Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login
    Introducing Netgate Nexus: Multi-Instance Management at Your Fingertips.

    Netgate / pfSense+ versus WatchGuard or Palo Alto

    Scheduled Pinned Locked Moved Off-Topic & Non-Support Discussion
    5 Posts 3 Posters 1.4k Views 5 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M Offline
      mhab12
      last edited by

      Our two WatchGuard M200 units are coming up for renewal/replacement this summer. I would love to replace them with Netgate products and support, however our IT vendor prefers to either stick with WatchGuard or migrate to Palo Alto. I have nixed Meraki from the short list based on experience with their 'no traffic passed once license expires' model.

      Our setup is a 100/100 f/o internet circuit and a 100/100 backup wireless internet circuit. Currently have ~17 users, most of which use OpenVPN to remote into our LAN with a handful of people in the office each day. Our M200s can only push ~25mb over OpenVPN (sad). So not a lot of bandwidth to deal with, mainly VPN traffic and potential for traffic inspection (see below).

      I'm very comfortable with pfSense (user since the m0n0wall days) but would appreciate a bit of sales support/comparison in regards to some of the subscription based features we get from Watchguard as I think this would help assuage fears from our IT vendor, and to a lesser extent, me.

      If the thinking is that Netgate and Watchguard are apples and oranges that is fair feedback as well. Are these subscription features even relevant anymore with the prevalence of SSL / HTTPS etc? Appreciate any thoughts.

      WG Feature / pfSense equivalent feature or package / provider subscription cost?
      .......................
      Botnet Detection (unsure exactly what the WG is doing here) / ?? / ??
      Gateway AV (HTTP only?) / Squid + Clam AV / ??
      IDS IPS / Snort or Suricata / Snort @ $400 per yr, Suricata ??
      Reputation Enabled Defense and GeoIP/ pfBlockerNG? / MaxMind @ $288 per year, others?
      WebBlocker / pfBlocker NG DNSBL or Cisco Umbrella (we already use) / no addl cost

      D 1 Reply Last reply Reply Quote 0
      • D Offline
        dgall @mhab12
        last edited by

        @mhab12did you switch to Palo Alto? I use pfsense but I have been letting a new tech guy handle everything for my business and he wants to use Palo Alto comparing the two Palo Alto has some nice features but it is not worth the cost I am seeing.

        M 1 Reply Last reply Reply Quote 0
        • M Offline
          mhab12 @dgall
          last edited by

          @dgall We did pull the trigger on Palo Alto and I can't be happier. Having commercial software/hardware that is rock solid has brought us newfound peace of mind.

          The costs are real, but so is PA's software development and continuous/real-time definition updates.

          We have moved a total of five sites to PA, all using PA440. Bite the bullet and enjoy the stability of enterprise level stuff.

          tinfoilmattT D 2 Replies Last reply Reply Quote 0
          • tinfoilmattT Offline
            tinfoilmatt LAYER 8 @mhab12
            last edited by

            @mhab12 Would you mind sharing cost estimates/approximations?

            1 Reply Last reply Reply Quote 0
            • D Offline
              dgall @mhab12
              last edited by

              @mhab12 Thank you I may let him do it as far as the continuous/real-time definition updates you mentioned I have the paid snort and pretty good feeds on my pfblocker that is updated hourly so those threats are updated regular I like pfsense but I cant micro manage the tech guy and he knows Palo Alto if we do switch if nothing else that Netgate 7100 unit will make a nice addition to my home lab.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2026 Rubicon Communications LLC (Netgate). All rights reserved.