Please share with the community what you think needs improvement with Palo Alto Networks NG Firewalls.
What are its weaknesses? What would you like to see changed in a future version?
Palo Alto needs to adjust their pricing a little bit. If they would work on their pricing to make it more cost-effective and bring it in line with their high-end competition, it would be extremely disruptive to the industry. They rank among the best firewall solutions, but because of pricing — even if it is deserved — they cut themselves out of consideration for some companies based on that alone.
I wish that the Palos had better system logging for the hardware itself.
The only thing that is a little strange is in Policy-Based Forwarding. When you delete and add a new rule, because of the one hundred rule limit, if the new rule has an ID that is greater than one hundred, even though you have fewer than that, it will not work. The same thing happens when you are renaming a rule. The new rule will have a new ID, so it is possible for it to be greater than one hundred. This can be easily fixed by using one command from CLI, but you have to be aware of it.
The support could be improved. The next release could use more configuration monitoring on this one, and additional features on auditing.
The manufacturer can improve the product by improving the configuration. Some of the menus are difficult to navigate when trying to find particular features. It is not entirely intuitive or convenient. You might need to configure a feature in one menu and next you need to go to another tab and configure another part of the feature in another tab. It's not very user-friendly in that way. On the other hand, it's still more user-friendly than using the console. But this is certainly one feature they can improve.
The solution needs some management tool enhancements. It could also use more reporting tools. And if the solution could enhance the VPN capabilities, that would be good.
The initial configuration is complicated to set up. You really have to know what you're doing. I attribute that to all of the features and functions that are built into the product. Luckily, Palo Alto has a great support site and you can find contractors who are knowledgeable in the technology.
The support needs improvement. Also, better reporting of errors would be good.
Palo Alto NG firewalls can be improved in support of finance and banking. We need better affiliations for profiling the user. The product has some delay in the maintenance. They have to find some solution to make updates quicker.
(Malware) On-prime scanning should be considered. Endpoint management (traps) better to be on-prime than cloud. QoS, It should be more sophisticated than it is now. TAC support should cover meddle east area by Arabic support, such as in France, Germany, Italy and Japanese.
Most customers ask about the choice of features. It's limited. It's not arranged well for users. Also, customers don't want to buy extra things for extra capabilities. I would like to implement individual profiles for each user. Capability, in general, is limited.
I think they need to have a proper hardware version for a smaller enterprise. We had to go to a very high-end version which is very expensive. If we chose the lower-end version, it would not meet our goals. A middle-end is missing in its portfolio. For example, there's the PA820 and the PA220, but there's nothing between. So they are really missing some kind of small-size or medium-size usage. Right now, you have to choose either a big one or you have a very small one, which is not really good. In the next release, it would be helpful if there was some kind of a visualized feature that showed the traffic flow, or something like that, to be able to simulate. When we define something if we could see a simulation of how the flow will be treated that would be great. Because today everything is done by experts by checking logs, but it's very time-consuming. If there's also a simulator to use when you apply some configuration, you can also apply on the simulator, to copy the configuration. So, you can see maybe to generate some traffic and to see how it will be treated. That will be very good.
The support in our country can be slow sometimes. It's a slow website. It could also use better customer support.
Palo Alto has a good product and end-user experience. It's great. They can maybe add more processing power to their hardware. That's it. Sometimes it's stuck and you need to restart it. They have been adding a lot of things, so we need to upgrade for the new features.
Overall it is good. It is reliable and easy to understand. However, the monitoring feature could be improved. They have many solutions already. I don't think I have seen any missing features. Every device has different functions, but as a firewall, this solution has a lot.
I would like integration with Evident.io and RedLock. The data loss prevention (DLP) capabilities need to be beefed up.
* Boot time * Easy UI for the non-network specialists * Commit time * Virtualization * Credit to Palo Alto knowledgebase.
I would like to see more in terms of reporting tools and the threat analysis capabilities.
I'm thinking about a new feature. They have decryption. It's a good idea to use decryption on Palo Alto. It would be good if they can offload the traffic. Like, for example, SSL Offloading on F5. They have an SSL decryption to offload the traffic.