Palo Alto Networks VM-Series Room for Improvement

reviewer1267734
Executive Cyber Security Consultant at a tech services company with 11-50 employees
We would really like to see Palo Alto put an effort into making a real Secure Access Service Edge (SASE). Especially right now where we are seeing companies where everybody is working from home, that becomes an important feature. Before COVID, employees were all sitting in the office at the location and the requirements for firewalls were a different thing. $180 billion a year is made on defense contracts. Defense contracts did not stop because of COVID. They just kept going. It is a situation where it seems that no one cared that there was COVID they just had to fulfill the contracts. When people claimed they had to work from home because it was safer for them, they ended up having to prove that they could work from home safely. That became a very interesting situation. Especially when you lack a key element, like the Secure Access Services. Palo Alto implemented SASE with Prisma. In my opinion, they made a halfhearted attempt to put in DLP (Data Loss Prevention), those things need to be fixed. View full review »
Goran Aleksic
Senior Network Engineer at a tech services company with 51-200 employees
The one issue that I didn't like is that the SNMP integration with interfaces didn't record the interface counters. It seems that you really need to upgrade to the very latest version, whereas the physical one has worked for ages now. I think that it narrowly affects the Azure deployment because I remember that we were using the VMware solution before, and we didn't have such issues. I think that the most important point for Palo Alto is to be as consistent and compatible as possible. It should be compliant such that all of the features are consistently available between the physical and virtualized deployments. It is not always easy to integrate Palo Alto into the network management system. This is significant because you want to compare what your network management system is giving you to what Palo Alto is giving you. Perhaps in the GUI, they can allow for being able to monitor the interface traffic statistics. The other things are pretty much great with traffic calls and sessions, but just being able to look at it on an interface physical level, would either avoid using the monitoring integration by SNMP or would create a reference, a baseline check. This would allow you to see whether your network monitoring system or tool is actually giving you correct traffic figures. You need traffic figures for being able to recognize trends and plan the capacity. View full review »
reviewer1415211
Senior Manager Network Engineering at a manufacturing company with 10,001+ employees
The disadvantage with Palo Alto is that they don't have a cloud-based solution that includes a secure web gateway. For example, if a person is working from home and you want a proxy then you have to rely on a secure web gateway. Palo Alto cannot do that because they don't have a cloud solution. So, if you want direct internet access and if you also want the proxies then Palo Alto is not a good choice. View full review »
Learn what your peers think about Palo Alto Networks VM-Series. Get advice and tips from experienced pros sharing their opinions. Updated: January 2021.
455,962 professionals have used our research since 2012.
Kofi Otchere
ICT Infrastructure Specialist (E-Transform Project) at Ministry of Communications and Information
The command-line interface is something that some people struggle with and I think that they should have an option to go straight to the GUI. The interface for Panorama has not changed greatly and could be updated. View full review »
Md Rezwan Ashique
Technology Specialist at Accretive Technologies Pvt Ltd
Even when the solution locks away a virus, there seems to be a delay for four or five minutes. It should be as little as one. Right now, it's such a long delay. It can be frustrating for clients and I need to answer a lot of questions surrounding that. The solution needs to have more easily searchable details or documentation about it online, so it's easier to Google if you have queries. The solution requires more use cases. View full review »
VishalGilatar
IT Security Head with 1,001-5,000 employees
I would like to have automatic daily reporting, such as how many users have connected via SSL VPN. As it is now, we have to manually look at the logs, which is tedious. There are no ready-made reports on that level and the information is not easily available. I really need more advanced features that support the correlation of log files. View full review »
Goran Aleksic
Senior Network Engineer at a tech services company with 51-200 employees
It would be good if the common features work consistently in physical and virtual environments. There was an integration issue in the virtual deployment where it didn't report the interface counters, and we had to upgrade to the latest version, whereas the same thing has been working in the physical deployment for ages now. It seems that it was because of Azure. We were using VMware before, and we didn't have any such issues. We do see such small issues where we expect things to work, but they don't because of some incompatibilities. There also seems to be a limitation on how to do high availability in a virtualized environment. All features should be consistently available in physical and virtual environments. It is not always easy to integrate Palo Alto in the network management system. We would like to be able to compare two network management systems. They can maybe allow monitoring an interface through the GUI to create a reference or do a baseline check about whether your network monitoring system is actually giving you the correct traffic figures. You need traffic figures to be able to recognize the trends and plan the capacity. View full review »
Alexandru Sireteanu
Assistant Professor at Facultatea de Economie și Administrarea Afacerilor din Iași
The firewall itself is very complex. You have to do a lot of research, look through all the documentation, consult, and figure out how to use it. It's not so easy as a regular firewall, like Hypertable. It'll help if Palo Alto Networks provided better documentation. It would be even better if they had simple documentation on some use cases as well. View full review »
Barbara Kipp
Manager, Information Technology at SWPA Corp
From my understanding, we used to have the Sophos firewall and a nice feature that is missing in Palo Alto is the heartbeat that monitors each endpoint. It would be helpful if Palo Alto monitored the status of every endpoint. It could be that it was not set up correctly. In the next release, I would like to see better integration between the endpoints and the firewalls. View full review »
Sarith Sasidharan
System Administrator at a aerospace/defense firm with 201-500 employees
There should be an option for direct integration with the Azure platform. This would allow this product to take advantage of the auto-scaling that is offered by Azure. Because I am purchasing it as a SaaS model, I should get the complete functionality. I would like to see the direct support and product ownership from the principal vendor. Ideally, the vendor should maintain ownership and be responsible for the system, including that it is operating correctly. This would give my company a better value when purchasing the product. The pricing could be improved. The Panorama management license should come with this solution. We have eight nodes and we still have to purchase it separately. Everything should come with a single license, rather than something that is broken into many parts. View full review »
reviewer1286028
Security Operations Specialist at a logistics company with 201-500 employees
Its web interface is a bit outdated, and it needs to be updated. They can also improve the NAT functionality. We have had issues with the NAT setup. View full review »
reviewer1415460
Senior Network Architect at a manufacturing company with 5,001-10,000 employees
The user interface could use some improvement. I would like to see SD-WAN features added in the future. View full review »
reviewer1303821
Network Security Engineer at a tech vendor with 51-200 employees
The implementation should be simplified. View full review »
Learn what your peers think about Palo Alto Networks VM-Series. Get advice and tips from experienced pros sharing their opinions. Updated: January 2021.
455,962 professionals have used our research since 2012.