We use it for security purposes.
We use it for security purposes.
Palo Alto Networks NG Firewalls enable efficient application search, viewing, and configuration access across various services for different user groups within our company.
The only downside of Palo Alto Networks NG Firewalls, in my opinion, is the relatively higher price compared to Cisco FortiGate. This is especially noticeable when deploying basic configurations and considering the cost of licenses.
I have used the solution for the past few years.
In terms of stability, the user rates it a nine out of ten.
I would rate it 10 out of 10. The current user base for Palo Alto Networks NG Firewalls in the environment is one thousand users. Plans are in place to increase usage in the future, particularly with the intention to upgrade for higher speed.
The experience with tech support is positiveand they have found support helpful in addressing network issues.
Positive
Before adopting Palo Alto NG Firewalls, no other tools were used.
I cannot rate the ease of configuration on a scale from one to ten for Palo Alto Networks NG Firewalls. The configurations are diverse, and it's challenging to determine a specific rating, but I find them somewhat similar and not particularly helpful.So, the deployment process for Palo Alto NG Firewalls takes about one month. This duration is due to the various steps involved in the deployment, each of which can be completed within a business day. The complexity arises from the need to connect with numerous clients and services, considering the continuous operation of the business.
In terms of price, the user finds it expensive, rating it around nine.
The overall recommendation is positive, emphasizing ease of deployment, understanding features, and suitability for the company's needs. I give Palo Alto Networks NG Firewalls a perfect rating of ten.
We have clients in the government and supermarkets, for example, who use this firewall for integration with EDR, NDR, CN, and IPS.
Palo Alto Networks NG Firewalls' IPS is more complete and is very good. This is a user-friendly solution that is easy to install, and it provides the best protection.
It's very important that Palo Alto Networks NG Firewalls embed machine learning in the core of the firewall to provide inline, real-time attack prevention because all components are moving laterally these days. We need tools that follow the zero-trust model.
These firewalls have helped reduce downtime in our organization as well.
Palo Alto needs to improve their training. They do not invest in their partners. I have been a partner for seven years, and it is very expensive for me to certify my engineers.
I've been working with these firewalls for almost seven years.
The firewalls are very stable.
Palo Alto's scalability is not as good as that of Check Point. With Check Point, I can integrate the firewall with other products.
We do not have technical support in Brazil, so I would rate it a two out of ten. However, Palo Alto's technical support in the US is good, and I would give them a rating of eight out of ten.
Neutral
I have worked with Check Point, but it's very difficult to configure. Palo Alto is much easier to configure, and the dashboard is very user-friendly as well.
Because I have worked with Palo Alto for seven years, the initial setup is very easy for me. However, new engineers may find the configuration difficult.
Palo Alto Networks NG Firewalls are very expensive compared to other firewalls such as Fortinet. As a result, Palo Alto is losing some of its market share.
I would rate Palo Alto Networks NG Firewalls an eight out of ten because it's a good product.
I like attending RSA conferences because it gives me the opportunity to see what competitors are doing and what is new on the market.
Attending RSAC does have an impact on our cyber security purchases, but I would like to see manufacturers offer more training, certifications, labs, and demos at RSAC.
Our use cases include combining multiple next-gen firewalls and bringing them into the Panorama centralized platform.
In general, it's one of the better firewall brands out there. It definitely has the investment and the dedication of the Palo Alto team to constantly improve their product and move forward. They're not a static company, like some of the other companies out there, and that's why I like them.
From a firewall perspective, there is a unified platform that natively integrates all security capabilities, which is good because there is a single pane of glass. I don't have to go to every single firewall to look at certain things. I don't have to go to every single firewall to deploy rules. I can use Panorama to deploy the rules, so it's a one-stop job type of thing.
For securing data centers consistently across all workplaces, all next-gen firewalls pipe into the same Panorama centralized management solution. We can manage everything from a single pane of glass, deploy all that out, and make sure it goes through each firewall and updates correctly. That's huge. If you had to do it manually and you had thirty locations, that'd be like a day's job versus thirty minutes.
Having a centralized platform where they all feed into the Panorama solution significantly drops firewall-by-firewall management. We can use the Panorama solution to communicate with all of them.
I like the navigation of the general Panorama solution. I can easily navigate around and get to the thing I need. I'm not wasting time trying to find something.
Personally, I feel that their dashboards for reporting and things like that need some improvement.
We've been using Palo Alto for one to two years.
It has been very stable so far.
So far, it has been scalable enough to hit multiple divisions.
I have not personally contacted their support. That just dictates that they have a good product.
Positive
We also use Cisco firewalls.
I am not directly involved in its deployment, but I do help manage it. To my knowledge, the deployment was straightforward. It was easy to connect them into the Panorama platform.
There was a consultant. They knew their stuff.
There is typically no return on investment for firewalls because it's an IT cost, and we don't make money because we don't resell them.
It's pretty good.
We evaluated Fortinet and Check Point.
The value I receive from attending an RSA Conference is huge because I visit all my vendor partners to understand their roadmaps for the future. Attending an RSA Conference has had an impact on our organization’s cybersecurity purchases made throughout the year afterward because it brings out new features and subsets of the vendor partners. Also, if there is a deficiency in any of the current ones we currently use, we'll go engage other providers in order to find out if they can reach that gap or not, and then it'll dictate future proof of concepts and decisions.
Palo Alto embeds machine learning in the core of the firewall to provide inline, real-time attack prevention, but I personally haven't experienced that. It's a good thing that there hasn't been an attack where that became useful, but that's great to know.
As a result of our experience with Palo Alto NGFW, to a colleague at another company who says, “We are just looking for the cheapest and fastest Firewall,” I would say, "Go with Palo Alto."
Overall, I would rate Palo Alto NGFW an eight out of ten.
Almost all of my deployments are regulated to each firewall perimeter or as a data center firewall. The perimeter firewalls are deployed to control the user traffic and establish IPv6 VPN connections between a company's headquarter and its branches. This solution comes with threat prevention and URL filtering licenses for perimeter deployment. For data center deployments, the solution is deployed as a second layer of protection for the network traffic, especially for VLANs. It also prevents lateral movement of network attacks.
Almost all of my deployments in the Middle East are deployed on-prem. There is no acceptance of cloud solutions, especially for government and banking rules.
Palo Alto Networks Next-Generation Firewall comes with full visibility into the network traffic. The administrator of this next-generation firewall can troubleshoot the traffic, network issues, or connectivity issues that busted through the Palo Alto Next-Generation Firewall, then detect whether the problem is from the client side or the server side. This solution helps the administrator to troubleshoot and have their network up and running all of the time.
A feature introduced by Palo Alto with the version 10-OS is embedded machine learning in the core of the firewall to provide inline, real-time attack prevention. Machine learning analyzes the network traffic and detects if there is any usual traffic coming from outside to inside. Because of Palo Alto, organizations detect around 91% of malicious attacks using machine learning. The machine learning helps customers by implementing firewalls in critical and air gap areas so there is no need to integrate with the cloud sandbox.
I integrate Palo Alto with different Security Information and Event Management (SIEM) solutions as well as Active Directory to control the traffic based on users and integration with the email server to send notifications and look at domain recipients. I also integrate Palo Alto with Duo as a multi-factor authentication, which is easy to integrate.
They have introduced more security components that can be integrated. We are talking about Cortex XDR and WildFire. These are natively integrated with Palo Alto Networks. These help to predict malicious attacks on the endpoint and network. WildFire is easy to deploy and integrate.
SP3 architecture helps distribute the bucket into different engines. Each engine has their own tasks: the networking engine, the management engine, and application and security. Each one of these tasks is done by a single task or dedicated CPUs and RAM for handling traffic.
I have been using this solution for about four or five years.
They have a stable solution, stable hardware, and stable software since they have released multiple OSs. If there are any issues, they release a new OS. Each month, you will see new batches with a new OS introduced to customers. You can update it easily.
With Palo Alto Networks, you have a dedicated management plan. Therefore, if you face an issue regarding the management interface, e.g., the GUI and CLI of Palo Alto Networks, if you have any problem on that you can restart it without effects on the data streams.
The technical support team is great. We have no tickets open with Palo Alto. There are distributed tech centers worldwide that do not have Palo Alto employees, but have the capability to solve your problem in an easy way. They help you to close your gaps or pains.
Positive
I am expert with next-gen Firewalls, especially in Fortinet and Palo Alto. I am NSE 4, NSE 7, and PCSAE certified.
Palo Alto has introduced new features in their next-generation firewall, such as SD-WAN. However, the technique of SD-WAN implementation is not easy to understand. It is not easy to deploy at this moment. Maybe, in the future, they can improve the process and how the administrators, partners, or support team can easily deploy this SD-WAN solution on their next-generation firewall. The SD-WAN solution from Fortinet is easy to do. It does not take more than five or 10 minutes. When we talk about Palo Alto, it takes extra effort to implement SD-WAN.
If you are looking for a great firewall that helps you stop attacks as well as giving you visibility with the administration, this firewall is the best choice. You should not look at the price the first time. Instead, you should look into the solution's productivity and return on investment.
There are some differences in regards to the integrations between Palo Alto and other vendors. Palo Alto handles the traffic using Single Pass Parallel Processing (SP3) engines unlike other vendors, like Fortinet, who use ASIC processors to handle the traffic. The SP3 engine is a different, new architecture for next-generation firewalls. The SP3 engine curbs the traffic and makes the decision based on the buckets, then it evaluates the bucket and other features regarding routing.
SP3 helps the customer when we talk about data sheets and the performance of the administration firewall. We introduce SP3 to show them real numbers. When we talk about Fortinet, they introduce a different performance number for networking and application throughputs. With Palo Alto Networks, the deduplication between the firewall throughput to the full inspection mode throughput is minimal. There is no big difference between the networking throughput and full inspection mode throughput.
I use DNS security from other vendors, not Palo Alto. I have tested Palo Alto with some scripts in regards to exfiltration and about 50% to 70% of exfiltration attacks could be stopped by Palo Alto. This year, Palo Alto has improved its DNS security against data exfiltration attacks. They enhanced the DNS security features with Palo Alto Networks Next-Generation Firewall by introducing a cloud solution. The solution now forwards these DNS requests to the cloud, which can analyze it using machine learning and artificial intelligence to decide if it is legitimate traffic or not.
The integration is based on the customer environment and what they need. Enterprise customers have some regulations and compliance so they need to send all their logs to the same solutions. We can integrate it using a syslog protocol over UDP. So, it is easy to integrate Palo Alto with some solutions. However, with other Palo Alto technologies or solutions, I integrate them just with WildFire. WildFire is a dedicated solution related to sandboxing and can be deployed on-prem or in the cloud.
The NSS Labs Test Report information has previously helped me to convince customers to buy Palo Alto Networks Next-Generation Firewalls. However, I am now not using the NSS Labs Test Report. Instead, I am using Gartner reports to offer customers Palo Alto Networks Next-Generation Firewalls.
Machine learning on the Palo Alto Networks Next-Generation Firewall was introduced on version 10.
I would rate this solution as nine out of 10.
We use Palo Alto Networks NG Firewalls for our gateway security.
Embedded machine learning is important.
The user experience is good and the configuration is very easy.
Palo Alto Networks NG Firewalls provide a unified platform that natively integrates security capabilities.
IDM is the most valuable feature.
The process of applying updates to Palo Alto Networks NG Firewalls has room for improvement.
The price also has room for improvement and the technical support could respond faster.
I have been using Palo Alto Networks NG Firewalls for one year.
The solution is extremely stable.
The solution is scalable. We have 60 people that use the solution in our organization.
The technical support is good but can sometimes be slow.
Positive
I previously used WatchGuard XTM firewalls, but I switched to Palo Alto Networks NG Firewalls because of their superior performance and features.
We have seen a good return on investment.
Palo Alto Networks NG Firewalls are expensive compared to WatchGuard XTM firewalls.
I give Palo Alto Networks NG Firewalls a ten out of ten.
We have to perform regular updates for the solution.
We're partners. Essentially, we take all the Palo Alto firewall policy information and all the device information, and we put it on a single pane of glass for them.
It provides a unified platform that natively integrates all security capabilities. This communication between security devices or security platforms is pretty important.
It helps to reduce downtime in our organization, but I don't have the metrics.
Their Prisma log collection is pretty great. Our product collects the logs, and it definitely makes the configuration of log collection easier.
Everything has been great. More machine learning would be something great to see, but I don't know if it's a priority for Palo Alto.
We're partners with Palo Alto. We've been partnering with them for about ten years for their firewalls.
It's pretty stable.
It's pretty scalable. Palo Alto does a great job across the board from small businesses to large enterprise solutions.
I have not had direct communication with their support.
We've worked with different firewall solutions such as Check Point, Cisco, ACI, and Fortinet, but Palo Alto is definitely among the ones that I like to work with.
Overall, it provides a wide range of features for securing an environment.
You get what you pay for.
The RSA Conference is great. You get to see a wide range of products all in one place. In terms of security, this is the place to be. It has been a great experience.
I believe attending the RSA Conference has an impact on our organization’s cybersecurity purchases made throughout the year afterward. It gives us a good forecast as to where the industry is going and what's to come so that we can be better prepared to partner with all different vendors.
To a colleague at another company who says, “We are just looking for the cheapest and fastest firewall,” I would say that Palo Alto is definitely not the cheapest. It's one of those things where you prefer quality.
Overall, I'd rate this solution a nine out of ten.
As a Security Engineer, I use this solution for protection. I put in additional rules and also use the solution for forensic investigations and to look at traffic logs.
I like that Palo Alto Networks does a good job of keeping the firewall updated with the latest threat signatures.
We use Panorama, so we're able to manage an entire array of firewalls in one console. It's really useful because we can make one change and deploy it to all of our firewalls.
Palo Alto Networks NG Firewalls do a great job at providing a unified platform that natively integrates all security capabilities. For example, we can easily export our firewall logs into our SIEM. We have so many tools to manage that having a unified platform makes our job easier.
This firewall is great at securing data centers consistently across all workplaces.
We have high availability, and Palo Alto Networks NG Firewalls helped reduce downtime.
The performance of the Panorama interface needs to be improved. It tends to be very sluggish at times.
I've been using Palo Alto Networks NG Firewalls for five years.
I have not heard of any complaints or issues regarding the stability of the firewalls.
We can easily add nodes into Panorama with no problem. As such, scalability is not an issue. We have an enterprise environment with approximately 15,000 users in multiple countries.
I haven't had to call technical support, but my colleagues have. They've always spoken positively about the experience and would probably rate the technical support an eight out of ten.
Positive
My organization used Cisco Secure Firewall ASA and switched to Palo Alto Networks NG Firewalls because Cisco was lagging behind in many features. For example, the management interface on the ASAs was awful compared to that in the NG Firewalls.
We have absolutely seen an ROI in the fact that we haven't ended up in the news. We can look at any time and see all the threats that have been stopped by Palo Alto Networks NG Firewalls.
If you are looking for the cheapest and fastest firewall, I would say that it's a risky angle to take. Security costs money, and you'll get what you pay for.
The benefits I receive from attending an RSA conference are networking, meeting people and having conversations face-to-face, making contacts in the industry, getting suggestions about products, and attending briefings about specific products.
Also, attending RSAC can have an impact on your organization’s cybersecurity purchases because you may find out about products that you hadn't heard of before.
Overall, I would rate Palo Alto Networks NG Firewalls an eight on a scale from one to ten.
We used the solution as an edge or internet firewall where we were running IPS/IDS and doing filtering on it, apart from the other security features. We are still using it for our users' VPN activity and to manage site-to-site VPN tunnels with other clouds, like AWS and Azure, so that there is connectivity back and forth between those cloud providers and our on-prem data center.
The features I like are the debugging and troubleshooting through package capture. It's easy to capture from the CLI and it's also easy to get logs from the CLI.
It's very important that Palo Alto NG Firewalls embed machine learning into the core of the firewall to provide inline, real-time attack prevention. That increases our security posture. It gives us real-time anti-cyber activity and enables us to look at it. The firewall is able to capture it and flag it and it is easy to mitigate as soon as we see something like that happening, to secure the environment more, in real time.
These firewalls have the zero-delay signatures feature, which is really important because you don't want to be lagging behind with any kind of security updates. It doesn't affect our security a lot, but without it, we could be compromised a little bit. If updates are delayed by a couple of hours, there's an opportunity for the bad actors to execute something in that time frame. It gives us a little bit more security, but it's not like it's a high-severity situation.
Overall, they're doing great with the features. They're improving them day by day and year by year, which is really good. They're making new products that are compact inside, which is also really good. Instead of a full rack, they have tiny devices that have the same or even better performance compared to the bigger ones. They are doing well in improving the units, features, and security.
I've been using Palo Alto Networks NG Firewalls for eight years.
They're very reliable and stable. Compared to some of the competitors, they're more reliable.
The scalability is also good. They provide good options for scaling. The only thing that I would think about is that, in the newer firewalls, they have increased the performance but decreased the number of concurrent VPN connections or users. The new, compact devices have better performance, but they have reduced the number of users that can connect. Maybe that's a marketing strategy to sell higher-end models.
In my organization, everybody is using the Palo Alto firewalls because they're connected to the VPN, but the management and operations aspects are limited to the folks in IT.
These firewalls used to bring a lot of value to us, but in my practical experience, in the last three years at least, they have been lagging behind their competitors. The main issue is the support that we can get.
For example, in the past, if something happened, we could just give them a call and open a ticket, and we would have technical support right away to help us. Whether it was a severity-one, critical incident, where we had no connectivity, or just a minor or medium-severity issue, we used to get support right away. But in the last three years, it has been really hard to get hold of an engineer. I have reached out a couple of times to give them a heads-up, "This is a ticket I opened three days ago. I'm trying to get a hold of anybody."
It's okay that they force us to open a ticket on the portal, but after opening a ticket, it's really hard to get support when you need it. You have to wait for them to get back to you and sometimes it's random. And the biggest problem I have is that you have to wait hours on the line when you're calling them to get a hold of the next available engineer.
They should make it easier to get in touch with their TAC. This is what they have called transforming the customer experience, but I believe it's getting worse. That's the only thing they have to improve. When you do get someone, the support from their end stands out, it's a nine out of 10. But getting a hold of an engineer is a two out of 10.
Neutral
The initial setup is very straightforward. You need to connect through the portal manager and to the IP that you want to access remotely. And pushing the configuration from other devices is very easy. They provide tools so that you can get the configuration from competitors' devices and convert that into the Palo Alto version. It's very easy to configure initially and to manage as well.
On the maintenance side, it's really good. We don't have to put a lot of effort into that.
The security and performance of the PA-400 series of Palo Alto NGFWs, versus its price, is really good. It's very inexpensive and has good performance compared to the previous higher-end 3000 models.
Palo Alto provides Panorama where you can manage a bunch of firewalls from a single pane of glass or just one device. It allows you to manage all of the firewalls in one, integrated location. You don't have to make a chain of 50 different firewalls. It will push what you need to be changed to all the other firewalls. We used to use it, but we got rid of it because we replaced all our Palo Altos with competitors' firewalls and we don't use Palo Alto anymore, other than for VPN. We have six firewalls in our organization right now, although we used to have 35 to 40. Because we no longer have a lot of firewalls, we got rid of Panorama. We don't want to pay for it to just manage six firewalls where we are not making any changes frequently. If we had 35 or 40 still, I would definitely recommend having Panorama.
Panorama is for managing the rules. It saves time on configuration, but it doesn't affect your security posture. Whether you're managing each firewall or using Panorama, it's exactly the same thing. But it helps you to execute changes in a very short period of time. It's a way of pushing the config to all your devices.