Palo Alto NG Firewalls Review

Protects your network against attacks and threats and enables you to know what's going on in your network from security perspective


What is our primary use case?

Upstream and data center NGFW.

How has it helped my organization?

Security, visibility and control, you can secure your environment from many types of attacks such as virus, malware, DoS attacks, intrusions, bad URLs, bad domains with basic DNS security which it an awesome feature.Visibility, that you will be aware of the is going on inside your network, such as malicious activities, decrypt the encrypted packets, as well as policy audit review.

This solution has really helped the technical engineers to deliver the implementation faster than the before.

What is most valuable?

All of the features are good. The new release of the new basic platform provides you with a huge number of features, such as policy review, DNS security, Machine learning, Network traffic profiling, Bare metal analysis

What needs improvement?

(Malware) On-prime scanning should be considered.

Endpoint management (traps) better to be on-prime than cloud.

QoS, It should be more sophisticated than it is now.

TAC support should cover meddle east area by Arabic support, such as in France, Germany, Italy and Japanese.



For how long have I used the solution?

I have been using the solution for more than nine years.

What do I think about the stability of the solution?

I like the stability of the solution. From a stability perspective, all of them are stable. Sometimes Cisco's older versions, maybe from two years ago, were not as stable. Now, Cisco has improved its firewall and security products.

What do I think about the scalability of the solution?

In terms of scalability, no security products are scalable to upgrade. Not ever. While assuming you are dealing with scalability, you have room to increase or to have room to expand, but actually, you don't because there is limited support. Even if you bring in the highest model, it's still limited.

How are customer service and technical support?

Their support is very limited. It's limited compared to the competitors. They need multi-language support. Now, they provide support in English only. 

If anyone in the Middle East opens a ticket, they have to do it in Arabic but they get support in English, not in Arabic. The communication between the technical people or the campus sites to the vendors now is in English.

How was the initial setup?

The initial setup was very easy. All the initial setups have become very easy. Before, the setup used to take a week to implement a firewall. Now it's a couple of minutes or one day maximum for fine-tuning. To fine-tune the firewall it can take one day, two days if you are junior. In terms of how many people you will need to deploy the solution, it depends because the firewall is not a straightforward technology like any security program. 

What about the implementation team?

We used on-site security advisors.

What was our ROI?

7 years

What's my experience with pricing, setup cost, and licensing?

In terms of pricing, every model has a license. For example a small model, the license around 1,000 USD. The next one around 2,000 USD. The next range is 11,000 USD to 13,000 USD. It's expensive compared to PaloAlto competitors.

Which other solutions did I evaluate?

Yes, was fortinet

What other advice do I have?

Palo Alto's firewall protects your network against attacks, threats, and many other things. Networking can be more advanced. You can upgrade the edition of Palo Alto. There's competition between Palo Alto and Fortinet firewalls. Most IT security people don't know which to pick. For a basic firewall, I recommend Fortinet because it has two or three basic firewalls. I personally need a data center firewall. Datacenter firewalls I would recommend FortiGate because of the support. It provides a high level of support.

The latest Palo Alto release has many new features. It can provide you with audits, and policy auditing for a policy review. This allows you to know what's going on inside the network from a quality perspective because sometimes you can create new policies - up to one million policies. You can choose policies, and sometimes you get something by mistake. It provides you with an ability to view or do a policy review or policy audit. This is a major feature. It's a very important feature because before it was impossible to bring the visibility to the policy audits to let me know what's going on inside my policies. Now Palo Alto has provided this feature. 

In terms of advice I'd give to someone considering this solution, I'd say they should read more before going to the implementation phase. They have to read the administrative guides, and product guides before going to implementation. They have to check the platform because different versions of the platform have some new features. The technical people have to review before going to implement it because sometimes they don't need to upgrade this platform or this version. It is not a stable version. You have to read more before going to do the implementation. Ask an advisor, the vendors or call Palo Alto. You can call them, they have great coverage in any country in the world. You can ask the technical engineers what is the best design, their recommended design.

I would rate this solution an eight out of 10. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest
Sign Up with Email