Palo Alto NG Firewalls Other Advice

Solutions Architect at a comms service provider with 501-1,000 employees
Palo Alto is my number one choice for firewalls. I support and utilize more Palo Alto firewalls throughout my company and with my customers than any other device. Number two would be Fortinet. I don't really like Fortinet that that much because it is not as secure as Palo Alto. But I have customers who want to use it because it is a lot less expensive. Number three is Cisco Meraki, which I obviously don't like. But people request that because the Cisco name is very popular and a lot of other people are using it. I couldn't recommend against choosing a device more than choosing it by name instead of functionality. Palo Alto invented the application within a firewall necessary to look at the application identifier in each packet and make a decision. For instance, many companies may want to do something like prohibiting all chat applications with the exclusion of whatever application the company is choosing to use. Let's say the company is using IP Communicator for customers and for employees to chat with each other, but the company wants to block Skype. The reason why might be because they don't want anybody bringing up a Skype call, sharing information via that Skype call, or maybe turning on a Skype call and letting other people see inside the facility. Skype has a very interesting platform in which you block one IP address on the Skype server and it allows another one. You block and it creates another URL. Skype loves to get in and around simple security steps. Palo Alto is phenomenal because it takes a look at the application identifier within each packet and will find that it is Skype and block it. If you want to block AOL Instant Messenger, you just block it. Anything out there you don't want employees to use can just be blocked by referencing the identifier. Netflix is another one that likes to cloak what they are doing and allow you to see things that maybe your employer doesn't want you to see. It is normal not to want employees sitting around watching movies. Netflix likes to find different and interesting ways to bypass certain standard security measures to get into networks. The Palo Alto will find out that someone is trying to access a Netflix movie and block it. Then it can also send an email to alert different people of the activity. You could set it up so that when something like that happens, an email goes to the director of IT to say, "Hey, this person may be trying to access Netflix." You may want it to just block the access type and forgo the alert. Or you can block the activity and alert anyone you want that someone appears to have tried to subvert security. The idea of this type of security measure isn't just to lay blame and get people fired, it is to identify different types of breaches and why they occur. It could be that a potential breach requires a sit-down conversation with the persons involved. But the truth is that many malicious sites — like adult related websites, surfing platforms like Vudu, gambling sites, obviously hacking-related sites, violence or gore — are loaded with malware. You don't want that on your computer, and your employer doesn't want it on the network either. It is just as bad as bringing a device to work and allowing that device to be connected to the network without protection as that is just another potential malware exposure. Another beautiful thing with Palo Alto is that they have Wildfire. Wildfire can prohibit malware in either direction. Malware is not going to get into the network via a customer or a user surfing and it is not going to get out and affect the network and spread around via a user's BYOD (Bring Your Own Device) that got infected while he was working at home. Palo Alto doesn't do SD-WAN, but that's fine because most almost all SD-WAN devices have the ability to save a default route to the internet. If you want to add an SD-WAN, you can send all default route traffic to an onboard a Palo Alto firewall sitting somewhere else in the network or the cloud and the traffic gets scanned. I can stick a Palo Alto at a nearby data center, buy myself some really cheap internet access and force all my traffic to hit that firewall and then to go out through my 5-cents per megabyte internet connection. View full review »
Jonny Su
IS&S Europe and Global Infrastructure Manager at a transportation company with 10,001+ employees
Once you install it, you use it every day. You can't stop because it's a security feature and a precaution. Also, we are using it to do some local breakouts, so we use utilize the local internet to carry some business traffic, to ensure there's no interruption. You have to let it run 24/7. I would suggest you be careful when choosing your model. Consider your bandwidth as well as how you want to run the local area network because the throughput of the firewall has to be well designed. I would rate this solution a nine out of10. View full review »
Mahmoud Salaheldin
Security Unit Manager at EEMC
Palo Alto's firewall protects your network against attacks, threats, and many other things. Networking can be more advanced. You can upgrade the edition of Palo Alto. There's competition between Palo Alto and Fortinet firewalls. Most IT security people don't know which to pick. For a basic firewall, I recommend Fortinet because it has two or three basic firewalls. I personally need a data center firewall. Datacenter firewalls I would recommend FortiGate because of the support. It provides a high level of support. The latest Palo Alto release has many new features. It can provide you with audits, and policy auditing for a policy review. This allows you to know what's going on inside the network from a quality perspective because sometimes you can create new policies - up to one million policies. You can choose policies, and sometimes you get something by mistake. It provides you with an ability to view or do a policy review or policy audit. This is a major feature. It's a very important feature because before it was impossible to bring the visibility to the policy audits to let me know what's going on inside my policies. Now Palo Alto has provided this feature. In terms of advice I'd give to someone considering this solution, I'd say they should read more before going to the implementation phase. They have to read the administrative guides, and product guides before going to implementation. They have to check the platform because different versions of the platform have some new features. The technical people have to review before going to implement it because sometimes they don't need to upgrade this platform or this version. It is not a stable version. You have to read more before going to do the implementation. Ask an advisor, the vendors or call Palo Alto. You can call them, they have great coverage in any country in the world. You can ask the technical engineers what is the best design, their recommended design. I would rate this solution an eight out of 10. View full review »
Find out what your peers are saying about Palo Alto Networks, Fortinet, Sophos and others in Firewalls. Updated: January 2020.
397,717 professionals have used our research since 2012.
Head, Information Technology at a construction company with 501-1,000 employees
List your requirements, give them the proper weighting, and look at what future options are available if you stick with the solution. Then do your evaluation. And don't forget the vendor, the local support, their competency and their commitment. You can have the best product in the world but if you don't get the right person to support you, it's a waste. You would probably better off with a second- or a third-tier product if you have an excellent, competent, and committed vendor to support you. I would rate Palo Alto at eight out of 10 because of the performance, the security features, and policy management, the reporting capabilities, and the optional upgrades or extensions that we can do, like sandboxing. It also offers an option for our integration with our endpoint security. We are going to revamp our endpoint security architecture. One of the options we're looking at is how we can integrate that with solutions from Palo Alto, because then we can have a more consolidated view, instead of using a third-party solution as the endpoint security. Finally, the local support is important. View full review »
Mustafa Arrabi
IT Manager at a tech services company with 51-200 employees
You have to do proper network design from the beginning. You have to look into future expansion. Otherwise, after a year, you have to replace the entire box. On a scale from 1 to 10, I would rate this product a seven because the point of scalability within their product is a big issue. If you have to put a huge investment in front to accommodate future expansion, it is fine. It requires forecasting. If your forecast is not correct and you are not growing to that point, then all your investments will be a waste. If you're adding a block so that it can accommodate your user traffic demand, then that would be perfect. I buy one block at a time now. I can't buy two blocks at the same time. That's a waste of money with Palo Alto NG firewalls. View full review »
Bachir Elsitt
Network Security Engineer at Data Consult
Buy Palo Alto and try its features. In Palo Alto, you have select prevention, scan over AV, anti-spyware, vulnerability protection. and file blocking. you have good feature like WildFire to protect against unknown malware. I rate Palo Alto at eight out of 10 because it gives me visibility and protection. This visibility and protection are very important nowadays to protect you from hackers. View full review »
I've used it and I'm very happy. Frankly, I think this site under-rates the technology, as it should be in at least the top three. View full review »
Rakesh Rawat
Network Engineer at Acliv Technologies Pvt Ltd
This solution is easy to understand, reliable, and user-friendly. I would rate this solution as eight out of ten. View full review »
Vice President & Head Technology Transition at a tech services company with 10,001+ employees
I'd say the blueprint of the implementation needs to be ready before you start the implementation of the product. The product is generally stable and the team provides a good presence on it, but at the end, if you're putting it in the mission-critical data center, the planning needs to be extensive. I would rate this solution an eight and a half out of ten. View full review »
Jean Maurice Prosper
Chief Executive Officer at a tech services company with 11-50 employees
I would rate this solution 8 out of 10. Generating reports is not so easy. I think with support, for everyone, and for all the bank company workers, they can do that a bit better. Then maybe I would rate them higher. View full review »
Aleksandar Jovanovic
System Engineer with 51-200 employees
PA is a product that continuously improves, so, I have nothing to add in terms of features. My advice is not to look for a cheaper solution, as the price/performance ratio on Palo Alto is great. View full review »
Senior Technical Consultant at Exclusive GRP
I've helped customers using Fortinet and Check Point. They are compromised. Their firewall is not stable. But for some features, for example, encryption, they want to use this feature, but the firewall feature isn't great. With Palo Alto, there isn't any problem, you can open any feature - IPS feature, data encryption feature - there isn't an issue. Implementation is simple, the product is stable, but I advise if people get the firewall I strongly recommend the use of the API features. They may not be accustomed to using a next-generation firewall. If they want to use NG Firewalls, they need to use and implement the API features. They need to create uses based on the application. My understanding is Version 9 will introduce some logic features. I would rate this solution 9 out of 10. View full review »
Ibrahim Ghanem
Head of Information Network Security at FRA
I would rate this solution 7 out of 10. View full review »
Sales Engineer at a wholesaler/distributor with 51-200 employees
The functionality is good and so are the features. In terms of implementing the solution, I wish it was better. I would rate the solution 8 out of 10, mostly due to the technical issues I've experienced. View full review »
Partner at a tech services company with 51-200 employees
I would certainly encourage someone to look into this solution. View full review »
Mohamed Farouk
CTO at a tech services company with 11-50 employees
I would rate this product 8.5/10. It's very good. View full review »
Find out what your peers are saying about Palo Alto Networks, Fortinet, Sophos and others in Firewalls. Updated: January 2020.
397,717 professionals have used our research since 2012.