Palo Alto Networks NG Firewalls Reviews

We have multiple offices across the United States. Palo Alto Networks NG Firewalls is the best solution for securing our network, and the best part is that we can provide a single working solution.

Palo Alto Networks NG Firewalls' embedded machine learning is very important. Every packet is inspected by the firewall, and if it is heuristic or contains a virus or some other unknown packet, it is sent to the Wildfire feature for review. If the packet is safe, it is allowed to pass through, otherwise, a signature is left to protect the organization. The updated signature is then sent to the entire network for the same packet.

Palo Alto Networks NG Firewalls machine learning helps secure our networks against threats that are able to evolve rapidly.

Palo Alto Networks NG Firewalls DNS security helps prevent DNS-related attacks in combination with our policies and machine learning.

Palo Alto Networks NG Firewalls provide a unified platform that integrates with all security capabilities.

The zero-delay security feature with cloud technology is able to immediately releases the signature and update the database.

Palo Alto Networks NG Firewalls single-pass architecture has fast processing and security because of the separate models. The networking speeds rely more on the routers, not the firewall.

The solution provides the ability to process the packets regularly saving us processing time and that is very valuable.

The user ID, Wildfire, UI, and management configuration are all great features.

The stability, scalability for enterprise-level organizations, and technical documentation have room for improvement.

I have been using the solution for six years.

When it comes to network security, there is no such thing as stability; every day brings different forms of attacks, which we must constantly work to prevent.

The solution is scalable but has room for improvement at an enterprise level.

We have around 1,000 people using the solution.

The technical support is good. We receive a quick resolution for our issues.

Positive

The initial setup is straightforward. The deployment time depends on the type of implementation the organization requires but it is not complex. We can do everything from the firewall GUI without having to install any software.

The implementation is completed in-house.

The solution is expensive. Other vendors such as Fortinet provide the same features for less.

I give the solution a nine out of ten.

Palo Alto Networks NG Firewalls is a good solution and I recommend it to others for their network security needs.

Compared to the other firewalls, Palo Alto Networks NG Firewalls are the quickest.

It is a data center firewall solution and a centralized management for remote office firewall solutions. We have 30-odd remote offices where we are putting firewalls in to replace the standard routers that we used to have. This solution will give us a little bit of routing and firewall capabilities.

We are deploying the PA-440 Series in our remote offices.

Historically, DNS would have been from local providers. Now, having a centralized DNS allows us to make sure there are no issues of DNS cache poisoning and DNS exfiltration. 

The solution has definitely helped us with the security holes around visibility and uniform policy deployments across the estate. Unified, centralized configuration management definitely helps us reduce the risk by having a central place where we can create a policy, and it is deployed everywhere, without the risk of human mistakes creeping in, e.g., typo mistakes creeping into configurations.

The firewall feature is great because we didn't have specific firewall capabilities beforehand. The anti-malware features and the ability to plug into our mail scanning are valuable as well, so we can share data between our email antivirus scanning solutions. That integration has been quite useful.

Palo Alto NGFW embeds machine learning in the core of the firewall to provide inline, real-time attack prevention, which is another string to the bow of our layered security approach. So, it is important. It is not the big reason we bought it, but it is a useful component to our layered security approach. Security best practices push for a layered approach because there are so many different factors that you need to cover: 

• Email threats
• Malware
• Viruses
• Accidental human mistakes made internally to your network.
• Malicious humans in your network and outside your network. 

Therefore, a multi-layered approach really is a security best practice way of attacking security. You can't just worry about the parameter; you need to worry about what's inside your network and how things come in.

The key thing is that we don't have to try and play Whac-A-Mole. The machine learning-powered firewalls do that for us. As a recruitment company, we can never have the necessary technologies available to us to try and do this ourselves, so leveraging the machine learning power from Palo Alto reduces the risk for us.

Palo Alto NGFW provides a unified platform that natively integrates all security capabilities, which is very useful. This prevents us from having to go to a lot of different systems, and in some cases, many different systems in many different regions, because we are a global company with 60 remote offices around the world in 30 different countries. Its centralized platform is really what we look for in all services, whether it be security or otherwise.

When we looked at it originally, we needed to host the Panorama environment ourselves. I would prefer it if we could take this as a service. It might be that it is available, but for some reason we didn't choose it. The downsides of hosting are that we need to feed and water the machines. We are trying to move to a more SaaS environment where we have less things in our data centers, whether they be in our cloud data centers or physical data centers, which can reduce our physical data center footprint.

We started with a couple of firewalls about 18 months ago. We started them in our data centers and are just about to deploy them in our remote offices.

It has been very stable.

On the maintenance side, we haven't increased our team at all. One of the great things that we have been able to improve is the capability of our team without increasing the number of heads who are using Palo Alto.

It is scalable with what we need. I am not looking at thousands and thousands of devices, so it is well within what we need for our few hundred devices.

We often didn't deploy tools because it was too hard to try and manage them with our small team. This solution has enabled our small team to be way more effective than they were before. It gives us the visibility and control that we need.

We have a senior network administrator and about five operational guys. There are also some service desk-level guys and about 12 of them have visibility into activities, but they don't actually change things. Change control is quite closely guarded.

We have deployed the solution in a couple of data centers. We are deploying it across 30 offices this year and plan to do the next 30 to 30-ish offices in the next 12 to 18 months, as some of their hardware retires or has expired. We are not pushing it out too fast. We are going with the cadence of the business.

The technical support is very good. We had some nasty questions, but they were sorted out quite quickly. The problem that we had, because it was live, was it took us a little bit of time to deploy stuff. We also have a good relationship with their pre-sales engineers who offered advice and guidance, specifically as part of the deployment.

We previously had Cisco ASA Firewalls in some locations and Cisco Security PAK Routers in other locations that gave us a base level of firewall. So, we didn't previously have any next-generation firewalls. These are our first real next-gen firewalls.

We switched solutions because we didn't have enough of the network security covered. Also, we wanted centralized visibility and control, which was key for us.

When we did some red team testing, we found that there was a way to get some data out through our existing DNS environment. We knew we had to fix the centralized DNS management, visibility, knowledge of the DNS queries, and the visibility of the DNS queries as a result of some testing that we did. Whereas, before they were all geographically disparate, having a centralized place to look at to be able to do some analysis and visibility really are the key things for us.

The initial setup was not simple, but it is simplified. What was really good was the free training beforehand. As an architect, I don't get my hands that dirty, but I was able to go through a number of the free courses beforehand, or workshops, that were done online. Their training platform was very useful in helping me get an understanding of the product and how we would deploy it in our own environment. The actual deployment, as with anything network-related, is fairly complex because we have a very connected network with a lot of different entry points. While it takes time, it was very useful to get the training beforehand.

The deployment took about three months, but it was in the midst of a data center migration. It probably only took us a month to deploy it properly, but then we had to migrate services over, which took another six months. Again, this was part of our data center migration project. To actually get the solution installed was very quick, it took only a couple of days to get it up and running. However, to move services onto it, you need to be a bit careful when you start to move the live services onto it.

Our implementation strategy was really focused around our data center migrations and moving stuff out of one data center into another. As we moved services from one data center to the other, we brought them onto Palo Alto's in the new data center rather than onto the existing old routers and firewalls. So, it was really governed by the business, applications, and what we could move when.

We used Palo Alto directly for the deployment. Our experience with them was great.

To deploy it, we didn't employ any more staff. We did send a few people out remotely. With COVID, travel is a little bit tricky. So, we have some remote agreements with some suppliers who will go out for a day, plug a device in, and help us with the initial out-of-the-box config. That is normally two to three hours per site that we have to do, which is what I would expect from this kind of device.

Look at Palo Alto because it is a bit modular, so you can take the components that you need when you need them. You need something that will do the job. It doesn't matter if it's cheap and fast, if it quickly lets through vulnerabilities. You need something that will be reliable.

We were very happy when they released the PA-440s. Previously, we had been looking at the PA-820s, which were a bit of overkill for us. Price-wise and capability-wise, the PA-820s hit the nail on the head for us.

Go for a three-year deal, then Palo Alto will bring in some discounts. We also deployed them as HA Pairs to make sure we had resiliency.

We looked at Cisco and Fortinet. The reason that we went with Palo Alto was they were fairly cost-effective. They were also a bit easier to manage. The central management and control of Palo Alto was a little bit nicer than the Cisco side of things. I think everyone achieves the same things in slightly different ways. The way Palo Alto achieves their centralized management and control resonated a bit better with us and our requirements.

We haven't actually deployed Palo Alto NGFW’s DNS Security yet, but we will be doing that.

It is great that 100% of the tested attacks were blocked in the NSS Labs Test Report from July 2019 about Palo Alto NGFW. It is a great story, but I never trust 100% because that's why we have layered security. However, it definitely provides a great level of comfort in our security structure.

I never give anyone a 10, so I will give the solution a nine (out of 10).

I have deployed it as my internal firewall in the cloud. I also have it on-premises as my perimeter firewall. I am also running Palo Alto in my DMZ. 

I'm using the PA-5532 Series. We have cloud and on-premises deployments. The cloud deployment is on the Azure public cloud.

We are using it on Azure Cloud as an internal firewall for filtering the east-west traffic. At the same time, we are using this firewall as a second-layer firewall in our perimeter for filtering the application URL and other things for the users. We are using another firewall as a perimeter for the DMZ. So, all internal applications that are connecting users are connecting through this firewall. We have other vendors as well, but the main applications are going through the Palo Alto firewall.

Its predictive analytics work very well for blocking DNS-related attacks. We are moving malicious URLs to the unknown IP in the network. They are reconfigured.

Its DNS security for protection against sneakier attack techniques, such as DNS tunneling, is good.

I'm using most of its features such as antivirus, anti-spam, and WAF. I'm also using its DNS Security and DNS sinkhole features, as well as the URL filtering and application security features.

In terms of application filtering and threat analysis, it's a little bit better as compared to the other UTM boxes, such as Sophos or other brands. It is secure and good in terms of application classification and signatures. It is a trustable solution.

In terms of the network performance, I am not very happy with Palo Alto. Other solutions, such as Fortinet, have better throughput and network performance.

I am in GCC in the Middle East. The support that we are getting from Palo Alto is disastrous. The problem is that the support ticket is opened through the distributor channel. Before opening a ticket, we already do a lot of troubleshooting, and when we open a ticket, it goes to a distributor channel. They end up wasting our time again doing what we have already done. They execute the same things and waste time. The distributor channel's engineer tries to troubleshoot, and after spending hours, they forward the ticket to Palo Alto. It is a very time-consuming process. The distributor channels also do not operate 24/7, and they are very lazy in responding to the calls.

It is expensive as compared to other brands. Its pricing can be improved.

I have been using this solution for more than four years.

Its stability is fine. I'm happy with it.

It is scalable. Its usage is extensive. We are using it daily. It is our core device.

Their support is very bad as compared to the other vendors. The support ticket is opened only through the distributor channel, and it takes a lot of time to get a solution for the issue. I'm not happy with their technical support. I would rate them a four out of ten.

Neutral

Palo Alto is the main core product in our case, but we also have Fortinet, Check Point, and Cisco ASA firewalls. Fortinet is one of the key products in our network.

The process of configuring Palo Alto devices is very easy. There is not much in it, but if we want to add or remove a device in Panorama, it is a very complicated setup. Adding, deleting, and updating a device from Panorama is very difficult. The interaction between Panorama and Palo Alto devices isn't good. They need to improve that. FortiManager works very well in terms of device interaction and other things.

The deployment duration depends on the customer infrastructure and where they want to deploy the box, such as in the data center or at the perimeter, but for me, generally, two days are enough for the setup. I provide customers the ways to design a secure network, and they can choose whatever is convenient for them based on their existing network.

In my environment, there are the four network security engineers who are the owners of these devices. We take care of the deployment and management of security devices.

Its price is higher than other vendors. They need to re-think its pricing. 

With Fortinet, the SD-WAN feature is totally free, whereas, with Palo Alto, I need to pay for this feature. With Fortinet, there is one licensing, and I can get many things, whereas, with Palo Alto, I need to go for individual licensing.

I'm working in a systems and data company, and I recommend Palo Alto and other firewalls to many people. The users can choose one based on their budgeting because Palo Alto is expensive as compared to other brands.

Palo Alto NGFW’s unified platform hasn't 100% helped to eliminate security holes. In some cases, we are using other products. I'm mainly using it for WAF and securing my DMZ infrastructure. It is working well in terms of the functionalities in layer 3 and layer 4.

I would rate this solution a seven out of ten.

We use Palo Alto Networks NG Firewalls for our network security. We deployed the solution on both the cloud and on-prem.

Palo Alto Networks NG Firewalls machine learning secures our network against threats that evolve rapidly.

The DNS security feature is already commonly used for authentication by clients, with many threats being pushed from the inside to the outside. DNS security helps improve our network.

The DNS security feature is integral in protecting against DNS tunneling.

The solution provides a unified platform that natively integrates all security capabilities. Palo Alto Networks NG Firewalls' unified platform helps us eliminate security threats. We use all the Palo Alto Networks NG Firewalls' features including the UTM, WiFi, and VPN feature to protect our network. 

Both the network performance and security of the single-pass architecture are good. 

There are many valuable features, such as wireless cloud features. The IP and signals are updated regularly, and all UTM features provide good basic gateway-level security.

Palo Alto Networks NG Firewalls machine learning in the core of the firewall to provide real-time attack prevention is a basic requirement for our private security network.

The bugs can be improved.

I have been using the solution for eight years.

The solution is stable. We encounter small bugs sometimes but they are not a problem.

The solution is scalable.

The technical support is good.

Positive

For experienced people, the initial setup is straightforward. Cloud deployment can be challenging for someone new. The deployment takes around one hour.

We implement the solution for our clients.

I give the solution a nine out of ten.

Our clients are enterprise-level.

The PA400 series has good performance and security.

I recommend Palo Alto Networks NG Firewalls to others.

It is on-prem. We wanted to implement a multiple architecture for our network security. That is why we looked at the Palo Alto product. It is famous for its multi-layer security architecture and firewall.

There are five users: two senior expert administrators and one junior administrator from our data center team and two security engineers from our security team.

It has a solid network security with some robust tools. We can block unexpected attacks, especially zero-day attacks. Since they use the Pan-OS engine, they can collect attacks from all over the world and analyze them. They can then protect against zero-day attacks and unexpected attacks.

There are regular signature updates. You are filtering your objects from external sources. It has also helped to prevent external attacks more quickly. We have the solution enabled to prevent SQL injection attacks.

Palo Alto blocks loopholes where we cannot fix all our vulnerabilities, providing protection.

With secure application enablement, we can protect against application ID. 

Another feature is its malware detection and prevention. DNS Security filters URLs, blocks malicious domains, and provides signature-based protection. They also have Panorama security. We prefer Palo Alto Networks for our parameter security because of these features.

It is not like a traditional firewall. It has sophisticated technology that uses machine learning against cyber attacks, preventing them.

The DNS Security feature is capable of proactively detecting and blocking malicious domains, which are a headache because you can never filter enough. Malicious domains increase in number everyday. That is why using machine learning is a perfect solution for preventing these types of malicious domain attacks.

We don't have to use other advanced technologies due to the solution's UTM capabilities, such as antivirus, anti-spam, and anti-spyware.

With its single-pass technology, the firewalls are capable of analyzing SSL traffic using less CPU and memory.

I would like them to improve their GUI interface, making it more user-friendly.

I would like the dashboard to have real-time analytics.

We have been using it for almost three years.

Compared to other solutions, it is very stable.

The technical support is perfect. I would rate them as nine out of 10.

Positive

Before 2008, we used only core firewall architecture for our network. Then, we needed to enhance our security as we moved toward the cloud. We needed to protect our network from external threats so we decided to go with multi-layer architecture. 

We use several products: Palo Alto, Checkpoint, and three products. Among those products, Palo Alto's performance and product security features are very good. 

We only used Juniper firewalls for our core Firewall. We switched because we wanted to move to a multi-layer architecture.

The initial setup was straightforward. The initial configuration took one to two hours. You need to configure the policies and features. Since we had to do performance tuning, it took us two to three weeks.

It is very easy to deploy. It needs two network engineers.

It is a good investment with the five-year extended support. You don't have to pay any additional costs for five years. You also save on costs because you don't need to purchase other products or technology to manage attacks. That can all be done from Palo Alto. We have seen a 20% to 30% return on investment.

Compared to other products, the pricing is flexible and reasonable. 

We did a PoC with several products, then we selected Palo Alto for its enhanced security features and multi-layer aspects. We also selected it for its speed and performance. Performance doesn't slow down when analyzing SSL traffic.

We are currently using a single firewall architecture. Next year, we will probably move to a dual firewall architecture.

I would recommend Palo Alto Networks NGFW, especially for parameter-level security.

I would rate the product as 10 out of 10.

We use the solution for IPS. Palo Alto's firewall is really good compared to firewalls like FortiGate, Cisco, or any other competitor.

We're able to monitor traffic based on the source destination and geolocation. The firewall allows us to restrict user access. For example, we have restricted user access to the chat feature on Facebook.

There are about 170 total users on the client side. On the administrative side, we have two or three people.

We're using version PA-200. The solution is deployed on-premises.

We reduced access to unwanted websites by 80%. It allows us to optimize user efficiency. For example, I have restricted the calling feature on LinkedIn, so people can still use LinkedIn, but they aren't able to dial out or receive calls.

We restricted social media sites so that only basic features can be used. The monitoring functionality allows us to see which users are using which websites,  the frequency, and the level of usage. It improves the network monitoring in our organization and gives us the required control level to restrict user access.

Palo Alto Next-Gen Firewall has Panorama, which is a unified platform that natively integrates all security capabilities, but I haven't worked with it yet.

The unified platform gives us more visibility and restricts unwanted guests and unwanted traffic. It gives us more insight into network traffic so that we can analyze it.

It helps eliminate multiple network security tools and the effort needed to get them to work together. Previously, I used other network monitoring tools for bandwidth monitoring. Now, the security features and wireless detection are in a single platform, so it definitely reduces the need for multiple platforms.

It has affected our network operations and network-related costs, but it's not the main benefit. The main benefit is the visibility and not having to maintain or manage multiple platforms. It's a bit costly because it has a lot of features, and each feature has a cost. It's important to do a cost-benefit analysis and know the requirements of your organization. We don't have to manage five to seven platforms and we're getting all the information in a single platform, so we can compromise a little bit on the cost side.

The packet level inspection is the most valuable feature. The traffic restriction features allow us to restrict the sub-features of any platform.

I really like the security aspects. That's why it's highly rated on Gartner. The antivirus definitions, updates, and malware detection are pretty good.

It embeds machine learning in the core of the firewall to provide inline real-time attack prevention, which is a very nice feature. It's part of the add-on services subscription. The autonomous behavior toward malware and potential risk is pretty good. 

Machine learning is really good to have. We received some false positives with machine learning, which was the main problem we had with it.

It's very important to me that the solution integrates natively with security solutions. Inside attacks are very rare. Most attacks are generated from the outside or from a public site, so having Palo Alto is really important on a public site.

Palo Alto is like Microsoft. It has varied features, but it's too technical. A lot of the features could be simplified. The procedure, process, features, and usability could be more simple.

It's too complex and sometimes the process to implement a single thing is hectic.

I have been using this solution for about eight months.

The solution is stable.

It's scalable. If you use the virtual solution, you may need to change the subscription.

I haven't directly worked with Palo Alto's technical support, but their community logs have been really helpful and we can find the answer to almost anything. The documentation is good.

We previously used Fortinet and Cisco.

We switched to Palo Alto because it's an all-in-one solution. We were attracted by its level of detection, level of monitoring, and level of packageable inspection.

The setup is straightforward. Deployment took a week. 

I haven't used it inline directly. First, I did a port mirror. Once I was fully satisfied with the level of detection, I put all of my traffic through it.

We use two or three administrative staff for maintenance. 

The price is high.

We evaluated other features, but we chose Palo Alto early on in the process because of the features and usability.

I would rate this solution an eight out of ten. 

In terms of a trade-off between security and network performance, I would rate it more toward network security. We have a lot of other alternatives for monitoring but not for the security side or antivirus detection.

I would highly recommend Palo Alto. If you want a cheap solution, I would recommend Sophos. But if someone is looking for real-time protection, I would suggest that they go with the virtual instance of Palo Alto, which is PA-200 VM, because it simply fulfills our requirements.

For personal use or SMEs, the price of PA-400 is high, but the security and performance are worth it.

Generally, it is used for the main function of the firewall. It protects the applications and the servers of clients from attacks. We use it as a perimeter firewall for the traffic from the internet, and it is also being used because one of the customers needed a solution for PCI compliance. We have put the firewall between servers inside the network to do segmentation. So, with the firewalls, specific communication is open between the clients and the servers, between the servers, and between the servers, applications, and the database.

We have PA-5000 and PA-850 series firewalls. In terms of the version, we are using version 9.1, which is not the most recent version. It is the previous one. We manage all firewalls from Panorama.

The most important benefit is that we can manage VPNs inside this firewall. We have integrated it with Active Directory. We provide a certificate to a user, and the user of the certificate can connect with the GlobalProtect VPN, which is a Palo Alto solution. With this solution, we can easily manage about 1,000 VPNs daily. It supports integration with Active Directory, and it is very easy for us to manage the VPNs. Before using Palo Alto Next-Generation firewalls, there was another solution, and we had a lot of issues with that.

Palo Alto NGFW provides a unified platform that natively integrates all security capabilities. Our main customer is going for PCI certification, and a part of the certification requires the use of these kinds of firewalls to protect all the information that they have.

Palo Alto NGFW’s unified platform helped to eliminate security holes and protect from various threats. 

We have firewalls that automatically update the signatures every 15 minutes. It is very important for us because if something happens, we know that the threat will be eliminated because the firewall is updated to the latest signatures.

The trackability is most valuable. When a port is open for a protocol, such as port 443 for HTTPS, it can look inside the traffic and identify or verify the applications that are using the port, which was previously not possible with traditional firewalls.

It is very important that Palo Alto NGFW embeds machine learning in the core of the firewall to provide inline, real-time attack prevention. If something is different, the firewall identifies that based on the behavior of the traffic and alerts us. It can also block that so that nothing more happens.

We use Panorama to manage all firewalls. There is a dashboard, and there is a tab that shows you the real-time traffic that is passing through the firewall. We are able to get all the insights about the traffic.

We use ACC which is a tool for verifying the activity or traffic within your network. Currently, in ACC, the time of the samples that they offer is about five minutes. When you try to go down to a shorter duration, you can't. You only have five minutes. They can provide samples for shorter durations, such as one minute.

I have been using this solution for eight years.

In terms of usage, all the traffic is passing from these firewalls. In general, there are about 3,000 users and 1,000 servers. All the traffic travels through these firewalls. At this moment, there are no plans to increase its usage.

When we were migrating from one model to another, Palo Alto gave us a chance to replace the hardware because the previous model was old, and there was no support. We were able to acquire a new box at the same price that we would have had to pay to repair and maintain it. 

There is another person that is in charge of that. Their support is only in English, which has been challenging, but now, we have engineers who can talk in English.

It wasn't easy because we were migrating from Check Point to Palo Alto. It was difficult at the beginning, but after that it was easy. Overall, the implementation took us three months because we could only do it in certain time windows. It was implemented in phases.

There were some applications that didn't work fine in the beginning. We had to see what was happening and identified the issue.

In the beginning, we used Palo Alto, but after that, we did everything in-house. The support from Palo Alto was fine. Their support person helped us. We are in Mexico, and he helped in translating the support information from English to Spanish in the beginning. We had a few big issues, but in the end, we solved all of them. Now, I can operate these firewalls.

Its price is comparable to other companies. The license is on a one-year or three-year basis. It depends on the customers what they want to go for. There are some features that require an additional license, and there is also the cost of the support.

I would recommend this solution. It is a good solution. I would rate it a nine out of ten.

We use this solution as a firewall. We use it for VPN setup, threat protection, and for internet breakout also. We actually deploy several different versions. We have a TA200, a PA820, and a PA3200 series.

The most valuable features are the threat prevention and policy-based routing features. 

I think they need to have a proper hardware version for a smaller enterprise. We had to go to a very high-end version which is very expensive. If we chose the lower-end version, it would not meet our goals. A middle-end is missing in its portfolio.

For example, there's the PA820 and the PA220, but there's nothing between. So they are really missing some kind of small-size or medium-size usage. Right now, you have to choose either a big one or you have a very small one, which is not really good.

In the next release, it would be helpful if there was some kind of a visualized feature that showed the traffic flow, or something like that, to be able to simulate. When we define something if we could see a simulation of how the flow will be treated that would be great. Because today everything is done by experts by checking logs, but it's very time-consuming. If there's also a simulator to use when you apply some configuration, you can also apply on the simulator, to copy the configuration. So, you can see maybe to generate some traffic and to see how it will be treated. That will be very good.

The solution is pretty stable. Once you have it configured, normally it shouldn't have any issues. It does sometimes impact the metric flow, but that's natural because it filters everything going through, so it slows down the speed.

I don't think that product is really scalable. You have to either replace it with a higher version or use what you have. I think that's the only way. You cannot add something to increase its capacity, so you have to replace the current equipment to a new version or a new, higher version.

For technical support, we have a contract with some local suppliers. It depends on our partner, so it's probably different from location to location, but as long as they are certified with Palo Alto, normally they should have a one or two experts in their organization. So you just need to find a good person to work with.

We did previously have a different kind of a firewall. We used Check Point before. We also used NetScreen and Cisco. But in the end, we defined our standard and now use Palo Alto.

Firewalls are never easy. You have to have very good network expertise to set it up, so it's not about the product being easy to use or not. It's because of the nature of the firewall. You have to understand how it works, how it should be set up, and to understand your data flows and things like that. 

I'm not really the person who does the hands-on setup and integration. I'm the guy who monitors the global deployment. I'm in charge of defining the standard, to deploy the standard to the site, but there's an operational team to do the final installation, configuration, and those types of things.

On the one side, it will take maybe two or three days to enable the firewall, but if you are talking about the global deployment, that depends on the budget, and the resources that will take different time periods to deploy worldwide, so we are still not finished for all the locations. So we are still doing it.

Globally we have around 100 locations. We have two major network engineers who manage the firewall, but to deploy it you also need a local IT because they have to physically be on site. And the two experts remotely control the equipment, configuration, and upgrades, etc. So it's very hard to say how many people you need. It depends on your company size and where your locations are based. For us, we have two dedicated people, but we also have the local IT when we need them to physically help in the integration. 

We do use external partners for the setup. We use also our internal teams as well.

It's a bit pricey.

Once you install it, you use it every day. You can't stop because it's a security feature and a precaution. Also, we are using it to do some local breakouts, so we use utilize the local internet to carry some business traffic, to ensure there's no interruption. You have to let it run 24/7.

I would suggest you be careful when choosing your model. Consider your bandwidth as well as how you want to run the local area network because the throughput of the firewall has to be well designed.

I would rate this solution a nine out of10.