Palo Alto Networks NG Firewalls vs Zscaler Cloud Firewall comparison

Palo Alto Networks and Zscaler are both solutions in the Firewalls category. Palo Alto Networks is ranked #7 with an average rating of 8.8, while Zscaler is ranked #25 with an average rating of 8.3. Palo Alto Networks holds a 3.7% mindshare in Firewalls, compared to Zscaler’s 0.4% mindshare. Additionally, 96% of Palo Alto Networks users are willing to recommend the solution, compared to 92% of Zscaler users who would recommend it.

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Apr 6, 2025

Palo Alto Networks NG Firewalls and Zscaler Cloud Firewall compete in the network security category, providing robust protection and threat prevention. Palo Alto Networks seems to have the upper hand due to its comprehensive security capabilities and multi-layered protection approach.

Features: Palo Alto Networks NG Firewalls offer advanced security capabilities with application and threat prevention, malware analysis through WildFire, and real-time attack prevention via Machine Learning. Its deep network visibility and comprehensive reporting make it a robust security option. Zscaler Cloud Firewall efficiently integrates firewall and IPS protocols in a cloud-native environment, offering efficient web-based threat protection and straightforward management.

Room for Improvement: Palo Alto Networks NG Firewalls could improve reporting tools and the configuration framework while addressing pricing concerns for competitiveness. Zscaler Cloud Firewall could benefit from enhanced application awareness, better integration with traditional tools, and improved user-specific policies and data center coverage.

Ease of Deployment and Customer Service:Palo Alto Networks offers a variety of deployment options, such as hybrid and on-premises solutions, which may be complex to implement but provide strong protection. Customer service is well-regarded though regionally varied. Zscaler Cloud Firewall, being cloud-native, allows easier deployment and simpler management. Customer support is responsive, although more assistance during complex deployments is desired.

Pricing and ROI: Palo Alto Networks NG Firewalls are generally expensive, but the wide range of security capabilities justifies the cost, providing good ROI by reducing the need for multiple security tools. Zscaler Cloud Firewall, also premium-priced, offers flexible subscription models, making it more accessible to different user needs, though it may still be high for small businesses.

To learn more, read our detailed Palo Alto Networks NG Firewalls vs. Zscaler Cloud Firewall Report (Updated: May 2025).

Buyer's Guide

Palo Alto Networks NG Firewalls vs. Zscaler Cloud Firewall

May 2025

Download the complete report

Helped 860,592 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Fortinet FortiGate

Mindshare comparison

As of July 2025, in the Firewalls category, the mindshare of Fortinet FortiGate is 21.2%, up from 17.7% compared to the previous year. The mindshare of Palo Alto Networks NG Firewalls is 3.7%, up from 3.0% compared to the previous year. The mindshare of Zscaler Cloud Firewall is 0.4%, up from 0.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Firewalls

Featured Reviews

Vasu Gala

Manager, Information Technology Operation/Presales at TechMonarch

A stable solution with an intuitive interface and quick customer service

I have been working with Fortinet FortiGate, WatchGuard, Sophos, and SonicWall. I'm not as comfortable with SonicWall because of their UI and limitations. I prefer Fortinet above all other options. When it comes to configuration, I am confident in my ability to handle various tasks, including creating policies such as firewall rules, web policies, and application policies. Additionally, I can configure VPNs and implement load balancing, among other tasks. Overall, I feel much more comfortable working with Fortinet. Fortinet has made significant improvements by integrating AI with firewalls for threat analysis and prevention. In the past 2-3 years, they have launched FortiSASE and SIEM, and they also provide SOC services. Both Palo Alto and Fortinet FortiGate are excellent. While Fortinet FortiGate comes at higher prices, the functionality and support justify the cost. They promptly resolve firmware issues and inform all support providers about configuration changes.

Read full review

AmjadKhan1

Head of data centers at a non-profit with 10,001+ employees

Provides inline protection with a unified view and anti-spyware capabilities

I would rate Palo Alto Networks NG Firewalls ten out of ten because it is the best. Our disaster recovery site utilizes Palo Alto Networks Next-Generation Firewalls. We are also in the process of upgrading the firewalls at our 365 sites in Pakistan to Palo Alto Networks firewalls. While budget firewalls may advertise comparable features, they often fall short of effectively detecting viruses, threats, and ransomware. In contrast, Palo Alto Networks NG Firewalls, combined with Cortex XDR, provide comprehensive threat intelligence and detection capabilities, ensuring superior security coverage. I recommend conducting a proof of concept before selecting a firewall. This will allow you to evaluate different options and determine which best suits your needs. While Palo Alto offers robust firewall solutions, it's essential to compare them with other vendors to ensure you make an informed decision.

Read full review

Bhaskar Rao

Network manager admin at Yamaha

Though it helps deal with web traffic or any malicious traffic, it needs to work on its DC performance issues

The product's initial setup phase is moderate in level, so it is neither very complex nor very easy. For the deployment, my company first needs to gather all the requirements of the users and the domain names and consider how many users there are in the company. In the implementation and planning part, my company needs to consider what kind of policies we will create while ensuring that the policies are created based on the requirements of the users. There is a need to segregate the users' requirements since there are separate departments in the company, like the HR department, sales department, IT department, and manufacturing department, so that our company can create policies depending on their requirements. On-site, if you want a GRE tunnel, our company can handle GRE tunnel traffic routing and Zscaler Cloud Firewall, after which Zscaler will take action based on the policies created by our organization. For the deployments and maintenance, a team of five members consisting of two managers and three engineers is required.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The security features are valuable, particularly the ransomware attack protection features. Fortinet FortiGate provides excellent security against ransomware attacks."

"We can detect any attack of viruses or malware at the first point of contact."

"The most valuable feature is the interface, which is very user friendly. We are utilizing most of the features, like content filtering. The firewall is powerful."

"Good performance, stability, and virtual domain ability."

"The security fabric is excellent."

"It's a firewall that secures our internal network. I have been using it since 2013, and I find that most of the features are advanced, and very user friendly."

"The best feature of Fortinet FortiGate is the IPS or IDS implementation."

"Fortinet FortiGate is a very good next-generation firewall."

More Fortinet FortiGate pros

"The user ID, Wildfire, UI, and management configuration are all great features."

"The most valuable features are the IPS/IDS subscriptions."

"Application layer firewalling has been the most valuable feature because it gives thousands of application IDs that we can use to control traffic into and out of our environment. The second most important feature has been the GlobalProtect VPN feature."

"In general, its performance and ease of use are the most valuable. Its performance is good, stable, and reliable. The user interface is friendly and easy to use. Customers find it easy to work with and easy to learn."

"The most valuable feature is threat prevention."

"I'm using most of its features such as antivirus, anti-spam, and WAF. I'm also using its DNS Security and DNS sinkhole features, as well as the URL filtering and application security features."

"It's quite nice. It's very user-friendly, powerful, and there are barely any bugs."

"The structure is much faster and more sophisticated than Cisco."

More Palo Alto Networks NG Firewalls pros

"Zscaler is still a very good product."

"Zscaler Cloud Firewall understands the applications in the current generation and adapts to the present generation cloud applications."

"It is a stable solution."

"Since it is really customizable, I can use it and avoid enabling access to the full network."

"It helps a lot of companies to reduce their downtime. Also, It helps businesses in terms of being secured and protected from any threats."

"The solution is scalable."

"The scalability is okay. We have around 2200 people using this solution."

"I like the ease of deployment and its flexibility. We don't need to deal with license, quotes, procurement, delivery, and installation. Everything is software-based, and it's very easy to operate."

More Zscaler Cloud Firewall pros

Cons

"Tunnel flapping was one of the major things I had seen wherein your internet link remains but your VPN tunnel is down. However, since I got a fix from the TAC team, I have not noticed it, but the customer complained a few times that they couldn't access the internet because of this problem."

"Areas that have room for improvement in Fortinet FortiGate include support and GUI enhancement."

"We faced difficulties with the configuration because there are many features we could optimize using Fortinet FortiGate, but our reseller didn't have a good understanding of it. So, we just use it on a basic level, not with the best practice for using FortiGate."

"They have recently acquired a CNAP solution which should be integrated into FortiGate boxes natively for protection at any application layer. Since Fortinet FortiGate has Layer 7 protection, they should integrate that as soon as they can for threat detection and network detection."

"Usually, we sell the bundle with the UTM or threat management piece with IPS, IDS. Other providers, such as Palo Alto, are ahead in terms of safe functionality. So, for me, delivering truly safe service is probably something that still needs to be improved."

"There are some cloud-based features that could be much more flexible than they currently are."

"There is a lot of improvement needed with SSL-VPN."

"The platform's interface could improve."

More Fortinet FortiGate cons

"The analysis of the ITS ID by Palo Alto Networks NG Firewalls could be improved."

"Support should be improved, wait times can be long."

"It is a good product, but they can add some functions for port scanning and network scanning."

"We are not happy with Palo Alto at all. It would be better if they provided more support for the firewall. We have a few pending issues with the configuration for each application. We cannot deploy them yet due to some support-related problems in the firewall. We have deployed a few policies for DNS spoofing and DNS attacks, but we could only block a few IP addresses through the policy. That's DNS security, and we have configured a few policies for DNS spoofing and more. URL categorization and URL filtering are not yet adequately maintained. For example, if you created a few rules in the rule-based configuration and made some rules downstairs, you will lose some of them if you give access upstairs. It's not giving us a proper solution for which route it is using. We need to apply the application-based policies and URL filtering-based policies. It creates more issues because we are not getting good support from the team."

"The pricing could be improved. They need to work on the setup over the firewall, VLAN, and PPPoE."

"Technical support could be faster."

"We would like to see the external dynamic list for this solution improved. The current version does not automatically block malicious IP addresses, which would be very useful."

"The initial configuration is complicated to set up."

More Palo Alto Networks NG Firewalls cons

"We are having some issues with internet access being denied when organizational ID-based policies change. For example, a lower level employee ends up getting the same level of access as that of a higher level employee."

"It would be better if they improved their policy, package visibility, and flexibility while we're creating rules for inspection. It could also be cheaper or more things could be included in the basic package. In the next release, I would like better coverage in the Asia Pacific region and better quality of service."

"Data Leak Prevention is only for web filtering and there is no protection for email."

"There are some areas it could improve when it comes to blocking, we have to block some things manually. For example, if we block a top-level domain we have seen that the new IPs come through, the IPs are not blocked. There should be some more granular way of doing it. My only request is if you're blocking something at a top level, the sub-level sub-domains and all those other IPs should be blocked too automatically."

"Because it's on cloud, it doesn't allow application of extra settings."

"Pricing is a challenge."

"Its technical support services could be better."

"Instead of the standard license, they should certainly provide customers with the visibility to access and view the logs."

More Zscaler Cloud Firewall cons

Pricing and Cost Advice

"We are on an annual license to use Fortinet FortiGate."

"FortiGate's pricing falls within the mid-range when compared to other leading firewall solutions."

"It is too expensive for us. My organization is very small, and we have a total of ten users. We have three internal users and seven external users. The FortiGate 100D series is too expensive for renewing the licenses."

"It has been two years. I don't remember the actual price, but it was affordable. We buy the boxes and then use the license for three years."

"We purchased a five-year bundle package, which worked out cheaper than competing solutions."

"We find the most valuable aspect of this solution is the price. It is affordable, and cheaper than other firewalls."

"Work through partners for the best pricing."

"The pricing is perfect."

More Fortinet FortiGate pricing and cost advice

"Don't buy a device with more power than you really need, because licensing depends on the cost of the box you have."

"The tool is expensive, especially considering all the necessary licenses for centrally managing firewalls. For medium-sized companies like ours, it's often not feasible within our budget constraints. We pay around €200k yearly for all our firewalls. Additionally, we received a quote of over €1 million per year for Prisma Access. There is a significant cost difference compared to other options, where it's around €200k per year."

"The cost of Palo Alto Network NG Firewalls is significantly higher compared to Huawei."

"I rate the product’s pricing an eight out of ten."

"Palo Alto is like Mercedes-Benz. It is quite expensive, but the price is definitely justified."

"You pay based on the kind of license you require, but comparatively, it is not very expensive."

"The product is expensive. With one being the cheapest and ten being the most expensive, I give it an eight."

"The tool's pricing is similar to that of Cisco. It's a security appliance; the cost depends on your network topology and specific requirements. The suitability of NG firewalls should be chosen based on your network and what you need. If a colleague from a different company asked for the cheapest and fastest firewall, I suggest they consider options like Sophos. Sophos took over Cyberoam, which was previously a leader in NG firewalls"

More Palo Alto Networks NG Firewalls pricing and cost advice

"There are licensing costs, and I would not say that it's a cheap vendor."

"There is an annual license required for the use of the Zscaler Cloud Firewall."

"It is not the most budget-friendly solution, but it's important to consider its overall value."

"Zscaler is priced too high compared to the cost of Fortinet."

"It is expensive for small businesses."

"It comes at a significantly reduced cost while ensuring control and effectiveness."

"The product is a bit expensive compared to the solutions offered by its competitors, like Palo Alto. There is a need to make yearly payments towards the license in charges associated with the product."

"There are different subscription models available."

More Zscaler Cloud Firewall pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Firewalls solutions are best for your needs.

See recommendations

860,592 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

15%

Educational Organization

12%

Comms Service Provider

Manufacturing Company

Computer Software Company

14%

Financial Services Firm

10%

Manufacturing Company

Government

Computer Software Company

13%

Financial Services Firm

12%

Manufacturing Company

Retailer

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

Which is the better NGFW: Fortinet Fortigate or Cisco Firepower?

When you compare these firewalls you can identify them with different features, advantages, practices and usage a...

See all answers

What is the biggest difference between Sophos XG and FortiGate?

From my experience regarding both the Sophos and FortiGate firewalls, I personally would rather use FortiGate. I know...

See all answers

What are the biggest technical differences between Sophos UTM and Fortinet FortiGate?

As a solution, Sophos UTM offers a lot of functionality, it scales well, and the stability and performance are quite ...

See all answers

What is a better choice, Azure Firewall or Palo Alto Networks NG Firewalls?

Azure Firewall Vs. Palo Alto Network NG Firewalls Both solutions provide stellar stability and security. Azure Firew...

See all answers

Features comparison between Palo Alto and Fortinet firewalls

In the best tradition of these questions, Feature-wise both are quite similar, but each has things it's better at, it...

See all answers

Which is better - Palo Alto Networks NG Firewalls or Sophos XG?

Palo Alto Networks NG Firewalls have both great features and performance. I like that Palo Alto has regular threat si...

See all answers

Which lesser known firewall product has the best chance at unseating the market leaders?

Netscope, Zscaler if they continue route they are on now. FIrewalls needs great deal of automation on each end, datac...

See all answers

What do you like most about Zscaler Cloud Firewall?

The product’s firewall and VPN package are fantastic compared to any other solution.

See all answers

What is your experience regarding pricing and costs for Zscaler Cloud Firewall?

Zscaler Cloud Firewall is quite expensive compared to competitors. However, it offered moderate value for money.

See all answers

Comparisons

Sophos XG vs Fortinet FortiGate

Compared 20% of the time

Netgate pfSense vs Fortinet FortiGate

Compared 12% of the time

Cisco Secure Firewall vs Fortinet FortiGate

Compared 12% of the time

WatchGuard Firebox vs Fortinet FortiGate

Compared 5% of the time

Fortinet FortiOS vs Fortinet FortiGate

Compared 2% of the time

More Fortinet FortiGate Competitors

Azure Firewall vs Palo Alto Networks NG Firewalls

Compared 11% of the time

Cisco Secure Firewall vs Palo Alto Networks NG Firewalls

Compared 11% of the time

Sophos XG vs Palo Alto Networks NG Firewalls

Compared 10% of the time

Check Point NGFW vs Palo Alto Networks NG Firewalls

Compared 9% of the time

Meraki MX vs Palo Alto Networks NG Firewalls

Compared 9% of the time

More Palo Alto Networks NG Firewalls Competitors

Azure Firewall vs Zscaler Cloud Firewall

Compared 14% of the time

Check Point NGFW vs Zscaler Cloud Firewall

Compared 10% of the time

OPNsense vs Zscaler Cloud Firewall

Compared 7% of the time

Cisco Secure Firewall vs Zscaler Cloud Firewall

Compared 6% of the time

Sangfor NGAF vs Zscaler Cloud Firewall

Compared 5% of the time

More Zscaler Cloud Firewall Competitors

Product Reports

Buyer's Guide

Fortinet FortiGate

June 2025

Download Fortinet FortiGate product report

Buyer's Guide

Palo Alto Networks NG Firewalls

June 2025

Download Palo Alto Networks NG Firewalls product report

Buyer's Guide

Zscaler Cloud Firewall

June 2025

Download Zscaler Cloud Firewall product report

Also Known As

FortiGate 60b, FortiGate 60c, FortiGate 80c, FortiGate 50b, FortiGate 200b, FortiGate 110c, FortiGate, Fortinet Firewall

Palo Alto NGFW, Palo Alto Networks Next-Generation Firewall

No data available

Overview

Fortinet FortiGate offers comprehensive network security and firewall protection across multiple locations. It effectively manages data traffic and secures environments with features like VPN, intrusion prevention, and UTM controls.

Organizations rely on Fortinet FortiGate for its robust integration with advanced security policies, ensuring significant protection for enterprises, cloud environments, and educational sectors. It facilitates network segmentation, application-level security, and authentication management, securing communication within and between locations such as branches and data centers. Its efficient SD-WAN and UTM features enable streamlined data management and enhanced threat protection capabilities. Users appreciate its centralized management, facilitating seamless operations across diverse environments.

What are the key features of Fortinet FortiGate?

VPN Capabilities: Ensure secure remote access for users and seamless site-to-site connections.
Intrusion Prevention System (IPS): Detect and prevent security threats and vulnerabilities.
Advanced Firewall: Offers robust firewalling with application control and web filtering.
SD-WAN: Optimizes application performance and enhances bandwidth management.
SSL VPN: Provides reliable and secure access for remote workers.

What benefits should users expect from Fortinet FortiGate?

High-performance Security: Delivers effective threat mitigation with high availability.
Centralized Management: Simplifies network operations with cloud-based management tools.
Detailed Analytics: Provides comprehensive insights into network activity and security threats.
Load Balancing: Ensures optimal resource distribution and traffic management.

Fortinet FortiGate is crucial in sectors like education, offering robust networks for secure data flow between campuses and facilitating remote learning. In enterprise environments, it allows efficient management of application traffic and security across multiple branches, while in the cloud, it seamlessly integrates with diverse platforms to enhance security infrastructure.

Fortinet

Palo Alto Networks NG Firewalls offer comprehensive security, including application control, traffic shaping, threat prevention, and load balancing, designed to secure internal networks, perimeter protection, VPN services, and cloud environments.

Palo Alto Networks NG Firewalls are a key choice for managing and protecting data centers, securing remote access, network segmentation, malware prevention, and ensuring high availability and performance for business-critical applications. Known for stability and strong security, these firewalls use application-aware identifiers and IPS/IDS subscriptions to offer advanced threat protection. The unified platform facilitates seamless integration, while GlobalProtect and centralized management via Panorama enhance ease of use. However, there are areas for improvement, including pricing strategies, training, user support, and integration with third-party applications.

What are the essential features?

Stability: Reliable performance in different environments.
Application Control: Identifies applications to manage traffic.
Advanced Threat Protection: Includes DNS security, WildFire, and machine learning.
GlobalProtect: Secure remote access for users.
Centralized Management: Managed via the Panorama platform.

What benefits or ROI should users expect?

Security: Protects against threats with robust features.
User-Friendly: Simplified interface and easy configuration.
High Availability: Ensures performance for critical applications.
Integration: Seamless with existing systems and applications.
Support: Reliable technical support and resources.

In industries like finance, healthcare, and retail, Palo Alto Networks NG Firewalls secure sensitive data and meet regulatory requirements. These firewalls help manage large-scale networks in these sectors, providing essential security features and maintaining high-performance standards. They are implemented to ensure compliance, protect patient information, secure financial transactions, and safeguard customer data.

Palo Alto Networks

Zscaler enables the world’s leading organizations to securely transform their networks and applications for a mobile and cloud first world. Its flagship services, Zscaler Internet Access and Zscaler Private Access, create fast, secure connections between users and applications, regardless of device, location, or network. Zscaler services are 100% cloud-delivered and offer the simplicity, enhanced security, and improved user experience that traditional appliances or hybrid solutions are unable to match. Used in more than 185 countries, Zscaler operates the world’s largest cloud security platform, protecting thousands of enterprises and government agencies from cyberattacks and data loss.

Check more details: https://www.zscaler.com/produc...

Zscaler

Sample Customers

Amazon Web Services, Microsoft, IBM, Cisco, Dell, HP, Oracle, Verizon, AT&T, T-Mobile, Sprint, Vodafone, Orange, BT Group, Telstra, Deutsche Telekom, Comcast, Time Warner Cable, CenturyLink, NTT Communications, Tata Communications, SoftBank, China Mobile, Singtel, Telus, Rogers Communications, Bell Canada, Telkom Indonesia, Telkom South Africa, Telmex, Telia Company, Telkom Kenya

SkiStar AB, Ada County, Global IT Services PSF, Southern Cross Hospitals, Verge Health, University of Portsmouth, Austrian Airlines, The Heinz Endowments

Zenith Live, Azure, Carlsberg Group

Buyer's Guide

Palo Alto Networks NG Firewalls vs. Zscaler Cloud Firewall

May 2025

Free Report: Palo Alto Networks NG Firewalls vs. Zscaler Cloud Firewall

Find out what your peers are saying about Palo Alto Networks NG Firewalls vs. Zscaler Cloud Firewall and other solutions. Updated: May 2025.

DOWNLOAD NOW

860,592 professionals have used our research since 2012.

See our Palo Alto Networks NG Firewalls vs. Zscaler Cloud Firewall report.

See our list of best Firewalls vendors.

We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.