The solution's licensing could be improved, and training should be included before installation.

Palo Alto has launched different products, such as physical firewalls as well as cloud and VM-based firewalls. Recently, they introduced their Prisma Cloud solution. Compared to the previous technologies, like Panorama, which is used for centralized firewall management, or even individual firewalls, it's a bit challenging to integrate the traditional firewall policies into Prisma Cloud. And the Prisma Cloud interface isn't very user-friendly. 

The migration of workloads to the cloud is difficult because the cloud provider and Palo Alto Networks are different platforms. We had to research many articles online and after our research and development were completed we were able to deploy. The migration of data to the cloud can be more user-friendly and has room for improvement.

The utilization monitoring and GUI have room for improvement.

Sometimes we encounter licensing issues where our licenses are not activated, and as a result, we are required to redeploy. This problem could be related to VM-Series or the template image and how they are integrated with Azure Marketplace.

Firstly, Palo Alto should update their documentation to make it more readable and provide easier-to-follow instructions through videos. This would help people learn and deploy the product more easily. Even if the product itself is excellent, lacking proper documentation and troubleshooting guidance renders it less useful. It won't be helpful even if it's rock solid but lacks sufficient information and tutorials.

The DLP functionality or data classification can be improved in the solution's basic firewalling.

I believe that the licensing and overall cost could be more transparent and aligned with how features are utilized, especially considering the duplication of features. 

Sometimes, it's challenging to determine which features to activate or deactivate.

The web interface is still slow, even after recent improvements. 

The reporting part of the product is an area of concern where improvements are required. Compared to Palo Alto Networks VM-Series's reports, FortiGate NGFW provides users with reports that are easy to understand.

The cost must be improved. The tool is very costly.

The solution must improve Zero Trust integration and use cases. The Zero Trust solution has limitations.

There could be dynamic DNS features similar to Fortinet in the product.

From my understanding, we used to have the Sophos firewall and a nice feature that is missing in Palo Alto is the heartbeat that monitors each endpoint. It would be helpful if Palo Alto monitored the status of every endpoint. It could be that it was not set up correctly.

In the next release, I would like to see better integration between the endpoints and the firewalls.

It is not very easy to scale up the solution.

The product's AIOps process needs improvement.

It can be improved in areas such as DevOps and quality assurance. The installation rules deployment process we also improved when we deployed these firewalls. In terms of new features, for simplicity reasons, it is faster, because as I mentioned above we can reused the same rules and the same objects from the local PAN that has a Panorama such as the single point of supervision.

We are looking for ways to integrate with other cloud in the future. For this, we will require a more secure integration and encrypted connections with other companies. 

The vendor must improve the way it advertises and markets the product.

Palo Alto Networks VM-Series is a complex product to work with. 

There's room for improvement in terms of integration with the load balancer. It isn't like Fortinet, which has a load balancer built into its firewall. It is effortless to integrate within the load balancer-plus-firewall solution. 

Palo Alto doesn't have much ability to load balance, so you must purchase a third-party load balancer. It would be great if they did these kinds of changes to integrate the solution with the load balancer.

No other major concerns, just the specific issue with Apps ID configuration. Otherwise, overall stability, VPN, IPSec, VRF, and flow management with the VM-Series have been very stable and reliable.

Compared to Azure Firewall, the product could be better in terms of performance.

The disadvantage with Palo Alto is that they don't have a cloud-based solution that includes a secure web gateway. For example, if a person is working from home and you want a proxy then you have to rely on a secure web gateway. Palo Alto cannot do that because they don't have a cloud solution. So, if you want direct internet access and if you also want the proxies then Palo Alto is not a good choice.

With Palo Alto Networks VM-Series, it is hard for me to manage its network configuration part. Regarding Palo Alto Networks VM-Series, I am figuring out whether to use interzone or intrazone networks for the VMs in our company's environment, which is very confusing. The aforementioned aspects of the solution can be considered for improvement.

In the future, whenever I try to onboard Palo Alto Networks VM-Series, it should allow for easy configuration, especially in terms of network connectivity. I want an easier setup and configuration in the product's future releases.

On the cloud side, they need to come up with more HA solutions to support the multi-region.

It would be helpful if we had a direct number for the support manager or the supporting engineer. That would be better than having to email every time because there would be less wait. Having a dedicated number where we could send a text message in the case of an emergency would be helpful.

In the next release, I would like to see better integration of multi-factor authentication vendors.

We would really like to see Palo Alto put an effort into making a real Secure Access Service Edge (SASE). Especially right now where we are seeing companies where everybody is working from home, that becomes an important feature. Before COVID, employees were all sitting in the office at the location and the requirements for firewalls were a different thing.  

$180 billion a year is made on defense contracts. Defense contracts did not stop because of COVID. They just kept going. It is a situation where it seems that no one cared that there was COVID they just had to fulfill the contracts. When people claimed they had to work from home because it was safer for them, they ended up having to prove that they could work from home safely. That became a very interesting situation. Especially when you lack a key element, like the Secure Access Services.  

Palo Alto implemented SASE with Prisma. In my opinion, they made a halfhearted attempt to put in DLP (Data Loss Prevention), those things need to be fixed.  

We have ran into issues with Palo Alto’s limitations for resolving large IP lists from DNS lookups, as well as the antivirus interfering with App-ID.

I would like to see a more thorough QA process. We have had some difficulties from bugs in releases.

I see more improvements needed from AWS than from Palo Alto on the VM-Series, namely a design centered on NGFW.

The product could provide protection above Layer 3, which gets into the application layer and provides better visibility into those aspects of application security. This would be very helpful. This way, there would be one tool that we could continue using.

The data aspects of data security and data loss prevention could provide visibility which would be very useful.

The reporting. There are various reports that come with the box or with VMware, but you can only run them daily. If you want to generate a report from this week or the past month, you have to create a custom report. It is not that difficult, but I expect these reports to be pre-made. I would like to be able to choose the dates that I can run the reports. As of now, you can only run it for the day before, so this is one improvement they need to make. 

It can definitely improve on the performance.

I would like more scalability included on the next release.

I would like a way to do everything programmatically, or be able to copy the configs from different prices at different levels.

The solution needs to improve its visibility. It's not straightforward to use. Understanding the policies, authorizations, and initializing features requires careful review. The product needs to offer proper training. 

Considering Azure, some customers may purchase Palo Alto Networks VM-300. Considering the pricing perspective, customers want multiple NIC types because they might have different spokes, and they may like to extend it with different interfaces on different spokes. Considering VM-Series on Azure Virtual Machines, since there is a limitation when it comes to Azure VM-300 as it supports only four cores, there may be some modifications made to support more cores.

We still need to understand what are the best practices which we need to implement. 

We also don't know how it will scale once we start putting more load on it.

I would like to have automatic daily reporting, such as how many users have connected via SSL VPN. As it is now, we have to manually look at the logs, which is tedious. There are no ready-made reports on that level and the information is not easily available.

I really need more advanced features that support the correlation of log files.

The command-line interface is something that some people struggle with and I think that they should have an option to go straight to the GUI.

The interface for Panorama has not changed greatly and could be updated.

There should be an option for direct integration with the Azure platform. This would allow this product to take advantage of the auto-scaling that is offered by Azure. Because I am purchasing it as a SaaS model, I should get the complete functionality.

I would like to see the direct support and product ownership from the principal vendor. Ideally, the vendor should maintain ownership and be responsible for the system, including that it is operating correctly. This would give my company a better value when purchasing the product.

The pricing could be improved.

The Panorama management license should come with this solution. We have eight nodes and we still have to purchase it separately. Everything should come with a single license, rather than something that is broken into many parts.

When we activate the solution on Amazon, instead of AWS, GCP or another type of public cloud, we encounter problems, as our engineers are not yet completely hands-on in respects of the public cloud platforms. Still, they can configure the firewall just fine. 

Integrative capabilities with other solutions should also be addressed. 

The user interface could use some improvement.

I would like to see SD-WAN features added in the future.

The firewall itself is very complex. You have to do a lot of research, look through all the documentation, consult, and figure out how to use it. It's not so easy as a regular firewall, like Hypertable. It'll help if Palo Alto Networks provided better documentation. It would be even better if they had simple documentation on some use cases as well.

Palo Alto Networks VM-Series needs to improve its order process. 

The one issue that I didn't like is that the SNMP integration with interfaces didn't record the interface counters. It seems that you really need to upgrade to the very latest version, whereas the physical one has worked for ages now. I think that it narrowly affects the Azure deployment because I remember that we were using the VMware solution before, and we didn't have such issues.

I think that the most important point for Palo Alto is to be as consistent and compatible as possible. It should be compliant such that all of the features are consistently available between the physical and virtualized deployments.

It is not always easy to integrate Palo Alto into the network management system. This is significant because you want to compare what your network management system is giving you to what Palo Alto is giving you. Perhaps in the GUI, they can allow for being able to monitor the interface traffic statistics.

The other things are pretty much great with traffic calls and sessions, but just being able to look at it on an interface physical level, would either avoid using the monitoring integration by SNMP or would create a reference, a baseline check. This would allow you to see whether your network monitoring system or tool is actually giving you correct traffic figures. You need traffic figures for being able to recognize trends and plan the capacity.

It would be good if the common features work consistently in physical and virtual environments. There was an integration issue in the virtual deployment where it didn't report the interface counters, and we had to upgrade to the latest version, whereas the same thing has been working in the physical deployment for ages now. It seems that it was because of Azure. We were using VMware before, and we didn't have any such issues. We do see such small issues where we expect things to work, but they don't because of some incompatibilities. 

There also seems to be a limitation on how to do high availability in a virtualized environment. All features should be consistently available in physical and virtual environments. 

It is not always easy to integrate Palo Alto in the network management system. We would like to be able to compare two network management systems. They can maybe allow monitoring an interface through the GUI to create a reference or do a baseline check about whether your network monitoring system is actually giving you the correct traffic figures. You need traffic figures to be able to recognize the trends and plan the capacity.

All areas need improvement: manufacturing, education, financial, etc.

Its web interface is a bit outdated, and it needs to be updated. 

They can also improve the NAT functionality. We have had issues with the NAT setup.

When you have a client compare box against box, a lot of times Palo Alto is a bit more expensive, but its network firewalls have a very rich ratio.

There is work to be done on the integration side, as AWS doesn't integrate well with third-party firewalls.

I would like to see AWS have more integration with Palo Alto from a routing standpoint, so it could become a routing egress without having to redesigning it.

The interface, maybe. It is all Java-based and I would prefer an HTML5 interface. It would make things a bit quicker. It is not that it is really bad once you are in, it is just another Java-based application that is not amazing. I am not really a fan of Java-based applications. 

The user-friendliness of the UI could be improved.

Even when the solution locks away a virus, there seems to be a delay for four or five minutes. It should be as little as one. Right now, it's such a long delay. It can be frustrating for clients and I need to answer a lot of questions surrounding that.

The solution needs to have more easily searchable details or documentation about it online, so it's easier to Google if you have queries.

The solution requires more use cases.

The implementation should be simplified.