Palo Alto Networks NG Firewalls vs WatchGuard XTM [EOL] comparison

Palo Alto Networks and WatchGuard are both solutions in the Firewalls category. Additionally, 96% of Palo Alto Networks users are willing to recommend the solution, compared to 90% of WatchGuard users who would recommend it.

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Apr 6, 2025

WatchGuard XTM EOL and Palo Alto Networks NG Firewalls are two competing products in the network security sector. Based on extensive analysis, Palo Alto Networks NG Firewalls offer more comprehensive features, positioning it as a more robust solution despite WatchGuard XTM EOL's attractive pricing and support advantages.

Features: WatchGuard XTM EOL provides useful features such as content filtering, VPN capabilities, and straightforward device management. In contrast, Palo Alto Networks NG Firewalls offers advanced threat detection, application control, and machine learning capabilities for real-time attack prevention.

Room for Improvement: WatchGuard XTM EOL could enhance its integration capabilities, scalability, and advanced reporting features. On the other hand, Palo Alto Networks NG Firewalls may benefit from further simplifying its complex deployment process, improving its user interface, and offering better integration with third-party solutions.

Ease of Deployment and Customer Service: WatchGuard XTM EOL is known for its ease of setup and quick customer support responses, making it user-friendly for those without dedicated IT teams. Meanwhile, despite a more intricate setup, Palo Alto Networks NG Firewalls provide thorough online resources and community support to facilitate troubleshooting.

Pricing and ROI: WatchGuard XTM EOL is a cost-effective option for organizations with limited budgets, providing notable ROI through lower initial expenses. Although Palo Alto Networks NG Firewalls come at a higher cost, their extensive security features deliver significant returns on investment, deemed worthwhile for those prioritizing enhanced protection.

To learn more, read our detailed Firewalls Report (Updated: May 2025).

Buyer's Guide

Firewalls

May 2025

Download the complete report

Helped 860,632 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Fortinet FortiGate

Featured Reviews

Vasu Gala

Manager, Information Technology Operation/Presales at TechMonarch

A stable solution with an intuitive interface and quick customer service

I have been working with Fortinet FortiGate, WatchGuard, Sophos, and SonicWall. I'm not as comfortable with SonicWall because of their UI and limitations. I prefer Fortinet above all other options. When it comes to configuration, I am confident in my ability to handle various tasks, including creating policies such as firewall rules, web policies, and application policies. Additionally, I can configure VPNs and implement load balancing, among other tasks. Overall, I feel much more comfortable working with Fortinet. Fortinet has made significant improvements by integrating AI with firewalls for threat analysis and prevention. In the past 2-3 years, they have launched FortiSASE and SIEM, and they also provide SOC services. Both Palo Alto and Fortinet FortiGate are excellent. While Fortinet FortiGate comes at higher prices, the functionality and support justify the cost. They promptly resolve firmware issues and inform all support providers about configuration changes.

Read full review

AmjadKhan1

Head of data centers at a non-profit with 10,001+ employees

Provides inline protection with a unified view and anti-spyware capabilities

I would rate Palo Alto Networks NG Firewalls ten out of ten because it is the best. Our disaster recovery site utilizes Palo Alto Networks Next-Generation Firewalls. We are also in the process of upgrading the firewalls at our 365 sites in Pakistan to Palo Alto Networks firewalls. While budget firewalls may advertise comparable features, they often fall short of effectively detecting viruses, threats, and ransomware. In contrast, Palo Alto Networks NG Firewalls, combined with Cortex XDR, provide comprehensive threat intelligence and detection capabilities, ensuring superior security coverage. I recommend conducting a proof of concept before selecting a firewall. This will allow you to evaluate different options and determine which best suits your needs. While Palo Alto offers robust firewall solutions, it's essential to compare them with other vendors to ensure you make an informed decision.

Read full review

Generalm4545

General Manager- IT & Automation - Serum at a pharma/biotech company with 1,001-5,000 employees

Protects from attack software and hacking but it doesn't provide the reports in a readable format

In my opinion, image clarity is very important, because I don't get the proper image product on reports. This means that functionality is not there. My engineer does not know how he can replace an order. We attach a log after any kind of keys using a utility instead. For the internet policies that we are implementing, the policy should be based on proper protocols. We use the default policies and there are a number of third-party protocols that appear here. Management with WatchGuard XTM means that out of policy is the problem from our side. In this way, we can not do effective services for people with this one. The policy definition with WatchGuard XTM is not proper for all use case requirements. I've got weekly business reports that I am expecting attachments with from WatchGuard XTM that display data for all kinds of consideration which should be required. Main User Functionality Level Order must adhere to using the admin functionality on the registry, or else our users publish their own name. Maybe these recommendations are irrelevant, but I say that the issue to improve most with WatchGuard XTM is the Main User Function.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The best feature of Fortinet FortiGate is the IPS or IDS implementation. I appreciate most the agility or the flexibility to create hashes to block incoming threats, and I can integrate with third-party threat intelligence with our FortiGate."

"The most valuable feature is the interface, which is very user friendly. We are utilizing most of the features, like content filtering. The firewall is powerful."

"You can purchase switches and you don't need to do anything with them. You just put in the firewall and the switches get all the policies and rules that you already have in the firewall. With Fortinet, you just connect the FortiSwitch to the Fortinet and that's it."

"Secure, user-friendly, stable, and scalable network security solution. Installation is straightforward."

"The UTM feature is quite good. FortiAP is easy to deploy because both Fortigate and FortiAP are under the same brand. Otherwise, you need to do more work on the configuration."

"It's inexpensive compared to some of the other technology out there."

"Fortinet FortiGate is used to prevent security failures. Since implementing the solution, we have seen improvements in security and in the distribution of our network."

"The solution is very user-friendly."

More Fortinet FortiGate pros

"For colleagues seeking a cost-effective firewall, I recommend Palo Alto Networks NG Firewalls."

"The most valuable features are IPS and stateful inspection."

"Palo Alto Networks NG Firewalls saves us time."

"The application IDs, application controls, URL filtering, visibility, monitoring, and reporting are the most valuable features."

"The most valuable features include the different security zones and the ability to identify applications not only by port numbers but by the applications themselves... And with the single-pass architecture, it provides a good trade-off between security and network performance. It provides good security and good network throughput."

"The application awareness feature that recognizes application IDs and vulnerability protection are Palo Alto Networks NG Firewalls' most valuable features."

"Comments have some delay, but overall, it's a good product."

"One of the simple features I like about Palo Alto firewalls is that it's extremely easy to find out what's happening in the network. The reporting is phenomenal, and it's easy to find which threats have been detected and what traffic is going through the box. When a customer notices something is wrong, you can quickly check the amount of traffic going through the firewall around that time. If there is anything out of the ordinary, you can decide it needs to be investigated further."

More Palo Alto Networks NG Firewalls pros

"Application Control is fantastic with over 2,500 applications and the granularity that we can either allow people to view but not be able to log on to Facebook; or view it and log onto it if they're in the marketing department, but not play Facebook games. There are all sorts of different options like that. So it's highly granular."

"It is stable and does not require you to reboot all the time."

"WatchGuard XTM is fairly basic. We use it as the perimeter firewall. The main point is to protect from attack software and hacking."

"Reputation Enabled Defense indicates that some websites are so infested that it's not even worth visiting them, and therefore saving the bandwidth of going through the detection process."

"After installing the product, we achieved awareness of our data protection needs and email misuse."

"It configures in all-in-one place."

"I like the hostwatch because I can see what traffic uses the most bandwidth and I can block that site."

"They have a reporting system which can store data over a very long period of time. Not many other firewall vendors provide a reporting system, but if they do, like Fortinet does, then you've got buy that as an additional product and that can be more than twice as expensive as the initial investment in the firewall. And without reporting over a long-term period, you're just about wasting your time."

More WatchGuard XTM [EOL] pros

Cons

"Scalability for Fortinet FortiGate needs to be improved. SD-WAN security for this solution also needs some improvement."

"There could be more integration between the logging and analytical platforms to make it more seamless and integrated."

"The pricing could always be better."

"We are pretty happy with it. If anything, I believe the web interface could be simpler, especially for someone who has limited networking experience."

"The things we require are already sorted out, so there isn't any scope for improvement as far as our requirements go. However, its price can be better."

"Scalability is one of the disadvantages. When it comes to scalability, you have to actually change the box. If you want to upgrade it, you need to actually change the existing box and probably you take the system off to other sites."

"The stability of Fortinet FortiGate could improve."

"The pricing could be reduced or include the first year warranty."

More Fortinet FortiGate cons

"Palo Alto needs to improve their training. They do not invest in their partners. I have been a partner for seven years, and it is very expensive for me to certify my engineers."

"Surfacing actionable intelligence right away could be better. You have to dig far to get some of the information. If the solution could surface the two or three things out of the 10,000 a day that we really need to deal with, it would be helpful."

"The solution could offer better pricing. We'd like it if it could be a bit more affordable for us."

"The machine learning in Palo Alto NG Firewalls for securing networks against threats that are able to evolve and morph rapidly is good, in general. But there have been some cases where we get false positives and Palo Alto has denied traffic when there have been new updates and signature releases. Valid traffic gets blocked. We have had some bad experiences with this. If there were an ability, before it denies traffic, to get some kind of notification that some traffic is going to be blocked, that would be good."

"The stability, scalability for enterprise-level organizations, and technical documentation have room for improvement."

"It's too expensive."

"The scalability compared to other products is not good. You need to change the box whenever you want your number of connection sessions to increase."

"We have a lot of the older firewall models, i.e., the PA-220. It seems that with newer operating systems the PA-220 is becoming slower than when I first bought it. It is not really an issue for users who are passing traffic through the firewall, but more from the management access of it."

More Palo Alto Networks NG Firewalls cons

"Syslog (Dimension) is focused on presentation, but needs more focus on utility like SonicWall syslog (GMS/Analyzer)."

"I would like them to improve the product's overall protections. This would be good for all product users."

"Sometimes we have had issues with stability of the product."

"The VPN errors are not helpful when troubleshooting."

"One huge issue with WatchGuard XTM is that I'm not getting reports in a readable format. Readable means, I don't want Excel online. We repeat auditing when we trigger the report or setup calendar. That functionality is what we are looking for from WatchGuard XTM here."

"WatchGuard doesn't have a product that allows them to get into the data center. And that's just because there is no hardware to do the job. The software could do it, but there's no hardware that allows that to happen at the moment. So it doesn't scale as well as some other products, that's for sure."

"The initial setup is neither simple nor complex. If you know the base in networking and how the firewall works, you will be able to figure it out."

"The setting policies need improvement. It needs an easier way to do static NAT and check on what policy is being used for that specific traffic."

Pricing and Cost Advice

"Here in Brazil, we're going through difficult economic times and the tax on the dollar is high. All the solutions from minor competitors are growing in the market. The prices have come more competitive."

"If the customer is looking for SD-WAN, it comes free with FortiGate."

"It's very competitive."

"It is an inexpensive solution."

"It is more expensive than Sophos. Fortinet is overall more expensive than Sophos. The small range of Fortinet, such as 60F and 80F, is more expensive than the small range of Sophos. Sophos is cheaper. In addition, if you jump from 80F Series to 100F Series, the price doubles."

"It's expensive, but compared to the competition it's okay."

"The licensing cost is at the intermediate level."

"Fortinet Secure SD-WAN delivered the lowest total cost of ownership (TCO) per Mbps among all other vendors."

More Fortinet FortiGate pricing and cost advice

"Although Palo Alto is expensive, its superior security functions, application identification, and overall performance justify the cost and make it stand out from the competition."

"It could be less expensive."

"It can be quite expensive, but there's a good incentive for the three-year contracts. The part that is especially confusing is for the virtual environment. The credits or the licensing system can be very confusing."

"Palo Alto can be priced higher than some less capable firewalls. However, they are exceptional when you consider the completeness of the solution and its ability to handle threats. Palo Alto is better than other solutions, which justifies a slightly higher price point. You have other tools that are easier to deploy, reducing your total cost of ownership. The newer models are faster, making the pricing more attractive."

"Palo Alto Networks NG Firewalls is expensive, but it is worth its price."

"Palo Alto Networks NG Firewalls are more expensive than Cisco firewalls, but slightly less expensive than Juniper firewalls."

"Active/Passive mode is very redundant, but they require you to buy all the associated licensing for both firewalls, which is kind of a waste of money because you are really only using the services on one firewall at a time."

"If someone doesn't have a security platform in their network, then the following licenses will be required: antivirus, anti-spyware, vulnerability, and Wildfire analysis. There are also licenses for GlobalProtect and support."

More Palo Alto Networks NG Firewalls pricing and cost advice

"Like all other manufacturers, there are a lot of features and different pricing. The best is to talk to a representative."

"Get at least a maintenance contract for the updates and take a larger WatchGuard than you need. A WatchGuard creates new ways to secure your network."

"The licensing and renewal is very expensive."

"It costs less than the SO works and others (like SonicWall, Cisco, and Barracuda) without increasing so much CPU use."

See which vendors are best for you

Use our free recommendation engine to learn which Firewalls solutions are best for your needs.

See recommendations

860,632 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

15%

Educational Organization

11%

Comms Service Provider

Manufacturing Company

Computer Software Company

13%

Financial Services Firm

10%

Manufacturing Company

Government

No data available

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

Which is the better NGFW: Fortinet Fortigate or Cisco Firepower?

When you compare these firewalls you can identify them with different features, advantages, practices and usage a...

See all answers

What is the biggest difference between Sophos XG and FortiGate?

From my experience regarding both the Sophos and FortiGate firewalls, I personally would rather use FortiGate. I know...

See all answers

What are the biggest technical differences between Sophos UTM and Fortinet FortiGate?

As a solution, Sophos UTM offers a lot of functionality, it scales well, and the stability and performance are quite ...

See all answers

What is a better choice, Azure Firewall or Palo Alto Networks NG Firewalls?

Azure Firewall Vs. Palo Alto Network NG Firewalls Both solutions provide stellar stability and security. Azure Firew...

See all answers

Features comparison between Palo Alto and Fortinet firewalls

In the best tradition of these questions, Feature-wise both are quite similar, but each has things it's better at, it...

See all answers

Which is better - Palo Alto Networks NG Firewalls or Sophos XG?

Palo Alto Networks NG Firewalls have both great features and performance. I like that Palo Alto has regular threat si...

See all answers

Ask a question

Earn 20 points

Comparisons

Sophos XG vs Fortinet FortiGate

Compared 20% of the time

Netgate pfSense vs Fortinet FortiGate

Compared 12% of the time

Cisco Secure Firewall vs Fortinet FortiGate

Compared 12% of the time

WatchGuard Firebox vs Fortinet FortiGate

Compared 5% of the time

Fortinet FortiOS vs Fortinet FortiGate

Compared 2% of the time

More Fortinet FortiGate Competitors

Azure Firewall vs Palo Alto Networks NG Firewalls

Compared 11% of the time

Cisco Secure Firewall vs Palo Alto Networks NG Firewalls

Compared 11% of the time

Sophos XG vs Palo Alto Networks NG Firewalls

Compared 10% of the time

Check Point NGFW vs Palo Alto Networks NG Firewalls

Compared 9% of the time

Meraki MX vs Palo Alto Networks NG Firewalls

Compared 9% of the time

More Palo Alto Networks NG Firewalls Competitors

No data available

Product Reports

Buyer's Guide

Fortinet FortiGate

June 2025

Download Fortinet FortiGate product report

Buyer's Guide

Palo Alto Networks NG Firewalls

June 2025

Download Palo Alto Networks NG Firewalls product report

Buyer's Guide

WatchGuard XTM [EOL]

June 2025

Download WatchGuard XTM [EOL] product report

Also Known As

FortiGate 60b, FortiGate 60c, FortiGate 80c, FortiGate 50b, FortiGate 200b, FortiGate 110c, FortiGate, Fortinet Firewall

Palo Alto NGFW, Palo Alto Networks Next-Generation Firewall

No data available

Overview

Fortinet FortiGate offers comprehensive network security and firewall protection across multiple locations. It effectively manages data traffic and secures environments with features like VPN, intrusion prevention, and UTM controls.

Organizations rely on Fortinet FortiGate for its robust integration with advanced security policies, ensuring significant protection for enterprises, cloud environments, and educational sectors. It facilitates network segmentation, application-level security, and authentication management, securing communication within and between locations such as branches and data centers. Its efficient SD-WAN and UTM features enable streamlined data management and enhanced threat protection capabilities. Users appreciate its centralized management, facilitating seamless operations across diverse environments.

What are the key features of Fortinet FortiGate?

VPN Capabilities: Ensure secure remote access for users and seamless site-to-site connections.
Intrusion Prevention System (IPS): Detect and prevent security threats and vulnerabilities.
Advanced Firewall: Offers robust firewalling with application control and web filtering.
SD-WAN: Optimizes application performance and enhances bandwidth management.
SSL VPN: Provides reliable and secure access for remote workers.

What benefits should users expect from Fortinet FortiGate?

High-performance Security: Delivers effective threat mitigation with high availability.
Centralized Management: Simplifies network operations with cloud-based management tools.
Detailed Analytics: Provides comprehensive insights into network activity and security threats.
Load Balancing: Ensures optimal resource distribution and traffic management.

Fortinet FortiGate is crucial in sectors like education, offering robust networks for secure data flow between campuses and facilitating remote learning. In enterprise environments, it allows efficient management of application traffic and security across multiple branches, while in the cloud, it seamlessly integrates with diverse platforms to enhance security infrastructure.

Fortinet

Palo Alto Networks NG Firewalls offer comprehensive security, including application control, traffic shaping, threat prevention, and load balancing, designed to secure internal networks, perimeter protection, VPN services, and cloud environments.

Palo Alto Networks NG Firewalls are a key choice for managing and protecting data centers, securing remote access, network segmentation, malware prevention, and ensuring high availability and performance for business-critical applications. Known for stability and strong security, these firewalls use application-aware identifiers and IPS/IDS subscriptions to offer advanced threat protection. The unified platform facilitates seamless integration, while GlobalProtect and centralized management via Panorama enhance ease of use. However, there are areas for improvement, including pricing strategies, training, user support, and integration with third-party applications.

What are the essential features?

Stability: Reliable performance in different environments.
Application Control: Identifies applications to manage traffic.
Advanced Threat Protection: Includes DNS security, WildFire, and machine learning.
GlobalProtect: Secure remote access for users.
Centralized Management: Managed via the Panorama platform.

What benefits or ROI should users expect?

Security: Protects against threats with robust features.
User-Friendly: Simplified interface and easy configuration.
High Availability: Ensures performance for critical applications.
Integration: Seamless with existing systems and applications.
Support: Reliable technical support and resources.

In industries like finance, healthcare, and retail, Palo Alto Networks NG Firewalls secure sensitive data and meet regulatory requirements. These firewalls help manage large-scale networks in these sectors, providing essential security features and maintaining high-performance standards. They are implemented to ensure compliance, protect patient information, secure financial transactions, and safeguard customer data.

Palo Alto Networks

Small businesses need big security, too, and the WatchGuard XTM Series firewall/VPN appliances deliver that strong protection, but without the hefty price tag. Enterprise-grade security includes full HTTPS content inspection, VoIP support, and optional security subscriptions like Application Control and Intrusion Prevention Service.

WatchGuard

Sample Customers

Amazon Web Services, Microsoft, IBM, Cisco, Dell, HP, Oracle, Verizon, AT&T, T-Mobile, Sprint, Vodafone, Orange, BT Group, Telstra, Deutsche Telekom, Comcast, Time Warner Cable, CenturyLink, NTT Communications, Tata Communications, SoftBank, China Mobile, Singtel, Telus, Rogers Communications, Bell Canada, Telkom Indonesia, Telkom South Africa, Telmex, Telia Company, Telkom Kenya

SkiStar AB, Ada County, Global IT Services PSF, Southern Cross Hospitals, Verge Health, University of Portsmouth, Austrian Airlines, The Heinz Endowments

AVG, Cyren, Kaspersky Lab, Lastline, NCP engineering, Trend Micro, Websense

Find out what your peers are saying about Netgate, Fortinet, OPNsense and others in Firewalls. Updated: May 2025.

DOWNLOAD NOW

860,632 professionals have used our research since 2012.

See our list of best Firewalls vendors.

We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.