Palo Alto Networks NG Firewalls Review

Provides us with Zero Trust segmentation and an easy-to-use centralized control

What is our primary use case?

We use this solution for Zero Trust Data Center Segmentation with layer 2 Palo Alto firewalls. Segmentation has allowed us to put servers into Zones based off VLAN tags applied at the Nutanix level and can change "personalities" with the change of a VLAN tag. Palo Alto calls the "Layer 2 rewrite". By default, all traffic runs through a pair of 5000 series PAs and nothing is trusted. All North and South, East and West traffic is untrusted. No traffic is passed unless it matched a rule in the firewalls. There is a lot of upfront work to get this solution to work but once implemented adds/moves/changes are easy.

How has it helped my organization?

This solution not only provides better security than flat VLAN segments but allows easy movement throughout the lifecycle of the server.

What is most valuable?

The most valuable feature is the ease of use of the central Panorama to control all firewalls as one unit for baseline rules and then treat each firewall separately when needed.

What needs improvement?

I wish that the Palos had better system logging for the hardware itself.

For how long have I used the solution?

We have been using this solution for four years.

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More Palo Alto Networks NG Firewalls reviews from users
...who work at a Financial Services Firm
...who compared it with Check Point NGFW
Add a Comment