manages data traffic and secures environments with features like VPN, intrusion prevention, and UTM controls.

Organizations rely on Fortinet FortiGate for its robust integration with advanced security policies, ensuring significant protection for enterprises, cloud environments, and educational sectors. It facilitates network segmentation, application-level security, and authentication management, securing communication within and between locations such as branches and data centers. Its efficient SD-WAN and UTM features enable streamlined data management and enhanced threat protection capabilities. Users appreciate its centralized management, facilitating seamless operations across diverse environments.

What are the key features of Fortinet FortiGate?

VPN Capabilities: Ensure secure remote access for users and seamless site-to-site connections.
Intrusion Prevention System (IPS): Detect and prevent security threats and vulnerabilities.
Advanced Firewall: Offers robust firewalling with application control and web filtering.
SD-WAN: Optimizes application performance and enhances bandwidth management.
SSL VPN: Provides reliable and secure access for remote workers.

What benefits should users expect from Fortinet FortiGate?

High-performance Security: Delivers effective threat mitigation with high availability.
Centralized Management: Simplifies network operations with cloud-based management tools.
Detailed Analytics: Provides comprehensive insights into network activity and security threats.
Load Balancing: Ensures optimal resource distribution and traffic management.

Fortinet FortiGate is crucial in sectors like education, offering robust networks for secure data flow between campuses and facilitating remote learning. In enterprise environments, it allows efficient management of application traffic and security across multiple branches, while in the cloud, it seamlessly integrates with diverse platforms to enhance security infrastructure.

Fortinet

Netgate pfSense is widely leveraged by organizations for its comprehensive capabilities in firewalls, VPN servers, and bandwidth management. It suits LAN, WAN, and DMZ networks, offering secure, scalable, and efficient networking solutions.

Netgate pfSense stands out in diverse environments with its enterprise-grade features and cost-effective operations compared to competitors like Cisco. Deployed as an edge device, it optimizes routing, ad-blocking, content filtering, and traffic shaping. Users benefit from its versatile configurations, robust firewall protection, VPN functionality, and ISP load balancing. The open-source nature allows for extensive customization, integrating plugins like Snort and pfBlockerNG, and compatibility with third-party tools enhances its utility. The intuitive GUI combined with detailed logging and centralized management fortifies network security.

What features define Netgate pfSense?

Firewall: Provides robust network security through advanced filtering and stateful packet inspections.
VPN: Ensures secure remote access with high-performing VPN capabilities.
Load Balancing: Efficiently distributes traffic across multiple ISPs, ensuring uptime and performance.
Customization: Supports various plugins for enhanced functionality, tailor-made to specific needs.
Scalability: Adapts easily to varying network demands, providing high availability and flexibility.

What benefits should be considered for ROI?

Cost-Effectiveness: Delivers premium features at a fraction of the cost of traditional network appliances.
Flexibility: Offers a customizable solution that integrates well with existing infrastructure.
Community Support: Backed by a strong user community offering insights and troubleshooting resources.
Security: Supports VLAN segmentation, enhancing protection and management of network traffic.

Organizations in industries such as finance, healthcare, and education find Netgate pfSense integral due to its advanced security features and cost benefits. Its scalable architecture and strong VPN support are crucial for industries requiring stringent data protection and reliable remote access. The adaptability of pfSense makes it suitable for dynamic environments seeking comprehensive, secure networking solutions.

Netgate

Sangfor Next Generation Firewall (also known as NGAF) is a converged security solution providing protection against advanced threat, malware, viruses, ransomware and web-based attacks using integrated security features like firewall, IPS, anti-virus, anti-malware, APT, URL filtering, Cloud Sandbox, and WAF. As the world's first AI-enabled and fully integrated Next Generation Firewall & Web Application Firewall (WAF), NGAF offering the security visibility, real-time detection and response, simplified operation and maintenance and high-performance application layer security needed to operate an enterprise network in total security. Tested and proven to provide cutting-edge network security by ICSA Labs and endorsed by Gartner Inc., NGAF harnesses the power of Sangfor’s Neural-X threat intelligence and analytics platform and Engine Zero’s innovative malware detection to provide next-generation protection for today’s enterprise.

Sangfor

Sample Customers

Amazon Web Services, Microsoft, IBM, Cisco, Dell, HP, Oracle, Verizon, AT&T, T-Mobile, Sprint, Vodafone, Orange, BT Group, Telstra, Deutsche Telekom, Comcast, Time Warner Cable, CenturyLink, NTT Communications, Tata Communications, SoftBank, China Mobile, Singtel, Telus, Rogers Communications, Bell Canada, Telkom Indonesia, Telkom South Africa, Telmex, Telia Company, Telkom Kenya

Nerds On Site Inc., RKC Development Inc., Expertech, Fisher's Technology, Ncisive, Consulting, CPURX, Vaughn's Computer House Calls, Imeretech LLC, Digital Crisis, Carolina Digital Phone, Technigogo Technology Services, The Simple Solution, SwiftecITInc, Rocky Mountain Tech Team, Free Range Geeks, Alaska Computer Geeks, Lark Information Technology, Renaissance Systems Inc., Cutting Edge Computers, Caretech LLC, GoVanguard, Network Touch Ltd, P.C. Solutions.Net, Vision Voice and Data Systems LLC, Montgomery Technologies, Techforce, Concero Networks, ASONInc, CPS Electronics and Consulting, Darkwire.net LLC, IT Specialists, MBS-Net Inc., VOICE1 LLC, Advantage Networking Inc., Powerhouse Systems, Doxa Multimedia Inc., Pro Computer Service, Virtual IT Services, A&J Computers Inc., Envision IT LLC, CommunicaONE Inc., Bone Computer Inc., Amax Engineering Corporation, QPG Ltd. Co., IT 101 Inc., Perfect Cloud Solutions, Applied Technology Group Inc., The Digital Sun Group LLC, Firespring

The Ministry of Science, Technology, and Innovation (Indonesia), Lawson, Inc. (Philippines), Universiti Sultan Zainal Abidin (Indonesia), TEK Automotive (Italy), etc.

Buyer's Guide

Netgate pfSense vs. Sangfor NGAF

March 2025

Free Report: Netgate pfSense vs. Sangfor NGAF

Find out what your peers are saying about Netgate pfSense vs. Sangfor NGAF and other solutions. Updated: March 2025.

DOWNLOAD NOW

845,406 professionals have used our research since 2012.

See our Netgate pfSense vs. Sangfor NGAF report.

See our list of best Firewalls vendors.

We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.