What is our primary use case?
We are a service provider and I work on both shared firewall and dedicated firewall solutions for our customers. The primary focus is firewall threat protection. The rest of the features are used, albeit not too much. At this moment, it is not an overly complicated or advanced solution.
What is most valuable?
What I like about the VM-Series is that you can launch them in a very short time. You don't have to wait for the hardware to route for them to be staged and installed. From that perspective, it's easy to launch and it's good because it is more scalable.
The product is quite responsive.
What needs improvement?
The one issue that I didn't like is that the SNMP integration with interfaces didn't record the interface counters. It seems that you really need to upgrade to the very latest version, whereas the physical one has worked for ages now. I think that it narrowly affects the Azure deployment because I remember that we were using the VMware solution before, and we didn't have such issues.
I think that the most important point for Palo Alto is to be as consistent and compatible as possible. It should be compliant such that all of the features are consistently available between the physical and virtualized deployments.
It is not always easy to integrate Palo Alto into the network management system. This is significant because you want to compare what your network management system is giving you to what Palo Alto is giving you. Perhaps in the GUI, they can allow for being able to monitor the interface traffic statistics.
The other things are pretty much great with traffic calls and sessions, but just being able to look at it on an interface physical level, would either avoid using the monitoring integration by SNMP or would create a reference, a baseline check. This would allow you to see whether your network monitoring system or tool is actually giving you correct traffic figures. You need traffic figures for being able to recognize trends and plan the capacity.
For how long have I used the solution?
I have been using the VM-Series for almost five years, since 2016.
What do I think about the stability of the solution?
We have not had trouble with bugs or glitches.
What do I think about the scalability of the solution?
The scalability is good. We haven't experienced any constraint limitations for scaling.
How are customer service and technical support?
I have been in contact with technical support and I find them to be quite good.
Which solution did I use previously and why did I switch?
In my previous work, I dealt with both physical and virtual systems. However, currently, I am only working on virtual solutions.
How was the initial setup?
I have found the initial setup to be okay. But, then again, I have been using Palo Alto firewalls since 2014, so it's hard for me to say if it is difficult to become familiar with or not.
What about the implementation team?
Our in-house team is responsible for maintenance. We usually have three people who are able to work on it and do so from time to time, depending on the requirement.
What other advice do I have?
I don't have too many complaints as I compare the virtualized version to the physical one. Perhaps I haven't noticed any issues because we use the proper hardware, and it was strong enough to carry the workload and remain quite responsive.
My advice for anybody who is implementing the VM-Series is to be very well prepared and test it in advance. Make sure to scope it and understand the performance implications. Also, be sure that the core features are understood and are supported on the VM. Then, test it before implementation or migration.
This is a very good product but I can't rate it as perfect because there are these little issues that are pretty common and you expect things to work, but they don't because of some incompatibilities. I think there was also some limitation on how you can do the high availability on virtualized power, in Azure in particular. If these common features were consistently working on both physical and virtual deployments then I would probably rate it a ten out of ten.
As it is now, I would rate this solution a nine out of ten.
Which deployment model are you using for this solution?