C Palo Alto Networks firewalls can be somewhat complex due to the various options available. They offer different devices and subscription models, including standalone firewalls and bundled options. Utilizing these features as a unified solution can require additional setup, particularly when incorporating Panorama for centralized management, which may involve extra costs.
Automation-OT Manager at a non-profit with 1,001-5,000 employees
Real User
Top 20
2024-02-15T15:38:00Z
Feb 15, 2024
Migrating from old to new Palo Alto Networks firewalls can sometimes encounter hiccups, and there is room for improvement in streamlining this process for smoother transitions.
IT Manager at a computer software company with 51-200 employees
Real User
Top 10
2024-01-30T16:08:46Z
Jan 30, 2024
The UI definitely needs work. In my opinion, the UI could be simpler and more user-friendly for the average user. For example, I encountered complexities with policy management. Policy management is one of the areas where the UI is not intuitive, and managing policies can be quite complex.
Senior Information Technology Manager at Inventia Healthcare Limited
Real User
Top 10
2023-12-26T06:59:00Z
Dec 26, 2023
The product's gateway services can be improved. Along with the firewall, if a user wants to work with a VPN and if you want to check the posture of your endpoint, that service needs to be separately purchased. They have this feature, but if this service is clubbed with the solution, it will be very useful for the end users. For Mac OS and Apple products, there remains some challenge for VPN; it requires an SSL certificate to be installed separately, and this can be improved.
Palo Alto should integrate artificial intelligence for security purposes in the background for well-known threats and new risks coming to the market. Additionally, they could introduce a central dashboard where we can centrally monitor and mitigate all the risks automatically.
Associate Process Manager at a computer software company with 5,001-10,000 employees
Real User
Top 5
2023-10-10T09:29:15Z
Oct 10, 2023
There are constant updates for the operating system. It is a nice thing also, but it has its own disadvantages. Continuous updates are there. The users face issues like, how often do I need to update that? Within a period of five months, I'm updating it two or three times. It gives them a feeling that they are not confident about their product and have to update it so frequently. Plus, there are certain bugs, like in the 10.1 version, it's had some bugs. Then, they are upgrading it to the 10.2 version. They are updating that for the bugs. But the time duration between the two is less than the others. If we go for Cisco, they don't have their OS upgrades frequently as parallel to us. So that's the disadvantage.
Senior Network Engineer at a manufacturing company with 10,001+ employees
Real User
Top 5
2023-09-19T17:29:30Z
Sep 19, 2023
There seem to be some issues with TAC (Technical Assistance Center) or Palo Alto support. Anytime you open a case, a level one engineer joins, and then you have to escalate it to level two or three. The support system has changed in the past few years, and that's something they need to look into. In future releases, I would add one feature where we can take a subnet or take an IP and create a list of rules that are for that IP. There is an option, but it's not as expansive as I would like. When you run a report, you have to run it for a hostname. And when you look at the report, you see the hostnames, but you don't see the IPs. Like, there is no additional column for seeing the IP of the hostname or the subnet of the hostname. So that creates an issue. You have to go into the file and take the export list of firewall rules, and then you have the hostname got have the IP, then you have to note down the IP addresses.
There should be an improvement in the protection of endpoint computers when working outside the office. Currently, they are not protected with any data security when they work from home or outside the network. They surf the Internet directly and should implement a proxy or firewall to monitor the data between the endpoint and the Internet. In future releases, there may be better monitoring and reporting. In the past, there were some situations with vendor utilization where it was sometimes challenging to catch in real-time which user or device was generating excessive traffic, leading to increased utilization. There were some situations where it was easy to catch the source of high utilization through the device. There may be better monitoring or reporting capabilities.
PA-Series constitute the full range of our ML-Powered Next-Generation Firewall physical appliances that are easy to deploy into your organization’s network and purposefully designed for simplicity, automation, and integration. No matter where you need protection, our PA-Series ML-Powered Next-Generation Firewalls are architected to provide consistent protection to your entire network – from your headquarters and office campus, branch offices and data center to your mobile and remote workforce.
C Palo Alto Networks firewalls can be somewhat complex due to the various options available. They offer different devices and subscription models, including standalone firewalls and bundled options. Utilizing these features as a unified solution can require additional setup, particularly when incorporating Panorama for centralized management, which may involve extra costs.
Migrating from old to new Palo Alto Networks firewalls can sometimes encounter hiccups, and there is room for improvement in streamlining this process for smoother transitions.
The UI definitely needs work. In my opinion, the UI could be simpler and more user-friendly for the average user. For example, I encountered complexities with policy management. Policy management is one of the areas where the UI is not intuitive, and managing policies can be quite complex.
The product's gateway services can be improved. Along with the firewall, if a user wants to work with a VPN and if you want to check the posture of your endpoint, that service needs to be separately purchased. They have this feature, but if this service is clubbed with the solution, it will be very useful for the end users. For Mac OS and Apple products, there remains some challenge for VPN; it requires an SSL certificate to be installed separately, and this can be improved.
Palo Alto should integrate artificial intelligence for security purposes in the background for well-known threats and new risks coming to the market. Additionally, they could introduce a central dashboard where we can centrally monitor and mitigate all the risks automatically.
Palo Alto Networks PA-Series is expensive. We would like to see additional threat hunting features.
The solution's licensing price could be improved. The solution's GUI should be user-friendly and easily configurable.
The solution’s pricing could be improved because it is an expensive solution.
There are constant updates for the operating system. It is a nice thing also, but it has its own disadvantages. Continuous updates are there. The users face issues like, how often do I need to update that? Within a period of five months, I'm updating it two or three times. It gives them a feeling that they are not confident about their product and have to update it so frequently. Plus, there are certain bugs, like in the 10.1 version, it's had some bugs. Then, they are upgrading it to the 10.2 version. They are updating that for the bugs. But the time duration between the two is less than the others. If we go for Cisco, they don't have their OS upgrades frequently as parallel to us. So that's the disadvantage.
The SD-WAN feature of Palo Alto Networks is not good compared to FortiGate. It is also more complicated to configure, while FortiGate is much easier.
There seem to be some issues with TAC (Technical Assistance Center) or Palo Alto support. Anytime you open a case, a level one engineer joins, and then you have to escalate it to level two or three. The support system has changed in the past few years, and that's something they need to look into. In future releases, I would add one feature where we can take a subnet or take an IP and create a list of rules that are for that IP. There is an option, but it's not as expansive as I would like. When you run a report, you have to run it for a hostname. And when you look at the report, you see the hostnames, but you don't see the IPs. Like, there is no additional column for seeing the IP of the hostname or the subnet of the hostname. So that creates an issue. You have to go into the file and take the export list of firewall rules, and then you have the hostname got have the IP, then you have to note down the IP addresses.
Palo Alto Networks PA-Series should improve its price. It should also include a feature similar to Sophos Security Heartbeat.
There should be an improvement in the protection of endpoint computers when working outside the office. Currently, they are not protected with any data security when they work from home or outside the network. They surf the Internet directly and should implement a proxy or firewall to monitor the data between the endpoint and the Internet. In future releases, there may be better monitoring and reporting. In the past, there were some situations with vendor utilization where it was sometimes challenging to catch in real-time which user or device was generating excessive traffic, leading to increased utilization. There were some situations where it was easy to catch the source of high utilization through the device. There may be better monitoring or reporting capabilities.