Palo Alto Networks NG Firewalls Reviews

I used Palo Alto firewalls for plenty of projects and have many use cases.

When working with App-ID, it is important to understand that each App-ID signature may have dependencies that are required to fully control an application. For example, with Facebook applications, the App‑ID Facebook‑base is required to access the Facebook website and to control other Facebook applications. For example, to configure the firewall to control Facebook email, you would have to allow the App-IDs Facebook-base and Facebook-mail.

I like to install Palo Alto mainly on the data center side to have visibility and protection into the network because we can configure the SVI (layer 3) on Palo Alto instead of the core switch.

It gives us full visibility and protection for the core of the network.

Visibility and Protection

It gives us good visibility into the network, and this is very important because it's the core of the network. All the packets go through the firewall.

MFA is a new feature in Palo Alto and it's good to use it.

I'm thinking about a new feature. They have decryption. It's a good idea to use decryption on Palo Alto. It would be good if they can offload the traffic.
Like, for example, SSL Offloading on F5. They have an SSL decryption to offload the traffic. 

Palo Alto is very stable. I worked on Cisco products like FTD and Firepower, and they are not as stable as Palo Alto. Also, some Fortigates are not stable. Palo Alto, as far as I know, is the most stable firewall compared to these others.

The solution is scalable because they are now using the next generation security network. They are integrating with endpoint protection. Palo Alto now has traps, so they integrate their traps and the next generation with the cloud. So it is scalable.

Technical support in Cisco is better than Palo Alto. In Cisco, you can directly talk to the top engineers.

We were using Cisco ASA. When Cisco moved to the next generation firewall or tried to move to the next generation firewall when they acquired Sourcefire, and they announced Firepower on ASA, it was not a good option.
They had tool management so you could configure ASA from the CLI and you could configure it on the Firepower. You need to redirect the traffic from ASA to Firepower. It was not a good idea. The packets were processed but there was latency in the packets. 
Nowdays, FTD has many problems and bugs.

When selecting a vendor, the important criteria is how much the appliance is powerful and if it gives me the feature that I want, not an appliance that does everything and it will affect the throughput. Also, the value of the product, the price. 

There has to be a match between the price and the features.

Palo Alto, Cisco.

Buy Palo Alto and try its features. In Palo Alto, you have select prevention, scan over AV, anti-spyware, vulnerability protection. and file blocking. you have good feature like WildFire to protect against unknown malware.

I rate Palo Alto at eight out of 10 because it gives me visibility and protection. This visibility and protection are very important nowadays to protect you from hackers.

We shifted an existing network from Cisco to Palo Alto. It was like a branch to head office network.

We have done public and private cloud deployments as well as on-prem deployments. We are using versions 8, 9, and 10.

IoT security is most valuable in the current version. Content IDs, DDoS protection, zone protection, and DLP are the most prominent features in Palo Alto Networks NG Firewall. It is easier to configure than other solutions.

People sometimes find it more expensive as compared to other solutions. There are also fewer training opportunities for Palo Alto than Cisco and other vendors.

I have been using this solution for the last four or five years.

It is working fine.

Its scalability has been fine for our use cases. It is good for large-scale environments, and there are no problems.

Their technical support is excellent. 

It is very straightforward. They also have a very good script, so it runs very smoothly.

It is expensive as compared to other brands.

If we are comparing firewalls, this is the best firewall. I would rate Palo Alto Networks NG Firewall a nine out of ten.

We use this solution to block malicious or suspicious activity by creating policies that define which action should be blocked or allowed.

The firewall is a security device. We use this solution to create policies like ISPs for a specific purpose. We only allow the policies for a particular application, so this is a way for the firewall to secure an unwanted connection.

The most valuable feature is the ability to deeply analyze the connection or connection type.

Overall it is good. It is reliable and easy to understand. However, the monitoring feature could be improved.

They have many solutions already. I don't think I have seen any missing features. Every device has different functions, but as a firewall, this solution has a lot.

Stability is good.

There are no scalability issues to date.

We have about 2,500 users behind the firewall using this solution. I think we don't have any requirement to increase usage. Currently, we have around 2,500 users, but if this increases, we may need a new requirement.

We hired one or two people to maintain the solution.

Technical support is good. Once you call up with your issue, it takes around one or two hours for them to contact and give you a solution accordingly.

We were using Cisco ASA. We switched because of legal reasons and difficulty to understand. That's why they had decided to change to Firewall.

It is very easy to use. It's straightforward, easy to understand, and easy to configure.

Deployment time depends on your requirements. If you talk about the system requirements, it hardly takes up to 15 or 20 minutes for the configuration.

That said, it totally depends on your requirements: What kind of policy you require that supports what kind of block, etc.

The deployment time would change based on these requirements, but the system configuration: accessing the internet and creating policies hardly takes 20 minutes.

Deployment is configured by administrators, so if we have any kind of issue in policies or any confusion, we get tech support.

Pricing is yearly, but it depends. You could pay on a yearly basis or every three years.

If you want to add a device or two, there would be an additional cost. Also, if you want to do an assessment or another similar add-on you have to pay accordingly for the additional service.

We also evaluated Check Point and Fortinet solutions.

This solution is easy to understand, reliable, and user-friendly.

I would rate this solution as eight out of ten.

We primarily use the solution as security - as a next-generation firewall.

The application control portion of the solution is its most valuable aspect.

The malware protection on offer is excellent.

The initial setup is very easy.

We found the scalability to be quite good.

The stability is excellent.

Technical support is great.

The interface is very user-friendly.

Either the application or the vendor needs to provide a more updated list of internet applications.

The price of the solution is very high.

We've been dealing with the solution for about three or so years at this point. It's been a while now.

The solution has been extremely stable. There are no bugs or glitches. It doesn't crash or freeze. It's very reliable.

We tend to work with enterprise-level organizations.

The scalability is quite good. If a company needs to scale, it can do so with ease.

We found the technical support to be quite good. They are helpful, knowledgeable, and responsive. We have no complaints. We are very satisfied with the service they provide to us.

We also work with Fortinet.

I'd likely recommend Palo Alto over Fortinet as I find Palo Alto to be more user-friendly. The performance is also very good.

We found the initial setup to be very simple and straightforward. It was not overly complex or difficult. A company shouldn't have any trouble implementing the solution.

The deployment is also very quick. It only takes about ten to 15 minutes or so.

The cost, overall, is pretty expensive.

We are a Palo Alto partner. We are a systems integrator.

I'd recommend the solution. If a company has the budget, I would suggest the product to them. If a customer has a more limited budget, however, I would highly recommend Fortinet as an option.

I'd rate the solution at an eight out of ten.

Our primary use case was for perimeter protection.

Innovative, advanced threat protection is the most valuable feature. 

I don't see any specific room for improvement.

The user interface is probably not as slick as it could be.

I have been using Palo Alto for three years. 

We're on-premises primarily at the moment, but also a cloud product. 

The stability is generally pretty good. I haven't heard any complaints from our customers around Palo Alto's stability. It's one of the reasons why they're the leaders in this space.

We've got our own team for maintenance. My company is a large multinational with 20,000 employees.

I have contacted their support once. It's very good support. They help me to fix our problem quickly.

The initial setup was complex. It's not very intuitive. You need to know what you're doing for the initial setup, you need to be a Palo Alto expert.

If you compare it to their competitor Fortinet, Fortinet's FortiGate product is a lot easier to install, if you're not an expert.

The time it takes to deploy depends on how complex the deployment needs to be for the client. If it's a basic deployment, is going to take around two days. 

My advice would be to make sure the firewall is configured properly.

I would rate it an eight out of ten. Not a ten because you have to be really excellent before you get a ten out of me.

In the next release, I would like to have the ability to auto-generate rule and policy, based on known traffic, based on the baseline. That is a feature that I think Palo Alto should be able to have in some form or fashion to auto-generate and propose a policy and rules set, after putting the file into a learning mode for some period.

We're customer facing; each customer uses it for a different purpose. Some use NG Firewalls for IPS capability, some for application capabilities, these kinds of things.

The accessibility, antivirus, and stability features are the most valuable. It's so stable, the customer can use the decryption features without impacting performance.

Most customers ask about the choice of features. It's limited. It's not arranged well for users. Also, customers don't want to buy extra things for extra capabilities. I would like to implement individual profiles for each user. Capability, in general, is limited.

It's a very stable solution.

I am the customer's technical support. If a customer has issues, they would call me.

The initial setup was basic. It was very simple. The basic configuration will only take 15 minutes. Anyone can set it up. If a person has worked with a firewall before, they can do it themselves. You only need one person for deployment.

Licensing is on a three year basis. Customers prefer one to three years. Licencing is pretty expensive. Check Point is cheaper than Palo Alto. There's also an international license. If a customer wants to control different things, they will need an extra license. 

I've helped customers using Fortinet and Check Point. They are compromised. Their firewall is not stable. But for some features, for example, encryption, they want to use this feature, but the firewall feature isn't great. With Palo Alto, there isn't any problem, you can open any feature - IPS feature, data encryption feature - there isn't an issue.

Implementation is simple, the product is stable, but I advise if people get the firewall I strongly recommend the use of the API features. They may not be accustomed to using a next-generation firewall. If they want to use NG Firewalls, they need to use and implement the API features. They need to create uses based on the application.

My understanding is Version 9 will introduce some logic features.

I would rate this solution 9 out of 10.

We were mainly using it because we had two ISP links, so it was a kind of gateway device. Whenever a link went down, the firewall used to automatically switch over to the secondary link so that the internet connectivity is kind of highly available.

It worked fine normally.

The VPN connectors should be better. We had some challenges in terms of the VPN with Palo Alto Networks NG Firewall, and that's one of the main reasons why we moved to Sophos.

Its load handling can also be improved. There were challenges when traffic was high. During peak business hours, it did not function very well. There was a lot of slowness, and the users used to complain, especially when they were connecting from outside. We even reported this to the support team.

Their support should also be improved. Technical support was a bit of a concern while using this solution. We didn't get very good support from the Palo Alto team.

I have been using this solution for almost two to three years.

It was fine normally, but during peak business hours, it used to have challenges. We faced this issue at least two to three times a month.

It is not very scalable. We had around 100 users. We had around ten people in our IT team.

Support was a bit of a concern while using this solution. The support that we received was not too great, which caused a lot of issues. They were not very customer friendly.

This was the first firewall that we used. 

I didn't do the installation.

I would not recommend this solution. I am sure they will come up with better models to overcome some of the challenges that we faced, but I would definitely not recommend this particular model.

I would rate Palo Alto Networks NG Firewalls a six out of ten.

I am currently testing Palo Alto and preparing for an exam.

The Global Protect Feature has allowed our organization to support our remote workforce. 

I have found it to be reliable and very easy to use. I haven't really encountered many problems with it because its documentation is clear and readily available on their website.

They need to provide documentation for CLI, as most of the commands, we get from Community Forums.

I have been doing research on Palo Alto for the past nine months.

It is stable.

Highly scalable as the HA deployment allows you to pair up to eight devices at once. 

I haven't had a chance to contact them.

Palo Alto is my first solution.

Initial setup is easy and subsequent changes have been easy to implement as well. 

In-house expertise. 

Sophos XG.

I would say go for it because it seems to be stable and very reliable. I've spoken to some specialists who vouch for Palo Alto. They say they've been using it in their environment, and it hasn't let them down so far.

I would rate this solution a nine out of ten.