FortiManager delivers unified management for consistent security across complex hybrid environments, providing protection against security threats. Key benefits include accelerated zero-touch provisioning with best-practice templates for deployment at scale of SD-WAN and streamlined workflows between the Fortinet Security Fabric and integrations with 500+ ecosystem partners.
N/A
Palo Alto Panorama
Score 8.6 out of 10
N/A
According to the information provided by the vendor, Palo
Alto Panorama is a network security management solution that intends to
simplify and enhance cybersecurity processes for businesses. The product's
primary objective is to offer various features, including unified policy
management, centralized visibility, automated threat response, simplified
configuration, unrivaled scalability, and rapid security adoption. It claims to
assist organizations in efficiently managing their firewalls and…
FortiManager is well suited for larger organizations which require unified configurations and IT departments that need quick turn around on firewall related tickets. I believe MSPs can also benefit with the use of the VDOM feature, if strict separation between clients is needed. FortiManager wouldn't be ideal for 1-3 site operations, unless their configurations are extremely complex or have a high number of active users.
I think Palo Alto Panorama is suited for administrators of all levels because certain things can be locked down to certain permission levels. But there are executive dashboards all the way down to the weeds for the highest of administrators. This truly is a single pane of glass tool because you never have to go into the individual firewalls for anything.
If you need to push a setting or config to multiple firewalls Panorama can do that flawlessly.
Panorama has its logging centralized and this makes it easy to locate and reviews logs compared to having to get logs from each device.
I love how the interface matches the interface on the firewall. This makes the learning curve less steep.
Adding new firewalls to Panorama is super easy and not complex. Panorama can push a lot of the config and settings so you don't have to manually do it.
Various bugs: The software is buggy, and if you don't have a good understanding of it's underlaying operation, you can get confused or stuck when pushing a configuration. There are lots of little quirks you will have to learn, which are not described in any documentation.
Conflict resolution: Occasionally, during larger changes, bringing new devices in, pushing a config will fail due to dependencies, conflicts, or other software bugs. This is somewhat time consuming because the error messages provided aren't descriptive
CLI Options: Some configuration changes require creating scripts that execute on each device, and can't be done via the GUI
The ability to push out OS updates could be improved in Panorama. It has the abilities, but the use is not intuitive, to the point that we generally connect directly to the firewalls to download the OS updates directly.
Scheduling. It would be nice to be able to schedule jobs to run at certain times. Pushing out updates, like OS updates mentioned above, can require significant bandwidth. So being able to schedule that work for hours that would not directly affect the users would be a welcome addition.
The list of devices in the Templates tabs should be sorted the same way that he devices are grouped in the Device Group tab, rather than just alphabetical. If there was a way to chose the order of the devices, maybe by tag, that would work as well.
Panorama has given us much more than we expected and the support for the product, by Palo Alto Networks has been great. We would like to see some improvements that I mentioned in another review, like scheduling changes, but overall Panorama has provided a very capable product and we are very happy with it.
You can do anything via the GUI without going to the CLI. High real time security as every five minutes, it updates the list of phishing websites. High protection as the firewall communicates with the cloud, a machine running artificial intelligence helps to detect malware or other threats.
Palo Alto has a very nice customer support. People are very nice and were quick to reply, whenever we had an issue with the subscription or the blacklist tool. There is also a great deal of information on their website that covers each and every detail about the uses and the threat signatures. The community keeps on updating their information very frequently. Small issues are easily solved from the documentation, and for other issues, the customer support service is always present. However, on Fridays it becomes a little delayed as per my observation.
FortiManager is the best choice for managing numerous FortiGate firewalls. It allows for easy integration into ServiceNow and automates simple repetitive tasks that are very straightforward. Role-based access control is easy to enable and you can get quite granular with user permissions. Administrative Domains help segregate firewall management and compliance within the FortiManager console, by almost any classification method that makes sense to your organization.
Palo Alto Panorama and Junos Space Security Director have many similar features but Palo Alto Panorama excels in almost all of them. The monitoring tools in Palo Alto Panorama are easy to use and give more in-depth insight into what is going on in your network. Palo Alto's security is ranked much higher and the Web Application Security is also superior to that of the Junos counterpart.
At a previous company, I deployed Palo Alto firewalls to a data center, and 12 branch locations. This allowed us to replace MPLS links with IPSec tunnels between the sites. This resulted in significantly more throughput and soft savings of increased productivity. However, the estimated net of $220,000 in hard savings over five years is what is most impressive. I could not have effectively managed all those devices without Palo Alto Panorama.