The biggest thing that needs to be improved with them is their training. I took a training class for the 8.0 build, then I took it again for the 9.0 and 10 builds. They add new features every time that they do a new major release, but the training doesn't keep up. It is the same basic training that probably was with the 3.0 build, and they just change the screenshots. I would love to see them do some more work since they have all these bells and whistles, but we don't know how to use those features on a large scale.

I know this little section here about the firewall, but I know there is a huge amount that still could be done with it. I am not touching enough of it because I just don't know how. It seems like the more I learn about it, the more I learn that there is to learn

It is not a unified solution yet. That is probably why it has been hurting them in the cloud evolution. It does not have a complete single-pane-of-glass management,

I am looking to have the machine learning see how a virus or malware will morph, then prevent that from happening. That seems invaluable at this point.

We have a lot of the older firewall models, i.e., the PA-220. It seems that with newer operating systems the PA-220 is becoming slower than when I first bought it. It is not really an issue for users who are passing traffic through the firewall, but more from the management access of it.

When we enable security functions like threat prevention, performance generally degrades, but this is normal. Of course, Palo Alto could always improve its security. 

There are some features of Fortinet such as the virtual domain capability, that I would love to see in this solution, but they don't outweigh the technical capabilities of Palo Alto as the firewall.

We have not taken Palo Alto's firewall management solution because it's too expensive and we don't feel it delivers significant value. We have developed our own reporting. Sometimes there are limitations around the APIs and it would be great if the APIs could be enhanced.

The pricing of the solution is high and can be improved.

Most other VPN clients include mobile VPNs but Palo Alto does not. We are required to purchase the mobile VPN clients separately. During our RFPs we have noticed that most features by vendors are similar but the price for those features is higher with Palo Alto.

The reporting and visibility are phenomenal, but you don't get that information out of the box. They can email reports regularly, and the functionality is all there. However, a lot of it is based on an older model for email, where customers have in-house email servers. The small and medium-sized business customers I deal with are moving toward Office 365 or some other cloud-based mail and not maintaining their own internal mail servers. 

Palo Alto is developing that, and I need to understand how they integrate with an Office 365-type mail environment. The next piece is figuring out how to get that information to the people who need it without somebody physically sitting in front of the screen or going to the firewall to have it delivered to them regularly. The capability is there, but it's primarily based on an older email architecture that customers rarely use anymore.

We have had some challenges. There are some advanced features that we aren't able to use, which include active IP authentication and app ID. We are facing challenges with implementing those two features.

Other products provide you with APIs that allow you to access certain features of the product externally with another solution. In the cloud, we have a lot of products that provide us with these capabilities, such as Microsoft. It has its own ecosystem, which is exposed through Graph API. I would like to have the capability to use the feature set of Palo Alto and provide it to another solution.

For example, if we have a very good system to identify malicious IPs within Palo Alto, we would like the ability to feed the same information into another product using the APIs. These are obviously very advanced capabilities, but it would be great if Palo Alto would allow this in the future.

I would like to have an on-prem sandbox solution included in a future update.

The cost has room for improvement.

The only problem that I see with the Palo Alto NGFW being an all-in-one appliance is that because of the different features that are being put into a single appliance, the OS tends to be beefier. Over the eight years, we have seen that the number of features or analyses being put into the appliance itself has a tendency to slow down the appliance, especially at the time of bootup. So, any time we are doing maintenance work, the time required for the appliance to boot up and be fully functional again is significantly longer than eight years ago. They could find a way to make this all-in-one appliance faster.

They should also make the documentation much easier to understand. Given all the features that they have built into the firewalls, it should be easier for the end users to understand the product and all the features available on the product. They should be able to utilize the product to the maximum capabilities. The documentation and the tech support available need to improve. The tech support of Palo Alto has deteriorated over the past few years, especially after our pandemic. Getting tech support on our issues is very difficult. They could definitely improve on that.

There is a web-based GUI to do management, but you need to know how the machine or firewall operates. There are hundreds of different menus and options. I have used other firewalls before. Just implementing or designing a policy with Palo Alto, if you want a certain port to be open to different IP addresses, then that could take 20 to 25 clicks. That is just testing it out. It is quite complex to do. Whereas, with other places, you tell it, "Okay, I want this specific port open and this IP address to have access to it." That was it. However, not with Palo Alto, which is definitely more complex.

The VPN is only available for Windows and Mac iOS environments. We have a variety of iPads, iPhones, and Android stuff that wouldn't be able to utilize the built-in VPN services.

I would like easier management and logging. They can set up some profiles instead of having you create these reports yourself. However, you should be able to set it up to give you alerts on important things faster.

The user interface can be significantly simplified. The dashboard and other features can be more thoughtfully designed. We get all the data in a single dashboard, which gives us additional insights. However, it takes time to sort it all out so it's easily accessible. If the data can be presented in a more graphical and structured way, it would be more helpful.

It is a complete product, but the SSL inspection feature requires some improvements. We need to deploy certificates at each end point to completely work out the UTM solutions. If you enable SSL encryption, it is a tedious process. It takes a lot of time to deploy the certificates to all endpoints. Without SSL inspection, UTM features will not work properly. So, we are forced to enable this SSL inspection feature. 

One of the downsides of logging with Palo Alto is that we do not capture the beginning of a session. It only captures at the end of the session. This means that if we're trying to mitigate something, such as an incident that happened, we can't say definitively that it happened at a particular time. The reason is that Palo Alto keeps track of every session that happens and if it were set up to do that, we would overload the firewall and overload the logging of anything because we do terabytes worth of data every day.

Having a single pane of glass, where we can see all of the stuff that we have to be able to react to, would be very helpful. We're a small shop but we have to cover the entire security spectrum. It makes it hard because we have to wear many hats. A single pane of glass where we can put alerts and other information would make our life a lot easier. As a small EDU, we just don't have the resources that the private companies have, so we have to try to find the best bang for the buck.

From a documentation standpoint, there is room for improvement. Even Palo Alto says that their documentation is terrible. It may be true for any company, where you're going to find documentation that is outdated or has not been kept up to date, but that's my main complaint.

The analytics could be improved. I would like to have a unified analysis tool within Palo Alto, as we currently use Perimeter 81 and Fortinet FortiGate, which makes the analysis process take a long time.

Palo Alto needs to adjust their pricing a little bit. If they would work on their pricing to make it more cost-effective and bring it in line with their high-end competition, it would be extremely disruptive to the industry. They rank among the best firewall solutions, but because of pricing — even if it is deserved — they cut themselves out of consideration for some companies based on that alone.

The stability, scalability for enterprise-level organizations, and technical documentation have room for improvement.

When we looked at it originally, we needed to host the Panorama environment ourselves. I would prefer it if we could take this as a service. It might be that it is available, but for some reason we didn't choose it. The downsides of hosting are that we need to feed and water the machines. We are trying to move to a more SaaS environment where we have less things in our data centers, whether they be in our cloud data centers or physical data centers, which can reduce our physical data center footprint.

In terms of the network performance, I am not very happy with Palo Alto. Other solutions, such as Fortinet, have better throughput and network performance.

I am in GCC in the Middle East. The support that we are getting from Palo Alto is disastrous. The problem is that the support ticket is opened through the distributor channel. Before opening a ticket, we already do a lot of troubleshooting, and when we open a ticket, it goes to a distributor channel. They end up wasting our time again doing what we have already done. They execute the same things and waste time. The distributor channel's engineer tries to troubleshoot, and after spending hours, they forward the ticket to Palo Alto. It is a very time-consuming process. The distributor channels also do not operate 24/7, and they are very lazy in responding to the calls.

It is expensive as compared to other brands. Its pricing can be improved.

The bugs can be improved.

I would like them to improve their GUI interface, making it more user-friendly.

I would like the dashboard to have real-time analytics.

Palo Alto is like Microsoft. It has varied features, but it's too technical. A lot of the features could be simplified. The procedure, process, features, and usability could be more simple.

It's too complex and sometimes the process to implement a single thing is hectic.

We use ACC which is a tool for verifying the activity or traffic within your network. Currently, in ACC, the time of the samples that they offer is about five minutes. When you try to go down to a shorter duration, you can't. You only have five minutes. They can provide samples for shorter durations, such as one minute.

I think they need to have a proper hardware version for a smaller enterprise. We had to go to a very high-end version which is very expensive. If we chose the lower-end version, it would not meet our goals. A middle-end is missing in its portfolio.

For example, there's the PA820 and the PA220, but there's nothing between. So they are really missing some kind of small-size or medium-size usage. Right now, you have to choose either a big one or you have a very small one, which is not really good.

In the next release, it would be helpful if there was some kind of a visualized feature that showed the traffic flow, or something like that, to be able to simulate. When we define something if we could see a simulation of how the flow will be treated that would be great. Because today everything is done by experts by checking logs, but it's very time-consuming. If there's also a simulator to use when you apply some configuration, you can also apply on the simulator, to copy the configuration. So, you can see maybe to generate some traffic and to see how it will be treated. That will be very good.

Palo Alto needs to provide more support during the design phase and with proposals. They need to be more proactive, try to anticipate issues, and then help us to implement the transformation quickly.

A major concern is making the licensing more accessible to enable small municipalities to afford and manage their own systems independently.

I am not aware of anything that could be improved.

I think that they have been doing a good job at this point in time.

Technical support is an area that could be improved.

Palo Alto Networks NG Firewalls need better training modules. You have to do a lot of reading prior to watching the training videos, and it's good for people who are really into it. However, often you want to use a video for a TID. You want to see how to do something rather than spend 30 minutes reading and then another 30 minutes watching the class. As a result, I take third-party training classes rather than Palo Alto's training because they are a lot better.

The training should be more accessible because if everybody has to pay for training, it makes it harder for us to get in techs who are qualified to do the work. If there are clear levels and schemes for certification, it would be great.

As part of our internet filtering, we integrate heavily with Active Directory, and we use security groups to separate staff into two groups: those who should have full access to the internet and those who should have limited access. It may be just the way the topology is for our domain controllers and that infrastructure, but at peak usage, there seems to be a delay in reading back against the security group to find out what group the user is in.

Palo Alto can do a little bit better when it comes to the User-ID part. I've been facing problems related to double authentication. You have a computer user, but you also have a VPN user, and when you do a single sign-on to another page, these logs can sometimes generate a problem notification. It doesn't happen a lot, but in some networks, it could be a problem. It would be very helpful to have the ability to restrict the connections that you can have in your VPN. For example, if you have the credentials, you can connect with the same user account from different computers or devices. If you have the domain information, you can connect from different devices. That's a problem that they need to address and resolve. They should ensure that at any moment, only one person is connected through a specific user account.

The cloud could be improved. I would like to have more visibility of the network vulnerabilities as well.

I would like to see some Machine Learning because I have observed new types of attacks that are able to bypass existing security rules. It is possible that implementing some form of continuous learning or education could be beneficial in addressing this issue.

Some way to learn what is normal it isn't, you know, something like that, I think that would be probably the most beneficial thing to me.

The VPN has room for improvement.

There is a bit of limitation with its next-generation capabilities. They could be better. In terms of logs, I feel like I am a bit limited as an administrator. While I see a lot of logs, and that is good, it could be better.

I wanted Palo Alto Networks engineering to look at the traffic log, because I see traffic being dropped that happens to be legitimate. It would be interesting for me to just right click on the traffic, select that traffic, and then create a rule to allow it. For example, you sometimes see there is legitimate traffic being dropped, which is critical for a service. That's when actually you have to write it down, copy, a rule, etc. Why not just right click on it and select that link since that log will have the source destination report number? I would like to just right click, then have it pop up with a page where I can type the name of the rule to allow the traffic.

The machine learning in Palo Alto NG Firewalls for securing networks against threats that are able to evolve and morph rapidly is good, in general. But there have been some cases where we get false positives and Palo Alto has denied traffic when there have been new updates and signature releases. Valid traffic gets blocked. We have had some bad experiences with this. If there were an ability, before it denies traffic, to get some kind of notification that some traffic is going to be blocked, that would be good.

In addition, there is room for improvement with the troubleshooting tools and packet simulator. It would help to be able to see how packets traverse the firewall and, if it's denied, at what level it is denied. We would like to see this information if we simulate traffic so we can predict behavior of the traffic flow, and not just see that information on real traffic.

Surfacing actionable intelligence right away could be better. You have to dig far to get some of the information. If the solution could surface the two or three things out of the 10,000 a day that we really need to deal with, it would be helpful.

I believe it would be beneficial if the solution could integrate with Google Chrome, especially for students who use Chromebooks. However, as far as I know, the solution currently does not support Google Chrome.

The price could be more friendly, which would be good for Palo Alto and us. If the price were a little lower, then it would be a viable option for mid-level businesses, who may not be able to deploy at the current price point.

The customer-facing side needs to be improved in terms of the engagement and involvement of support staff.

Technical support could be improved. Palo Alto's technical support used to be great. Whenever I had a problem, I could pick up the phone and call and get answers. That's not the case any longer.

Palo Alto Networks NG Firewalls don't provide a unified platform that natively integrates all security capabilities. It's missing some features for geofencing and understanding locations.

These firewalls are primarily used for edge defense. In terms of securing data centers consistently across all workplaces, that is, from the smallest office to the largest data centers, Palo Alto Networks NG Firewalls don't have a strong zero trust model.

NG Firewalls have not helped us reduce downtime in our organization. Because of technical support issues, we've taken some hits.

I would like to see more integration.

We would like to see the external dynamic list for this solution improved. The current version does not automatically block malicious IP addresses, which would be very useful.

The IoT could be better. IoT environments will be part of IT and measuring these zones will make your IT environment more resistant to attacks. You need a powerful firewall to secure the IoT segment, the same way that Palo Alto Firewalls do for the IT segment.

Also, if you enable SSL you will face a problem. The throughput of the firewall will be degraded. SSL is a big issue on all firewalls. All products suffer from issues with SSL, but Palo Alto firewalls suffer more from it.

We are not happy with Palo Alto at all. It would be better if they provided more support for the firewall. We have a few pending issues with the configuration for each application. We cannot deploy them yet due to some support-related problems in the firewall.

We have deployed a few policies for DNS spoofing and DNS attacks, but we could only block a few IP addresses through the policy. That's DNS security, and we have configured a few policies for DNS spoofing and more.

URL categorization and URL filtering are not yet adequately maintained. For example, if you created a few rules in the rule-based configuration and made some rules downstairs, you will lose some of them if you give access upstairs. It's not giving us a proper solution for which route it is using. We need to apply the application-based policies and URL filtering-based policies. It creates more issues because we are not getting good support from the team.

It would be better to have more tools to control Palo Alto Networks NG Firewalls. We don't have too many tools to access Palo Alto. For example, the IT team doesn't have access to it. We can see it physically and see if it's running or not. We need to contact a special team to receive that information. I would also like to see more reporting in the next release.

The level of control and granularity in terms of rule customization could be enhanced. However, compared to our previous solution, Palo Alto provides much better drill-down capabilities.

It is a solid solution.

I would like them to bring in some features that would encourage traffic shaping or bandwidth routing, like other UTM firewalls, because the solution should be capable of limiting the bandwidth for rules.

If Palo Alto Networks could bring in session tracking, like FortiGate, then we can remove another cybersecurity tool. If they could say "This is user-based, not IP-based," using user attribute-based rules, then that would be helpful for a small- or medium-scale company because they could use a single device instead of two or three devices.

I would like to see more artificial intelligence. However, that is going beyond firewalls to products like Prisma. Palo Alto has those features in an entirely different ecosystem. It isn't a problem. Machine learning is valuable, but I rely more on threat intel. 

Palo Alto keeps coming out with antivirus and malware updates. When we have to integrate those updates we face some problems with the cloud platform, not the on-prem setup. The device works fine, but sometimes the sync doesn't happen on time.

It's not an issue that happens all the time, just sometimes. It's not a major issue. The device doesn't go down. It is not a priority-ticket situation.

Also, while Palo Alto is doing really well, they should bring out some small devices. As of now, we have the PA-800 Series firewall and the 440 Series firewall. A small Palo Alto firewall would be helpful for low-budget companies.

Over the past one or two years, Palo Alto Networks has added a lot of features into the NG Firewall products. I think this is becoming more complicated for our customers. Therefore, we could use some best practices, best practice tools, and implementation guides for some of the complicated features.

The analysis of the ITS ID by Palo Alto Networks NG Firewalls could be improved.

Palo Alto Networks NG Firewalls do not provide a unified platform that natively integrates all security capabilities.

Customer support could be improved.

At times, server capacity can result in issues. While Palo Alto is a top firewall company, it's crucial to properly size the firewall to meet our needs. In the case of larger attacks, the capacity of our current firewall may not be adequate, requiring us to obtain more advanced and expensive versions to ensure network protection.

There is a tradeoff between security and network performance, as security is always top-notch, but performance can sometimes lag and has room for improvement.

The cost of the solution has room for improvement.

The training provided is satisfactory, but there is certainly room for improvement. It would be great to have more comprehensive training at a lower cost, or even for free.

I would say that Palo Alto Networks NG Firewalls provide a unified platform for many, but not all.

Having everything in one pane of glass is important to me because I have a lot of responsibilities. It would be really nice to have everything in one place, so I don't have to switch around between different applications and can stay focused on one platform.

It's important to have machine learning embedded, but it's equally important to not solely rely on it. We still need human interaction to ensure proper security measures. Nonetheless, machine learning is a vital component of our security strategy.

(Malware) On-prime scanning should be considered.

Endpoint management (traps) better to be on-prime than cloud.

QoS, It should be more sophisticated than it is now.

TAC support should cover meddle east area by Arabic support, such as in France, Germany, Italy and Japanese.

The price is high and has room for improvement.

We have Elite Plus partner support, which means we always have to speak to a partner to open a case. However, not all of the partners are knowledgeable or helpful.

The only downside of Palo Alto Networks NG Firewalls, in my opinion, is the relatively higher price compared to Cisco FortiGate. This is especially noticeable when deploying basic configurations and considering the cost of licenses.

Palo Alto needs to improve their training. They do not invest in their partners. I have been a partner for seven years, and it is very expensive for me to certify my engineers.

Personally, I feel that their dashboards for reporting and things like that need some improvement.

The process of applying updates to Palo Alto Networks NG Firewalls has room for improvement.

The price also has room for improvement and the technical support could respond faster.

Everything has been great. More machine learning would be something great to see, but I don't know if it's a priority for Palo Alto.

The performance of the Panorama interface needs to be improved. It tends to be very sluggish at times.

Once in a while, they have new features being released that can be buggy. My criticism is more general to all sorts of network or security devices. In general, everybody is releasing less-tested software. Then, it usually ends up that the first few customers who get a new release need to end up troubleshooting it. That is one of my criticisms because we have been hit by this a few times. I shouldn't single Palo Alto out as any better or worse than anybody else because they are all doing it now.

It is not like we are getting singled out. In some cases, we are looking for a new feature that we want to use. So, we upgrade and use it, and others are too, but the first release will tend to be a little bit buggy. Some of the stuff works great, but it is the newer features that you are usually integrating into your Windows clients where weird stuff happens.

As things are evolving, we want to make sure that Palo Alto is able to keep up with what is going on outside. They should continue to do more intelligence-related enhancements and integrate with some of the other security tools. We want to have a more intelligent toolset down the road.

The solution has a lot of features. However, there are no deep configurations available. The functionalities are limited. Other products offer more customization.

I like the reports, but I wish the reporting was a little better. When I set up the automatic reports to come in, they're pretty basic. I would like them to be a little more advanced at the ACC monitoring and things like that. I still enjoy all the daily alerts that I get and all the daily PDFs and reports, but I just feel that it could expand upon the visualization of the reports.

Palo Alto should improve their support. It's sometimes difficult to get the right technician or engineer to fix the problem as soon as possible.

One main issue I've encountered is customer service. Occasionally, when I open a request, it gets closed automatically, without any explanation, leaving me unsure of what happened to it. However, overall, the product itself works well. As for Prisma Cloud, it could benefit from some additional functionality, but the main issue is the lack of communication regarding closed requests.

There is room for improvement in the area of customer service.

The solution could be more cost-effective.

There is another solution from Palo Alto for endpoints - XDR  that integrates with the firewall  thus providing protection at the network level and also at the end point but the XDR solution is only a cloud based solution. I would really like it if would be possible to implement this solution on-premises this is something that I would love to see with Palo Alto Networks NG Firewalls.

The price could be lower.

The solution doesn't support routing in virtual firewall creation, and we want that to be enabled. 

I would like more reporting and metrics in the solution.

The API scanner could be improved.

The support could be improved. 

Palo Alto does not have a support team located in Bangladesh, and their support team operates from another location. Therefore, when we raise a ticket, it takes some time for them to respond, which can be problematic for us.

I think automation and machine learning can be improved to make bulk configurations simpler, easier, and faster. Scalability can also be better.

Palo Alto Networks NG Firewalls work slowly for vulnerability management. Its performance could be faster.

There has been a recent change in the graphical interface. For the monitoring part, they could have a better UI.

For an upcoming release, they could improve on the way to build security rules per user. Palo Alto has this functionality but in implementation, we had some problem. This functionality should be better in our opinion.

I can't recall a feature that was missing. It's a pretty complete solution.

The cost of the device is very high.

To buy license support is very slow. For renewing devices and products, it's slow in terms of contacting and activating upgraded devices.

I don't deal with it from a day-to-day perspective, but I can say that the evidence that I typically need is there, but sometimes, it's a task to actually get it and pull it out. They can make it easier to gather that evidence. From our NetOps team's perspective also, they can make it easier to manage and constantly update those rule sets.

With the use cases that I am familiar with, I don't believe that additional features would be of any benefit. 

Adding more features generally causes more issues. I would prefer they focus on improving reliability rather than adding new features.

My preference would be to exclude machine learning since it must be capable of explanation. This is really important to us, and the performance must also be highly predictable. If it is implemented, at the very least, the option to disable it completely must be available.

In my view, machine learning is often a bothersome addition that can potentially compromise security by allowing unauthorized traffic to pass through undetected. 

From my experience, this tends to occur in networks where all the traffic is clearly defined.

Enhancements could potentially be made to the firmware to improve its inspectability.

The solution's VPN, called GlobalProtect, could be improved as I've had a few issues with that. 

It can be challenging to migrate configurations between Palo Alto firewalls or restart with a backup configuration using the CLI. That could be improved. I think I'm one of the only people still using the CLI over the GUI, so that's just a personal issue.

Palo Alto could do better with integrating the Palo Alto Next-Gen Firewall with SD-WAN.

The biggest issue with Palo Alto is that they are expensive. They are very expensive for what they offer. They should improve their pricing.

The features should be built into the system. For example, it generates many logs with a lot of information that can be converted into security and business information and shown to the user. This is a time-consuming job.

I would like to see it provide us with intelligent information from the data that it captures, within the same cost.

The SD-WAN product is fairly new. They could probably improve that in terms of customizing it and making the configuration a little bit easier.

Its software updates can be improved. It sometimes becomes very slow with the software updates for different features.

It should have an External Dynamic List of data. The malicious IP is not frequently getting updated in Palo Alto, and this should be done.

We work very closely with the vendors here and at this point they use external support.

Maybe they could add some tools and more competing services, like servers, but that would increase the cost of the solution.

I'd like to see some changes to the licensing policies and, on the technical side, improvement in scalability. It's not so easy to scale out your security capabilities. With the situation in business today, everybody lacks money and if you have to increase your resources and to constantly pay more for that, it becomes a problem. 

I don't like the reporting. The reports it provides are not helpful. They should include more executive summaries and other important information — they're too technical.

The scalability is limited and depends on the size of the firewall that you will buy. 

The solution is very expensive. There are cheaper options on the market.

They could improve their support and pricing and maybe integration. It's a little more expensive than Check Point but the quality is better. Integration with firewall endpoints could be better. Palo Alto does have very good malware or antivirus protection. I think they could improve on that front.

The ability to check cases could be improved upon. We find that most of the packets we have to directly open with the PA. Until then, it's possible that there cannot be any support.

Take, for example, the XDR. The XDR is the real power to all our solutions from PA, however, when we are using their XDR, we have directly to contact PA. It's like this for the licensing or for any technical issues.

The solution could offer better pricing. We'd like it if it could be a bit more affordable for us.

The solution should offer SD-WAN.

The interface contains some decentralized tools, so simplifying it would be an improvement.

I would like the option to be able to block the traffic from a specific country in a few clicks.

Some of the implements under artificial intelligence should provide better visibility in terms of my traffic, such as where it originates and where it is going.

Better integration with industry tools would allow me to do quicker automation and reduce my operational costs.

There could be improvement with their logs, especially their CLI. When you go to the command line to understand the command line interface it's tricky and requires a deep understanding of the product. We recently faced one issue where the server side configuration changed and it wasn't replicated at the firewall. It required us to tweak things and now it is working fine. Finally, the HIPS and audio call features could be improved. 

The support could definitely be improved. Whenever I call the tech engineers, there's a long wait time. For an additional feature, I'd like to see the segmentation in policy. Check Point has a good feature for segmenting policies that I'd like to see implemented in Palo Alto. It would make things easier for the operation team to create & identify particular policies, or to place a policy in that segment. Finally, there are limitions to the hardware in the number of objects & policy we can create is limited which is not the case with Check Point or FortiGate.

Its scalability for on-prem deployments can be better. For an on-prem deployment, the hardware has to be replaced if the volume goes up to a certain level.

They've improved a lot of things but we'd like to see more mobility between on-prem and cloud based. I'd also like to see security synchronization between the firewalls. Managing can be difficult. 

The GSW needs some improvements right now.

The endpoints could use improvement. The solution is mostly a cloud solution now, and there are a lot of competing solutions that are playing in the space and may be doing things a bit better.

The pricing could be improved upon.

I wish that the Palos had better system logging for the hardware itself.

The built-in machine learning features provide some automation, but I think there should be an option for manual review because nothing replaces the human eye. 

Its price can be better. They should also provide some more examples of configurations online.

Palo Alto has a good product and end-user experience. It's great. They can maybe add more processing power to their hardware. That's it. 

Sometimes it's stuck and you need to restart it. They have been adding a lot of things, so we need to upgrade for the new features.

The initial configuration is complicated to set up. You really have to know what you're doing. I attribute that to all of the features and functions that are built into the product. Luckily, Palo Alto has a great support site and you can find contractors who are knowledgeable in the technology.

There is always scope for improvement on any particular device in any particular organization. For example, when there was change from IPv4 to IPv6, some of the firewalls still didn't support IPv6. In North America, we have seen most customers are using IPv6, as they are getting the IPv6 IPs from their ISPs. Sometimes, when they go through the firewall, it denies the traffic.

People sometimes find it more expensive as compared to other solutions. There are also fewer training opportunities for Palo Alto than Cisco and other vendors.

This solution is very stable, but Cisco devices are stable at the hardware level. Palo Alto hardware is not equal to the level of the Cisco Device.

The hardware is weak.

In the next release, I would like to see faster support and the integrated system a 5G network, a next-generation firewall, and endpoint security.

I would like a collaboration system and reporting ASA policy needs to be smarter.

The support could be improved.

The next release could use more configuration monitoring on this one, and additional features on auditing.

The solution would benefit from having a dashboard.

From a normal IPS after attack, routine attack and threat detection attack, in other words, the standard IPS detection attack, I don't see Palo Alto as very good compared to others. The standard network IPS functionality could be better. It's there in solutions like McAfee or Tipping Point, however, I don't see it here in this solution.

The only area I can see for improvement is that Palo Alto should do more marketing.

The solution needs some management tool enhancements. It could also use more reporting tools. And if the solution could enhance the VPN capabilities, that would be good.

The manufacturer can improve the product by improving the configuration. Some of the menus are difficult to navigate when trying to find particular features. It is not entirely intuitive or convenient. You might need to configure a feature in one menu and next you need to go to another tab and configure another part of the feature in another tab. It's not very user-friendly in that way. On the other hand, it's still more user-friendly than using the console. But this is certainly one feature they can improve.

I would like to see more in terms of reporting tools and the threat analysis capabilities.

The pricing could be improved. They need to work on the setup over the firewall, VLAN, and PPPoE.

The configuration part could be improved. It's very difficult to configure. It doesn't have a user-friendly interface. You have to know Palo Alto deeply to use it.

Also, it doesn't support open-source protocols like EIGRP. We had to find another solution for that.

Its reporting can definitely be improved. I would like to have better graphical dashboards and more widgets for more clarity in the reporting area. In a third-generation firewall, you can generate some dashboards. It provides the information that we need, but from the C-level or a higher-level perspective, it is kind of rough and incomplete.

Its data loss prevention (DLP) feature is not good enough. Currently, this feature is very basic and not suitable for enterprises. It would be nice if they can include a better DLP feature like Fortinet.

We would like to have a local depot of Palo Alto in Latin America. Competitors such as Cisco and Check Point have a local depot here. If there is an issue with their hardware, you can go to the depot, and in about four hours, you can get a replacement device, but that's not the case with Palo Alto Networks because we need to import from Miami. It takes about two to three weeks.

Palo Alto has all the features that any firewall should have. Other firewalls should actually copy Palo Alto so that they can provide better stability, performance, and protection - at levels that are at least at Palo-Alto's.

This isn't necessarily an issue with the product per se, however, sometimes basically there are some features, depending on the customer environment, do not work as well. Sometimes some of the applications the customer has do not respond as they normally should. Palo Alto support needs to understand the customer requirements and details so that they can resolve customer queries more effectively.

The price is expensive and should be reduced to make it more competitive.

Information about Palo Alto products is more restricted than some other vendors, such as Cisco, which means that getting training is important.

The traps should be improved.

I would like to see better integration with IoT technologies. Having a unified firewall for OT and IT would be very good.

The whole performance takes a long time. It takes a long time to configure. 

We would like to see improvement in the web interface for this solution, so that it can handle updates without manual intervention to put the data in order.

In terms of what could be improved, comparatively the price is very high. That would be the one thing. But technically-speaking, it's perfect.

Its price can be improved. It is expensive.

Other vendors have pre-configured policies for the protection of web servers. Palo Alto has an official procedure for protecting the web servers. Many people prefer pre-configured policies, but for me, it is not an issue. 

We're working with the entry-level appliances, so I don't know what the higher-end ones are like, however, on the entry-level models I would say commit speeds need to be improved. 

The appliances I'm working on are relatively old now. We're talking five-year old hardware. That slow commit speed might be addressed with just the newer hardware. However, even though it is slow, the speed at which they do their job is very acceptable. The throughput even from a five-year-old appliance shocks me sometimes.

Currently, if I make changes on the firewall and I want to commit changes, that can take two or three minutes to commit those changes. It doesn't happen instantly.

The solution doesn't offer spam filtering. I don't know whether it's part of their plan to add something of that aspect in or not. I can always get spam filtering someplace else. It's not a deal-breaker for me. A lot of appliances do that, and there are just appliances that handle nothing but spam. 

The solution has normal authentication, but does not have two-factor or multi-factor authentication. There is room for development there.

This is a difficult product to manage, so the administrator needs to have a good knowledge of it, otherwise, they will not be able to handle it properly.

I'm thinking about a new feature. They have decryption. It's a good idea to use decryption on Palo Alto. It would be good if they can offload the traffic.
Like, for example, SSL Offloading on F5. They have an SSL decryption to offload the traffic. 

Overall it is good. It is reliable and easy to understand. However, the monitoring feature could be improved.

They have many solutions already. I don't think I have seen any missing features. Every device has different functions, but as a firewall, this solution has a lot.

Either the application or the vendor needs to provide a more updated list of internet applications.

The price of the solution is very high.

I don't see any specific room for improvement.

The user interface is probably not as slick as it could be.

Most customers ask about the choice of features. It's limited. It's not arranged well for users. Also, customers don't want to buy extra things for extra capabilities. I would like to implement individual profiles for each user. Capability, in general, is limited.

The VPN connectors should be better. We had some challenges in terms of the VPN with Palo Alto Networks NG Firewall, and that's one of the main reasons why we moved to Sophos.

Its load handling can also be improved. There were challenges when traffic was high. During peak business hours, it did not function very well. There was a lot of slowness, and the users used to complain, especially when they were connecting from outside. We even reported this to the support team.

Their support should also be improved. Technical support was a bit of a concern while using this solution. We didn't get very good support from the Palo Alto team.

They need to provide documentation for CLI, as most of the commands, we get from Community Forums.

The pricing of the solution is quite high. It's one of the most expensive firewall solutions on the market.

Clients are typically looking for a solution that's more aggressive in the market.

For example, with Fortinet, they have an SD-WAN that really has many capabilities. For example, it can inject a GSL SIM card along with the MPLS connection. It connects the system within one product. Palo Alto doesn't offer this. This is one area that will need to improve. In Indonesia, the market is growing strategically. Palo Alto has this one product, however, with the limitation of the GSM sim card they are getting left behind. 

I would like to see better third-party orchestration so that it is easier for the team to work with different products. 

Improvements should be made in the Cortex module.

Currently, they don't have email protection. They can maybe add it in the future. Currently, if you want to do so, you need to go with another solution.

When it comes to their support, we have to select every single component that we want to include in a particular bundle. That is a very tedious process. The vendor will help us identify the product and the features, but it could be better. The price could also be better.

In the future, I would like to see more OTP features.

The price of this product should be reduced.

They can improve the handling and management of User-ID. They should also improve its price. Their technical support can also be improved.

The way that the roles are made, specifically with how you specify the path, could be simpler.

There are some options available in other firewall products that are not supported, so there is room for improvement in that regard.

Technical support could be faster.

The cost of this firewall could be cheaper.

There will always be room for improvement. On a daily basis you get patches for everything. They build new features, apply new technologies and new applications which need to be integrated and with that you get bugs. There are always issues, whether it's hardware or software. 

The only thing that is a little strange is in Policy-Based Forwarding. When you delete and add a new rule, because of the one hundred rule limit, if the new rule has an ID that is greater than one hundred, even though you have fewer than that, it will not work. The same thing happens when you are renaming a rule. The new rule will have a new ID, so it is possible for it to be greater than one hundred. This can be easily fixed by using one command from CLI, but you have to be aware of it.

The solution is not straightforward.

They can work on the price. They are a little bit expensive, and not all customers are able to afford this solution. Taking into consideration that there is huge competition in the market and there are multiple firewall companies that are much cheaper than them and offer almost the same features, it would be good to improve the price.

The areas that need to improve are network protection and user identification.

In the next release of the solution the VPN could improve because it is not as good as competitors.

Having a better pricing model would make this product more competitive, and more affordable for our customers.

Its stability can be better. Their technical response from the support side can also be better.

In the cloud, the HA could be a lot better. 

Its price could also be better. It is very expensive.

An additional feature that should be included in the next release is spam filtering. 

I think visibility can be improved. If I use the Panorama monitoring dashboard, it's still the same with or without Panorama. Even with monitoring, we don't get any valuable information. 

If I am a customer, I will take many variables into considerations. If I choose to use Panorama, there should be a difference between when I use it and when I'm not. If I'm a customer who paid for Panorama even when I have many firewalls, I won't get good visibility of the information I need to easily monitor our security environment.

My customers have been attacked by ransomware. It's difficult to understand how the ransomware got through Palo Alto Panorama and Palo Alto dashboard monitoring from reporting. It makes it difficult to conclude what happened on the traffic which passed through Palo Alto. As such, I have to generate an all block report CSV file and analyze it through Excel.

• Boot time
• Easy UI for the non-network specialists
• Commit time
• Virtualization
• Credit to Palo Alto knowledgebase. 

The interface could be improved visually and simplified. It sometimes feels like some of the features are hidden and not easy to find. 

The support needs improvement. Also, better reporting of errors would be good.

The support in our country can be slow sometimes. It's a slow website. It could also use better customer support.

I would like integration with Evident.io and RedLock.

The data loss prevention (DLP) capabilities need to be beefed up.

The solution could be simplified.

In Mexico, Palo Alto's discounts are significantly lower than Cisco's. They are also more expensive – about 15% or 20% – than Cisco, but their platforms are very similar.

Palo Alto NG firewalls can be improved in support of finance and banking. We need better affiliations for profiling the user. 

The product has some delay in the maintenance. They have to find some solution to make updates quicker.