Palo Alto Networks NG Firewalls Room for Improvement

Solutions Architect at a comms service provider with 501-1,000 employees
Palo Alto needs to adjust their pricing a little bit. If they would work on their pricing to make it more cost-effective and bring it in line with their high-end competition, it would be extremely disruptive to the industry. They rank among the best firewall solutions, but because of pricing — even if it is deserved — they cut themselves out of consideration for some companies based on that alone. View full review »
Georges Samaha
Security Consultant at a tech services company with 501-1,000 employees
The solution would benefit from having a dashboard. From a normal IPS after attack, routine attack and threat detection attack, in other words, the standard IPS detection attack, I don't see Palo Alto as very good compared to others. The standard network IPS functionality could be better. It's there in solutions like McAfee or Tipping Point, however, I don't see it here in this solution. View full review »
Jonny Su
IS&S Europe and Global Infrastructure Manager at a manufacturing company with 10,001+ employees
I think they need to have a proper hardware version for a smaller enterprise. We had to go to a very high-end version which is very expensive. If we chose the lower-end version, it would not meet our goals. A middle-end is missing in its portfolio. For example, there's the PA820 and the PA220, but there's nothing between. So they are really missing some kind of small-size or medium-size usage. Right now, you have to choose either a big one or you have a very small one, which is not really good. In the next release, it would be helpful if there was some kind of a visualized feature that showed the traffic flow, or something like that, to be able to simulate. When we define something if we could see a simulation of how the flow will be treated that would be great. Because today everything is done by experts by checking logs, but it's very time-consuming. If there's also a simulator to use when you apply some configuration, you can also apply on the simulator, to copy the configuration. So, you can see maybe to generate some traffic and to see how it will be treated. That will be very good. View full review »
Learn what your peers think about Palo Alto Networks NG Firewalls. Get advice and tips from experienced pros sharing their opinions. Updated: January 2021.
456,249 professionals have used our research since 2012.
Mark Gleghorn
President at MT-Data
We're working with the entry-level appliances, so I don't know what the higher-end ones are like, however, on the entry-level models I would say commit speeds need to be improved. The appliances I'm working on are relatively old now. We're talking five-year old hardware. That slow commit speed might be addressed with just the newer hardware. However, even though it is slow, the speed at which they do their job is very acceptable. The throughput even from a five-year-old appliance shocks me sometimes. Currently, if I make changes on the firewall and I want to commit changes, that can take two or three minutes to commit those changes. It doesn't happen instantly. The solution doesn't offer spam filtering. I don't know whether it's part of their plan to add something of that aspect in or not. I can always get spam filtering someplace else. It's not a deal-breaker for me. A lot of appliances do that, and there are just appliances that handle nothing but spam. View full review »
Mahmoud Salaheldin
Security Unit Manager at EEMC
(Malware) On-prime scanning should be considered. Endpoint management (traps) better to be on-prime than cloud. QoS, It should be more sophisticated than it is now. TAC support should cover meddle east area by Arabic support, such as in France, Germany, Italy and Japanese. View full review »
Team Lead Network Infrastructure at a tech services company with 1-10 employees
Palo Alto has all the features that any firewall should have. Other firewalls should actually copy Palo Alto so that they can provide better stability, performance, and protection - at levels that are at least at Palo-Alto's. This isn't necessarily an issue with the product per se, however, sometimes basically there are some features, depending on the customer environment, do not work as well. Sometimes some of the applications the customer has do not respond as they normally should. Palo Alto support needs to understand the customer requirements and details so that they can resolve customer queries more effectively. View full review »
Leandro Cardoso
Information Security Consultant at a tech services company with 11-50 employees
We always need to have a cable connected to the management interface in order to access the web interface. If I am only testing a solution for a client with a low-level firewall, which is a small series like PA-820 or PA-220, I will have to connect one more cable for the management interface. Most of the time, I already have so many cables, and adding one more can be an issue. I don't think it is something that they can improve. View full review »
Mustafa Arrabi
IT Manager at a tech services company with 51-200 employees
Palo Alto has a good product and end-user experience. It's great. They can maybe add more processing power to their hardware. That's it. Sometimes it's stuck and you need to restart it. They have been adding a lot of things, so we need to upgrade for the new features. View full review »
Khawaja AhsanZia
Network Security Engineer at a tech services company with 11-50 employees
There will always be room for improvement. On a daily basis you get patches for everything. They build new features, apply new technologies and new applications which need to be integrated and with that you get bugs. There are always issues, whether it's hardware or software. View full review »
Technology Manager at a comms service provider with 1,001-5,000 employees
We work very closely with the vendors here and at this point they use external support. Maybe they could add some tools and more competing services, like servers, but that would increase the cost of the solution. View full review »
Asad Mukhtar
Information Security Specialist at UAEU
There could be improvement with their logs, especially their CLI. When you go to the command line to understand the command line interface it's tricky and requires a deep understanding of the product. We recently faced one issue where the server side configuration changed and it wasn't replicated at the firewall. It required us to tweak things and now it is working fine. Finally, the HIPS and audio call features could be improved. View full review »
Denis L
Sales Solutions Engineer at a tech services company with 501-1,000 employees
The manufacturer can improve the product by improving the configuration. Some of the menus are difficult to navigate when trying to find particular features. It is not entirely intuitive or convenient. You might need to configure a feature in one menu and next you need to go to another tab and configure another part of the feature in another tab. It's not very user-friendly in that way. On the other hand, it's still more user-friendly than using the console. But this is certainly one feature they can improve. View full review »
MIhajlo MItev
System Administrator at a mining and metals company with 51-200 employees
Its price can be improved. It is expensive. Other vendors have pre-configured policies for the protection of web servers. Palo Alto has an official procedure for protecting the web servers. Many people prefer pre-configured policies, but for me, it is not an issue. View full review »
Security Presales Solutions Architect at a tech services company with 201-500 employees
They can work on the price. They are a little bit expensive, and not all customers are able to afford this solution. Taking into consideration that there is huge competition in the market and there are multiple firewall companies that are much cheaper than them and offer almost the same features, it would be good to improve the price. View full review »
The initial configuration is complicated to set up. You really have to know what you're doing. I attribute that to all of the features and functions that are built into the product. Luckily, Palo Alto has a great support site and you can find contractors who are knowledgeable in the technology. View full review »
Rakesh Rawat
Network Engineer at Acliv Technologies Pvt Ltd
Overall it is good. It is reliable and easy to understand. However, the monitoring feature could be improved. They have many solutions already. I don't think I have seen any missing features. Every device has different functions, but as a firewall, this solution has a lot. View full review »
Kamlesh Ridhorkar
Sr. Solution Architect at a tech vendor with 501-1,000 employees
The GSW needs some improvements right now. The endpoints could use improvement. The solution is mostly a cloud solution now, and there are a lot of competing solutions that are playing in the space and may be doing things a bit better. The pricing could be improved upon. View full review »
Partner Alliance Director at a comms service provider with 1,001-5,000 employees
The ability to check cases could be improved upon. We find that most of the packets we have to directly open with the PA. Until then, it's possible that there cannot be any support. Take, for example, the XDR. The XDR is the real power to all our solutions from PA, however, when we are using their XDR, we have directly to contact PA. It's like this for the licensing or for any technical issues. The solution could offer better pricing. We'd like it if it could be a bit more affordable for us. The solution should offer SD-WAN. View full review »
Vice President & Head Technology Transition at a tech services company with 10,001+ employees
The support could be improved. The next release could use more configuration monitoring on this one, and additional features on auditing. View full review »
Vice President and Head - IT Telecom, Software License Management and Collaboration at a tech services company with 10,001+ employees
The interface contains some decentralized tools, so simplifying it would be an improvement. I would like the option to be able to block the traffic from a specific country in a few clicks. Some of the implements under artificial intelligence should provide better visibility in terms of my traffic, such as where it originates and where it is going. Better integration with industry tools would allow me to do quicker automation and reduce my operational costs. View full review »
Antonio El Khoury
System Engineer at IRIS
The price is expensive and should be reduced to make it more competitive. Information about Palo Alto products is more restricted than some other vendors, such as Cisco, which means that getting training is important. The traps should be improved. I would like to see better integration with IoT technologies. Having a unified firewall for OT and IT would be very good. View full review »
Jean Maurice Prosper
Chief Executive Officer at a tech services company with 11-50 employees
The support needs improvement. Also, better reporting of errors would be good. View full review »
Aleksandar Jovanovic
System Engineer at E-smart systems
The only thing that is a little strange is in Policy-Based Forwarding. When you delete and add a new rule, because of the one hundred rule limit, if the new rule has an ID that is greater than one hundred, even though you have fewer than that, it will not work. The same thing happens when you are renaming a rule. The new rule will have a new ID, so it is possible for it to be greater than one hundred. This can be easily fixed by using one command from CLI, but you have to be aware of it. View full review »
Senior Technical Consultant at Exclusive GRP
Most customers ask about the choice of features. It's limited. It's not arranged well for users. Also, customers don't want to buy extra things for extra capabilities. I would like to implement individual profiles for each user. Capability, in general, is limited. View full review »
Director, Middle East, East India & SAARC at a tech services company with 51-200 employees
The VPN connectors should be better. We had some challenges in terms of the VPN with Palo Alto Networks NG Firewall, and that's one of the main reasons why we moved to Sophos. Its load handling can also be improved. There were challenges when traffic was high. During peak business hours, it did not function very well. There was a lot of slowness, and the users used to complain, especially when they were connecting from outside. We even reported this to the support team. Their support should also be improved. Technical support was a bit of a concern while using this solution. We didn't get very good support from the Palo Alto team. View full review »
Cyber Security Solutions Architect at a tech services company with 10,001+ employees
I don't see any specific room for improvement. The user interface is probably not as slick as it could be. View full review »
Kenneth Ndaruga
Service Delivery Engineer - Network Security Lead at a tech services company with 51-200 employees
The interface could be improved visually and simplified. It sometimes feels like some of the features are hidden and not easy to find. View full review »
Senior Network Engineer at a tech services company with 201-500 employees
They've improved a lot of things but we'd like to see more mobility between on-prem and cloud based. I'd also like to see security synchronization between the firewalls. Managing can be difficult. View full review »
Infrastructure Architect at a tech services company with 51-200 employees
Having a better pricing model would make this product more competitive, and more affordable for our customers. View full review »
Ibrahim Ghanem
Head of Information Network Security at FRA
The solution needs some management tool enhancements. It could also use more reporting tools. And if the solution could enhance the VPN capabilities, that would be good. View full review »
System Engineer at a non-profit with 10,001+ employees
This solution is very stable, but Cisco devices are stable at the hardware level. Palo Alto hardware is not equal to the level of the Cisco Device. The hardware is weak. In the next release, I would like to see faster support and the integrated system a 5G network, a next-generation firewall, and endpoint security. I would like a collaboration system and reporting ASA policy needs to be smarter. View full review »
Sales Engineer at a wholesaler/distributor with 51-200 employees
The support in our country can be slow sometimes. It's a slow website. It could also use better customer support. View full review »
Thameem Ansari
Solution Architect at a tech services company with 201-500 employees
There are some options available in other firewall products that are not supported, so there is room for improvement in that regard. Technical support could be faster. The cost of this firewall could be cheaper. View full review »
CIO/CTO at a manufacturing company with 501-1,000 employees
The way that the roles are made, specifically with how you specify the path, could be simpler. View full review »
Humbert Choi
Cyber Security Trainee at Macroview Telecom Limited
I would like to see better third-party orchestration so that it is easier for the team to work with different products. Improvements should be made in the Cortex module. View full review »
Jan Hammer
Marine Consultant/Captain/Senior DPO at Jan Arild Hammer
Its price can be better. They should also provide some more examples of configurations online. View full review »
Shrihari Taluri
Senior Network Security Engineer at Locuz Enterprise Solutions Ltd
In the future, I would like to see more OTP features. The price of this product should be reduced. View full review »
Kenichi Harada
Assistant Manager at Net One Systems
The whole performance takes a long time. It takes a long time to configure. View full review »
Mike Hancock
Vice President, Security Engineering at a financial services firm with 1,001-5,000 employees
I wish that the Palos had better system logging for the hardware itself. View full review »
Partner at a tech services company with 51-200 employees
I would like integration with and RedLock. The data loss prevention (DLP) capabilities need to be beefed up. View full review »
Mohamed Farouk
CTO at a tech services company with 11-50 employees
Palo Alto NG firewalls can be improved in support of finance and banking. We need better affiliations for profiling the user. The product has some delay in the maintenance. They have to find some solution to make updates quicker. View full review »
Learn what your peers think about Palo Alto Networks NG Firewalls. Get advice and tips from experienced pros sharing their opinions. Updated: January 2021.
456,249 professionals have used our research since 2012.