We just raised a $30M Series A: Read our story

Palo Alto Networks Panorama OverviewUNIXBusinessApplication

Palo Alto Networks Panorama is the #4 ranked solution in our list of top Firewall Security Management tools. It is most often compared to AWS Firewall Manager: Palo Alto Networks Panorama vs AWS Firewall Manager

What is Palo Alto Networks Panorama?

Panorama network security management provides static rules and dynamic security updates in an ever-changing threat landscape. Reduce administrator workload and improve your overall security posture with a single rule base for firewall, threat prevention, URL filtering, application awareness, user identification, file blocking and data filtering.

Palo Alto Networks Panorama Buyer's Guide

Download the Palo Alto Networks Panorama Buyer's Guide including reviews and more. Updated: October 2021

Palo Alto Networks Panorama Customers

University of Arkansas, JBG SMITH, Temple University, Telkom Indonesia

Palo Alto Networks Panorama Video

Archived Palo Alto Networks Panorama Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
DS
Senior Information Security Engineer at Westcon
MSP
Easy integration of the firewalls and extremely stable and scalable, with no additional costs

Pros and Cons

  • "The solution is absolutely stable."
  • "I would like more dashboard management."

What is our primary use case?

We mainly use this solution to centralize our management.

What is most valuable?

What I really like about this program, is the easy integration of the firewalls and the core management interface, which is almost exactly the same as the single firewall.

What needs improvement?

I think the multitenancy of this solution can be improved. I would also like to see better management task automation for the trial environment. That is missing in this solution.

In the next version, I would like to have more integration with the cloud and with the services delivered by Palo Alto. It isn't very task integrated at this stage. I would also like more dashboard management. 

For how long have I used the solution?

I've been using the solution for about three years.

What do I think about the stability of the solution?

The solution is absolutely stable.

What do I think about the scalability of the solution?

I believe the solution is scalable, because it is able to manage more than 3000 devices for our company without any issues.

How are customer service and technical support?

I am impressed by the customer service. The Palo Alto software is a good, fast and it is easy and quick to find a solution.

How was the initial setup?

The initial setup was very easy and deployment took about four hours.

What's my experience with pricing, setup cost, and licensing?

If you compare the price of this solution to other management solutions, it is relatively low. You only pay for the license and there are no additional costs.

What other advice do I have?

My advice to others who are looking into implementing it, I would say that the solution is practically completely perfect. It gets a ten out of ten rating from me. 

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
IN
Information Security Consultant at a tech services company with 51-200 employees
Consultant
A straightforward setup with a user-friendly interface

Pros and Cons

  • "The interface is very easy to use. You can do most jobs from one single console."
  • "The general customer feedback is when saving the configuration, it takes a long time. That needs to be fixed. The troubleshooting, the debugging part is also a little bit of a pain. It's not user-friendly on the interface to do our debugging when comparing it with other firewalls, like Forcepoint."

What is our primary use case?

Our primary use case of this solution is to have as a management tool for firewalls.

What is most valuable?

The interface is very easy to use. You can do most jobs from one single console.

What needs improvement?

The general customer feedback is when saving the configuration, it takes a long time. That needs to be fixed. The troubleshooting, the debugging part is also a little bit of a pain. It's not user-friendly on the interface to do our debugging when comparing it with other firewalls, like Forcepoint.

It would be nice to have a real-time traffic monitoring console similar to Forcepoint firewalls where you can see in real-time instead of having to keep on refreshing, or maybe a command on the console where you are able to see the traffic. 

The solution needs to work on speeding up the committing time. 

For how long have I used the solution?

I have been installing the solution for eight years.

What do I think about the stability of the solution?

The solution is stable.

What do I think about the scalability of the solution?

The solution is very scalable. If you have a large enterprise network, where you have 30 or 40 firewalls, you can see everything and you're able to administer all the firewalls on one single console. We typically install the solution for medium-sized to enterprise-level businesses.

How are customer service and technical support?

We're not fully satisfied with technical support. Sometimes it's hard to get in touch with them. In regards to the first level of support engineers, it could be nice to know that they had more expert experience on the device so they can immediately resolve issues. 

How was the initial setup?

The initial setup is straightforward.

What other advice do I have?

I would recommend the solution. I find Palo Alto is the easiest product to deploy.

I would rate the solution eight out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
Learn what your peers think about Palo Alto Networks Panorama. Get advice and tips from experienced pros sharing their opinions. Updated: October 2021.
541,708 professionals have used our research since 2012.
SF
Executive Manager at a financial services firm with 1,001-5,000 employees
Real User
Makes centralized management of their firewalls much easier

What is our primary use case?

We use it for centralized management of all their firewalls. We're using it on-prem.

What is most valuable?

The most valuable feature is WildFire.

What needs improvement?

There is room for improvement in the integration within endpoint detection. They need to do some integration between endpoints and the firewalls. They also need to add a mobile version for product so we can access the interface easily.

For how long have I used the solution?

We have been using Palo Alto for two years.

What do I think about the stability of the solution?

The solution is very stable.

What do I think about the scalability of the solution?

It's scalable because it's running on VMs. Between users and admins, we have up to 5,000 people on this product.

How

What is our primary use case?

We use it for centralized management of all their firewalls.

We're using it on-prem.

What is most valuable?

The most valuable feature is WildFire.

What needs improvement?

There is room for improvement in the integration within endpoint detection. They need to do some integration between endpoints and the firewalls.

They also need to add a mobile version for product so we can access the interface easily.

For how long have I used the solution?

We have been using Palo Alto for two years.

What do I think about the stability of the solution?

The solution is very stable.

What do I think about the scalability of the solution?

It's scalable because it's running on VMs.

Between users and admins, we have up to 5,000 people on this product.

How are customer service and technical support?

Technical support is very good.

Which solution did I use previously and why did I switch?

We use different solutions but the interface from Panorama is much easier for management.

How was the initial setup?

The initial setup was straightforward.

What other advice do I have?

I would recommend this solution.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
MS
Security Consultant
Consultant
Improves management abilities by simplifying the implementation of policies for all branches

Pros and Cons

  • "What I like most about this solution is that it allows me to push multiple policies on multiple followers at the same time."
  • "Customer support can improve."

What is our primary use case?

Our primary use case of this solution is jack monitoring and file management. 

How has it helped my organization?

The solution improves my management abilities by simplifying the implementation of policies for all my branches. 

What is most valuable?

What I like most about this solution is that it allows me to push multiple policies on multiple followers at the same time. For instance, I can work on a policy and it gets submitted on more than one file. It is a good feature for me to have, because I have many branches, so it gives me the ability to implement more than one policy, or to implement one policy on multiple files. I like the ease of management for the policies in the all files.

What needs improvement?

I have had some leakage issues before, but it was solved. I would, however like to see better integration with other products.

For how long have I used the solution?

I have been using Palo Alto Networks Panorama for three to four years now.

What do I think about the stability of the solution?

To be honest, the stability is really good, but perhaps it is from the Amazon Web Services (AWS). I haven't tried it on VMware yet, because I use Tekfy as a platform. The implementation on AWS made my life very easy. There was a template for this program on AWS, so I only needed to install my license and then it implemented Panorama.

What do I think about the scalability of the solution?

The minimum license is for 25 users, so up until now, I didn't need to scale. We currently have five or six users who work on the program daily, and most of them are in the security division. One person is using Panorama to check for the logs from the files, and then we have a security consultant. We have one or two staff responsible for maintenance. 

We used three people for deployment, as we were already using some of them for the branches, creating a VPN between AWS and to create firewalls to ensure that everything was working fast. 

How are customer service and technical support?

The technical support is good, but it can be better. I will rate the customer service eight out of ten.

How was the initial setup?

The initial setup was straightforward because we used a consultant of the company to do the installment. They did a good job with it.

My implementation strategy was to install Palo Alto Networks Panorama first, and then implement and integrate it with all my other files. It took us about two weeks to deploy the program.

Which other solutions did I evaluate?

We looked at FireMon, but FireMon was more expensive, and the main requirement for FireMon is to manage more than one file from different vendors. We didn't need it.

What other advice do I have?

I will recommend this solution to others because it is a good solution, but only if you are using multiple files and not only two or three files. You should have at least five files for this solution to be right for you. I rate this product an eight out of ten. Easier implementation with other solutions will increase my rating.

In the future, I would like to see additional features being able to install firewalls using remote sites and the ability to do initial configuration using Panorama. I would like this initial configuration to be copied on USP and have the firewalls configured to connect to the Panorama. 

I would, therefore, like to see easier configuration and implementation in the next version. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
SN
Head of IT Department at a logistics company
Real User
Offers a lot of advanced functionality that is easy to deploy and the GUI is easy to use

Pros and Cons

  • "Using this solution means that you can store logs for longer periods, up to perhaps two years, depending on your attached storage."
  • "The dual WAN functionality is missing in this solution."

What is our primary use case?

This is a solution that we implement for our customers.

It allows our customers to manage several firewalls from a central location. Some examples are securing the internet edge, data centers, micro-segmentation within the data centers, and securing their campuses.

The majority of the deployments are on-premises, however, we have more and more customers that are moving to the cloud. This solution is helping them to secure their cloud, as well.

How has it helped my organization?

Using this solution means that you can store logs for longer periods, up to perhaps two years, depending on your attached storage.

What is most valuable?

The most valuable feature is the ease of use that comes from the GUI. I have found that you can do almost everything from the GUI. You rarely have to log into the CLI, at perhaps once in six months or a year.

This solution offers a lot of advanced functionality that is easy to deploy and not available from other vendors. An example of this is credential theft. Credentials are sometimes collected through phishing emails or websites, and this solution helps to reduce that type of attack. Every five minutes, Palo Alto updates the list of phishing websites. You can set up a profile to ensure that if anybody tries to access such a website, whether it be Http or https, then the attempt will be blocked.

Palo Alto will automatically monitor the contents of POST messages and check to see if they contain credentials such as a username and password. If they do then it may indicate an attempt to steal credentials by an external site. The traffic will be blocked, the incident will be reported, and the admin will be notified.

This solution makes the lives of security admins very easy in cases, as an example, for configuring IPS. If you want to secure traffic between any two zones, we need to make sure that the applications are identified, the users are identified, and all of the security profiles are applied. These including antivirus, anti-spyware, and IPS. This solution makes the configuration very easy.

Each firewall is treated as a security sensor where the firewall talks to the cloud and a machine running artificial intelligence helps to detect malware or other threats. This is an important step in the protection that this solution offers.

What needs improvement?

The dual WAN functionality is missing in this solution.

For how long have I used the solution?

We have been using this solution for almost two years.

What do I think about the stability of the solution?

This solution is very stable. It is a mature solution with a mature operating system. I have one firewall that has been running since 2010, and it is still upgrading to the latest software and still working.

What do I think about the scalability of the solution?

This solution scales well.

We have many more than forty customers who are using this solution. One is a university with twenty thousand students, and we have deployments in large banks, different branches of government, etc. There are many thousands and thousands of users who are being secured.

The demand is very high and the standards are improving. Data centers are booming, and customers are looking for more enhancement in their platforms.

How are customer service and technical support?

Technical support for this solution is awesome. However, I rarely open a case because their platform is very stable. Most of the cases are related to basic support, such as an RMA. I have seen other vendors like Fortinet or Cisco, where the enabling of a function means that you have to deal with support, and there are issues that come from that.

How was the initial setup?

The initial setup of this solution is very easy. The length of time for deployment depends on how many policies you have, but the basic configuration should not take more than one hour.

For policy tuning, you need to review and tune the devices. Palo Alto has several tools to help with migration from the legacy approach of port-based policies to application-based policies.

What's my experience with pricing, setup cost, and licensing?

Initially, Palo Alto looks expensive, but if you dig deeper then you will find that it is very comparable, or even cheaper than other solutions. For example, if you are looking for a one-gig next-generation firewall then you will start looking at the Palo Alto 850. If you compare the price of this to Fortinet, Worksense, Forcepoint, or Sophos, then you will see that they offer three or four gig performance at half the price. However, it is not true.

The reason for this is that not all of the security features are enabled. When you enable them, the performance degrades by more than ninety percent, and I have seen this happen in many different scenarios. This means that for the Palo Alto 1GB, it actually means 1GB with all of the functionality enabled. For the other vendors, you will never see their datasheet with all of the functionality enabled for a real environment with real traffic. It is based on lab traffic. Because the reality is that the performance of Palo Alto is better, it means that the price is better. When you compare models using real performance, and you do the calculation, you will see that Palo Alto is very comparable.

Which other solutions did I evaluate?

We have worked with many, many vendors, and this is the most mature next-generation firewall in the market. The performance of Palo Alto is very predictable, unlike other vendors who are faking their datasheet in terms of high-performance numbers that are unrelated to a real network, or real traffic.

Palo Alto provides numbers that reflect what is happening when all of the security functions are enabled, whereas other vendors do not show their performance will all of the functionality enabled. In reality, they are better than others. At the end of the day you are buying a security device, and you don't want to turn off any of the functionality to enhance your performance. Palo Alto is designed from day zero for performance and security.

What other advice do I have?

This is the most mature next-generation firewall in the market and a solution that I strongly recommend.

The biggest lesson that I have learned from this solution is not to trust internet users. Whether it is regular users or employees, they do not like to be detected. They keep trying to work around the policies using different applications and peer-to-peer functionality. I have learned this because Palo Alto has full visibility to all types of traffic, and we're able to catch these scenarios and put security policies int place.

Palo Alto has done a lot towards closing gaps in security. Cloud security is not their only focus. It is concerned with the flows between VMs, storage, and containers. They are concerned with PCI requirements and compliance. They have also launched Cortex Analytics to help close gaps further. They are in a very good position to lead the future.

At the end of the day, everything is relative, and I would rate this solution a ten out of ten compared to other products. However, there is room for improvement.

Overall, I would rate this solution a nine out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
MM
Security Unit Manager at Digital Hub Egypt
Real User
A straightforward setup with good firewall reporting dashboards

Pros and Cons

  • "The dashboards are very good on Palo Alto. They offer a centralized dashboard for managers as well."
  • "Panorama needs to work on its configuration issues."

What is our primary use case?

The solution is primarily used as a firewall reporting feature.

What is most valuable?

The dashboards are very good on Palo Alto. They offer a centralized dashboard for managers as well.

What needs improvement?

The solution needs to improve its pricing model.

Panorama needs to work on its configuration issues.

They should also focus on firewall management. Many clients have multiple firewalls, so Palo Alto should offer better management of them. They could model themselves off of AlgoSec, or maybe FireMon which are other very good firewall management tools.

For how long have I used the solution?

I've been using the solution for two or three years.

What do I think about the stability of the solution?

The solution is stable. Palo Alto, in general, is pretty good. 

What do I think about the scalability of the solution?

The solution is very scalable. We manage about 12 firewalls. The maximum might be 100.

How are customer service and technical support?

Support from Palo Alto is very good. You can get it from the distributor or from Palo Alto directly.

How was the initial setup?

The setup is generally straightforward. Deployment times vary, according to the client's environment and if they have multiple branches, etc. It can take anywhere from one to three days. After that, you have to fine-tune a few items, and that can take another two or three weeks. So the entire deployment process, depending on the organization, can take anywhere from three days to three weeks. Maintenence only takes one person, once again, depending on the setup of the company itself.

What other advice do I have?

Most of our clients deal with the on-premises deployment solution, as cloud solutions in Egypt can occasionally be insecure.

I would advise anyone looking to implement the solution really focus on sizing before beginning the implementation.

I would rate the solution nine out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
it_user798045
Senior Security Engineer at a government with 1,001-5,000 employees
Real User
A good firewall monitoring solution with a user-friendly interface in need of better technical support

Pros and Cons

  • "It's helpful that the solution allows us to control all the firewalls from one device."
  • "It can take a few minutes to test to see if any changes are successful or not. This needs to be improved. A commit change should take a second, not a minute or more."

What is our primary use case?

We are using the solution primarily for monitoring the firewalls that we have. We have multiple firewalls, including a DC firewall, a perimeter firewall, etc. We are using Panorama to control all of our firewalls.

How has it helped my organization?

Whenever we have an issue, we can just monitor the traffic. We can pinpoint problems and know from which firewall they are originating. We also have the ability to analyze the issue to see if it's coming from from the setup side or somewhere else. The solution makes it very easy to monitor traffic.

What is most valuable?

It's helpful that the solution allows us to control all the firewalls from one device. You can check and monitor all the devices also, from one website. It's also got easy troubleshooting capabilities.

The interface of Panorama is very user-friendly. It's easy to find and get information and create reports.

What needs improvement?

It can take a few minutes to test to see if any changes are successful or not. This needs to be improved. A change commit should take a second, not a minute or more.

Panorama does suffer from performance issues, which they need to resolve.

Also, technical support isn't very responsive and could use some improvement.

For how long have I used the solution?

I've been using the solution for two years.

What do I think about the stability of the solution?

The solution is very stable.

What do I think about the scalability of the solution?

The solution is pretty scalable.

How are customer service and technical support?

Technical support is okay. I'd give it a 60% rating in terms of its effectiveness. Sometimes they are too slow to respond.

Which solution did I use previously and why did I switch?

We previously used Cisco SPD. We switched because Cisco security is very complicated and is very difficult to establish.

How was the initial setup?

The initial setup is straightforward. It's not complex at all. Deployment was only two to three hours in total. For implementation, we only needed three people, including someone from Security and someone from the Network team.

What about the implementation team?

We implemented the perimeter firewall with the help of Palo Alto. The DC firewall we did by ourselves.

Which other solutions did I evaluate?

Before choosing this solution, we also looked at Fortinet.

What other advice do I have?

We are using the private cloud deployment model.

I would recommend the solution. It has a user-friendly interface. It's stable. You can easily troubleshoot any issue. You will also get clear information, and, in general, it's a very good product that allows you to manage more than one device from a central interface.

Of course, before you do any change, I would recommend that you back up everything first.

I would rate the solution seven out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
AS
Senior Consultant at a financial services firm with 501-1,000 employees
Consultant
It has freed up staff time, which is where we are seeing ROI

Pros and Cons

  • "It has made our ROIs easier, but consolidating the correlation of data into one single point, which is pretty great."
  • "We had some challenges with the initial setup, but it was more on a learning curve basis."

What is our primary use case?

It is our end all, be all, for all of our firewalls throughout the regions that we support.

How has it helped my organization?

It allows us to do our day-to-day administration of all the files, because we're doing it from one central place. It stops us from jumping into each firewall, so we can make our changes.

It has made our ROIs easier, but consolidating the correlation of data into one single point, which is pretty great.

What is most valuable?

The management console: It provides a single pane of glass for all the firewalls to feed information into. 

What do I think about the stability of the solution?

We haven't had any issues with it. The vendors been great.

What do I think about the scalability of the solution?

The scalability has been great.

How are customer service and technical support?

The technical support has been awesome.

Which solution did I use previously and why did I switch?

Our agency is very immature from a security perspective. So, we needed something that could provide more data.

How was the initial setup?

We had some challenges with the initial setup, but it was more on a learning curve basis. The support and team for the setup have been pretty seamless with minor tweaks here and there.

What about the implementation team?

We used an integrator for the deployment: Advanced Cyber Technologies LLC.

What was our ROI?

The solution has increased staff productivity. The amount depends on usage, whether it is a heavy or slow week. It has freed up staff time, which is where we are seeing ROI.

What other advice do I have?

Ensure you get professional services with the tool.

We are very satisfied with everything that they provides us. This product has significantly helped with implementing new leadership strategy, getting metrics, and being able to actually assign a risk floor.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PS
Network Architect at a media company with 10,001+ employees
Real User
Provides a quicker response time to vulnerabilities and more visibility into traffic flows

Pros and Cons

  • "It provides a quicker response time to vulnerabilities and more visibility into traffic flows."
  • "My pain point is the automation process is not well-documented. There are some things that they could improve on there."

What is our primary use case?

The primary use case is the centralized management of our firewalls.

How has it helped my organization?

It provides a quicker response time to vulnerabilities and more visibility into traffic flows.

I think it increases staff productivity.

What is most valuable?

Its automatability: You need it to automate things. We have used it for URL blocking. For example, if there is a threat out there, and we needed to immediately block a new malicious URL across a global enterprise, this is pretty difficult. With Panorama, we can automate this easily with their API. 

What needs improvement?

My pain point is the automation process is not well-documented. There are some things that they could improve on there.

If you go in the system to search for something, it is not intuitive. They could really improve that.

There is a concept of device groups and a concept of templates. The templates can allow for inheritance, but the device groups do not.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

It is fairly stable. We do pretty heavy bug testing. We have a rigorous code review process that we go through for each version. Therefore, stability is on the top of our list of things that we look at. So, I haven't ran into any issues where it's flaking out altogether. 

What do I think about the scalability of the solution?

It's fairly scalable. We probably have 12 to 16 of them spread across the globe to help with regional redundancy, because we don't want our firewall talking to Panorama across a slow land link. So, we've split them out globally, but it seems pretty scalable.

How are customer service and technical support?

The technical support is pretty good. We do have a resident engineer from Palo Alto who sits right next to me. 

How was the initial setup?

The initial setup is easy, but I have done it like a thousand times before with a bunch of other products. The product is not much different than anything else.

What about the implementation team?

We outsource a lot of our boots on the ground, which is actually a lot by design. With every company, when you have two different organizations working together, there is always a little bit of tension. They don't have the same reporting structure, but everything went out smoothly. 

Typically, I'll design the solution, then I'll have somebody else implement it. This is sort of how it works for everything.

What was our ROI?

With the URL filtering, we probably went down from around four hours in response time to about five minutes.

What's my experience with pricing, setup cost, and licensing?

The licensing is not cheap. There are always hidden costs. You have support costs, or maybe you need to buy more optics on how the solution fits into the rest of your environment. It is possible some of the rest of your environment will need to change too.

Which other solutions did I evaluate?

I think we're getting AlgoSac, which is another firewall automation tool. However, I wasn't involved with the decision for that one so I'm not too sure on the specifics, but I know we are going with them.

What other advice do I have?

If you are looking at getting a Palo Alto firewall, then you should probably at least look into Panorama. Because if you start out just putting in firewalls and you don't have this, you will be kicking yourself that you didn't have this from day one. 

If you have just one firewall out there, maybe you don't need it. However, if you have two or three, then you should probably get it to be in front of a lot of the features which you will want eventually.

It is pretty solid product. Our security program is fairly immature compared to other enterprises, and this product has definitely helped us lock down things.

We have a rigorous code review process. Therefore, we are always back a bunch of versions. If the latest version came out today with new features on it, we probably wouldn't get to that for quite a while.

There are only certain things that you can do within the Panorama solution.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Bruce Bennett
Sr. Systems Analyst at a manufacturing company with 5,001-10,000 employees
Real User
Top 20
It can manage devices in groups based on their use. The application ID capabilities have been useful for things like Active Directory.

Pros and Cons

  • "Firewalls: The application ID capabilities have been very useful for things like Active Directory, and not having to identify every port that Microsoft has decided to use."
  • "The ability to add scheduled jobs would be a significant improvement. Panorama has the ability to push out OS updates, but it would be nice to be able to schedule those updates so not to affect the site during normal business hours."

What is most valuable?

Panorama: Provides a central management capability for all of the firewalls. It has the ability to manage the devices in groups based on their use. We use the firewalls in two primary functions and the ability to provide management of the different groups of firewalls is very useful.

Firewalls: The application ID capabilities have been very useful for things like Active Directory, and not having to identify every port that Microsoft has decided to use.

How has it helped my organization?

I can’t say that it has significantly improved the functions of the organization over the firewalls that we were previously using. The addition of a good central management capability has helped improve the management of the firewalls, but the functions for the service that is provided to the users has not significantly changed.

What needs improvement?

Panorama: The ability to add scheduled jobs would be a significant improvement. Panorama has the ability to push out OS updates, but it would be nice to be able to schedule those updates so not to affect the site during normal business hours.

Firewalls:

  • (1) App-ID is good, but could be better. We use off ports for some common services and App-ID does identify the application correctly, but the rule allowing the traffic does not allow the traffic without adding the ports to the rule. This negates the need for App-ID in the rule. If App-ID worked as I think it should, we would use it and then block the common port.
  • (2) Integration with Microsoft Active Directory incurs significant additional traffic across the WAN circuits. We have a number of GCs across our environment and the configuration of Active Directory in the firewalls requires significant communications to all of the GCs across our environment. We were seeing the firewalls generate around 500kb of WAN traffic communicating with all of the GCs. After reviewing the configuration with Palo Alto support, the config was correct. While we do want to be able to use the User-ID functionality of the firewalls, that kind of overhead is not acceptable.

For how long have I used the solution?

We have been using Panorama and the PAN FWs for just over one year.

What do I think about the stability of the solution?

So far we have not seen any issues with stability.

What do I think about the scalability of the solution?

We have not run into any issues with scalability.

How are customer service and technical support?

Technical support with Palo Alto has been very good and responsive.

Which solution did I use previously and why did I switch?

We previously were using Cisco ASA devices. The switch was made based on central management and the NGFW functions. The timing was in the middle of Cisco delivering their NGFW functionality. The other issue that led to the move was when Cisco presented their recommended replacement for the existing devices, they recommended their Meraki line with Internet management, which was not in line with our requirements for many of our more sensitive firewalls.

How was the initial setup?

Initial setup is very easy. After working with a few new installations we were able to put together a script to apply the new firewalls to setup the management access, Panorama location, high availability (HA) configuration and the initial IP stack. This makes it easy to start the OS updates and initial rules from Panorama. By having the HA setup scripted, it also makes the OS updates a single download instead of a download for each device. The HA connection allows the firewalls to copy the OS over to the other firewall with the single download. That is important because there are several large downloads necessary to update the OS to the current OS levels.

What's my experience with pricing, setup cost, and licensing?

Pricing is high compared to other vendors in the same space. Licensing is also fairly high for different functions to be added on, like Intrusion detection/prevention, user VPN, URL filtering. Some firewall vendors offer the “additional” licensing/functions as part of their license for the device and then others offer it like Palo Alto.

Which other solutions did I evaluate?

The original decision was made by a different group within the company. The re-evaluation included Cisco ASA, Cisco Meraki, Fortinet and Palo Alto.

What other advice do I have?

Talk to other customers. Start with the ones recommended by the vendor, but also in forums as well. Everyone understands that recommended customers are handpicked and forums can be contain spurned customers. But if you look for information regarding specific functions that you need, you can find more useful information. Make sure if you hear something glowing from a vendor recommended customer about a function, check on that function online.

Disclosure: I am a real user, and this review is based on my own experience and opinions.