Palo Alto NG Firewalls Review

Improved traffic visibility and management after replacing our open-source solution


What is our primary use case?

We use this solution for WAN routing, NAT, VPN tunnels, granular security policies, URL filtering, antivirus, threat prevention, sandboxing, decryption, high availability, and reporting.

How has it helped my organization?

Palo Alto has improved traffic visibility, and the ability to manage it. With Palo Alto, we have more flexibility and our network is more secure. With our High availability pair, we have had no downtime for several years, since it was first put it in production. We have even changed boxes for new models during this time.

What is most valuable?

Palo Alto is easy to use, feature-rich, and it has good technical support. You can fetch users, so you have visibility by username, IP address, destination, application, and you can even define a custom application.

In the GUI, you can easily find blocked traffic and the reason for it.

What needs improvement?

The only thing that is a little strange is in Policy-Based Forwarding. When you delete and add a new rule, because of the one hundred rule limit, if the new rule has an ID that is greater than one hundred, even though you have fewer than that, it will not work. The same thing happens when you are renaming a rule. The new rule will have a new ID, so it is possible for it to be greater than one hundred. This can be easily fixed by using one command from CLI, but you have to be aware of it.

For how long have I used the solution?

Six years.

How are customer service and technical support?

The technical support for this solution is good.

If you previously used a different solution, which one did you use and why did you switch?

Our previous solution was open source, and not so easy to manage. We had a Linux Iptables firewall, Squid + DansGuardian proxy, and an OpenVPN server. We replaced all of these solutions with Palo Alto.

What's my experience with pricing, setup cost, and licensing?

If you have some network experience then you can set it up on your own, with no setup costs. Don't buy a device with more power than you really need, because licensing depends on the cost of the box you have.

Which other solutions did I evaluate?

We evaluated Sophos, SonicWall, and Fortinet.

What other advice do I have?

PA is a product that continuously improves, so, I have nothing to add in terms of features.

My advice is not to look for a cheaper solution, as the price/performance ratio on Palo Alto is great.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest
Sign Up with Email