We primarily use the solution for automation purposes and for security.
Fortinet FortiPortal Competitors and Alternatives
Read reviews of Fortinet FortiPortal competitors and alternatives
Flexible, scalable and very user friendly
Pros and Cons
- "You don't need an overly experienced workforce to handle Palo Alto. It's very easy to use."
- "They need to do less bug-related releases and create versions that are stable for at least six months at a time. I don't find this issue in other solutions like Cisco, Check Point, FortiGate, or others. Those just provide a patch if there is a bug and we don't have to worry about downtime."
What is our primary use case?
What is most valuable?
The underlying technology is very good, considering that we are moving to a work-from-home environment.
Panorama is a straightforward tool. Palo Alto is comparative to other firewalls. Some firewall tools are more user friendly, and, from a technical perspective, it is very user friendly as well. It's not like Check Point. We use a setup for offshore development centers. For all those ODCs, we usually use a Palo Alto device. We have few perimeter firewalls which are Palo Alto but for the perimeter predominantly we use Check Point.
You don't need an overly experienced workforce to handle Palo Alto. It's very easy to use.
The solution if extremely flexible and scalable.
What needs improvement?
There are too many OS upgrades. We've had six new versions in the past six months. Even if they are updating it to fix bugs, it's hard to keep pace with the change when you have 800 or more Palo Alto devices that you now need to update and upgrade.
We try to follow version minus one or two for security reasons. To keep pace with the changes, it takes us nearly six months as we have to check with the business, arrange downtime, and count and cover all devices.
These upgrades aren't just little fixes either. Whenever there is a new release, it requires an OS upgrade. It would be nice if there was some automation on the upgrades of the devices.
They need to do less bug-related releases and create versions that are stable for at least six months at a time. I don't find this issue in other solutions like Cisco, Check Point, FortiGate, or others. Those just provide a patch if there is a bug and we don't have to worry about downtime.
For how long have I used the solution?
We've been using the solution for close to seven years at this point. It's definitely been about six years.
What do I think about the stability of the solution?
The solution is very, very stable. There aren't too many issues on it once you get it up and running. We consider it reliable.
What do I think about the scalability of the solution?
The solution is very scalable. If a company needs to expand its services, it can do so rather easily.
We have different businesses running inside the organization. We have close to 800 devices, so it means about 800 different projects are using those devices. Each project has a firewall, so most of these, 80%, are on Palo Alto.
Which solution did I use previously and why did I switch?
We use Check Point as well, however, we don't really like it as much. It's not as user friendly.
Prior to this solution, we were using the ASA products and then Check Point. Check Point is a little complicated. I can use Check Point on my perimeter firewall, but not on my overseas businesses. That's what makes Palo Alto is more user friendly. I can use the GUI to do everything due to the fact that I don't need a skilled person to work on the Palo Alto. On Check Point, I have to go to CLA and do all the changes.
It's easy to upgrade or to do anything with the Palo Alto. Technically it's quite sound. It's dynamic, scalable, and there's a lot of things that can be done easily. Plus, I don't need an extremely experienced person to work on Palo Alto. Anybody with two or three years of experience can easily work on a Palo Alto device.
How was the initial setup?
The initial setup is not complex. It's pretty straightforward.
The deployment is easy and uncomplicated. It takes about an hour or so, if not less than an hour. It's pretty quick.
However, we have 800 or more devices. It takes about six months to deploy everything, especially if I have to do everything manually.
We have eight to ten people who manage deployment and maintenance.
What about the implementation team?
We haven't used an integrator or reseller. We handled the implementation ourselves in-house.
What's my experience with pricing, setup cost, and licensing?
In terms of licensing for Panorama and Palo Alto products, we have only the DMC cost and we are billed every year.
It's not overly expensive. It is comparatively okay if you look at other devices. Compared to the top three devices, pricing is okay due to the fact that you have multiple vendors who are selling firewalls and competing with each other for the same clients.
What other advice do I have?
We're just a customer. We don't have a business relationship with the company.
We have multiple variants of the solution's model. Currently, we are using 8.1.15-H. We also have some virtual firewalls that are recently in Tokyo. We are using close to around 800+ Palo Alto firewalls.
We're currently developing our virtual firewalls and have them in different locations.
It is not just Palo Alto. We have other devices as well, so we have close to around 1300 plus firewall devices.
I would recommend the solution to others.
I'd rate the solution eight out of ten. If you need a perimeter type of device, Check Point may be a better option. However, for my businesses, I would choose Palo Alto due to its scalability and user-friendliness. It also has great security features. That said, if it didn't release so many new updates, I would rate it higher, simply due to the fact that so many upgrades requires a lot of work on our part.
Disclosure: I am a real user, and this review is based on my own experience and opinions.