What is our primary use case?
We primarily use the solution for the firewalls. We're also using the next-gen features to shape what's going on. For example, to figure out what is allowed out and what isn't allowed out on a layer-7 application-aware firewall. We can block based on the application, as opposed to port access.
How has it helped my organization?
The solution helped us stop being policemen to our users. We don't have to run around telling people they can't do certain things. We can just not allow it and walk away from it. We're not out there seeing who is doing what, we just don't allow the what.
What is most valuable?
The solution allows us to set parameters on where our users can go. We can block certain sites or ads if we want to.
The firewall capabilities are very good.
What needs improvement?
We're working with the entry-level appliances, so I don't know what the higher-end ones are like, however, on the entry-level models I would say commit speeds need to be improved.
The appliances I'm working on are relatively old now. We're talking five-year old hardware. That slow commit speed might be addressed with just the newer hardware. However, even though it is slow, the speed at which they do their job is very acceptable. The throughput even from a five-year-old appliance shocks me sometimes.
Currently, if I make changes on the firewall and I want to commit changes, that can take two or three minutes to commit those changes. It doesn't happen instantly.
The solution doesn't offer spam filtering. I don't know whether it's part of their plan to add something of that aspect in or not. I can always get spam filtering someplace else. It's not a deal-breaker for me. A lot of appliances do that, and there are just appliances that handle nothing but spam.
For how long have I used the solution?
I've been using the solution for five years.
What do I think about the stability of the solution?
The stability is awesome. I haven't had any issues with the solution stability-wise. I've got the same firewalls that have been out there for five years and they work great.
What do I think about the scalability of the solution?
I don't work with enterprise-class products. I'm not in that environment. However, so as far as I know, Palo Alto has products that will go that large. Panorama may be able to scale quite well. You can manage all your appliances out of it. They are a very popular license.
Their GlobalProtect license is very much like Cisco's AnyConnect. It does the endpoint security checks. It makes sure they've got the latest patches on and the antivirus running and they've got the latest antivirus definitions and whatnot installed before they allow the VPN connection to happen. It's quite nice.
How are customer service and technical support?
Their support is very good. I've never had any issues with their support. I would say that we've been satisfied with their level of service.
Occasionally there may be a bit of a language issue based on where their support is located.
How was the initial setup?
The initial setup is pretty typical. It's like any firewall. As long as you've worked with next-gen firewalls, it's just a matter of getting your head around the interface. It's the same sort of thing from one firewall to the other. It's just a matter of learning how Palo Alto does stuff. Palo Alto as a system, for me, makes a whole lot of sense in the way that they treat things. It makes sense and is easy to figure out. That's unlike, for example, the Cisco firewalls that seem to do everything backwards and in a complicated way to me.
I haven't worked with enough Cisco due to the fact I don't really like the way they work. That isn't to say that Cisco firewalls are bad or anything. It's just that they don't operate the way I think. That might have changed since they acquired FireEye which they bought a couple of years back.
What's my experience with pricing, setup cost, and licensing?
I know the solution is not inexpensive. It depends on what you ultimately sign up for or whether you just want the warranty on the hardware.
What other advice do I have?
I'm not really a customer. I'm like a consultant. I'm an introduction expert. If I think a client needs a certain technology I point them in the direction of whoever sells it. I do go in and configure it, so I do have experience actually using the product.
When I'm looking for something, I just find someone that sells Palo Alto and I redirect the client towards them. I'm not interested in being in a hardware vendor. There's no money in it. There's so much competition out there with people selling hardware. It doesn't matter where the client gets it from.
We tend to use the 200-series models of the solution.
I'd rate the solution eight out of ten. They do a very good job. The product works well.