CyberRatings.org updates ratings for Fortinet and Palo Alto Networks enterprise firewalls

CyberRatings.org has released updated evaluation results for Fortinet’s FortiGate-200G and Palo Alto Networks’ PA-1410 enterprise firewalls after these vendors addressed previously identified evasion resistance shortcomings.

The revised ratings reflect the updated capabilities of these firewalls to withstand exploit evasion attempts, affecting their operational security performance. These adjustments resulted from modifications made after initial tests showed vulnerabilities in their intrusion prevention measures.

The assessments focused on exploit evasion resistance, where Fortinet improved from 60% to 100% following an update to its Intrusion Prevention System (IPS) signature package, raising overall security effectiveness from 79.24% to 99.24%. Palo Alto Networks increased from 0% to 100% evasion resistance with a firmware upgrade (PAN-OS 11.2.10-c37), causing security effectiveness to increase from 46.37% to 96.07%.

The retesting employed identical methodologies and datasets as the original Q4 2025 Enterprise Firewall Comparative Report, utilizing tools developed by NSS Labs and Keysight’s CyPerf for performance and security validation. The updated ratings now classify both firewalls as Recommended products among others like Check Point, Juniper Networks, and Versa Networks.

Vikram Phatak, CEO of NSS Labs, said, “Both Fortinet and Palo Alto Networks responded quickly and transparently to our original findings, issuing updates within days and requesting immediate retesting. The speed at which these vendors addressed and resolved critical issues shows their commitment to their customers’ security.”

Following the results, CyberRatings.org and NSS Labs highlighted vendor accountability and transparency as factors relevant to cybersecurity product evaluation. Palo Alto Networks noted that the firmware version tested was a pre-release scheduled for General Availability (GA) within 90 days. Both firms advised organizations to update to the specified versions promptly to ensure protection aligned with the November 5 report's findings.