Palo Alto Networks Panorama Review

Provides a quicker response time to vulnerabilities and more visibility into traffic flows

What is our primary use case?

The primary use case is the centralized management of our firewalls.

How has it helped my organization?

It provides a quicker response time to vulnerabilities and more visibility into traffic flows.

I think it increases staff productivity.

What is most valuable?

Its automatability: You need it to automate things. We have used it for URL blocking. For example, if there is a threat out there, and we needed to immediately block a new malicious URL across a global enterprise, this is pretty difficult. With Panorama, we can automate this easily with their API. 

What needs improvement?

My pain point is the automation process is not well-documented. There are some things that they could improve on there.

If you go in the system to search for something, it is not intuitive. They could really improve that.

There is a concept of device groups and a concept of templates. The templates can allow for inheritance, but the device groups do not.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

It is fairly stable. We do pretty heavy bug testing. We have a rigorous code review process that we go through for each version. Therefore, stability is on the top of our list of things that we look at. So, I haven't ran into any issues where it's flaking out altogether. 

What do I think about the scalability of the solution?

It's fairly scalable. We probably have 12 to 16 of them spread across the globe to help with regional redundancy, because we don't want our firewall talking to Panorama across a slow land link. So, we've split them out globally, but it seems pretty scalable.

How are customer service and technical support?

The technical support is pretty good. We do have a resident engineer from Palo Alto who sits right next to me. 

How was the initial setup?

The initial setup is easy, but I have done it like a thousand times before with a bunch of other products. The product is not much different than anything else.

What about the implementation team?

We outsource a lot of our boots on the ground, which is actually a lot by design. With every company, when you have two different organizations working together, there is always a little bit of tension. They don't have the same reporting structure, but everything went out smoothly. 

Typically, I'll design the solution, then I'll have somebody else implement it. This is sort of how it works for everything.

What was our ROI?

With the URL filtering, we probably went down from around four hours in response time to about five minutes.

What's my experience with pricing, setup cost, and licensing?

The licensing is not cheap. There are always hidden costs. You have support costs, or maybe you need to buy more optics on how the solution fits into the rest of your environment. It is possible some of the rest of your environment will need to change too.

Which other solutions did I evaluate?

I think we're getting AlgoSac, which is another firewall automation tool. However, I wasn't involved with the decision for that one so I'm not too sure on the specifics, but I know we are going with them.

What other advice do I have?

If you are looking at getting a Palo Alto firewall, then you should probably at least look into Panorama. Because if you start out just putting in firewalls and you don't have this, you will be kicking yourself that you didn't have this from day one. 

If you have just one firewall out there, maybe you don't need it. However, if you have two or three, then you should probably get it to be in front of a lot of the features which you will want eventually.

It is pretty solid product. Our security program is fairly immature compared to other enterprises, and this product has definitely helped us lock down things.

We have a rigorous code review process. Therefore, we are always back a bunch of versions. If the latest version came out today with new features on it, we probably wouldn't get to that for quite a while.

There are only certain things that you can do within the Panorama solution.

Which version of this solution are you currently using?

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More Palo Alto Networks Panorama reviews from users
...who work at a Financial Services Firm
...who compared it with FireMon
Learn what your peers think about Palo Alto Networks Panorama. Get advice and tips from experienced pros sharing their opinions. Updated: June 2021.
511,773 professionals have used our research since 2012.
Add a Comment
ITCS user