Part#1: Hardware Next-Generation Firewalls (NGFW) Desktop Models Comparison.

PaloAlto, Fortinet, Checkpoint, Gartner...

This article is part #1 of the series to cover the below aspects of the top 3 hardware NGFW vendors namely Palo Alto Networks, Fortinet and Checkpoint.

1. Hardware Configuration (Part #1).

2. Networking/Security Features (Part #2).

3. Performance Numbers (Part #3).

4. Architecture and Comparative analysis (Part#4)

The scope of this article is on the product offerings in Desktop form factor from each vendor in Branch/Retail segment. Note: Ruggedized Desktop model is skipped.

Gartner Magic Quadrant:

Gartner assesses multiple NGFW vendors based on multiple core and optional capabilities and ranks them based on “Ability To Execute“ and “Completeness of Vision”.

Core Capabilities: Networking, Stateful Inspection, Threat Detection & Inspection, Web Filtering, Advanced Logging and Reporting.

Optional Capabilities: IOT Security, Network Sandboxing, ZTNA, OT Security, DNS Security & SD-WAN.

Below is a snapshot the Dec 2022 Magic Quadrant. Three vendors appear in the leader’s quadrant which we have chosen to assess in this article.

Palo Alto Networks (PAN)

PAN has the following Desktop models in Branch/Retail segment:

1. PA-400 series

   1. 7/8 RJ-45 1G data ports, 4-POE ports(PA-415, PA-445).

   2. 10/100/1000 OOB management port.

   3. 1-RJ-45 console ports, 2-USB ports, 1-Micro USB console port(except PA-410).

   4. eMMC storage (64GB/128GB).

PA-400 series

PAN has a multiple of SKU’s in Desktop form factor, below is the snapshot of hardware specification details for PA-4xx series.

Fortinet

FORTINET has the below Desktop models in Branch/Retail segment:

1. FortiGate-40F series

   1. 4 SKU’s with 1-USB port, 1-Console port.

   2. 1G RJ45-WAN port, 1G RJ45 Forti Link port, 3x1G RJ45 Ethernet ports.

   3. Wireless LAN support (802.11 a/b/g/n/ac-W2)

   4. 3G/4G LTE Cellular module - 2 Nano SIM Slots.

2. FortiGate-60F series

   1. 4 SKU’s with 1-USB port, 1-Console port.

   2. 2/1x1G RJ45 WAN port, 2x1G RJ45 Forti Link port, 5x1G RJ45 internal ports.

   3. Wireless LAN support (802.11 a/b/g/n/ac-W2)

   4. 128GB SSD.

3. FortiGate-70F series

   1. 2 SKU’s with 1-USB port, 1-Console port.

   2. 2/1x1G RJ45 WAN port, 2x1G RJ45 Forti Link port, 5x1G RJ45 internal ports.

   3. 128GB SSD.

4. FortiGate-80F series (POE)

   1. 12 SKU’s with 1-USB port, 1-Console port, WiFi, 3G4G-LTE, DSL, POE.

   2. 2x1G RJ45 WAN port, 2x1G RJ45 Forti Link port, 6x1G RJ45 internal/POE ports, 2xGE RJ45/SFP Shared Media ports, 1-DSL RJ11 port.

   3. 128GB SSD, Supports Trusted Platform Module (TPM), Bluetooth Low Energy.

FortiGate-40F

FortiGate-60F

FortiGate 70F

FortiGate 80F

Checkpoint

Checkpoint has the below Desktop models in Branch/Retail segment:

1. 1535, 1555 Pro (WiFi Model)

2. 1575/1595 Pro (WiFi, 5G Model)

1535, 1555 Pro (WiFi Model)

1575/1595 Pro (WiFi, 5G Model)

Summary

Below are some of the observation I have based the hardware specification of all three vendors apart from number and ports speeds supported.

• Fortinet has the widest range of models a total of 22 SKU’s with options of WiFi, 3G/4G LTE, POE+, DSL etc.

• PAN has a total of 6 model and it doesn’t have SKU’s with the WiFi, LTE, DSL options.

• Checkpoint has a total of 4 models and doesn’t have SKU’s with POE+, 3G/4G LTE, DSL options.

• Checkpoint is the only vendor with 5G option.

Feel free share your view/comments on any comparisons/difference wrt hardware specifications. In the next part of this article we will look in to Networking/Security features for each of these vendors.

References and credits

1. Gartner Reports

2. Official websites Palo Alto Networks, Fortinet and Checkpoint.

Comments

[Chintan]

cool. Nice quick summary. Looking forward to more posts.