Most Helpful Review
In the newer version, there are 3850s, all of them are scalable. They fit better into the medium or small businesses.
They now know the details about their network traffic that they did not know before: Applications that they are using and some application they did not know they were using.
We have reduced the number of configuration lines by 90%. We need fewer number of admins right now because of it.
It has a very friendly interface like the Cyberoam iNG units, it has customizable policies, it has proper templates that you can even modify, and you can customize the rules, down to each single user.
The dashboard is customizable as well. It gives you the feature of including what you need to see as soon as you open the dashboard and to remove the non-necessary stuff, which varies from one organization to the next and from one IT manager to the next. And it has a wide variety of reports as well, template and customizable reports.
Valuable features include: the ease of setting up the VPN connection; the fact they have the cloud management option, so I can manage the firewall on a cloud platform from anywhere I am; the user interface is very user-friendly, so it's very easy for the administrator to make any policy changes.
The most valuable feature, according to the setup we have at our work place here, is the flexibility of the system or the firmware that's running the appliance. It's so flexible, performing multiple rules with different configurations. According to the set up here, we need to implement several firewalls with different access levels, because we have a variety of users. For this requirement, it's very flexible and very easy to use.
My clients gain efficiency in protecting against attacks from malware such as ransomware and hacker attacks. It also provides them efficient internet access control, and full visibility of ports, applications, and websites.
From time to time, they have released some content updates that have some issues, maybe twice a year.
There are various reports that come with the box or with the VMware, but you can only run them daily.
Let's say I set up a rule to block users from accessing YouTube or Facebook. The rule will only block the HTTP traffic, which is non-secure traffic... The problem comes when you are trying to block, or allow, similar traffic that uses HTTPS. You have to create a certificate and import it into the users' web browsers, whatever they are using... The problem occurs when you're dealing with roaming users who use laptops and have to move between different sites that have different types of policies applied to them. You have to import all sorts of certificates from each site into their browser. Doing so will most probably conflict with something else that is totally irrelevant and cause a problem.
Since Sophos took over Cyberoam, the online technical library and support library have become super messy. To get a piece of information is becoming a nightmare. They need to reorganize the online technical support and technical library.
I would like the update process to be easier, to update the firmware of the boxes. I think it's much better automatically than having to do it manually: Download the file, do network discovery. I they can make the update process much more automatic that would help.
It is performing well. However, the only challenges that we are facing are the effectiveness with blocking the proxy and tuneling applications, aside from proxy and similar applications. So the application filter on the product is not really performing 100%. Every now and then there are some updates that are happening on such applications, and it takes time until it gets the appropriate updates and becomes capable of capturing such applications and blocking them. A new feature I would really like to see would be some sort of an enhanced application filter with greater efficiency when it comes to the applications that can bypass firewall policies. These applications are really a nightmare. Once they are on the network and not detected, or the appliance is not really successful in capturing them and unblocking them, the bandwidth gets wasted all the time.
Scalability it is a bit limited. We did a sizing exercise before the purchase. But that was just to fit our current needs. There was no room for having an option to upgrade the device. The only option that we have if we are grow in the near future, is to go for another model with higher specs, which is actually more expensive. In other words it doesn't have that modularity .
Pricing and Cost Advice
I know Palo Alto is not cheap. They have been telling me, the members of the finance team, it is not a cheap solution. It is a solution whose target is that no matter how big your organization is, small, medium, or large, it is about the maturity of your security team or infrastructure team whom you want to work with.
It is a little bit of crazy if you compare it to Vanguard, Sophos, or even Cisco. The newest version of Cisco, the Next-Generation Firewall of Cisco, is less expensive than Palo Alto. It is more comparable to Check Point.
For licensing, It depends how they want to use the firewall. The firewall can be used only for IPS purposes. If you only want that firewall IPSs, you will only need a license that is called threat prevention. That license, threat prevention, includes vulnerabilities, antivirus signatures and one additional measure (that I can't remember), but it includes three measures and security updates.
The box, if you do not want to buy the threat prevention license in the box, you can buy it only with the support license. It is for the support of the hardware. It works like a simple firewall. It integrates what it calls user IDs and application IDs. If you do not buy any other license, only the firewall, Palo Alto will also help you improve a lot of your security.
When you have a client compare box against box, a lot of times Palo Alto is a bit more expensive, but its network firewalls have a very rich ratio.
Information Not Available
Compared 25% of the time.
Compared 14% of the time.
See more Palo Alto Networks VM-Series competitors »
Compared 9% of the time.
Compared 18% of the time.
Compared 15% of the time.
See more Sophos XG competitors »
Compared 14% of the time.
|Website/Video||Palo Alto Networks||Sophos|
The VM-Series is a virtualized form factor of our next-generation firewall that can be deployed in a range of private and public cloud computing environments based on technologies from VMware, Amazon Web Services, Microsoft, Citrix and KVM.
The VM-Series natively analyzes all traffic in a single pass to determine the application identity, the content within, and the user identity. These core elements of your business can then be used as integral components of your security policy, enabling you to improve your security efficacy through a positive control model and reduce your incident response time though complete visibility into applications across all ports.
In both private and public cloud environments, the VM-Series can be deployed as a perimeter gateway, an IPsec VPN termination point, and a segmentation gateway, protecting your workloads with application enablement and threat prevention policies.
Sophos XG Firewall is next gen firewall that is optimized for today’s business, delivering all the protection and insights you need in a single, powerful appliance that’s easy to manage.
Learn more about Palo Alto Networks VM-Series
Learn more about Sophos XG
|Sample Customers||Warren Rogers Associates|
Information Not Available
No Data Available
VISITORS READING REVIEWS