Firewalls Market: The Hybrid Cloud Perspective

Alibaba Cloud, AWS, Microsoft… In the latest Magic Quadrant for network firewalls, the hyperscalers no longer appear.

All three had featured in the previous edition, whose publication dates back to December 2022.

Rules have shifted since then: Gartner now focuses on hybrid mesh firewalls (HMF). In this context, it only includes vendors that offer both cloud deployment and appliances (physical or virtual). Where three years ago, having one or the other was enough.

With the exception of Alibaba Cloud, AWS and Microsoft, two vendors among the 17 ranked in 2022 are no longer listed this year: Barracuda Networks and Hillstone Networks.

On the “Execution” axis of the Magic Quadrant, intended to reflect the ability to actually meet market demand, the situation is as follows:

On the “Vision” axis, which reflects strategies (commercial, marketing, sectoral, product…), :

The three vendors designated as “leaders” are the same as three years ago: Check Point, Fortinet and Palo Alto Networks.

The container firewall, still absent at Check Point

Check Point carries with it a strong tradition of price transparency, a phrase Gartner uses to describe it. In fact, it is the only one among the Leaders to publish public prices for its entire HMF lineup.
Its sectoral strategy is another strong point, with the financial services and telecommunications sectors at the forefront.
It also stands out for its level of support for 5G and post‑quantum cryptography, as well as for API playbooks and a natural language engine that can be modified or created.

Check Point is the only one of the Leaders not to offer a container firewall. It also lacks RBI (remote browser isolation), while its SD-WAN capabilities are said to be “less advanced” than those of direct competitors. Caution is warranted regarding administration and troubleshooting complexity. Gartner also notes reduced visibility among buyers, who are often unaware of new offerings and product improvements.

Fortinet: the roadmap under scrutiny, vulnerabilities cause concern

Fortinet stands out for the way it binds its HMF to its other product lines around FortiOS. Gartner also values its reporting capabilities and its handling of post‑quantum cryptography for IPsec key exchange, as well as AI-assisted analysis on even the physical appliances to aid in interpreting security events. Another strength is the FortiFlex licensing model, which uses a points-based approach.

Apart from some visibility issues with logs inside the firewall, running tasks may require tapping into multiple interfaces. The sheer number and severity of fixed vulnerabilities, along with feature removals (for example, SSL VPN migration to IPsec VPN on FortiGate or the end of agentless VPN support on some appliances), raise concerns. Fortinet also has room to improve the clarity of its roadmap.

Complex and elevated pricing for Palo Alto Networks

As with Check Point, Palo Alto draws praise for its AI-related capabilities, including safeguards around AI itself. It also earns recognition for unparalleled visibility into HMF use cases, its IoT management, and its orchestration capabilities (predictive analytics, policy recommendations).

Palo Alto tends to see price increases upon renewal. Overall, the total cost of ownership is relatively high compared with direct peers, and license and support agreements often lack transparency.

Some users report performance issues, including slow startup times and heightened resource consumption. Caution is advised when considering discrepancies between the Panorama and Strata Cloud Manager consoles. It is frequently necessary to operate both in parallel for at least a year before migrating from the former to the latter (which does not manage the container firewall).

From APIs to management consoles, the offering can still mature

Even though the cloud management is centralized within the evaluated offerings, it still relies on different platforms in many cases; or the console functions as an SSO gateway for other portals.

In terms of APIs, many vendors still display a maturity gap, primarily enabling integration with their other product lines rather than broader ecosystems.

Nevertheless, the network firewall is increasingly approaching a commodity market. In terms of inspection, filtering and VPN, features are broadly similar across vendors. The same holds for DNS protection and IoT security. On the other hand, universal ZTNA support remains comparatively rare.

Reflecting the security‑as‑code approach within security mesh concepts, CI/CD integration was among the criteria to qualify for the Magic Quadrant.