Palo Alto Networks NG Firewalls Reviews

We primarily use the solution for traditional firewalling. We use it for VPN connections -  especially now that people are doing work from home. This solution is our VPN gateway.

The solution has a lot more features than other firewall solutions, including Cisco, which we also use. It's very rich. There's so much there and we don't use a lot of it, although it is nice to have the option.

The solution itself is very user-friendly and quite easy to use.

You just need a web browser to manage it, unlike Cisco, which requires another management system.

The solution is quite stable.

The initial setup is pretty straightforward.

The scalability is limited and depends on the size of the firewall that you will buy. 

The solution is very expensive. There are cheaper options on the market.

I've been using the solution for three years at this point. It's been a while. I have some good experience with it at this point.

The solution has proven itself to be quite stable. There are no bugs or glitches. It doesn't crash or freeze. It's reliable in terms of performance.

The solution can only scale according to the sizing that a company has purchased. It depends on the size of the firewall that you will buy. For example, right now, we have this firewall with 24, which means our scalability is limited to 24.

They do have higher-end models for companies that have planned for bigger deployments.

At this point, we have about 200 users and three admins.

We're happy to use it for our perimeter firewall and so we are not planning to change it anytime soon.

Technical support is okay. We have local vendor support. Whenever we have an issue, we contact them and they help us open a ticket with Palo Alto.

We use both Palo Alto and Cisco as our firewalls. We use them both at the same time.

The initial setup has the same amount of difficulty as, for example, a Cisco setup. Regardless of if it's Cisco or Palo Alto, it will all the same level of effort. However, the use cases will be different from one another.

That said, the whole process is pretty straightforward.

We have three admins on our team that can handle setup and maintenance responsibilities. 

The price of the solution is quite high, especially if you compare it to Cisco or Juniper.

The solution is subscription-based. Users can pay monthly or yearly. We pay on a yearly basis.

We are Palo Alto customers and end-users. We don't have a business relationship with the company.

We work with the 3000-series and tend to use the latest version of the product.

I would recommend the solution to other organizations if their budget supported buying it. Cost-wise, they are on the high side. 

Overall, on a scale from one to ten, I'd rate the solution at an eight. We've largely been satisfied with its capabilities. 

We use the firewall for securing the data center. We have designed it to be a two-stage firewall. We have a perimeter firewall which is not Palo Alto, and then the Palo Alto firewall which is acting as a data center firewall. We are securing our internal network, so we have created different security zones. And we assign each zone a particular task.

We have found the application control to be the most valuable feature. Also, Layer 7, because all other products are working up to the maximum capacity. But Palo Alto is benefiting us, especially in application control management. We are able to differentiate between Oracle traffic and SQL traffic.

The solution needs some management tool enhancements. It could also use more reporting tools. And if the solution could enhance the VPN capabilities, that would be good.

The solution is very stable, but I think the local providers have no sufficient products. We are looking for more support. 

The solution is very scalable. We are trying to increase usage. We are planning already to increase our internet center. We are planning to extend our users to around 1,500. Currently, we have about 700 users.

The local consultant support needs some improvement. External support is sufficient for us.

The initial setup was easy for us to implement.

We used a consultant for the deployment portion.

I would rate this solution 7 out of 10.

The primary use for this product is for security as a firewall by a sales engineer for the guest environment.

It allowed us to evaluate traffic in the customer environment by providing detailed reporting on the traffic and applications.

The WildFire feature is one of the best features in this firewall. WildFire extends the capabilities of Palo Alto firewalls to block malware. The best feature for the reseller is Service Lifecycle Reviewer, SLR. You deploy Palo Alto Network Firewall to the customer environment and it collects data about customer environment, customer traffic. After a week, Palo Alto generates a report to review the traffic. The report tells what applications were touched and how users used these applications in the environment, as well as additional details. So for resellers, you just go to the customer, deploy the Palo Alto in the basic mode so the customer doesn't need to customize anything in their environment because Palo Alto works to meter traffic out of the box.

Of course, the reports register app ID, user ID, the space of the app IDs, the database of these app IDs and other common data. It is a great feature in the Palo Alto product.

The manufacturer can improve the product by improving the configuration. Some of the menus are difficult to navigate when trying to find particular features. It is not entirely intuitive or convenient. You might need to configure a feature in one menu and next you need to go to another tab and configure another part of the feature in another tab. It's not very user-friendly in that way. On the other hand, it's still more user-friendly than using the console. But this is certainly one feature they can improve.

It's a great firewall, really one of the best in the market. It is one of few firewalls that can claim to be better than Cisco. It functions well, is very stable, and its reputation is known in the market.

I think that the product is very customizable. If you don't need to protect a lot of assets, you can buy a small firewall at a low price for small needs, but if you need you can buy a bigger solution with more features. Scalability is very easy with Palo Alto Networks.

Actually, I have moved away from using this product because of changes in duties.

Installation is really very straightforward. You just need to plug it in and connect to the environment and that's all. Deployment time depends on the size of the environment and customer needs. Some customers just need two or three policies and that's all. But some customers need more policies designed to cover the needs of specific departments. So deployment depends on the size of your environment. If it's a small company, it's not very hard to deploy the main features of Palo Alto, it may take an hour but not more than a day. It depends on the customer needs and size of the environment.

I work as the system integrator, so I install instances of Palo Alto myself. It was the first security product that I learned to work with.

It is our main firewall. It has performed well. It meets our expectations.

It has the typical features of a next-generation firewall. It can do application control, antivirus, content filtering, etc. And in terms of performance, the value for money of the model that we bought is sufficient for our size.

I would like to see more in terms of reporting tools and the threat analysis capabilities.

It's very stable.

For our current size and our projected growth, it is sufficient. We are expecting to grow to about 1000 users. This is the type of bandwidth we need, based on our typical usage. The specific model we bought can scale up to that number. We built in that room for growth.

In addition, we can expand the scope not just as a firewall but also by doing some sandboxing and through integration with endpoint security solutions.

I don't believe we have used any support directly from Palo Alto itself because we bought it through a local reseller. We engaged them to help us configure it and to put up some of the firewall rules that we need. So we work with a local vendor.

We had another box before and it wasn't a next-generation firewall. We needed to change to a next-generation firewall so we compared a few of the top players in the market and Palo Alto was the right one, in terms of the features that we need.

We were using an outdated firewall and, because of the growing threats, things were getting through. We were not able to filter some of the traffic the way we wanted. It was high time that we went with a next-generation firewall.

In terms of a vendor, in my case, I was referred to the local vendor, the one that we would be deploying and working with on the implementation. We definitely look for the competency, their knowledge of the subject matter, in this case, firewall technology, networks, etc., and their knowledge of the product. And, of course, the other factor is their commitment and their value-added solutions because sometimes we need them to go beyond to address a certain problem that we may have.

I don't think setup is that complicated. There was just a bit of a learning curve because none of us had any experience with Palo Alto. But we know firewalls and it worked. It wasn't that difficult.

We called in proposals for different products, bigger players, like Check Point, Fortinet, Cisco. We set the criteria we need and had them make proposals. We found, based on the submissions, that Palo Alto seemed to be the one that had the most complete solution. We did a proof of concept to prove that whatever they said they can do, they can do. Once we passed that stage we proceeded with the purchase of the Palo Alto unit.

It came down to the technical evaluation we did. They did well in terms of performance. In addition, we liked the support terms that were proposed by the reseller. We also looked at certifications and reviews, at the NSS Labs reports, and other industry ratings. Palo Alto seemed to be up there. Also, looking toward the future, we can actually subscribe to sandboxing services in the cloud. There are also options for us to integrate with endpoint security solutions.

List your requirements, give them the proper weighting, and look at what future options are available if you stick with the solution. Then do your evaluation. And don't forget the vendor, the local support, their competency and their commitment. You can have the best product in the world but if you don't get the right person to support you, it's a waste. You would probably better off with a second- or a third-tier product if you have an excellent, competent, and committed vendor to support you.

I would rate Palo Alto at eight out of 10 because of the performance, the security features, and policy management, the reporting capabilities, and the optional upgrades or extensions that we can do, like sandboxing. It also offers an option for our integration with our endpoint security.

We are going to revamp our endpoint security architecture. One of the options we're looking at is how we can integrate that with solutions from Palo Alto, because then we can have a more consolidated view, instead of using a third-party solution as the endpoint security. Finally, the local support is important.

I am a reseller of Palo Alto Networks.

The solution is user-friendly. It's secure and easy to understand your network visibility, control the network, and prevent attacks.

The pricing could be improved. They need to work on the setup over the firewall, VLAN, and PPPoE.

It's stable.

It's scalable.

I seldom call technical support because it's easy to understand and configure the solution.

It could be less expensive.

I would rate this solution 9 out of 10.

If you want to have a secure network, use Palo Alto. 

It is used for protection against attacks and it is very fast and reliable. We have a lot of use cases for it.

We are an implementation partner for Palo Alto. One of the companies we implemented its Next-Generation Firewalls for was previously using Barracuda. A ransomware attack happened and they lost all their backup data, and their configuration. Once we implemented Palo Alto for them, there were similar attacks but they were blocked.

Along with Prisma, it helps in preventing a lot of attacks, especially Zero-day attacks.

The sandboxing is valuable and they are frequently updating their signature database. We get new updates every five minutes. That makes it easy to detect new and unknown attacks.

The configuration part could be improved. It's very difficult to configure. It doesn't have a user-friendly interface. You have to know Palo Alto deeply to use it.

Also, it doesn't support open-source protocols like EIGRP. We had to find another solution for that.

I've been using Palo Alto Networks NG Firewalls for the last six years.

Palo Alto suggests version 9.1.7 for stability. When new features come out, things are not as stable.

It's scalable. I recommend it for its scalability.

We generally deploy these firewalls into larger environments, but the PA-400 series is affordable.

There are problems with the technical support. When we are facing an attack, it's very difficult to get a hold of people from the TAC. It's not like Cisco, especially in India. There are very few members of Palo Alto TAC in India. Sometimes we get support from people in other countries.

Neutral

The initial deployment of these firewalls is very complex. The registration is a very difficult task. You have to go to the partner portal to register and it's not user-friendly. All the other solutions are not like that. With Juniper, for example, it's very easy to handle their portal.

The deployment time depends on the customer environment but it normally takes around three weeks. Our implementation strategy is to first understand the network we are dealing with and how we can deploy Palo Alto.

The pricing for Palo Alto is very high. The price difference with other vendors is huge because Palo Alto has been the market leader for the last five or six years, and they have a reliable product. Everybody knows Palo Alto, like Cisco routing and switching. It's likely that only enterprise-level customers can afford this kind of firewall.

Palos Alto's firewalls have machine learning software and sandboxing. Everything is one step ahead of all the competitors.

Still, almost all vendors provide the same things. They call their technologies by different names, but that's the only big difference in features.

According to the industry reviews Palo Alto has been the market leader for the last five or six years. They have better technology and the hardware is also good. It's the pricing and user interface where there are issues. Apart from them, everything is fine.

We mainly use it for perimeter protection between the internet and the local network. We are using it for application control. We exploit the applications with some policies about how the network traffic is going to be from the local LAN to the external network and vice versa. We are protecting our network from outsiders and stopping them from getting into the network.

I love the Policy Optimizer feature. I am also completely happy with its stability.

Its reporting can definitely be improved. I would like to have better graphical dashboards and more widgets for more clarity in the reporting area. In a third-generation firewall, you can generate some dashboards. It provides the information that we need, but from the C-level or a higher-level perspective, it is kind of rough and incomplete.

Its data loss prevention (DLP) feature is not good enough. Currently, this feature is very basic and not suitable for enterprises. It would be nice if they can include a better DLP feature like Fortinet.

We would like to have a local depot of Palo Alto in Latin America. Competitors such as Cisco and Check Point have a local depot here. If there is an issue with their hardware, you can go to the depot, and in about four hours, you can get a replacement device, but that's not the case with Palo Alto Networks because we need to import from Miami. It takes about two to three weeks.

I have been using this solution for about three years.

I am completely happy with its stability. I have no issues with its stability.

I don't need more scalability. I can use the new features without changing the hardware. The features are completely inside the hardware, so I have no issue with the scalability. Most of our customers are big businesses.

I didn't have a very complex call with their technical support.

It depends. It can be complex when we are replacing a solution with Palo Alto Networks and the customer doesn't know how the policy is going to be implemented in the solution. If that is not the case and it is a clean installation, it is very straightforward. It is not at all complex.

The deployment generally takes a whole week. This includes the planning stage and doing the initial setup. It takes about two days to set up a device, power it on, and turn on the policies.

It is an expensive solution.

Our clients compare it with Check Point. Palo Alto Network has the application granularity. It enables you to handle the applications, policies, and Policy Optimizer. There is no need for splitting the management plane and the processing plane. In Check Point, you need two devices. You need one device for the management and one for the gateway. Palo Alto has both in one, which is a good feature.

Check Point is a kind of cheaper solution, and we can deploy that application on open servers. The open servers option in Check Point has a huge cost-saving. In terms of performance, I will always choose Palo Alto Network because its IPS feature is superior to Check Point. It is much better than Check Point.

First of all, I would say that the engineer who is going to deploy the solution has to know how the network policy is going to be introduced into the firewall. It is very important for deployment because it is a new concept that Palo Alto introduced in the market. The second thing is to know the policies, not on the layer-4 basis, but in terms of policies, such as SMB, DSTP, and other such things.

I would rate Palo Alto Networks NG Firewalls a nine out of ten.

The solution can be used in the data center it can be used as perimeter firewalls and gateways as well. It can be used anywhere. From the systems side, the data center side, or I typically recommend that it be deployed in a VM, as it may be able to see the internet traffic and specifically it would basically look into the details of a virtualized environment as well.

It's a next-generation firewall and it's pretty stable. You don't have to worry about if you restart it for some maintenance. It will just come back. Basically, it would come back in a straightforward manner. There are no stability issues.

The one thing that I like about Palo Alto is it's throughput is pretty straightforward. It supports bandwidth and offers throughput for the firewall.  The throughput basically decreases.

Palo Alto actually provides two throughput values. One is for firewall throughput and other is with all features. Whether you use one or all features, its throughput will be the same.

It's performance is better than other firewalls. That is due to the fact that it is based on SPD architecture, not FX. It basically provides you with the SB3 technology, a single path parallel processing. What other brands do is they have multiple engines, like an application engine and IPS engine and other even outside management engines. This isn't like that.

With other solutions, the traffic basically passes from those firewalls one after the other engine. In Palo Alto networks, the traffic basically passes simultaneously on all the engines. It basically improves the throughput and performance of the firewall. There's no reconfiguration required.

Palo Alto has all the features that any firewall should have. Other firewalls should actually copy Palo Alto so that they can provide better stability, performance, and protection - at levels that are at least at Palo-Alto's.

This isn't necessarily an issue with the product per se, however, sometimes basically there are some features, depending on the customer environment, do not work as well. Sometimes some of the applications the customer has do not respond as they normally should. Palo Alto support needs to understand the customer requirements and details so that they can resolve customer queries more effectively.

I've been using the solution for the past six years at this point.

The solution offers very good stability. I don't have issues with bugs or glitches. It's reliable.

We have a variety of customers ad they all have a different amount of users. Some have 50 users. Some have 100 users. Some have 1,000 users as well. It varies quite a bit. In that sense, it scales to meet the customer's needs.

I've dealt with technical support in the past. Sometimes it is good and sometimes it's not as good. It depends on the complexity of the deployment. Overall, however, I would say that I have been satisfied with the level of service provided.

There are multiple products from different vendors, and I basically deploy different firewalls from different vendors for the customers based on their needs. The solutions I work with include Cisco, Fortinet, and WatchGuard. There are a few others as well.

The initial setup isn't too complex. It's pretty straightforward.

The deployment time basically depends on the deployment model. If it's a VMware model, it's pretty straightforward and you can basically deploy it in half an hour to one hour.

If it is in another deployment model, for example, if it's in Layer 3, it depends on the subnet environment, how many subnets they have, or how the traffic is routing from one end to the other end, etc. 

I'm involved in system integration, so I basically deploy and manage the solution for the other customers.

I'm an integrator. I work with many clients. My clients use both the cloud and on-premises deployment models.

I would recommend the solution to other organizations.

Overall, I would rate it at a nine out of ten.