We just raised a $30M Series A: Read our story

Palo Alto Networks Panorama OverviewUNIXBusinessApplication

Palo Alto Networks Panorama is the #4 ranked solution in our list of top Firewall Security Management tools. It is most often compared to AWS Firewall Manager: Palo Alto Networks Panorama vs AWS Firewall Manager

What is Palo Alto Networks Panorama?

Panorama network security management provides static rules and dynamic security updates in an ever-changing threat landscape. Reduce administrator workload and improve your overall security posture with a single rule base for firewall, threat prevention, URL filtering, application awareness, user identification, file blocking and data filtering.

Palo Alto Networks Panorama Buyer's Guide

Download the Palo Alto Networks Panorama Buyer's Guide including reviews and more. Updated: October 2021

Palo Alto Networks Panorama Customers

University of Arkansas, JBG SMITH, Temple University, Telkom Indonesia

Palo Alto Networks Panorama Video

Pricing Advice

What users are saying about Palo Alto Networks Panorama pricing:
  • "You can buy the hardware only and each box is not even $10,000. It's only $8,000 for the unit itself. However, then you are charged a three-year license at $81,000."
  • "The price of the licenses could be lower. Still, because we have Panorama with 25 firewalls, Palo Alto gives us a good discount."
  • "We're a reseller, and we're an MSSP. So, we get some extreme discounts."
  • "Its cost is quite high."
  • "The solution is priced well and there is a license for this solution that we pay annually for."

Palo Alto Networks Panorama Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
JamesJiang
IT Security Analyst at a energy/utilities company with 51-200 employees
Real User
Top 10
Easy to manage with a straightforward initial setup and good stability

Pros and Cons

  • "The product can scale."
  • "The solution is extremely expensive. You can integrate it with other Palo Alto products, however, it ends up being too much."

What is our primary use case?

We use the solution for segregation. We also use it as a gateway in order to do URL filtering on the DNI as a security measure. We use the product's global protective VPN as well. 

How has it helped my organization?

The application ID, this kind of technology, has a very high-level check. It makes everything more secure for your enterprise network. Otherwise, fake applications can sneak in. 

If you're using application ID, they check the high side, the traffic, and they analyze everything. They see if it's a normal application. They're working closely with each vendor, to make it easy to identify applications. For the hackers or malicious traffic, they can see it and block it. 

What is most valuable?

I like the user ID and the application ID as it's easy to identify the popular applications and the EZT does the security checking in regards to the user and the application ID.

The initial setup is very easy.

The solution is easy to manage. It has a good interface as well.

The solution is stable.

The product can scale.

The solution offers good integration potential.

What needs improvement?

While Palo Alto is the leading firewall worldwide, it's so pricey. Other products like Checkpoint still do the job, and yet it's way cheaper than Palo Alto. The solution is extremely expensive. You can integrate it with other Palo Alto products, however, it ends up being too much.

Palo Alto prefers the VM version. However, for the VM level, often we have a migration from one host, VM host, to another host, and then the network jobs. And they're not fully redundant. With VM, the purpose is easy migration from one host to another one. That's the purpose of VM in play, however, if you want to have high availability or redundancy, you have to purchase two licenses - one on one host, another one on another host - and it costs a lot of money to do that. 

Technical support could be better.

For how long have I used the solution?

I've used the solution for about five to seven years at this point.

What do I think about the stability of the solution?

It is a stable solution. With the cloud, you don't even touch the physical box at all. However, for the traditional network guests, I like my stuff to be reliable. That's why I don't like the VM migrating from one host to another host. That's why I'm in the process of converting the VM back to the physical box using redundancy. That will be the network solution. I want my network available 24/7. 

What do I think about the scalability of the solution?

The solution is quite scalable.

We have about 150 people using the product currently.

How are customer service and technical support?

Support is awesome. However, it can depend. When you get a ticket and you take it to the proper person, they can give you a solution really quick, and the support is really good. That said, sometimes, if you are not lucky, you create a ticket and a salesperson or specialist runs it to a different person. Sometimes it takes a long time. Sometimes they make you do a lot of the work and ask you to send them reports or check certain things. If they run the ticket to the proper person, I can resolve the problem in 10 minutes. If they run my ticket to some other person, maybe it takes a whole day or two and I don't have time to play around.

I'd rate it as average, at maybe a five out of ten in terms of the service level you get in general.

Which solution did I use previously and why did I switch?

I previously used Juniper. I have experience with Cisco ASA as well. 

Currently, I use Microsoft Defender for my endpoint protection.

I switched when Palo Alto turned into the top firewall management solution. I did do research.

From the GRI management port, it's easier than Cisco ASA

How was the initial setup?

The solution is very easy to set up. I've been working for many years on this. I know the whole process is easy to start with some simple logarithmic management It's easy to manage. 

The deployment is fast. It usually takes about a day. On the first day, you get the management running on the UI. On the second day you need to get the traffic going through the certificate, and to do some proper security policies. That's all. Yes. To do it in one day is just a one-man job.

I manage the solution myself and maintain it every two months or so. Of course, if there are any issues in between these maintenance events, I also work on them.

What about the implementation team?

I did the implementation myself, however, five or seven years ago, I used a consultant and learned from him. I've likely done 20 or so firewalls myself at this point.

What's my experience with pricing, setup cost, and licensing?

The issue with Palo Alto is that the price is almost double other products such as Checkpoint, or Fortinet. There's no reason you price yourself to be double other brands.

I just did a call for renewing my license. I requested two redundancy units. The price, which was all-inclusive with WiFi, a VPN solution, a global VPN, et cetera - all of them bundled together, for two units, over three years, was $81,000.

You can buy the hardware only and each box is not even $10,000. It's only $8,000 for the unit itself. However, then you are charged a three-year license at $81,000.

What other advice do I have?

I'm just a customer.

I'm using the latest version of the solution.

I would rate the solution at an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
ITCS user
Lead Program Manager at a computer software company with 10,001+ employees
Real User
Top 5Leaderboard
Flexible, scalable and very user friendly

Pros and Cons

  • "You don't need an overly experienced workforce to handle Palo Alto. It's very easy to use."
  • "They need to do less bug-related releases and create versions that are stable for at least six months at a time. I don't find this issue in other solutions like Cisco, Check Point, FortiGate, or others. Those just provide a patch if there is a bug and we don't have to worry about downtime."

What is our primary use case?

We primarily use the solution for automation purposes and for security.

What is most valuable?

The underlying technology is very good, considering that we are moving to a work-from-home environment.

Panorama is a straightforward tool. Palo Alto is comparative to other firewalls. Some firewall tools are more user friendly, and, from a technical perspective, it is very user friendly as well. It's not like Check Point. We use a setup for offshore development centers. For all those ODCs, we usually use a Palo Alto device. We have few perimeter firewalls which are Palo Alto but for the perimeter predominantly we use Check Point.

You don't need an overly experienced workforce to handle Palo Alto. It's very easy to use.

The solution if extremely flexible and scalable.

What needs improvement?

There are too many OS upgrades. We've had six new versions in the past six months. Even if they are updating it to fix bugs, it's hard to keep pace with the change when you have 800 or more Palo Alto devices that you now need to update and upgrade.

We try to follow version minus one or two for security reasons. To keep pace with the changes, it takes us nearly six months as we have to check with the business, arrange downtime, and count and cover all devices.

These upgrades aren't just little fixes either. Whenever there is a new release, it requires an OS upgrade. It would be nice if there was some automation on the upgrades of the devices.

They need to do less bug-related releases and create versions that are stable for at least six months at a time. I don't find this issue in other solutions like Cisco, Check Point, FortiGate, or others. Those just provide a patch if there is a bug and we don't have to worry about downtime.

For how long have I used the solution?

We've been using the solution for close to seven years at this point. It's definitely been about six years.

What do I think about the stability of the solution?

The solution is very, very stable. There aren't too many issues on it once you get it up and running. We consider it reliable.

What do I think about the scalability of the solution?

The solution is very scalable. If a company needs to expand its services, it can do so rather easily.

We have different businesses running inside the organization. We have close to 800 devices, so it means about 800 different projects are using those devices. Each project has a firewall, so most of these, 80%, are on Palo Alto.

Which solution did I use previously and why did I switch?

We use Check Point as well, however, we don't really like it as much. It's not as user friendly.

Prior to this solution, we were using the ASA products and then Check Point. Check Point is a little complicated. I can use Check Point on my perimeter firewall, but not on my overseas businesses. That's what makes Palo Alto is more user friendly. I can use the GUI to do everything due to the fact that I don't need a skilled person to work on the Palo Alto. On Check Point, I have to go to CLA and do all the changes. 

 It's easy to upgrade or to do anything with the Palo Alto. Technically it's quite sound. It's dynamic, scalable, and there's a lot of things that can be done easily. Plus, I don't need an extremely experienced person to work on Palo Alto. Anybody with two or three years of experience can easily work on a Palo Alto device.

How was the initial setup?

The initial setup is not complex. It's pretty straightforward.

The deployment is easy and uncomplicated. It takes about an hour or so, if not less than an hour. It's pretty quick.

However, we have 800 or more devices. It takes about six months to deploy everything, especially if I have to do everything manually.

We have eight to ten people who manage deployment and maintenance.

What about the implementation team?

We haven't used an integrator or reseller. We handled the implementation ourselves in-house.

What's my experience with pricing, setup cost, and licensing?

In terms of licensing for Panorama and Palo Alto products, we have only the DMC cost and we are billed every year.

It's not overly expensive. It is comparatively okay if you look at other devices. Compared to the top three devices, pricing is okay due to the fact that you have multiple vendors who are selling firewalls and competing with each other for the same clients. 

What other advice do I have?

We're just a customer. We don't have a business relationship with the company.

We have multiple variants of the solution's model. Currently, we are using 8.1.15-H. We also have some virtual firewalls that are recently in Tokyo. We are using close to around 800+ Palo Alto firewalls. 

We're currently developing our virtual firewalls and have them in different locations. 

It is not just Palo Alto. We have other devices as well, so we have close to around 1300 plus firewall devices.

I would recommend the solution to others.

I'd rate the solution eight out of ten. If you need a perimeter type of device, Check Point may be a better option. However, for my businesses, I would choose Palo Alto due to its scalability and user-friendliness. It also has great security features. That said, if it didn't release so many new updates, I would rate it higher, simply due to the fact that so many upgrades requires a lot of work on our part.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Learn what your peers think about Palo Alto Networks Panorama. Get advice and tips from experienced pros sharing their opinions. Updated: October 2021.
540,884 professionals have used our research since 2012.
SM
Network Security Engineer at a financial services firm with 1,001-5,000 employees
Real User
When combined with WildFire, it's highly secure

Pros and Cons

  • "Compared to all of the other firewall vendors, Palo Alto is very secure."
  • "The initial setup can be complex."

What is our primary use case?

We use this solution because it provides us with a consistent security profile no matter the location. Regardless of users, we use the same configuration. 

We also use Panorama for management. Currently, all of our users are working from home — this solution has helped us manage everything. 

Over the next four years, we are planning on moving all of our data centers onto the cloud.  

What needs improvement?

Before I joined this organization, they experienced some issues when trying to set up zone protection parameters. Last week I applied a zone protection profile; for each and every branch, I had to apply a zone protection profile or modify existing metrics — I needed to physically go to each branch. When we originally deployed Panorama, we were managing the firewalls individually. After implementing all those firewalls and changing all of the templates, it's really hard to modify them. 

You can't just modify them with a single click, you need to physically go to each individual branch and make the changes yourself — we can't directly seal all of the fireworks. This needs to be improved. 

With version 9.1, when configuring it, if something goes wrong, then it reverts back to your original settings automatically. This is a nice feature but it's not available on the standard firewalls. If we didn't have Panorama and I was setting up some remote Palo Alto firewalls, after implementing my configurations, if I were to lose the configurations then I would lose firewall access. This isn't the case with other firewalls like Cisco and Juniper SRX where you can just put in a reminder in the last 10 minutes. 

For how long have I used the solution?

I have been using Palo Alto Networks Panorama for the past five years.

What do I think about the stability of the solution?

Besides the odd bug, Panorama is stable. From a management point of view, it's good. Even though we now have 25 firewalls, with a single click, we can add and submit a request. With a single click, we can apply changes to all 25 firewalls. Upgrading our remote locations, the firewalls, logs, and the reporting is all very easy. We can easily add more power and stability, it's nice.

What do I think about the scalability of the solution?

GlobalProtect is a great extension that you can add on. If something goes wrong with our cloud solution, then it will automatically fall back to our local physical firewalls across the globe. We have four different locations that GlobalProtect automatically connects to. At the moment, our company is expanding so we are adding more clients. 

How are customer service and technical support?

The technical support is pretty good. The best part about Palo Alto is that you can find answers with a simple Google search. Compared to other vendors, all of their technical data is online — for all of their solutions. Still, sometimes we prefer to use support. Sometimes it takes time as their technical team has to regenerate our issues in their lab, etc. 

How was the initial setup?

The initial setup can be complex. As I mentioned before, making modifications is very difficult. Before implementing, you need to plan carefully.

Our engineer made some mistakes when he was setting it up; we still experience some complications due to that as everything is already in place and we can't change it. 

What's my experience with pricing, setup cost, and licensing?

Licenses are available on a one to three-year basis. If you go for a one-year license, you won't get much of a discount. We have a three-year license for all of our firewalls. Currently, we have 25 firewall licenses.

Currently, we have around 20 TB of data. We are in the process of upgrading our licenses because we are adding more and more files.

The price of the licenses could be lower. Still, because we have Panorama with 25 firewalls, Palo Alto gives us a good discount. 

What other advice do I have?

I would definitely recommend Panorama to others. Compared to all of the other firewall vendors, Palo Alto is very secure. Personally, I'd say it's the best firewall vendor on the market. When combined with WildFire, it's highly secure; just make sure you configure it properly as there are a lot of viruses out there. 

Overall, on a scale from one to ten, I would give Panorama a rating of nine. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
TC
Cyber Ambassador at a comms service provider with 11-50 employees
Reseller
Top 20
Easy to use, updated regularly, and helpful for managing multiple environments, firewalls, and locations

Pros and Cons

  • "The entire ease of use is most valuable. If you're managing firewalls locally with PAN-OS, the look and feel of Panorama is the same. So, you don't have to relearn another product. If you're used to managing firewalls from Palo Alto, you can easily use Panorama to manage them. It looks and feels the same."
  • "Reporting might be an area to improve. It can provide reporting or some sort of graphical representation of your environment."

What is our primary use case?

We use it internally to manage the solutions that we provide to our customers. So, we use it to manage our own firewalls and Prisma Access. We also use it to manage managed firewalls. We can also resell it, but we don't tend to do too many panoramas.

We are using version 10.0.7, which is the latest one under version 10. We're not running 10.1 yet. We don't need to run that.

What is most valuable?

The entire ease of use is most valuable. If you're managing firewalls locally with PAN-OS, the look and feel of Panorama is the same. So, you don't have to relearn another product. If you're used to managing firewalls from Palo Alto, you can easily use Panorama to manage them. It looks and feels the same.

Our primary issue at the moment is to manage Prisma Access because we just switched over to using Prisma Access for our customers. My newest one is in North America. It is a great tool for that. The fact that you can push out your Prisma Access just dynamically and it changes into Prisma Access Cloud is fantastic.

What needs improvement?

It tends to move along fairly quickly in terms of features because it is a part of PAN-OS. We are waiting on one feature that's on the beta at the moment, but that's because we use Okta as our authentication.

Reporting might be an area to improve. It can provide reporting or some sort of graphical representation of your environment.

For how long have I used the solution?

I have been using it for probably two years.

What do I think about the stability of the solution?

There are no reliability issues.

What do I think about the scalability of the solution?

You can manage multiple environments, multiple firewalls, and multiple locations with it. So, it scales really well.

We have just a handful of admins. We have less than five of them.

How are customer service and technical support?

I have not used their technical support.

Which solution did I use previously and why did I switch?

We've always been Palo Alto. The founders of our company were ex-Palo Alto people, so it is always going to be Palo Alto.

How was the initial setup?

I've been using it for two years, but I didn't actually deploy those instances at Panorama. When we recently moved to Azure, I actually deployed it in Azure, and I had no issues. So, I was a complete rookie in terms of deploying it because I'd never done it before. I did that with minimal assistance from Palo Alto or anybody. So, I would say it is easy to deploy in the cloud.

In terms of updates, PAN-OS releases come every month, six weeks, or so. You have to be running a higher or equal level of Panorama to the firewalls that you're managing. If you're keeping your firewall environments up to date, you also have to keep your Panorama up to date, and with that comes new features. You have to plan for firewall updates more than Panorama, which is just managing other environments. You can pretty much update Panorama whenever you want. There is no customer or firewall outage when you update Panorama. It is just the reboot time. You just download it, install it, and reboot it, and you're done. It takes less than 20 minutes.

What's my experience with pricing, setup cost, and licensing?

We're a reseller, and we're an MSSP. So, we get some extreme discounts. 

What other advice do I have?

It is easy if you're used to managing firewalls. Using Panorama to manage the firewalls is not rocket science. It is just another GUI or web UI.

Palo Alto is really good at innovation, adding new functions and features, and rolling those out on a regular basis. So, they're going in the right direction. As long as that keeps happening, they are good. They should just keep adding and improving. 

I would rate Palo Alto Networks Panorama a nine out of 10.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: My company has a business relationship with this vendor other than being a customer:
Flag as inappropriate
RD
Director, Compliance and Risk Management at a pharma/biotech company with 10,001+ employees
Real User
Sophisticated and robust prevention that is relatively easy to setup even in complex environments

Pros and Cons

  • "The product features allow the capacity to take effective, advanced security measures."
  • "The product could use some method of allowing for more customization and open integration with other controls."

What is our primary use case?

My obligations consist of overseeing cyber threat intelligence, threat defense operation, digital forensic incident response, and data loss prevention. So in the context of endpoint solutions, my position pertains mainly to the DLP (data loss prevention) function.  

Cisco AMP (Advanced Malware Protection) plays a significant role in our perimeter strategy for protecting the infrastructure. I work primarily with making sure that we have indicators of compromise in Cisco AMP. I am not on the network engineering or network operations side of things. I am mainly a consumer of services from those particular groups.  

We use Snort rules (open source network intrusion detection system [NIDS]). We use Yara rules (Yet Another Recursive/Ridiculous Acronym, rules for malware identification). We have Palo Alto IPSs (Intrusion Prevention Systems).  

Our use cases are primarily perimeter-based for runtime malware defense.  

What is most valuable?

The most valuable features are the management features like the ACL (Access Control List) management. These give us the capacity to make effective use of the capabilities of the product.   

What needs improvement?

Pricing is always something that consumers hope will be addressed in their favor. I think that some method of allowing for more customization and open integration with other controls within the enterprise is something that we want to have. We want to be able to have more orchestration of disparate parts.  

I think the features that most of the features that I would like to see are currently being implemented. Behavioral heuristic analysis of connections, for example. That is something that I know is being done now.  

For how long have I used the solution?

We have been using Networks Panorama for a couple of years now.  

What do I think about the stability of the solution?

The stability is good. If you consider the size of our organization and the number of users that can verge on being impressive.  

What do I think about the scalability of the solution?

I have good impressions of the scalability of this solution. We have not really had any issue scaling the usage.  

How are customer service and technical support?

The tech support is actually pretty good. In general, they address issues in a timely manner with reasonable responses.  

Which solution did I use previously and why did I switch?

My team has not previously used any different solutions in this company, but I have definitely, in the past, used other solutions. It is really necessary for the evaluation of product capabilities.  

How was the initial setup?

The installation was straightforward in a complex environment. That means that we could have had far more issues were the product not well-designed from an installation standpoint. We are a big organization. Deployment can be a matter of weeks or it could be a matter of months depending on what jurisdiction the installation happens to be in.  

What about the implementation team?

We have various partners and consultants that we work with in addition to having expensive competencies in-house. We do not often have a reason to go beyond the network of expertise that we have established.  

What other advice do I have?

My advice to anyone considering Networks Panorama is to thoroughly research the competitive landscape. Do your Gartner research. Make sure you develop a set of requirements — a feature matrix that you can use to compare your requirements with the functionality offered by the various solutions under consideration. There are a lot of solutions out there and the goal would be to pick the one that best fits your situation rather than just one that someone recommends.  

On a scale of one to ten (where one is the worst and ten is the best), I would rate this product as an eight-of-ten considering the knowledge and insight I have into it now.  

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
EL
Security Solution Engineer at a computer software company with 501-1,000 employees
Real User
Easy to deploy and manage devices, quite stable, but is expensive and not user-friendly

Pros and Cons

  • "The management and the deployment features are most valuable. We can easily deploy and manage the devices. We can do fast deployments without moving from our office and by just providing a short description to the end-user about how to install the physical device."
  • "It is very hard to understand the platform. It is not easy and user-friendly. You need a lot of experience to use Panorama. It is very complex, and you must know exactly what to do. I would like to have a more user-friendly product. FortiManager is comparatively very easy to use. It would be good if Panorama improves in terms of user-friendliness. It is also harder to use than Palo Alto Firewalls."

What is our primary use case?

I worked for a system integrator, and some of our clients  asked us to manage their firewalls. They have a large number of sites all around the world. One of them has got 25 sites, and the other one has got 13 sites. So, we deployed Panorama in our DataCenter, and we managed the gateway for our customers with Panorama.

What is most valuable?

The management and the deployment features are most valuable. We can easily deploy and manage the devices. We can do fast deployments without moving from our office and by just providing a short description to the end-user about how to install the physical device.
With Panorama you are able to manage a large number of firewall and to simplify change and incident management process .
With Panorama, firewall rules may be  managed mixing preconfigured templates (common on all/some firewalls) and more specific rules
From Panorama Dashboard you have an immediate view about the status of all the firewall deployed. 

What needs improvement?

It is quite hard to understand the platform. It is not easy and user-friendly. You need some experience and the proper technincal training  to use Panorama without risks.
It is very complex, and you must know exactly what to do.
The bigger problem is that Panorama Dashboard Logic is quite different than PanOS firewall Dashboard.
The second problem is that you dont have wizards or template .You need to build your enviroment from zero on your own incurring in possibile configuration or logic errors.

I would like to have a more user-friendly and simple to use product .
For istance FortiManager is comparatively much more easier  to use and understand.
Palo Alto Firewall too are Really easier to manage than Panorama. 

Panorama Logging and reporting features are quite good ( like PaloAlto Firewall) but not the best on the market ( for istance Checkpoint SmartEvent is still far better) 

For how long have I used the solution?

I have been using this solution for two years.

What do I think about the stability of the solution?

It is quite stable based on my experience. I did not have any big issues regarding the operating system.

What do I think about the scalability of the solution?

It is quite easy to scale with Panorama. It is more for a medium or big enterprise. To manage an environment from Panorama, you must have people with high skills. Its cost is not suitable for a couple of gateways only.

How are customer service and technical support?

We have three levels of Palo Alto support. I also have email support in the Italian language. They provide very good support levels.

How was the initial setup?

I did not install Panorama from scratch. Palo Alto Gateway is quite easy to deploy and has a decent setup.

In terms of maintenance, it doesn't require too much effort. We usually check the best practices from their website. We update the Panorama server according to the best practices and the compatibility with the gateway.

What's my experience with pricing, setup cost, and licensing?

Panorama price is quite high (comparing with other Firewall management suites) 

What other advice do I have?

We have used it in the past for logging and reporting, but now we have another third-party product to manage the logs.

I would recommend Panorama for managing a large-sized or medium-sized network. To manage a center with a lot of devices or cloud services, Panorama is useful. 

I would rate Palo Alto Networks Panorama a seven out of 10.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Integrator
Flag as inappropriate
Swapnil Talegaonkar
Technology consultant at a tech services company with 501-1,000 employees
Real User
Top 5Leaderboard
Superior firewall management, plenty of features, and scalable

Pros and Cons

  • "The most valuable features of this solution are that it works better than a normal firewall, easy to explorer all of its features, and it has the Log Collector mode. This mode allows us to store our logs for two years in the solution itself."
  • "There is a need to improve the upgrade process. When we are upgrading the solution we are facing some issues with Elasticsearch services. Every time we upgrade it takes a long time to become stable."

What is our primary use case?

We are using this solution to manage our two perimeter devices. We have two firewall setups; one perimeter and one internal firewall and we have two different Panorama for managing both set of firewall.

What is most valuable?

The most valuable features of this solution are that its look & feel is exactly same as normal firewall, easy to explorer all of its features, also it has the Log Collector mode. This mode allows us to store our logs for two years in the solution itself. 

What needs improvement?

There is a need to improve the upgrade process. When we are upgrading the solution we are facing some issues with Elasticsearch services. Every time we upgrade it takes a long time to become stable.

In an upcoming release, I recommend having policy segmentation because that will help Panorama. There is no policy segmentation as you would find in Check Point. 

For how long have I used the solution?

I have been using this solution for two years.

What do I think about the stability of the solution?

The stability needs some improvement during some operations.

What do I think about the scalability of the solution?

The solution is scalable. We have the solution on a VM and we only need to increase our storage to scale. One of my clients is a bank and they have approximately 2,000 employees using the solution.

We are using this solution on a daily basis. The operation team is using it for log search, deploying policies, and a few other operations. I do not think we need a second instance of this solution running because security features are working with the firewall and not on Panorama.

How are customer service and technical support?

The technical support is very good. Whenever we face an issue the technical support team helps a lot.

How was the initial setup?

In the initial setup in our case, we are using the single setup firewall with panorama. the usual templates, stacks, and devices group is works good with multiple firewalls. But with single firewall setup This whole process has become very complicated and very confusing. There should be some provision for a single setup firewall to avoid the template stacks and templates. 

What's my experience with pricing, setup cost, and licensing?

The solution is priced well and there is a license for this solution that we pay annually for. 

Which other solutions did I evaluate?

I previously evaluated Check Point and Fortinet. Check Point security management server is altogether a different GUI & cannot work without SMS and Fortinet is also different because FortiAnalyzer is only used for log collection.

This solution features I would recommend over Fortinet and Check Point because it has the same look as a firewall and there is no more difference between firewall and Panorama. We can deploy policy & other configurations without panorama as well. 

What other advice do I have?

I would advise those wanting to implement this solution that is pretty straightforward, and Palo Alto has written very detailed documentation on their website. If you go through that it is very easy to deploy. You will not run into any issues if you follow the documentation.

I recommend this solution to others.

I rate Palo Alto Networks Panorama a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
AS
Network Implementation Engineer at a comms service provider with 501-1,000 employees
MSP
Great centralized management, easy to set up, and scales well

Pros and Cons

  • "The solution, especially the latest versions, is very stable."
  • "The customer support needs to be better."

What is our primary use case?

Panorama is one centralized management server through which all our devices are protected. It's a security management tool.

What is most valuable?

One of the most valuable aspects for us is the fact that all of the policy management and configuration management is able to happen right from the centralized management. This makes everything much easier.

The initial setup is pretty simple.

The solution, especially the latest versions, is very stable.

The product can scale well.

What needs improvement?

The customer support needs to be better. Sometimes we need to wait for hours before getting someone from the product team or someone from the Palo Alto customer support to get on a call if we are facing some issue. They could reduce the wait times.

For how long have I used the solution?

I've been using Palo Alto for about a year and a half.

What do I think about the stability of the solution?

The solution is quite stable. The more high-end devices you take, the more stability. If you're using a little old model of firewalls, then there are issues with regard to stability. In such cases, Palo Alto would likely recommend you upgrade to the latest hardware. The latest hardware is really very stable.

What do I think about the scalability of the solution?

The solution is quite scalable. 

How are customer service and technical support?

Technical support is quite slow. They are not quick to respond.

How was the initial setup?

The initial setup is easy. It is not that complex. There are articles and documentation, readily available on the Palo Alto website, the Palo Alto Portal, which can help you figure out how to configure the device.

Our deployment strategy for any new customer is to directly implement it in a testing phase. In a testing phase, we try to see if all the requirements that the customer wants to see if we will be facing any challenges. We want to initially try and replicate that in a lab scenario. That way, if there are any issues, we can get back to the team at Palo Alto and ask them questions. If it works, then the customer goes into production.

We don't have any dedicated person for maintaining anything. The antivirus, everything, can be directly, automatically updated on the firewall. That is not an issue. On top of that, if a particular device is getting into trouble then we get the NMS alerts for that device. In such scenarios, once we have a device failure at a particular site, we can have that device replaced. We can open a case with the vendor and once we give them a particular serial number or the VM instance, we can initiate an RML to replace that device with a new device. It takes a couple of days for that to happen.

What's my experience with pricing, setup cost, and licensing?

We have another team that handles licensing. In operations, we do not have any visibility with regard to cost.

What other advice do I have?

I'd rate the solution at a nine out of ten. We've been very happy with its capabilities.

Disclosure: My company has a business relationship with this vendor other than being a customer: Implementer
Flag as inappropriate