We just raised a $30M Series A: Read our story

Palo Alto Networks URL Filtering with PAN-DB OverviewUNIXBusinessApplication

Palo Alto Networks URL Filtering with PAN-DB is the #15 ranked solution in our list of top Intrusion Detection and Prevention Software. It is most often compared to Fortinet FortiGate IPS: Palo Alto Networks URL Filtering with PAN-DB vs Fortinet FortiGate IPS

What is Palo Alto Networks URL Filtering with PAN-DB?

The majority of attacks and exposure to malicious content occurs during the normal course of web browsing activities, which requires the ability to allow safe, secure web access for all users. URL Filtering with PAN-DB automatically prevents attacks that leverage the web as an attack vector, including phishing links in emails, phishing sites, HTTP-based command and control, malicious sites and pages that carry exploit kits.

Palo Alto Networks URL Filtering with PAN-DB is also known as Palo Alto Networks URL Filtering PAN-DB.

Buyer's Guide

Download the Intrusion Detection and Prevention Software (IDPS) Buyer's Guide including reviews and more. Updated: October 2021

Palo Alto Networks URL Filtering with PAN-DB Customers

TRI-AD, Telkom Indonesia

Palo Alto Networks URL Filtering with PAN-DB Video

Pricing Advice

What users are saying about Palo Alto Networks URL Filtering with PAN-DB pricing:
  • "It is more expensive than ASA but is far cheaper than Checkpoint. So, pricing wise, it is right in the middle."

Palo Alto Networks URL Filtering with PAN-DB Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
MV
Consultant with 11-50 employees
Consultant
Top 20
Provides regular updates with an auto download option; prohibited URLs can be listed by category

Pros and Cons

  • "Prohibited URLs can be listed by category."
  • "It is an expensive solution and not everyone has the budget for it."

What is our primary use case?

Our company is based in Sacramento. This solution is generally used for enforcing HR policy for enterprise. In our case, most of the clients are state government institutions. Palo Alto ensures that no hate speech or anarchy websites, for example, get through. We also implement this product. If somebody takes our recommendation and buys the product, they can trust that it's good because we're not partners with Palo Alto, we're recommending it because it's a good product. I trust PAN.

How has it helped my organization?

It lets us know that our Human Resources policies regarding the categories of Internet sites that are off-limits using the company's resources are strictly enforced without a ton of manual administrative overhead.

What is most valuable?

What I really like about PAN and what makes it a worthwhile solution is that rather than having an administrator constantly updating a list of prohibited URLs, you can do it by categories. Every one of these URLs gets meta-tagged as hate speech or antisemitic or pornography, or whatever it is, and when you set up the filter everything that's prohibited by HR policy is there. I don't have to maintain anything, it catches everything. 

What needs improvement?

One of the less favorite features is the cost of the solution. For example, ~5K for a PA-820 AND ~$1K EACH *per year* for Premium Support, Threat Prevention, and PANDB URL filtering. We also implement other solutions. We tell customers that if they want to have the best possible perimeter security, they're going to have to pay for it. Some smaller entities don't have the budget for it, so we'll suggest Fortinet or something that has similar but inferior capabilities, but is less expensive.

For how long have I used the solution?

I've been using this solution for three years. 

What do I think about the stability of the solution?

PAN has really good stability, overall. If you subscribe to their support email list you get alerts from them three or four times a week with updates or notifications about bugs. They're on top of it. If I discover a problem they're usually already onto it with a recommendation for a micro upgrade. And then there's the URL filtering - I've never seen an issue that was attributed to it that didn't turn out to be a different root cause or the web site was so new that it hadn't yet been categorized in PAN's URL DB.

What do I think about the scalability of the solution?

PAN hardware and virtual appliances can scale from a few Mbps to tens of Gbps with full Deep Packet Inspection (DPI) and App ID application layer gateway protection. They've got everything from the "baby" PA-220 at 270 Mbps Threat Prevention up to the king-sized PA-7080 at 342 Gbps (yes, you read that right) Threat Prevention.

How are customer service and technical support?

Technical support is okay but I'd like them to adopt a model similar to Cisco with their CCIEs, so that if you have their expert certification, you have access to a different support queue. If something happens and the solution is down, or you're troubleshooting and the CTO can't get to something, there's a lot of pressure and you'd like to be able to get support quickly. Once you do get there, they're fine and onto it. 

Which solution did I use previously and why did I switch?

Yes, Cisco ASA and ASA-X used to be "gold standard." However, they've never really caught up with the single pass architecture and advanced, in-line threat hunting throughput of PAN's truly Next-Generation Firewall platforms. I've used ASA-X with FirePOWER (fka Snort) at other clients and it's cumbersome and high administrative overhead compared to PAN solutions.

How was the initial setup?

The initial setup is a little complex. There's the option of setting up with a monitor mode and specifying the categories you want to restrict, without actually blocking anything.

What about the implementation team?

We implemented this in-house as it's important to our business model to have hands-on "stick time" with anything we recommend.

What's my experience with pricing, setup cost, and licensing?

Licensing costs are quite expensive but my impression from our executive clients has been a focus on quality, and they generally go for PAN. 

Which other solutions did I evaluate?

I work with Cisco as well as Palo Alto, and I think Palo Alto does things well. For us, it's about having the best solution, knowing that I can get hold of somebody when I need some help and will the solution break the bank. Cisco's ASA has never really done a great job of fully integrating Firepower. You can write custom signatures but most people aren't ready to do that. PAN is constantly pushing updates and you can set the system to auto download. If you're uncomfortable with constantly adding modules of your software on an auto subscription basis, you can audit each one. And that's all configurable too. You can download updates once you've looked at them or put it on auto mode. 

What other advice do I have?

The web is going towards everything HTTPS which means you can't see inside it anymore. PAN does the SSL decryption about as painlessly as it can be done. There's still a lot of unique use cases with the chain of trust and there's a balancing act as to what should be blocked. Our executive clients want to know what's going on but since everything's encrypted, you have to figure out how it works and how aggressive you want to get about it. 

I rate this solution a nine (9) out of ten (10). 

Which deployment model are you using for this solution?

On-premises

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Darshil Sanghvi
Consultant at a tech services company with 501-1,000 employees
Reseller
Top 5Leaderboard
Easy to set up, scales well, and provides excellent URL filtering

Pros and Cons

  • "The initial setup is easy."
  • "The solution is a bit expensive."

What is our primary use case?

We require a firewall to deploy URL filtering or to enforce this URL filtering solution to our users. It is actually cloud-based, deployed on a cloud, and is URL Filtering as a service, which requires a firewall. The firewall, therefore, will then enforce the URL filtering options on my users' traffic.

We are using this for preventing the user's access to malicious websites, or access to inappropriate adult websites or porn websites or even the P2P tunnels or tunnels or domains they should not access. This is our main priority and main use case.

What is most valuable?

The URL filtering is excellent. It ensures our users can't access certain sites. 

The multiple categorizations of URLs are quite helpful. For example, if a URL is, a social media website, such as facebook.com, it can be classified at a certain risk level - from high to low.  

The solution offers credential phishing, which is a helpful feature. 

The initial setup is easy.

The solution scales well, according to the firewall.

The stability is very good.

Everything that is available with the firewall is provided to the user.

What needs improvement?

It would be ideal if this solution could be a separate product rather than have to have it deploy through a firewall. If it was a separate product, many of our customers would be happier as most just require a URL filtering option. They do not require a firewall. They do not require any threat prevention or anything. 

If it was a separate product, we could deploy it to branch offices or any of our customer locations in which different firewalls are being used. 

The solution is a bit expensive.

For how long have I used the solution?

We've been using the solution for more than three years at this point.

What do I think about the stability of the solution?

The stability is excellent. We've never had to raise any technical issues. There have been no bugs or glitches. It doesn't crash or freeze. 

What do I think about the scalability of the solution?

The scalability depends on the firewall. The URL Filtering does not have any limitations. For example, any number of firewalls is supported. It is not dependent on that. It is just dependent on the firewall. Therefore, if a firewall supports 1,000 users, then it will provide support for protection for 1,000 users as well.

We have 700 users on the solution currently.

We do not plan to increase usage at this time.

How are customer service and technical support?

We have never had a technical call raised to customer care or the tech team or anyone to resolve the URL Filtering issues. It's been so reliable we haven't really dealt so much with technical support. Any local issues have been small and have been handled by our internal team.

How was the initial setup?

The initial setup is not complex. It's easy and pretty straightforward. There are no configuration options. You use it as it is. A company shouldn't have any issues with it. 

What's my experience with pricing, setup cost, and licensing?

We pay a yearly licensing fee.

It's a bit expensive if I were to rate it from one to five, with one being the cheapest, I'd rate it at a four. That said, I would argue that it is worth the price.

What other advice do I have?

We're Palo Alto partners.

There isn't an exact version number associated with the product. It's a SaaS.

I'd recommend the solution to other users and companies.

I'd rate the product at a ten out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
Find out what your peers are saying about Palo Alto Networks, Cisco, Darktrace and others in Intrusion Detection and Prevention Software (IDPS). Updated: October 2021.
540,984 professionals have used our research since 2012.
KarthikeyanSrinivasan
Consultant at Sun Cloud LLC
Real User
Top 5
Is easy to use, operate, and edit

Pros and Cons

  • "Palo Alto Networks URL Filtering with PAN-DB is easy to use, easy to operate, and easy to edit."
  • "We have had some challenges with making Palo Alto Networks URL Filtering with PAN-DB work with ELK stack."

What is our primary use case?

We have a few servers in DMC that are not going to go through proxy, but at the same time, they are trying to connect to the internet to download some updates from repo. So, anything that is not a red-hat-related repo or Apache-related repo is blocked, and we have a specific repository. This is when we have been trying to use a URL filter.

What is most valuable?

Palo Alto Networks URL Filtering with PAN-DB is easy to use, easy to operate, and easy to edit. When we want to analyze data, we can download it as a CSV file and just go through with Excel rather than using a complex dashboard.

I have never had any challenges so far that I couldn't figure out myself. Also, when it comes to documentation, Palo Alto is pretty good.

What needs improvement?

We have been trying make Palo Alto Networks URL Filtering with PAN-DB work with ELK stack. We have had some challenges with that because we are getting limited SNMP. It would be good if it worked better with ELK stack.

I'm only able to do it faster when I log into the device and not through Panorama.

For how long have I used the solution?

We have been dealing with it for the last three months.

What do I think about the stability of the solution?

The stability is very much better.

What do I think about the scalability of the solution?

The scalability is much better with Palo Alto Networks URL Filtering with PAN-DB.

How was the initial setup?

The initial setup is quite simple.

What's my experience with pricing, setup cost, and licensing?

It is more expensive than ASA but is far cheaper than Checkpoint. So, pricing wise, it is right in the middle.

What other advice do I have?

I would rate this solution at eight on a scale from one to ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Buyer's Guide
Download our free Intrusion Detection and Prevention Software (IDPS) Report and find out what your peers are saying about Palo Alto Networks, Cisco, Darktrace, and more!