For the VPN only, we used Cisco's old ASA firewalls. That was set up before my time. We moved away from that when we went to GlobalProtect in December 2019.

Primarily, I wanted a single platform. We had Palo Alto Firewalls doing firewalling things and Cisco firewalls doing the AnyConnect VPN solution. Paying maintenance of both sets didn't make a whole lot of sense to me. Also, ASAs didn't seem to be able to support as many users concurrently as the Palo Alto solution looked like it could support. So, I just got rid of the Ciscos and went to the Palo Alto NG Firewalls and GlobalProtect.

It gives us added security compared to our previous firewalls. They were very cumbersome to manage, and they had no central management. By switching to Palo Alto Networks NG Firewalls, we made use of the Panorama management tool to manage all our firewalls. The management side is much easier. Also, it provides visibility from their monitoring to be able to see the traffic. Whereas, I was not able to see that before with our previous firewall manufacturer.

With our previous firewall vendor, the maintenance was running to the end of its contracts. Therefore, we were looking to switch anyway because we just weren't happy with that hardware. Our implementation strategy was basically to replace all the old firewall hardware with something new. At the time, we were pretty happy with what Palo Alto Networks was offering.

I worked with Fortinet and Cisco firewalls, like PEAK, FirePOWER, and ISA. I also used Check Point firewalls from time to time. I believe Palo Alto has the best technology in the world, and there is a significant demand for these solutions in Poland, so I want to be a person who can implement and configure this technology.  

Many customers think about security in terms of their entire ecosystem, so we have on-premises firewalls and Prisma Cloud, plus endpoint protection solutions like Cortex XDR. I have two customers in Poland who have WildFire in an on-premise sandbox. 

There is a tendering process in my organization, so products that are technically qualified go through a two-stage process: the first stage is the technical qualification stage and the second stage is the financial qualification stage. However, in the end, everything comes down to finances, and that's why Palo Alto was awarded the tender and we switched from Check Point.

The first thing we did was install a client to manage the Check Point firewall. However, I think the new versions which operate at this time don't need the client. Previously, it definitely required a client, so that was a headache. Palo Alto is not like that, it's a dual-based configuration. Also, when we apply the rules, it's also very easy in Palo Alto. Another important aspect is that Palo Alto uses its own based firewall, and Check Point does not. We have to put the configuration to interfaces and likewise. This is very helpful because in my network, in some cases, we have to have a couple of interfaces that are met with the source, and we have to easily apply rules by selecting the source.

We previously used Cisco ASA. We switched because of the IPS for compliance, but there were other factors as well, such as usability. We didn't have enough engineers who were well trained on Cisco because it's a very traditional kind of product that's completely CLI driven. We only had one or two people who could actually work on it. Even though people understand Cisco, when we asked them to implement something or make a change, they weren't that comfortable. 

With Palo Alto, it was very simple. The people who knew Fortinet also learned Palo Alto and picked it up very quickly. When we had new people, they were able to adjust to the platform very quickly.

We were using Cisco's router-based firewalls. They had some advantages, but they did not have a graphical interface for configuration, which was the weakest point. Getting team members on the team who were not familiar with the command line configurations for our Cisco firewalls made us select a product that provides a graphical interface for configuration, and that was a reason for moving to Palo Alto.

I have been here for a year and a half. Before, the firewall that they were using (Barracuda) was barely adequate for what we were doing. We got new ones simply, not because we had a software/hardware-type attack, but because we had a social engineering attack where one of the folks who used to work for us went on to do some crazy things. As a result, the reaction was like, "Oh, let's get a new firewall. That should stop these things in the future."

We have been using the FortiGate firewall for almost 20 years in our environment, but we recognized the Wildfire feature and some of the AIM firewall systems. FortiGate is not a next-gen firewall. Other applications such as Gartner insight offer better connections and recommend a firewall, similar to Palo Alto Networking NG Firewalls, for better application performance. We procured the solution and we have been testing it. We don't like to put all our eggs in one basket. We need multiple firewall solutions to connect with our environment. If one fails for any reason, we can have the second one take over the job. We have servers hosted in the cloud environment and each server has a different firewall installed. If we lose our connection due to a firewall issue, a firmware issue, or if Fortinet couldn't detect malware or a zero-day attack, we would be out of luck without Palo Alto Networks NG Firewalls. We are considering utilizing both solutions to best suit our needs. 

In our branch office, before the Palo Alto firewall implementation, we have been using FortiGate. We switched because of the budgetary requirements. With FortiGate, for the high availability feature, we required two devices. We had to buy two licenses, whereas Palo Alto required only one license. It was completely in tune with our budget. So, we had to go with Palo Alto.

FortiGate did not have single-pass architecture. It took a huge amount of resources for each action. For policy lookups, it took a considerable amount of system resources, such as CPU, RAM, etc. The waiting time was too high for policy lookup, application decoding, and signature matching. All this is carried out in a single pass in Palo Alto. So, it is considerably fast and also secure. There is no compromise in terms of security. It is completely secure, and we are able to do more functions in a single pass with the Palo Alto firewall. So, we save a lot of resources. With FortiGate, security was around 50%. After the implementation of PA 820, it has increased to 80%. We have achieved about a 30% increase in security. Even though PA 820 is not a higher-end series, performance-wise, it matches the higher-end series of FortiGate. So, there is a considerable amount of cost savings. We are able to save 20% to 30% extra.

In our organization, we have multiple vendors. We have FortiGate, Cisco ASA, and other security implementations. We have already purchased many other products. So, we cannot simply suggest Palo Alto across the organization. We have to consider the older purchases.

Palo Alto is a good competitor to FortiGate. Cisco, FortiGate, and Palo Alto are the three main competitors. When we compare these products, they have similarities, but I would suggest going with Palo Alto for higher security. If you are giving more priority to security and less priority to performance, definitely consider this. Cisco ASA and FortiGate are more performance-oriented. So, if you are planning to give more priority to security, I would definitely suggest Palo Alto.

Prior to Palo Alto, we used a combination of solutions. This included honeypot machines, and products for IPS/IDS.

We used to be a Cisco shop and I'm glad that we are no longer one. I've been trying to get rid of Cisco for years. The problem with them is that it's unwieldy. It's an old-school way of doing things. For example, everything is port-based. They tried to get into the next-gen firewall space, but the way they grow is that they buy other companies and try to combine technologies to make them work. That doesn't work.

One thing that I've never liked about Cisco, and still don't like, is that if I did an OS upgrade, I was guaranteed that I would be there for at least three to five hours. This was for a simple OS upgrade. Palo Alto has made my life a lot easier from that perspective, which is something that I really appreciate.

Outside of the problem with the OS upgrade, security was becoming more prevalent at the time because of hackers. Cisco was just port-based, and we wanted to move to something that was mobile and more granular. We wanted something that would give us better security and Cisco just didn't have it. 

We don't use the DNS security capability with Palo Alto because we use Cisco Umbrella for that, and it works great.

Anyone should tinker with hardware from different manufacturers, then see what fits with your application. 

We previously had Cisco ASA Firewalls in some locations and Cisco Security PAK Routers in other locations that gave us a base level of firewall. So, we didn't previously have any next-generation firewalls. These are our first real next-gen firewalls.

We switched solutions because we didn't have enough of the network security covered. Also, we wanted centralized visibility and control, which was key for us.

When we did some red team testing, we found that there was a way to get some data out through our existing DNS environment. We knew we had to fix the centralized DNS management, visibility, knowledge of the DNS queries, and the visibility of the DNS queries as a result of some testing that we did. Whereas, before they were all geographically disparate, having a centralized place to look at to be able to do some analysis and visibility really are the key things for us.

Palo Alto is the main core product in our case, but we also have Fortinet, Check Point, and Cisco ASA firewalls. Fortinet is one of the key products in our network.

Before 2008, we used only core firewall architecture for our network. Then, we needed to enhance our security as we moved toward the cloud. We needed to protect our network from external threats so we decided to go with multi-layer architecture. 

We use several products: Palo Alto, Checkpoint, and three products. Among those products, Palo Alto's performance and product security features are very good. 

We only used Juniper firewalls for our core Firewall. We switched because we wanted to move to a multi-layer architecture.

We previously used Fortinet and Cisco.

We switched to Palo Alto because it's an all-in-one solution. We were attracted by its level of detection, level of monitoring, and level of packageable inspection.

We did previously have a different kind of a firewall. We used Check Point before. We also used NetScreen and Cisco. But in the end, we defined our standard and now use Palo Alto.

Previously, we used Cisco.

Compared to Cisco, Palo Alto Networks NG Firewalls are much better in terms of being more elegant and thorough, especially when it comes to navigating log files and similar tasks.

We switched because of the end of life in a hardware's life cycle. With us moving into the cloud and having a much larger endpoint presence, we wanted something that was a little more robust. We also had fewer head counts for our firewall or network administrator staff. So, we wanted a tool that we could access easily and not have such a large training curve. We went with Palo Alto Networks NG Firewalls because it made a little more sense for us.

I previously used Forcepoint Next-Generation Firewall which is cheaper than Palo Alto Networks NG Firewalls but I prefer Palo Alto because it is user-friendly and supports more devices and features. 

I have used Check Point and Cisco ASA.

Initially, when I started with Palo Alto, we had Cisco ASA, but Palo Alto Networks beat ASA hands down.

We have a multi-vendor environment with different providers. Our standard is that we can't have the same firewall for each parameter, so there is some kind of diversity. 

We had ASA looking at one side of the network and Palo Alto Networks looking at the other side of the network. We also had Juniper looking at another side of the network. At the end of the day, ASA was very good, I don't dispute that. However, in terms of functionality and user experience, Palo Alto Networks was better. 

Palo Alto Networks beat ASA because it was a next-generation firewall (NGFW), while ASA was not.

We previously used Cisco. The switch was a business decision and may have had to do with cost savings, but I'm not sure what the driver was.

We have used several firewalls including Cisco, Fortinet, and Check Point. We chose Palo Alto because it's the only one that brings it all together in one platform and lets me manage it. It also removes the complexity of what I have to manage and deal with.

Previously, we used Fortinet.

We previously used Cisco ASA and Check Point NGFW and switched to the Palo Alto solution because it offers more robust and complete protection and features.

We previously used Fortinet.

We have a policy in our organization to change the firewall every five years. So, I have experience working on FortiGate, SonicWall, and WatchGuard over the last 20 years.

WatchGuard is very good at web filtering. FortiGate is also very good, and they have their own application to manage the firewall, and SonicWall is also very good. 

Palo Alto is a web-based firewall, and there are no applications to deploy and support. I mean, I take all the logs and all things from the client-side. As it's web-based, it's extremely slow. 

When you click on a particular log, it will take a lot of time because it generates lots of logs. That is a good thing, but performance is a little slow. Both WatchGuard and FortiGate are very good for this kind of thing. Also, WatchGuard is application-based, and I didn't have to deploy it. I came to know about Palo Alto from my friends who said it was very good for application-based security. 

We used to use Juniper and Fortinet.

We previously used Palo Alto Cortex. We switched because the NG Firewalls are very stable, flexible, and more powerful.

Palo Alto has a better interface and integration with other solutions than competing vendors. The only drawback is the price. Go with FortiGate if you're looking for a firewall that is cheap and decent. If you can't afford Palo Alto, FortiGate is the next cheapest. 

Palo Alto NGFW’s unified platform has helped to eliminate multiple network security tools and the effort needed to get them to work together with each other. Before using Palo Alto Networks NG Firewalls, customers might need to implement Layer 4 firewalls, IPS and possibly an antivirus, gateways, and maybe web proxies for all their devices. With Palo Alto NGFW’s unified platform, if a customer can do all the config and security policies on one platform, then this will merge all their security things onto a single platform.

We previously used Check Point NGFW and switched to Palo Alto Networks NG Firewalls because of the stability.

Before, we used SonicWall, but we decided to switch to Palo Alto Networks NG Firewalls because they offer a much better solution and are leading the market.

We previously used Fortinet FortiGate firewalls but switched to Palo Alto Networks NG Firewalls for their superior performance. We also chose Palo Alto Networks because Gartner's reviews of their firewalls have consistently been better than those of Fortinet.

Before adopting Palo Alto NG Firewalls, no other tools were used.

I have worked with Check Point, but it's very difficult to configure. Palo Alto is much easier to configure, and the dashboard is very user-friendly as well.

We also use Cisco firewalls.

I am expert with next-gen Firewalls, especially in Fortinet and Palo Alto. I am NSE 4, NSE 7, and PCSAE certified.

I previously used WatchGuard XTM firewalls, but I switched to Palo Alto Networks NG Firewalls because of their superior performance and features.

We've worked with different firewall solutions such as Check Point, Cisco, ACI, and Fortinet, but Palo Alto is definitely among the ones that I like to work with.

My organization used Cisco Secure Firewall ASA and switched to Palo Alto Networks NG Firewalls because Cisco was lagging behind in many features. For example, the management interface on the ASAs was awful compared to that in the NG Firewalls.

I did work with Cisco ASA, prior to FireEye, where they purchased and integrated it as sort of the next generation part of their ASA. 

One of our remote access solutions for remote access clients was Cisco ASA. That was just getting to its end-of-life. It actually worked quite well. It was pretty hands-off and reliable, but the hardware was getting to end-of-life. Because we had the Palo Alto capable of doing similar functions, we just migrated it over. 

It was similar for our site-to-site VPN, which was Cisco DMVPN that we are still using, but we are migrating off it since its hardware is reaching end-of-life. By combining it into the Palo Alto umbrella, it makes the configuration and troubleshooting a bit easier and more homogenous. 

Before, it was just different platforms doing sort of similar but different functions. Now, we are using similar platforms and devices rather than having three different solutions. This solution is sort of homogenized; it is sort of all in one place. I suspect that makes security a bit more thorough. Whereas, we had three different platforms before. Some of the delineation isn't clear, as they sort of overlap in some respects to what they do, but having it in one location and system makes gaps or overlaps or inconsistencies easier to spot.

We also use FortiGate, Check Point, Forcepoint, and SonicWall. We use the tools based on our clients’ requirements.

We were using Cisco ASA. We switched because of its ease to use and the GUI. There is also Single Pass Architecture, which is related to the way a packet flows through our network. It doesn't have to go through one area into another area. It's all at one, and it just separates. It gives me the best visibility of our network and firewalls.

I didn't use any other solution previously.

Previously, we worked with Cisco Secure Firewall.

We switched to Palo Alto Networks NG Firewalls because it was a good deal for the company.

We previously used Barracuda Networks.

We switched to Palo Alto Networks NG Firewalls after having a bad experience with our previous vendor for firewall solutions.

Palo Alto is more forward-thinking when compared to Barracuda.

Previously, we did not use another solution.

We used FortiGate earlier. We plan to switch again to FortiGate as per our vendor’s preference.

We replaced a Cisco ASA Firewall with Palo Alto, and then we started replacing all our other firewalls with Palo Alto. Cisco ASA was not a next-generation firewall at that time. And no firewall could beat the traffic monitoring and the visibility that we had on Palo Alto.

We did a PoC before going to Palo Alto. We placed the Palo Alto in virtual wire mode, meaning a transparent mode. Without changing our existing network infrastructure, we were able to plug the Palo Alto into our network where we could see all the incoming and all the outgoing traffic. Without creating any policies or any blocking, we were able to see all the traffic and we were impressed with that part and we decided to switch to Palo Alto.

We have used FortiGate in the past and we prefer this one.

We also use Barracuda and Cisco for certain aspects of security.

I have experience with quite a lot of other vendors.

In my opinion, I find the configuration of this product more appealing than that of Cisco, but ultimately, it comes down to the preference of the organization's administrators. In terms of features, I don't see a significant difference between them; they all seem pretty standard to me.

I find their syntax more appealing, especially for the command line.

I have been in this business from the beginning, so I used most firewall solutions. I focused on Cisco for 15 years, but that changed due to license-based selling in a very price-sensitive market. Cisco is not as viable an option as it used to be as customers consider it too expensive. I also used a Check Point solution, which was regarded as the go-to intelligent firewall five years ago, but now Palo Alto has taken that top spot. 

We are partners with several providers, including Juniper, Palo Alto, and a few others, but I always go with Palo Alto because it's a straightforward solution with easy installation.

We used to use Juniper Firewalls.

I used Cisco ASA.

We have worked with various firewalls such as Check Point, Sophos, Cisco, and some unknown product names as well.

There are several things to consider before recommending a solution. It depends on the business requirements, the budget, and the complexity of the security needs.

I believe that Palo Alto is the best one, then Check Point and Sophos. Those are my three preferences.

Palo Alto and Check Point would be rated an eight out of ten and the others would be a seven out of ten.

We were using older versions of Palo Alto's firewalls and we also had Cisco firewalls in our environment.

We were using Cisco ASA previously. Palo Alto has strengthened our security policies. It has also made our environment more secure than Cisco ASA.

The client still uses Cisco, Fortinet, and Checkpoint. Palo Alto has very good administration tools which is not the case with the others. You can't compare all vendors. Also, the granularity of the information that they can obtain from the firewalls is better.

We previously used Juniper which is currently called Net Screen. I also looked at Sonic Wall. We carried out a proof of concept five years ago and they had to decide whether to go with Palo Alto or another vendor. 

We used to use Checkpoint. We stopped using it because the price was too high. 

We use both Palo Alto and Cisco as our firewalls. We use them both at the same time.

If we compare with Check Point, Check Point is not really good in stability, not for monitoring. That is why we didn't choose Check Point to move to Palo Alto. Compared with Check Point, it's excellent. It's very good. It's even better than Cisco also. So for this kind of usage scenario, it's very good. We don't use it as a regular firewall or perimeter firewall. We use it only as an internet gateway. But for an internet gateway, it's very good.

We're also using Check Point as a firewall.

We also use FortiGate VDOM, although this is for internal protection. The FortiGate interface is simpler in design than Palo Alto.

Prior to Palo Alto, we were using the Cisco ASA platform. When it was through with its lifecycle, we switched. Seeing the next-generation firewall competition in the market, Cisco definitely has a larger portfolio, but it is not as competitive in the security domain. Solutions from Palo Alto and Fortinet are better in this space.

I've never dealt with Huawei, however, our company has worked with Cisco, Dell, and HP among other solutions.

I have tried Sophos, Cisco, and FortiGate. This is the best firewall.

We previously used a different solution that was Fortinet. I'm still using it. There's another area in the network where we use Fortinet.

Previously we used a pfSense firewall. I was very unhappy with it, as it had a limited feature set and was not intuitive to configure. 

We ask the end customer, whosoever has the legacy network in their organization, if they don't need all their extra devices in order to cut down on costs. We then do an IPSec tunnel on the cloud as a gateway. From there, they can route the traffic to the Internet or wherever they would like.

Palo Alto is a unified device with a very streamlined voice. I have worked on Cisco routers and ASA as well, where you have to do a lot of stuff through the CLI and Linux shell scripting. With Palo Alto, those things are streamlined and engineering takes care of everything.

We were using Check Point. We switched because of certain features: entire equity, ideas, application visibility, single interfacing, etc.

As resellers, we also work with Cisco and some Forcepoint solutions.

I like that in Cisco there's more security parts, like IPS, and a Demandware engine.

I like Cisco, in general, more than Palo Alto if I'm comparing the two. However, from an application perspective, our application's usability and detection and firewall control using an application, it's Palo Alto that's the best on the market. That's, of course, purely from a  firewall point of view. Even in terms of detection of the applications, it has the best system.

Actually, I have moved away from using this product because of changes in duties.

We had another box before and it wasn't a next-generation firewall. We needed to change to a next-generation firewall so we compared a few of the top players in the market and Palo Alto was the right one, in terms of the features that we need.

We were using an outdated firewall and, because of the growing threats, things were getting through. We were not able to filter some of the traffic the way we wanted. It was high time that we went with a next-generation firewall.

In terms of a vendor, in my case, I was referred to the local vendor, the one that we would be deploying and working with on the implementation. We definitely look for the competency, their knowledge of the subject matter, in this case, firewall technology, networks, etc., and their knowledge of the product. And, of course, the other factor is their commitment and their value-added solutions because sometimes we need them to go beyond to address a certain problem that we may have.

There are multiple products from different vendors, and I basically deploy different firewalls from different vendors for the customers based on their needs. The solutions I work with include Cisco, Fortinet, and WatchGuard. There are a few others as well.

We also sell products by Cisco and there are some differences between them. Palo Alto is more expensive and the performance is better. With Cisco, the documentation is better and it is easier to install. There is a lot more information available for Cisco products.

I have previously worked with Cisco ASA. Palo Alto is a lot easier especially in regards to security. It is a well-integrated software.

We previously used Fortinet, and changed to this solution because of the superior performance.

I was using Check Point before Palo Alto. I am very disappointed with Check Point because I had to reboot power three to five times a week. Palo Alto Networks NG Firewall is comparatively very easy to manage and use. It has better logic for configuration than other firewalls.

I have experience with multiple firewall vendors and I have seen that products from other vendors have bugs. My feeling is that Palo Alto does not have this problem.

Some of the vendors that I have worked with are Fortinet and Sophos. The setup and management of these products are easy compared to Palo Alto.

We were using Cisco ASA. When Cisco moved to the next generation firewall or tried to move to the next generation firewall when they acquired Sourcefire, and they announced Firepower on ASA, it was not a good option.
They had tool management so you could configure ASA from the CLI and you could configure it on the Firepower. You need to redirect the traffic from ASA to Firepower. It was not a good idea. The packets were processed but there was latency in the packets. 
Nowdays, FTD has many problems and bugs.

When selecting a vendor, the important criteria is how much the appliance is powerful and if it gives me the feature that I want, not an appliance that does everything and it will affect the throughput. Also, the value of the product, the price. 

There has to be a match between the price and the features.

We were using Cisco ASA. We switched because of legal reasons and difficulty to understand. That's why they had decided to change to Firewall.

We also work with Fortinet.

I'd likely recommend Palo Alto over Fortinet as I find Palo Alto to be more user-friendly. The performance is also very good.

This was the first firewall that we used. 

Palo Alto is my first solution.

I've also used Juniper, however, that may have been three or four years ago or so.

We also use Check Point as a firewall. Both have their advantages but for my part, Palo Alto is better because of the way it handles applications. Check Point is better if you are only using ports and TCP/IP.

Our previous firewall did not have the next-generation capability.

Our previous solution was open source, and not so easy to manage. We had a Linux Iptables firewall, Squid + DansGuardian proxy, and an OpenVPN server. We replaced all of these solutions with Palo Alto.

In terms of firewalls, we use Palo Alto, Cisco, and Fortinet FortiGate. 

We used to use Check Point, but we switched. It's because we found Palo Alto is better. Check Point is much slower, more expensive.

I was not pleased with my previous solutions.

We switched to Palo Alto for better manageability and overall features.