Palo Alto Networks VM-Series Review

App-ID and User-ID have repeatedly shown value in securing business critical systems, but we have run into issues with the antivirus interfering with App-ID

What is our primary use case?

We use this as our primary security barrier between trusted and untrusted zones.

How has it helped my organization?

App-ID and User-ID have repeatedly shown value in securing business critical systems.

What is most valuable?

In AWS, Palo Alto provides us a better view than flow logs for network traffic.

What needs improvement?

We have ran into issues with Palo Alto’s limitations for resolving large IP lists from DNS lookups, as well as the antivirus interfering with App-ID.

I would like to see a more thorough QA process. We have had some difficulties from bugs in releases.

I see more improvements needed from AWS than from Palo Alto on the VM-Series, namely a design centered on NGFW.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

We are typically at only about eight to ten percent load.

What do I think about the scalability of the solution?

The limit of the product is based on resources that we can obtain from AWS. We have approximately 3500 users and 200 servers leveraging the Palo Alto product.

What's my experience with pricing, setup cost, and licensing?

We used BYOL, because of the cost to own.

We procure the solution through AWS Marketplace because previous experience with their physical appliances.

The pricing and licensing of this product on AWS for a three-year commitment is a great deal, if you can plan that far ahead.

What other advice do I have?

It is a good product, but there is room for improvement.

We use this with Microsoft AD, N2WS, IIS, MySQL, MS SQL, and a number of proprietary applications.

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More Palo Alto Networks VM-Series reviews from users
...who work at a Financial Services Firm
...who compared it with Check Point NGFW
Add a Comment