Palo Alto NG Firewalls Review

Country blocking, URL filtering, reporting, and visibility help to enforce our acceptable use policies


What is our primary use case?

I use the PA-220 to protect the LAN at my small-ish (about twenty people) office. We have several remote users who use the GlobalProtect VPN. As we move into a data center for hosting, I'll buy a second PA-220 to set up a site-to-site VPN. We also have a VM-50 for internal testing and lab use. 

How has it helped my organization?

I'm writing this review because it's a great product and I think it's ranked much too low on the review ratings. One of the things I really like about it is that we have the same features and functions available on the entry-level device (PA-220), as do large corporations with much more costly appliances.

With all the bells and whistles turned on, I can block access to websites based on their location (country), content, or other criteria. The reporting is really useful and shows me the most frequently used applications, and provides me with great visibility as to what my network users are doing on the internet. With this firewall in place, I can finally enforce the variety of acceptable use policies which have existed only on paper. 

What is most valuable?

The most valuable features are blocking traffic by country, and URL filtering to improve policy compliance and our overall cybersecurity posture. The ad blocker is also pretty handy. Moreover, the VPN client has turned out to be more useful than I initially thought, and the users love the 'one-click' connect. 

What needs improvement?

The initial configuration is complicated to set up. You really have to know what you're doing. I attribute that to all of the features and functions that are built into the product. Luckily, Palo Alto has a great support site and you can find contractors who are knowledgeable in the technology.

For how long have I used the solution?

One year.

How are customer service and technical support?

Technical support for this solution is great.

If you previously used a different solution, which one did you use and why did you switch?

Previously we used a pfSense firewall. I was very unhappy with it, as it had a limited feature set and was not intuitive to configure. 

How was the initial setup?

The initial setup is complex, due to all the features offered. You really have to know what you're doing.

What about the implementation team?

Implemented through a vendor who was knowledgeable with the product. It took at least a few months of tweaking before we got the firewall to the point it's currently at. 

What's my experience with pricing, setup cost, and licensing?

It will be worth your time to hire a contractor to set it up and configure it for you, especially if you are not very knowledgeable with PA firewalls. 

Which other solutions did I evaluate?

We looked at Cisco Meraki, but I wasn't really all that happy with it. 

What other advice do I have?

I've used it and I'm very happy. Frankly, I think this site under-rates the technology, as it should be in at least the top three.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest
Sign Up with Email