CyberRatings.org Reports Improved Ratings for Fortinet and Palo Alto Firewalls After Retesting

CyberRatings.org and NSS Labs Reveal Improved Firewall Ratings

CyberRatings.org, a non-profit organization focused on bolstering confidence in cybersecurity products, recently announced updates to its enterprise firewall ratings based on follow-on testing results. In a move that underscores the importance of cybersecurity compliance, both Fortinet and Palo Alto Networks have elevated their status from a caution rating to a recommended one following rigorous retesting by NSS Labs.

Background of the Testing

On November 5, 2025, the initial assessments revealed critical vulnerabilities in the evasion techniques of both companies' firewall offerings; the Fortinet FortiGate-200G and the Palo Alto Networks PA-1410. After receiving feedback from the NSS Labs, both companies acted swiftly, deploying updates that addressed their deficiencies. The results signify a strong emphasis on responsive customer service and transparency within the cybersecurity sector.

Vikram Phatak, the CEO of NSS Labs, commented on the vendors’ diligence, stating, “Both Fortinet and Palo Alto Networks responded quickly and transparently to our original findings, issuing updates within days and requesting immediate retesting. The speed at which these vendors addressed and resolved critical issues shows their commitment to their customers' security.”

Detailed Results from Fortinet and Palo Alto

The results of the follow-on tests indicate a substantial improvement in performance and security for both firewall products. In Fortinet’s situation, during the first round of testing, the product showed an exploit evasion resistance of only 60%. However, following updates to their IPS signature package, that number skyrocketed to 100%. Consequently, their overall security effectiveness surged from 79.24% to an impressive 99.24%. Organizations that are still using older versions of Fortinet should promptly upgrade their systems to maintain fortified protection.

Similarly, Palo Alto Networks experienced an evolution in its product effectiveness after updating its PAN-OS firmware. The initial resistance score was dismal at 0%, but that figure improved to 100% following updates that addressed the Layer 3 IP and Layer 4 TCP evasion techniques concerns. Furthermore, the overall security effectiveness climbed from a concerning 46.37% to a strong 96.07% after the new PAN-OS firmware was retested and validated.

Organizations operating with outdated firmware versions must immediately transition to the latest updates to avoid risk exposure.

Vendor Accountability and Importance of Transparency

These results spotlight the crucial role that independent testing plays in enhancing accountability among cybersecurity vendors. The proactive steps taken by Fortinet and Palo Alto Networks not only demonstrate their dedication to product improvement but also set a standard for the industry regarding vendor-client relations.

To further elaborate on these findings, NSS Labs published an accompanying blog titled ‘When Firewalls Fail Gracefully: Why Vendor Responsiveness Matters as Much as Security Effectiveness.’ This article underlines the significance of transparency and expedient responses to cybersecurity challenges facing organizations today.

Testing Methodology Used

The follow-on tests used a rigorous methodology similar to that of the initial Q4 2025 Enterprise Firewall Comparative Report, which assessed seven leading firewall solutions in real-world conditions. The advanced testing tools developed by NSS Labs, alongside Keysight's CyPerf technology, allowed for an accurate evaluation of security features, functionality, and reliability of the firewalls. The updated report results can be accessed for free on CyberRatings.org.

Conclusion

The efforts made to revitalize Fortinet's and Palo Alto Networks' enterprise firewall products illustrate their commitment to customer security and continual improvement. Organizations utilizing their services can take confidence in these recommendations and should act quickly to update their systems according to the latest findings. For a deeper insight and comprehensive assessment of cybersecurity product efficacy, stakeholders are encouraged to visit CyberRatings.org and access the latest reports.