Palo Alto Networks NG Firewalls Reviews

We resell products by Palo Alto and Cisco, and this next-generation firewall by Palo Alto is one of the products that we are familiar with.

The most valuable features are web filtering and application filtering.

The IPS functionality is very good.

The performance is good.

The price is expensive and should be reduced to make it more competitive.

Information about Palo Alto products is more restricted than some other vendors, such as Cisco, which means that getting training is important.

The traps should be improved.

I would like to see better integration with IoT technologies. Having a unified firewall for OT and IT would be very good.

We have been working with Palo Alto for about one year.

This is a stable firewall and you don't have a lot of surprises. The performance, throughput, and decryption are all good. It is important to remember that at the end of the day, it depends on the configuration.

For special functionality, you are going to have some exceptions. However, for the well-known functionality, it is stable.

It is scalable in that the performance is good and you don't need a large cluster to operate it.

The technical support is good. The team is responsive and they gave us the right information at the right time to solve the difficulties and complexities that we were experiencing.

We also sell products by Cisco and there are some differences between them. Palo Alto is more expensive and the performance is better. With Cisco, the documentation is better and it is easier to install. There is a lot more information available for Cisco products.

This is an expensive product, which is why some of our customers don't adopt it.

My advice for anyone who is implementing the Palo Alto Next-Generation firewall is to take the training that is available. This will allow them to better work with the technology.

This is an ambitious company with a good security roadmap. The product is being continuously developed and they are professionals who are focused in this area of technology. It is the firewall that I personally recommend.

I would rate this solution a seven out of ten.

Our primary use case was to configure our PSAs for our customized configuration. 

I like that it has high security. 

The whole performance takes a long time. It takes a long time to configure. 

I have been using Palo Alto for six years. 

I contact Palo Alto by email or by phone. Their support is good. 

I have previously worked with Cisco ASA. Palo Alto is a lot easier especially in regards to security. It is a well-integrated software.

The difficulty of the deployment depends on our clients' environment and their requests.

We require a two-member team for support. 

In terms of how long it takes to deploy, again, it depends on the customers' environment. If the request is easy, it can take around two weeks.

I would rate Palo Alto a nine out of ten. 

In the next release, they should simplify the deployment process. 

Our main use of this solution is to create micro segmentations only in the public cloud, and use the data we receive to see threats passing through the Vnets.

We have found that this solution has improved not only the level of security that is in place, but also reduced the amount of operational time needed for us to handle cloud-based security.

We have found the SSL decryption within this solution to be great; you can enable this feature and have the ability to see more of what is happening across your network.

We also really like the Wi-Fi service feature of this solution.  It has a great base of information, and uses machine learning to improve recognition of issues and threats.

We would like to see improvement in the web interface for this solution, so that it can handle updates without manual intervention to put the data in order.

We have been working with this solution for two years.

We have found this to be a stable solution during our time working with it.

As it is cloud-based, the solution is easily scalable.

We have found the technical support for this solution to be very good; we just open a support chat window and we have assistance when we need it.

Positive

We previously used Fortinet, and changed to this solution because of the superior performance.

The initial setup of this solution was very easy, and the deployment took just under two weeks to complete.

We used a consultancy team from Add Valley Services for our implementation of this solution, and their service was great.

We would advise that this solution has a higher price point than other comparable products, however, the license fee covers all the features that the solution can provide and there are not extra costs involved.

We would recommend that organizations implementing this solution use a good consulting service and plan extensively up front, before implementation, in order to ensure a smooth deployment with no issues.

We would rate this solution as 10 out of 10.

Normally, we use our firewall at the perimeter level. We are using Palo Alto Networks NG Firewalls as a firewall as well as using a few of their functionalities like the Vulnerability Protection, its IPS module. Additionally, we have remote VPN's on those firewalls, like GlobalProtect. So we are using all the features which are provided by Palo Alto.

The feature that I like the most is its IPS model, the WildFire model. I really like how the whole threat protection model functions, including the vulnerability and anti-spyware aspects. That is really awesome.

In terms of what could be improved, comparatively the price is very high. That would be the one thing. But technically-speaking, it's perfect.

I have been working with Palo Alto Networks NG Firewalls for around five years.

In terms of scalability, normally, we procure the devices based on the future perspective, so there should be a lot of scalability. We never face scalability issues with Next Generation Palo Alto Firewall - it comes with the scalability.

We have around 11,000 to 12,000 users across the globe.

Technical support is pretty good. We get a timely response. There will be plus/minus where we do not getting a response, but not regularly, just one or two cases among, let's say, 20 or 30. As far as my experiences with the tech support go, it's pretty good, very straightforward support. It's not like they're playing on the call and taking their time. It is really straightforward.

The initial setup depends on the office locations of the data center. If that particular firewall is part of the data center, then yes, it is a complex design as well as a complex traffic flow. But for normal office locations, it is pretty straightforward. So it is a mix depending on the location of where the particular firewall is going to be put.

I would recommend Palo Alto Networks NG Firewalls. If a company has the budget and wants to have the next generation of firewalls then they should go for the Palo Alto, because whatever state of features they provide, it's pretty awesome. But if there is a budget constraint there are several other products which give you similar kinds of features but with less cost.

On a scale of one to ten, I would give Palo Alto Networks NG Firewalls an 8.

Nothing is perfect. There are features that they should add. One of the features that I'm looking at is when it comes to the Vulnerability Protection. We are blocking the threats which are, by default, updated by the Palo Alto Threat Engine. Currently, there is no scope of manually adding the external database to the firewall so the firewall will convert that database to their own. This is currently not functional with the current version. There are a few functions that they could add that are available with other vendors. That's why I am giving the 8.

We use it as a firewall. We have VPN, IPSec, or site-to-site VPN. We also protect our few internal web services. 

Everything is easy in Palo Alto Networks NG Firewall. It is very stable, easy to configure, and easy to upgrade. It is also very easy to create custom policies and applications. Everything can be done with the click of a button. 

It is also good for the protection of web services. Nowadays, they have a rather new DNS security feature, which is pretty good and functional. We did a one-month trial, and it is the best product for the firewall network.

Its price can be improved. It is expensive.

Other vendors have pre-configured policies for the protection of web servers. Palo Alto has an official procedure for protecting the web servers. Many people prefer pre-configured policies, but for me, it is not an issue. 

I have been using this solution for almost six years.

Our version is not scalable. The new version is scalable on the network interface. It comes with slots where you can put your SFP if you want a fiber or copper. 

We have almost 600 users who use it for accessing the internet. We have about 50 to 70 VPN connections.

I didn't contact them because I don't get any technical issues with any feature of the firewall. I didn't have the need to open a case. If I have any issue, I am able to resolve it by using my cell phone and taking help from the internet. 

I was using Check Point before Palo Alto. I am very disappointed with Check Point because I had to reboot power three to five times a week. Palo Alto Networks NG Firewall is comparatively very easy to manage and use. It has better logic for configuration than other firewalls.

The initial setup was straightforward. When I migrated from Check Point to Palo Alto Networks NG Firewall, it took about an hour and a half to reconfigure all policies and services.

I deployed it myself. The logic is very easy when you configure it. I did 90% percent of deployment on my own. For the remaining 10% deployment, I found the information on the internet. 

I am the only user working on this firewall. I am a system administrator.

It is a little bit expensive than other firewalls, but it is worth every penny. There are different licenses for the kinds of services you want to use. When we buy a new product, we go for a three-year subscription.

We have not had any issue with this solution. I really hope that we continue to use this solution. Its price is higher than other solutions, and the company might go for another firewall.

I would recommend this solution to other users. I would rate Palo Alto Networks NG Firewalls a nine out of ten.

We primarily use the solution for the firewalls. We're also using the next-gen features to shape what's going on. For example, to figure out what is allowed out and what isn't allowed out on a layer-7 application-aware firewall. We can block based on the application, as opposed to port access.

The solution helped us stop being policemen to our users. We don't have to run around telling people they can't do certain things. We can just not allow it and walk away from it. We're not out there seeing who is doing what, we just don't allow the what.

The solution allows us to set parameters on where our users can go. We can block certain sites or ads if we want to.

The firewall capabilities are very good.

We're working with the entry-level appliances, so I don't know what the higher-end ones are like, however, on the entry-level models I would say commit speeds need to be improved. 

The appliances I'm working on are relatively old now. We're talking five-year old hardware. That slow commit speed might be addressed with just the newer hardware. However, even though it is slow, the speed at which they do their job is very acceptable. The throughput even from a five-year-old appliance shocks me sometimes.

Currently, if I make changes on the firewall and I want to commit changes, that can take two or three minutes to commit those changes. It doesn't happen instantly.

The solution doesn't offer spam filtering. I don't know whether it's part of their plan to add something of that aspect in or not. I can always get spam filtering someplace else. It's not a deal-breaker for me. A lot of appliances do that, and there are just appliances that handle nothing but spam. 

I've been using the solution for five years.

The stability is awesome. I haven't had any issues with the solution stability-wise. I've got the same firewalls that have been out there for five years and they work great.

I don't work with enterprise-class products. I'm not in that environment. However, so as far as I know, Palo Alto has products that will go that large. Panorama may be able to scale quite well. You can manage all your appliances out of it. They are a very popular license.

Their GlobalProtect license is very much like Cisco's AnyConnect. It does the endpoint security checks. It makes sure they've got the latest patches on and the antivirus running and they've got the latest antivirus definitions and whatnot installed before they allow the VPN connection to happen. It's quite nice.

Their support is very good. I've never had any issues with their support. I would say that we've been satisfied with their level of service. 

Occasionally there may be a bit of a language issue based on where their support is located.

The initial setup is pretty typical. It's like any firewall. As long as you've worked with next-gen firewalls, it's just a matter of getting your head around the interface. It's the same sort of thing from one firewall to the other. It's just a matter of learning how Palo Alto does stuff. Palo Alto as a system, for me, makes a whole lot of sense in the way that they treat things. It makes sense and is easy to figure out. That's unlike, for example, the Cisco firewalls that seem to do everything backwards and in a complicated way to me. 

I haven't worked with enough Cisco due to the fact I don't really like the way they work. That isn't to say that Cisco firewalls are bad or anything. It's just that they don't operate the way I think. That might have changed since they acquired FireEye which they bought a couple of years back.

I know the solution is not inexpensive. It depends on what you ultimately sign up for or whether you just want the warranty on the hardware. 

I'm not really a customer. I'm like a consultant. I'm an introduction expert. If I think a client needs a certain technology I point them in the direction of whoever sells it. I do go in and configure it, so I do have experience actually using the product.

When I'm looking for something, I just find someone that sells Palo Alto and I redirect the client towards them. I'm not interested in being in a hardware vendor. There's no money in it. There's so much competition out there with people selling hardware. It doesn't matter where the client gets it from.

We tend to use the 200-series models of the solution.

I'd rate the solution eight out of ten. They do a very good job. The product works well.

These firewalls are only used for perimeter purposes, in gateway mode.

In addition to our environment being secure, we can monitor compliance of VPN users. Security and monitoring are the two big benefits.

It's also very critical for us that it provides a unified platform that natively integrates all security capabilities. We have multiple vendors and multiple solutions. Palo Alto has to work with them. For example, when it comes to authentication, we can integrate LDAP and RADIUS, among others. And in one of our customer's environments, we have integrated a new, passwordless authentication.

Apart from the security, Palo Alto NG Firewalls have nice features like App-ID and User-ID. These are the two most useful features.

With App-ID, we can identify exact traffic. Even if someone tries to fool the firewall with a different port number, or with the correct port number, Palo Alto is able to identify what kind of traffic it is.

With User-ID, we can configure single sign-on, which makes things easy for users. There is no need for additional authentication for a user. And for documentation and reporting purposes, we can fetch user-based details, based on User-ID, and can generate new reports.

Another good feature is the DNS Security. With the help of DNS security, we can block the initial level of an attack, and we can block malicious things from a DNS perspective.

The GlobalProtect VPN is also very useful.

The solution has normal authentication, but does not have two-factor or multi-factor authentication. There is room for development there.

We have been using Palo Alto Networks NG Firewalls for two years. I've worked on the 800 Series and the 3000 Series.

It's quite stable. They are launching a new firmware version, but compared to other products, Palo Alto is quite stable.

I have worked with Palo Alto's support many times and it is quite good. Whenever we create a support ticket, they are on time and they update us in a timely manner. In terms of technical expertise, they have good people who are experts in it. They are very supportive of customers.

Positive

The initial deployment is straightforward; very simple. The primary access for these firewalls is quite simple. We can directly access them, after a few basic steps, and start the configuration. Even the hardware registration process and licensing are quite simple.

The time it takes to deploy a firewall depends upon hardware and upon the customer's environment. But a basic to intermediate deployment takes two to three months.

Our customers definitely see ROI with Palo Alto NG Firewalls, although I don't have metrics.

I am not involved in the commercial side, but I believe that Palo Alto is quite expensive compared to others.

One of the pros of Palo Alto is the GlobalProtect, which is a VPN solution. GlobalProtect has broader compliance checks. I have worked on Check Point and FortiGate, but they don't have this kind of feature in their firewalls. Also, Check Point does not have DNS Security, which Palo Alto has.

If you're going with Palo Alto, you have to use all its features, including the DNS Security, App-ID, and SSL decryption. Otherwise, there is no point in buying Palo Alto.

We are a solution provider and this is one of the firewalls that we implement for our clients.

This is a difficult product to manage, so the administrator needs to have a good knowledge of it, otherwise, they will not be able to handle it properly.

The scalability is very good.

We have a small number of clients with this solution in place.

The support is good.

I have experience with multiple firewall vendors and I have seen that products from other vendors have bugs. My feeling is that Palo Alto does not have this problem.

Some of the vendors that I have worked with are Fortinet and Sophos. The setup and management of these products are easy compared to Palo Alto.

Implementing this product can be a little bit difficult. The configuration is difficult compared to other products, so it would be nice if there were videos are other instructions available. It can be very time consuming for the network administrator.

The pricing is very high.

My advice for anybody who is implementing this firewall is to follow the guide or instructions that are available. There are multiple resources and examples of use cases available on the Palo Alto website, and you can directly follow them.

I would rate this solution a nine out of ten.