We performed a comparison between Palo Alto Networks NG Firewalls and Palo Alto Networks VM-Series based on real PeerSpot user reviews.
Find out in this report how the two Firewalls solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Unified Threat Management (UTM) features."
"It's user-friendly and easy to operate."
"Our security improved from being able to put in rules and close off unwanted traffic."
"The reporting and monitoring are very good."
"The most valuable feature of this solution is Quota."
"It is useful for protecting and segregating the internal networks from the internet. Most of our customers also use the FortiGate client to connect to their offices by using the VPN client, and of course, they usually activate the antivirus, deep inspection, and intrusion prevention services. They are also using it for web filtering and implementing various policies dealing with forwardings, NAT, etc."
"Some of the key features of the solution is that it has good reporting, you can receive many details from the connection, for example, clients and website information."
"It performs very well."
"The most valuable features include the different security zones and the ability to identify applications not only by port numbers but by the applications themselves... And with the single-pass architecture, it provides a good trade-off between security and network performance. It provides good security and good network throughput."
"DNS Security is a good feature because, in the real world with web threats, you can block all web threats and bad sites. DNS Security helps to prevent those threats. It's also very helpful with Zero-day attacks because DNS Security blocks all DNS requests before any antivirus would know that such requests contain a virus or a threat to your PC or your network."
"The solution is user-friendly. It's secure and easy to understand your network visibility, control the network, and prevent attacks."
"Application layer firewalling has been the most valuable feature because it gives thousands of application IDs that we can use to control traffic into and out of our environment. The second most important feature has been the GlobalProtect VPN feature."
"The most significant benefit is threat protection. Anti-malware uses signatures, so dynamic analyzers like WildFire are the best way to protect the company. It is a firewall based on application control, user ID, and security policy. We can use it based on user and application ID without a stateless firewall or TCPIP ports."
"Their Prisma log collection is pretty great. Our product collects the logs, and it definitely makes the configuration of log collection easier."
"The most valuable feature is WildFire, which blocks sophisticated attacks and distinguishes it from other traditional firewall functions."
"It's quite nice. It's very user-friendly, powerful, and there are barely any bugs."
"Palo Alto’s Panorama centralized management system simplifies our security posture based on our requirements. Instead of manually pulling logs, then generating them into readable formats, it gives us the console in a readable format to view."
"App-ID and User-ID have repeatedly shown value in securing business critical systems."
"AWS has improved our agility to apply firewall rules. It has reduced the amount of time that it takes to apply firewall rules because everything is based in the cloud."
"The initial setup was straightforward."
"Embedding it into my application development lifecycle prevents data loss and business disruption, allowing the adoption to operate at the speed of my AWS Cloud."
"The filtering feature is good."
"The VM-Series scalability is fast and easy to implement, improving our security posture as our Azure network grows."
"It gives us the ease that we are secure. We have set up the proper things that help make our data safe."
"FortiLink is the interface on the firewall that allows you to extend switch management across all of your switches in the network. The problem with it is that you can't use multiple interfaces unless you set them up in a lag. Only then you can run them. So, it forces you to use a core type of switch to propagate that management out to the rest of the switches, and then it is running the case at 200. It leaves you with 18 ports on the firewall because it is also a layer-three router that could also be used as a switch, but as soon as you do that, you can't really use them. They could do a little bit more clean up in the way the stacking interface works. Some use cases and the documentation on the FortiLink checking interface are a little outdated. I can find stuff on version 5 or more, but it is hard to find information on some of the newer firmware. The biggest thing I would like to see is some improvement in the switch management feature. I would like to be able to relegate some of the ports, which are on the firewall itself, to act as a switch to take advantage of those ports. Some of these firewalls have clarity ports on them. If I can use those, it would mean that I need to buy two less switches, which saves time. I get why they don't, but I would still like to see it because it would save a little bit of space in the server rack."
"They should make the rule sets more understandable for the end user. When you're trying to explain to somebody how a computer network is secured, sometimes it's difficult for an end user or customer to understand. If there was a way to make the terminology more accessible to the end user, the set up could be easier. They should translate the technical jargon to an easily relatable and understandable conversation for the end user, the customer, that would be brilliant. Particularly in an environment where the IT structure is audited regularly, there's always pressure from the auditor to up the standards and up the security and you get your USCERT's that come out and there's a warning about this and the customer will want to lock out so much and when you apply it they run into issue where they can't search the internet or print to their remote office. Of course they can't print to your remote office, they just locked it up. They should make the language more understandable for the customer. If there's a product out there that made the jargon understandable to John Q. Public, I would buy that."
"One issue that I have had is that sometimes I need to monitor the traffic, so I need to filter it according to the user and which user is using it the most. I experience a bottleneck most of the time, particularly at the peak time when the number of contracts and users are at maximum."
"I think they need to improve more in order to be a competitor with the leaders of the field."
"The non-error conserve mode has room for improvement."
"There aren't really any negative aspects to discuss."
"I have to say that the initial setup was complex. The deployment took a few days to get set up. Initially, we were using an IPVanish. We switched to this tool since we thought it would be easier. But it turns out it wasn't easier to set up and run."
"Some of the filtering is not robust, you can escape it with a VPN. Some of the users bypass some of the filters. It catches some but it also misses some, that area could be improved. It's functioning reasonably but there's room for improvement in that area."
"Palo Alto Networks NG Firewalls need better training modules. You have to do a lot of reading prior to watching the training videos, and it's good for people who are really into it. However, often you want to use a video for a TID. You want to see how to do something rather than spend 30 minutes reading and then another 30 minutes watching the class. As a result, I take third-party training classes rather than Palo Alto's training because they are a lot better."
"When you delete and add a new rule, because of the one hundred rule limit, if the new rule has an ID that is greater than one hundred, even though you have fewer than that, it will not work."
"The solution needs some management tool enhancements. It could also use more reporting tools."
"I would like to see better integration with IoT technologies."
"I believe it would be beneficial if the solution could integrate with Google Chrome, especially for students who use Chromebooks. However, as far as I know, the solution currently does not support Google Chrome."
"PA-220 Next-Generation Firewall would be perfect if it has spam filtering."
"There is a web-based GUI to do management, but you need to know how the machine or firewall operates. There are hundreds of different menus and options. I have used other firewalls before. Just implementing or designing a policy with Palo Alto, if you want a certain port to be open to different IP addresses, then that could take 20 to 25 clicks. That is just testing it out. It is quite complex to do. Whereas, with other places, you tell it, "Okay, I want this specific port open and this IP address to have access to it." That was it. However, not with Palo Alto, which is definitely more complex."
"We're working with the entry-level appliances, so I don't know what the higher-end ones are like, however, on the entry-level models I would say commit speeds need to be improved."
"Palo Alto Networks VM-Series is a complex product to work with."
"It is not very easy to scale up the solution."
"People are less aware of Palo Alto."
"From time to time, they have released some content updates that have some issues, maybe twice a year."
"The user interface could use some improvement."
"It would be good if the common features work consistently in physical and virtual environments. There was an integration issue in the virtual deployment where it didn't report the interface counters, and we had to upgrade to the latest version, whereas the same thing has been working in the physical deployment for ages now. It seems that it was because of Azure. We were using VMware before, and we didn't have any such issues. We do see such small issues where we expect things to work, but they don't because of some incompatibilities. There also seems to be a limitation on how to do high availability in a virtualized environment. All features should be consistently available in physical and virtual environments. It is not always easy to integrate Palo Alto in the network management system. We would like to be able to compare two network management systems. They can maybe allow monitoring an interface through the GUI to create a reference or do a baseline check about whether your network monitoring system is actually giving you the correct traffic figures. You need traffic figures to be able to recognize the trends and plan the capacity."
"We have ran into issues with Palo Alto’s limitations for resolving large IP lists from DNS lookups, as well as the antivirus interfering with App-ID."
"The tool is very costly."
More Palo Alto Networks NG Firewalls Pricing and Cost Advice →
Palo Alto Networks NG Firewalls is ranked 5th in Firewalls with 164 reviews while Palo Alto Networks VM-Series is ranked 11th in Firewalls with 53 reviews. Palo Alto Networks NG Firewalls is rated 8.6, while Palo Alto Networks VM-Series is rated 8.6. The top reviewer of Palo Alto Networks NG Firewalls writes "We get reports back from WildFire on a minute-by-minute basis". On the other hand, the top reviewer of Palo Alto Networks VM-Series writes "Many features are optimized for troubleshooting real-time scenarios, saving a lot of time". Palo Alto Networks NG Firewalls is most compared with Check Point NGFW, Azure Firewall, Meraki MX, Sophos XG and WatchGuard Firebox, whereas Palo Alto Networks VM-Series is most compared with Azure Firewall, Fortinet FortiGate-VM, Cisco Secure Firewall, Juniper SRX Series Firewall and Huawei NGFW. See our Palo Alto Networks NG Firewalls vs. Palo Alto Networks VM-Series report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
In the best tradition of these questions, Feature-wise both are quite similar, but each has things it's better at, it kind of depends what you value most.
PA is good at app control, web filtering and such like, they have always been top of the pile there. The GUI is very good, and their product is very user-focused.
Fortinet is good for scalability and predictable high throughput (ASICs in the hardware), and useful things like authentication flexibility, CLI config (if you have any networking/Cisco people, they always seem to prefer CLI over GUI) and have better OT features, maybe relevant to your manufacturing use?
Fortinet seem to have a broader integration offering with their security fabric than PA do, plus they can do Fortinet-based wifi, switching, etc. Depends if you are prepared to go all-in with a single vendor.
Hi,
Both FT and PA have compelling features for large Enterprises. I would like to add a few good points about Fortinetwhich might be helpful ( from my 13 years of engagement with them as Distributor and Partner)
Fortinet:
Have higher throughput; which comes with competitive rates
Wide range of models to select to meet your requirement, without spending heavliy
Outstanding customer support and very active customer care team
Easly available skilled resources from the channel for deployment and post-implementation support
Regards
Abhilash
Hello. The question is what you are going to have as a result of application