Senior Network Analyst at a non-profit with 1,001-5,000 employees
Real User
Debugging and troubleshooting through package capture are very easy from CLI
Pros and Cons
  • "It's very important that Palo Alto NG Firewalls embed machine learning into the core of the firewall to provide inline, real-time attack prevention. That increases our security posture... The firewall is able to capture it and flag it and it is easy to mitigate as soon as we see something like that happening, to secure the environment more, in real time."
  • "In the last three years at least, they have been lagging behind their competitors. The main issue is the support that we can get... You have to wait for them to get back to you and sometimes it's random. And the biggest problem I have is that you have to wait hours on the line when you're calling them to get a hold of the next available engineer."

What is our primary use case?

We used the solution as an edge or internet firewall where we were running IPS/IDS and doing filtering on it, apart from the other security features. We are still using it for our users' VPN activity and to manage site-to-site VPN tunnels with other clouds, like AWS and Azure, so that there is connectivity back and forth between those cloud providers and our on-prem data center.

What is most valuable?

The features I like are the debugging and troubleshooting through package capture. It's easy to capture from the CLI and it's also easy to get logs from the CLI.

It's very important that Palo Alto NG Firewalls embed machine learning into the core of the firewall to provide inline, real-time attack prevention. That increases our security posture. It gives us real-time anti-cyber activity and enables us to look at it. The firewall is able to capture it and flag it and it is easy to mitigate as soon as we see something like that happening, to secure the environment more, in real time.

These firewalls have the zero-delay signatures feature, which is really important because you don't want to be lagging behind with any kind of security updates. It doesn't affect our security a lot, but without it, we could be compromised a little bit. If updates are delayed by a couple of hours, there's an opportunity for the bad actors to execute something in that time frame. It gives us a little bit more security, but it's not like it's a high-severity situation.

Overall, they're doing great with the features. They're improving them day by day and year by year, which is really good. They're making new products that are compact inside, which is also really good. Instead of a full rack, they have tiny devices that have the same or even better performance compared to the bigger ones. They are doing well in improving the units, features, and security.

For how long have I used the solution?

I've been using Palo Alto Networks NG Firewalls for eight years.

What do I think about the stability of the solution?

They're very reliable and stable. Compared to some of the competitors, they're more reliable.

Buyer's Guide
Palo Alto Networks NG Firewalls
March 2024
Learn what your peers think about Palo Alto Networks NG Firewalls. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,234 professionals have used our research since 2012.

What do I think about the scalability of the solution?

The scalability is also good. They provide good options for scaling. The only thing that I would think about is that, in the newer firewalls, they have increased the performance but decreased the number of concurrent VPN connections or users. The new, compact devices have better performance, but they have reduced the number of users that can connect. Maybe that's a marketing strategy to sell higher-end models.

In my organization, everybody is using the Palo Alto firewalls because they're connected to the VPN, but the management and operations aspects are limited to the folks in IT.

How are customer service and support?

These firewalls used to bring a lot of value to us, but in my practical experience, in the last three years at least, they have been lagging behind their competitors. The main issue is the support that we can get.

For example, in the past, if something happened, we could just give them a call and open a ticket, and we would have technical support right away to help us. Whether it was a severity-one, critical incident, where we had no connectivity, or just a minor or medium-severity issue, we used to get support right away. But in the last three years, it has been really hard to get hold of an engineer. I have reached out a couple of times to give them a heads-up, "This is a ticket I opened three days ago. I'm trying to get a hold of anybody."

It's okay that they force us to open a ticket on the portal, but after opening a ticket, it's really hard to get support when you need it. You have to wait for them to get back to you and sometimes it's random. And the biggest problem I have is that you have to wait hours on the line when you're calling them to get a hold of the next available engineer.

They should make it easier to get in touch with their TAC. This is what they have called transforming the customer experience, but I believe it's getting worse. That's the only thing they have to improve. When you do get someone, the support from their end stands out, it's a nine out of 10. But getting a hold of an engineer is a two out of 10.

How would you rate customer service and support?

Neutral

How was the initial setup?

The initial setup is very straightforward. You need to connect through the portal manager and to the IP that you want to access remotely. And pushing the configuration from other devices is very easy. They provide tools so that you can get the configuration from competitors' devices and convert that into the Palo Alto version. It's very easy to configure initially and to manage as well.

On the maintenance side, it's really good. We don't have to put a lot of effort into that.

What other advice do I have?

The security and performance of the PA-400 series of Palo Alto NGFWs, versus its price, is really good. It's very inexpensive and has good performance compared to the previous higher-end 3000 models.

Palo Alto provides Panorama where you can manage a bunch of firewalls from a single pane of glass or just one device. It allows you to manage all of the firewalls in one, integrated location. You don't have to make a chain of 50 different firewalls. It will push what you need to be changed to all the other firewalls. We used to use it, but we got rid of it because we replaced all our Palo Altos with competitors' firewalls and we don't use Palo Alto anymore, other than for VPN. We have six firewalls in our organization right now, although we used to have 35 to 40. Because we no longer have a lot of firewalls, we got rid of Panorama. We don't want to pay for it to just manage six firewalls where we are not making any changes frequently. If we had 35 or 40 still, I would definitely recommend having Panorama.

Panorama is for managing the rules. It saves time on configuration, but it doesn't affect your security posture. Whether you're managing each firewall or using Panorama, it's exactly the same thing. But it helps you to execute changes in a very short period of time. It's a way of pushing the config to all your devices.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Network Analyst at a recreational facilities/services company with 1,001-5,000 employees
Real User
Its single pane of glass makes monitoring and troubleshooting more homogeneous
Pros and Cons
  • "With its single pane of glass, it makes monitoring and troubleshooting a bit more homogeneous. We are not looking at multiple platforms and monitoring management tools. It is more efficient from that perspective. It is more of a common monitoring and control system for multiple aspects of what used to be different systems. It provides efficiency and time savings."
  • "Once in a while, they have new features being released that can be buggy. My criticism is more general to all sorts of network or security devices. In general, everybody is releasing less-tested software. Then, it usually ends up that the first few customers who get a new release need to end up troubleshooting it."

What is our primary use case?

It is our main Internet firewall. It is used a lot for remote access users. We also use the site-to-site VPN instance of it, i.e., LSVPN. It is pretty much running everything. We have WildFire in the cloud, content filtering, and antivirus. It has pretty much all the features enabled.

We have a couple of virtual instances running in Azure to firewall our data center. Predominantly, it is all physical hardware.

I am part of the network team who does some work on Palo Alto Networks. There is actually a cybersecurity team who kind of controls the reins of it and does all the security configuration. I am not the administrator/manager in charge of the group that has the appliance.

How has it helped my organization?

With its single pane of glass, it makes monitoring and troubleshooting a bit more homogeneous. We are not looking at multiple platforms and monitoring management tools. It is more efficient from that perspective. It is more of a common monitoring and control system for multiple aspects of what used to be different systems. It provides efficiency and time savings.

What is most valuable?

It is fairly intuitive. 

The central management of Panorama actually works. It is what FortiManager aspires to be, but Panorama is usable. You can push config down, do backups, and use templates from other sites, copying them over. The reliability and throughput, plus Panorama's control features, are its main selling features.

It is a combined platform that has different features, like Internet security and the site-to-site VPN. Previously, there were different components that did this. If it was a remote access VPN client, then you would have to go onto one platform and troubleshoot. If it was a site-to-site, it was on a different platform so you would have to go onto that one. It would be different command sets and troubleshooting steps. From that perspective, having that combined and all visible through Panorama's centralized management is probably one of the better benefits.

We had a presentation on Palo Alto Networks NG Firewalls a few years ago. I know the number of CPU cores that they have inside the firewall is crazy, but it is because they have to pack all the performance and analysis in real-time. It is fast. I am always amazed at the small PA-220s and how much performance they have with their full antivirus on it. They can pass 300-megabits per second, and they are just about the size of a paperback book. As far as how that single-pass processing impacts it, I am always amazed at how fast and how much throughput it has.

What needs improvement?

Once in a while, they have new features being released that can be buggy. My criticism is more general to all sorts of network or security devices. In general, everybody is releasing less-tested software. Then, it usually ends up that the first few customers who get a new release need to end up troubleshooting it. That is one of my criticisms because we have been hit by this a few times. I shouldn't single Palo Alto out as any better or worse than anybody else because they are all doing it now.

It is not like we are getting singled out. In some cases, we are looking for a new feature that we want to use. So, we upgrade and use it, and others are too, but the first release will tend to be a little bit buggy. Some of the stuff works great, but it is the newer features that you are usually integrating into your Windows clients where weird stuff happens.

For how long have I used the solution?

I use it every other day.

What do I think about the stability of the solution?

It is pretty reliable. All the services pretty much work. It is not too buggy. With any hardware/software manager these days, when you get new features, they tend to not be too thoroughly tested and can be buggy. We have been noticing this. For example, they had zero-touch deployment and the first few iterations just didn't work. While we have encountered a few bugs, I don't think they are any worse than anything else we get. The underlying hardware seems to be pretty reliable. You can do configuration changes, reboot and reload them, and they just keep coming back and work.

Our cybersecurity guys tend to do the patching and upgrades when they come around. When one of these things had a hard disk failure, they got that restored or replaced. For day-to-day maintenance, other than typical operational changes and troubleshooting, I don't think there is that much maintenance to be done. Every few weeks, there is probably somebody who goes for a few hours and checks the various patch levels and possibly does upgrades.

The upgrades are fairly easy to do. You just download the software, the central management system, and tick off the devices that you want to deploy it to. It will automatically download it. Then, you just sort of schedule a reboot. I don't know how many hours per week or month people put into it, but it is pretty reasonable.

What do I think about the scalability of the solution?

We have about half a dozen core firewalls and 30 to 40 remote firewalls. We haven't hit any scaling limitations yet. What we have is functioning well. At some point, our main firewall in our data center might be overwhelmed, but it has pretty high throughput numbers on it. So far, we haven't hit any sort of limitations. So far, so good.

The physical appliances are sort of tiered. You have your entry-level, which is good for 300-megabits of threat detection. The next ones have 800-megabits of threat detection. So, if you have a site with around 50 people, you can get the entry-level. However, there is always a point that if you have too many users doing too many things then the physical appliance just can't handle it. Then, you need to upgrade to a higher-level appliance. This is expected. When that happens, we will just sort of get the higher-level model or plan for two years of growth to get the right size. Therefore, as far as scalability, it just comes down to planning. 

As far as the management platform, that would be more of a case of just adding CPU cores into your virtual machine as well as more memory. So far, we haven't had any scalability limitations. It is possible that we will see it at some point, but we haven't so far.

How are customer service and support?

This is not Palo Alto-specific. It seems to be across all the different vendors that there is a little bit of a hit-and-miss on whether you get a tech person who knows what they are doing and are interested in your problem. When you call frontline support, you can get somebody who doesn't know what they are doing and puts you off. Or the next time you call, you can get a tech who is on the ball and super helpful. This is sort of a smaller problem. It is a bit of a crapshoot on how good the support will be. I would rate the frontline technical support as five or six out of 10.

If it tends to be more of a critical problem, and you involve the sales team, then you are forwarded onto somebody who really knows what they are doing. However, the frontline support can be hit-and-miss. Their second-tier support is really good. 

The top-tier support is 10 out of 10. We did have some more serious problems, then they put one of their engineers on it who has been amazing.

Overall, I would rate the technical support as eight out of 10.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I did work with Cisco ASA, prior to FireEye, where they purchased and integrated it as sort of the next generation part of their ASA. 

One of our remote access solutions for remote access clients was Cisco ASA. That was just getting to its end-of-life. It actually worked quite well. It was pretty hands-off and reliable, but the hardware was getting to end-of-life. Because we had the Palo Alto capable of doing similar functions, we just migrated it over. 

It was similar for our site-to-site VPN, which was Cisco DMVPN that we are still using, but we are migrating off it since its hardware is reaching end-of-life. By combining it into the Palo Alto umbrella, it makes the configuration and troubleshooting a bit easier and more homogenous. 

Before, it was just different platforms doing sort of similar but different functions. Now, we are using similar platforms and devices rather than having three different solutions. This solution is sort of homogenized; it is sort of all in one place. I suspect that makes security a bit more thorough. Whereas, we had three different platforms before. Some of the delineation isn't clear, as they sort of overlap in some respects to what they do, but having it in one location and system makes gaps or overlaps or inconsistencies easier to spot.

How was the initial setup?

I was gone for a few years when they brought this in.

Adding additional appliances is very straightforward. 

What was our ROI?

Having one manager/system with a common interface and commands, rather than three or four, is more efficient.

What's my experience with pricing, setup cost, and licensing?

It is expensive compared to some of the other stuff. However, the value you get out of it is sort of the central control and the ability to reuse templates.

It is a good product, but you pay for it. I think it is one of the more expensive products. So, if you are looking for a cheaper product, there are probably other options available. However, if you are looking for high performance, reliable devices, then it has kind of everything. Basically, you get what you pay for. You can get other firewalls for cheaper and some of the performance would probably be just as good, but some of the application awareness and different threat detections are probably superior on the Palo Alto Networks.

What other advice do I have?

As far as a firewall solution, it is one of the best ones that I have seen. It is fairly expensive compared to some of the other ones, but if you have the money and are looking for a solid, reliable system, then Palo Alto is the way to go.

For what we use it for, the solution is good.

I am part of the network team. There is a cybersecurity team who has control of its reins and does all the security configuration. I am not the administrator of it or a manager in charge of the group with this appliance.

I find the whole machine learning and AI capabilities a bit overhyped. Everybody throws it in there, but I'm actually a little bit suspicious of what it is actually doing.

I don't follow or monitor some of the day-to-day or zero-day threat prevention protection abilities that it has. 

I would rate the solution as nine out of 10, as I am always hesitant to give perfect scores.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Palo Alto Networks NG Firewalls
March 2024
Learn what your peers think about Palo Alto Networks NG Firewalls. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,234 professionals have used our research since 2012.
Director IT Security at a healthcare company with 501-1,000 employees
Real User
Good threat hunt capabilities, good support, and easy to deploy
Pros and Cons
  • "Mechanically, all firewalls work in a similar fashion, but what makes Palo Alto different is that it also has some of the threat hunt capabilities. It is a little bit better than other vendors."
  • "As things are evolving, we want to make sure that Palo Alto is able to keep up with what is going on outside. They should continue to do more intelligence-related enhancements and integrate with some of the other security tools. We want to have a more intelligent toolset down the road."

What is our primary use case?

Basically, it is for protection and security. We are using it to make sure that our network is as secure as possible. We are able to evaluate each stack in each pocket and take certain actions as needed when we look into some of the content of the payload. 

We have on-prem deployments, and we also have SaaS-based services.

What is most valuable?

Mechanically, all firewalls work in a similar fashion, but what makes Palo Alto different is that it also has some of the threat hunt capabilities. It is a little bit better than other vendors.

What needs improvement?

As things are evolving, we want to make sure that Palo Alto is able to keep up with what is going on outside. They should continue to do more intelligence-related enhancements and integrate with some of the other security tools. We want to have a more intelligent toolset down the road.

For how long have I used the solution?

We implemented this solution last year.

What do I think about the scalability of the solution?

We currently have 25,000 users. Its usage won't increase a lot, but IT is changing very rapidly, and it would depend on the security model towards which we are moving. 

How are customer service and technical support?

Palo Alto provides pretty good support.

How was the initial setup?

It is straightforward. The deployment duration varies because there are different modules and components, but it doesn't mean that we have to complete everything to make it work. For the core piece of it, it would probably take a couple of months to install, configure, and test.

What about the implementation team?

We have a vendor to help us. We have two or three people for its deployment.

What's my experience with pricing, setup cost, and licensing?

It has a yearly subscription.

What other advice do I have?

I would recommend this solution. I would rate Palo Alto Networks NG Firewalls an eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Senior Network Security Engineer at a tech services company with 51-200 employees
Real User
Top 5
The configuration is quite simple to understand, but the functionalities are limited
Pros and Cons
  • "The configuration is quite simple to understand."
  • "The functionalities are limited."

What is our primary use case?

We use the solution to access clients.

What is most valuable?

I like the configuration of the product. The configuration is quite simple to understand. The product is easy to manage.

What needs improvement?

The solution has a lot of features. However, there are no deep configurations available. The functionalities are limited. Other products offer more customization.

For how long have I used the solution?

I have been using the solution for the last five years.

What do I think about the stability of the solution?

The product is stable.

What do I think about the scalability of the solution?

The product is currently being used by three of our customers. We provide them with dedicated VMs.

How are customer service and support?

The local support is good. The response is slow when I try to reach out to technical support on the customer portal. It might be because the tickets I raised were P3 or P4 tickets. However, I do not get proper responses for P2 tickets either. I get a good response when I call support directly.

Which solution did I use previously and why did I switch?

We also use FortiGate, Check Point, Forcepoint, and SonicWall. We use the tools based on our clients’ requirements.

How was the initial setup?

The initial installation was easy. It was not difficult for me because I am familiar with many products.

What was our ROI?

The solution is worth the money. However, there are other tools that provide features similar to Palo Alto but are less expensive.

What's my experience with pricing, setup cost, and licensing?

The solution’s cost is a little high compared to other products.

What other advice do I have?

I will recommend the tool to others. It is a fine product. If someone is looking for DLP and other features, the product might not suit them. The product has good URL filtering features. Overall, I rate the solution a seven or eight out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
IT Network Engineer at a energy/utilities company with 201-500 employees
Real User
Top 20
Supports Single Pass Architecture, stops any attack on the line, and saves time
Pros and Cons
  • "I like all the threat alerts and WildFire. I also like scanning because everything that comes into our network via customers is scanned. We're an electric company, so every one of the bills is scanned and emailed in and out of our network."
  • "I like the reports, but I wish the reporting was a little better. When I set up the automatic reports to come in, they're pretty basic. I would like them to be a little more advanced at the ACC monitoring and things like that. I still enjoy all the daily alerts that I get and all the daily PDFs and reports, but I just feel that it could expand upon the visualization of the reports."

What is our primary use case?

We use it for our edge firewalls and our east-west and north-south traffic for our firewalls. We have also deployed each firewall to every site for our Layer 3 connections back to our data center.

How has it helped my organization?

Since we've integrated it into our east-west traffic and north-south traffic, I feel that it has reduced the number of viruses or other things in our endpoints. I wish to expand it more all the way to our endpoint computers so that we have end-to-end firewall security through Palo Alto.

It provides a unified platform that natively integrates all security capabilities. This is very important to me because I'm in IT infrastructure. I take care of the entire operations network and everything that flows north and south, east and west, and inside and out of our data center. It's very important that we have Palo Alto to protect us.

It embeds machine learning in the core of the firewall to provide inline, real-time attack prevention. When any packet comes through the network, everything is like a first pass. It goes through every single part of our network, and we don't have a delay in alerts or network security. It stops any attack on the line.

What is most valuable?

I like all the threat alerts and WildFire. I also like scanning because everything that comes into our network via customers is scanned. We're an electric company, so every one of the bills is scanned and emailed in and out of our network. 

What needs improvement?

I like the reports, but I wish the reporting was a little better. When I set up the automatic reports to come in, they're pretty basic. I would like them to be a little more advanced at the ACC monitoring and things like that. I still enjoy all the daily alerts that I get and all the daily PDFs and reports, but I just feel that it could expand upon the visualization of the reports.

For how long have I used the solution?

I've been using this solution for seven years.

What do I think about the stability of the solution?

The stability is great. They're not going anywhere. They're the industry leader.

What do I think about the scalability of the solution?

It doesn't matter whether you are small or large, Palo Alto will fit your needs.

How are customer service and support?

I'm in Pacific Standard Time. During the day, I have great support, and after 5:30, I don't have great support. During my business hours, I would rate their support as a ten out of ten. I love Palo Alto's support. However, at night, when the sun changes and I go to a different area, it's not always the best at level 1. If the incident was like having a system down, the support would be better, but after hours or 5:30, I have a harder time.

Which solution did I use previously and why did I switch?

We were using Cisco ASA. We switched because of its ease to use and the GUI. There is also Single Pass Architecture, which is related to the way a packet flows through our network. It doesn't have to go through one area into another area. It's all at one, and it just separates. It gives me the best visibility of our network and firewalls.

What was our ROI?

It has decreased the time of technicians in researching the vulnerabilities. We also do web filtering, so that helps. Web filtering has changed things because we used to use Websense, and it's night and day.

What's my experience with pricing, setup cost, and licensing?

It's very expensive. However, we usually use all of the subscriptions and threat alerts on any firewall that uses the internet. For each edge security endpoint, we use all subscriptions. Otherwise, we just utilize the threat alert, the antivirus, WildFire, etc.

What other advice do I have?

Palo Alto is the best firewall company. Whether you're a small company or a large company, it will fit your needs.

By attending this RSA Conference, I was hoping to find new security solutions. However, I seem to like my existing Palo Alto security solutions. In terms of the impact of the RSA Conference on our organization’s cybersecurity purchases, it depends on what we're looking for at the time of attending an RSA Conference. Right now, we're looking for something that I didn't really see here. We're looking for security, but this means we need a security operations center (SOC), whereas we're small. We just don't have that type of network. This is almost too much. However, that's why we have Palo Alto Networks.

I would rate it a nine out of ten. It's not perfect, but it's pretty good. Palo Alto is the best firewall security network that I could possibly purchase.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Program Manager, Cybersecurity at a wholesaler/distributor with 1,001-5,000 employees
Real User
Provides good security and visibility, and integrates well with our SIEM
Pros and Cons
  • "The most valuable feature is advanced URL filtering. Its prevention capabilities and DNS security are also valuable. It pinpoints any suspicious activities and also prevents the users from doing certain things."
  • "Palo Alto should improve their support. It's sometimes difficult to get the right technician or engineer to fix the problem as soon as possible."

What is our primary use case?

We use Palo Alto as our perimeter firewall. We also use the GlobalProtect VPN solution.

How has it helped my organization?

It gives visibility into different threats. There is a wide range of threats that can be identified.

We collect logs from Palo Alto into our Rapid7 SIEM solution. It's pretty well integrated. This integration is important because we don't necessarily want a solution from the same vendor. I know Palo Alto has Cortex for collection. Being open to other vendors in order to ingest the data or logs is a great thing.

Palo Alto has embedded machine learning in the core of the firewall to provide inline, real-time attack prevention, which is important because AI is the future. All cybersecurity companies are going to start using it. It's definitely a good thing. We just need to make sure that there's still the human component because AI can still fail.

Palo Alto has a wide range of different appliances or virtual machines. It can be installed anywhere from a small branch to a data center. It helps to secure small businesses to large enterprises.

What is most valuable?

The most valuable feature is advanced URL filtering. Its prevention capabilities and DNS security are also valuable. It pinpoints any suspicious activities and also prevents the users from doing certain things. For example, DNS security prevents users from reaching certain websites, so it's really interesting.

What needs improvement?

Palo Alto should improve their support. It's sometimes difficult to get the right technician or engineer to fix the problem as soon as possible.

For how long have I used the solution?

We have been using Palo Alto for at least five years. 

What do I think about the stability of the solution?

They're pretty robust. They also have Unit 42, which is their threat intelligence team. They make you feel safer because they can identify the threats and then implement protection from those into their firewall.

What do I think about the scalability of the solution?

Scalability is pretty good on the virtual side. Because the virtual environment licensing model is based on credit, if you don't wanna use UI protection tomorrow, you can get rid of it and use those credits for another product or another license.

How are customer service and support?

Because of the pandemic, there's a lot of turnover and the quality of the support technicians is not great. I hope they will improve. I would rate their support a seven out of ten.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

I didn't use any other solution previously.

How was the initial setup?

It was straightforward. They have great documentation. We use Palo Alto in the Azure environment, and their Azure documentation is one of the best documentation I've ever seen. It's very detailed. It can be confusing sometimes because there's a lot of information, but it's definitely good. They're good at documenting, and their knowledge base is really interesting for troubleshooting. There's a lot of useful information.

What about the implementation team?

We deployed it ourselves. We didn't use any company to deploy it.

What was our ROI?

It's hard to tell. It's preventing attacks, but I don't have any specific case where I can say whether a particular attack would not have been blocked by another vendor.

What's my experience with pricing, setup cost, and licensing?

It can be quite expensive, but there's a good incentive for the three-year contracts. The part that is especially confusing is for the virtual environment. The credits or the licensing system can be very confusing.

Which other solutions did I evaluate?

We didn't evaluate any other options.

What other advice do I have?

As a result of my experience with Palo Alto NGFW, to a colleague at another company who says, “We are just looking for the cheapest and fastest firewall,” I would say that the cheapest and fastest means there is a potential risk of breach. Even though Palo Alto is quite expensive, it definitely makes you feel secure. The configuration of the appliances or virtual machines is pretty straightforward, so you don't need to be highly trained in order to be the administrator of the platform.

It's important to attend an RSA Conference even if you're already a customer. That's because you might not be necessarily aware of the new products, so going to an RSA Conference can help you identify new solutions that may be valuable for your company. 

Attending an RSA Conference will have an impact on our organization’s cybersecurity purchases made throughout the year afterward. There are a lot of different vendors that I've found, and I will probably get in touch soon.

Overall, I would rate this solution a nine out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer:
PeerSpot user
Security Engineer at a non-tech company with 10,001+ employees
Real User
Effectively protects environment from threats, but the technical support is lacking
Pros and Cons
  • "In general, I appreciate the regular firewall function of Palo Alto Networks NG Firewalls."
  • "There is room for improvement in the area of customer service."

What is our primary use case?

We use Palo Alto Networks NG Firewalls with Prisma and cloud environments.

How has it helped my organization?

As a firewall, it effectively protects our environment from threats.

What is most valuable?

In general, I appreciate the regular firewall function of the Palo Alto Networks NG Firewall.

Overall, it is a good networking device product.

From my perspective, having machine learning integrated into the core of the Palo Alto NG Firewalls is very important for enabling real-time attack prevention.

As far as I know, the use of Palo Alto Networks NG Firewalls has resulted in reduced downtime, but I am not directly involved with that department.

What needs improvement?

One main issue I've encountered is customer service. Occasionally, when I open a request, it gets closed automatically, without any explanation, leaving me unsure of what happened to it. However, overall, the product itself works well. As for Prisma Cloud, it could benefit from some additional functionality, but the main issue is the lack of communication regarding closed requests.

There is room for improvement in the area of customer service.

For how long have I used the solution?

I have had experience working with Palo Alto Networks NG Firewalls for three or more years.

What do I think about the stability of the solution?

The stability of Palo Alto Networks NG Firewalls is good.

How are customer service and support?

Technical support is lacking. I would rate the technical support a seven out of ten.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

Previously, we worked with Cisco Secure Firewall.

We switched to Palo Alto Networks NG Firewalls because it was a good deal for the company.

How was the initial setup?

I was not involved in the deployment.

Which other solutions did I evaluate?

Another team was responsible for running the proof of concept.

What other advice do I have?

I don't have any knowledge or experience regarding the unified platform and native integration of all security capabilities provided by Palo Alto Networks NG Firewalls.

Based on my experience, evaluating the security solution for all workplaces from the smallest office to the largest data centers cannot be assessed by a single path. However, in general, the solution is performing its intended job well.

I would rate Palo Alto Networks NG Firewalls an eight out of ten.

Attending the RSA conference provided me with an enormous amount of knowledge on various topics such as new technologies, and threats in different environments, including cloud and on-premises. Which impacts my purchase throughout the year afterward.

One of our objectives is to search for new solutions, whether to replace current ones with more modern options or to explore new sandboxes, technologies, and vulnerabilities.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Cloud and Data Center Ops at a financial services firm with 201-500 employees
Real User
Provide a unified platform that natively integrates all security capabilities
Pros and Cons
  • "The most valuable aspect of this solution is pre-sales and post-sales because of the support and relationship building."
  • "The solution could be more cost-effective."

What is our primary use case?

We chose Palo Alto Networks NG Firewalls to replace our outdated firewalls.

How has it helped my organization?

The overall security of the organization has been improved.

What is most valuable?

The most valuable aspect of this solution is pre-sales and post-sales because of the support and relationship building.

Palo Alto Networks NG Firewalls provide a unified platform that natively integrates all security capabilities. 

The integration of all security capabilities in Palo Alto NG Firewalls provides a unified platform, which is crucial as it reduces complexity.

Having machine learning embedded in the core of the solution for in-line, real-time attack prevention is of great importance to us, it is a top priority. 

This is significant because it enables automation, reducing the number of man-hours needed.

When evaluating the ability of Palo Alto Networks NG Firewalls to secure data centers consistently across all workplaces, I would give it a rating of eight out of ten.

By using Palo Alto Networks NG Firewalls, we have been able to decrease our downtime by several hours per month.

What needs improvement?

The solution could be more cost-effective.

For how long have I used the solution?

I have been using Palo Alto Networks NG Firewalls for two years.

What do I think about the stability of the solution?

Palo Alto Networks NG Firewalls is a very stable solution.

What do I think about the scalability of the solution?

Palo Alto Networks NG Firewalls are easily scalable.

Which solution did I use previously and why did I switch?

We previously used Barracuda Networks.

We switched to Palo Alto Networks NG Firewalls after having a bad experience with our previous vendor for firewall solutions.

Palo Alto is more forward-thinking when compared to Barracuda.

How was the initial setup?

I was involved in the initial setup. It was complex in multiple ways.

The solution itself is not a simple solution.

What about the implementation team?

An integrator assisted us with the deployment.

They were helpful and knowledgeable.

What was our ROI?

I have experienced a return on investment with Palo Alto Networks NG Firewalls. One benefit is that there are fewer man-hours required for deployment and maintenance.

What's my experience with pricing, setup cost, and licensing?

That solution's pricing and/or licensing are very convoluted.

What other advice do I have?

Based on my experience with Palo Alto Networks NG Firewalls, if a colleague at another company said they were only looking for the cheapest and fastest firewall, I would not recommend Palo Alto.

I would rate Palo Alto Networks NG Firewalls a nine out of ten.

Attending an RSA conference provides high value and helps us to see the impact of our organization's cybersecurity purchases annually.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Palo Alto Networks NG Firewalls Report and get advice and tips from experienced pros sharing their opinions.
Updated: March 2024
Product Categories
Firewalls
Buyer's Guide
Download our free Palo Alto Networks NG Firewalls Report and get advice and tips from experienced pros sharing their opinions.