Please share with the community what you think needs improvement with Palo Alto Networks VM-Series.
What are its weaknesses? What would you like to see changed in a future version?
I would like to have automatic daily reporting, such as how many users have connected via SSL VPN. As it is now, we have to manually look at the logs, which is tedious. There are no ready-made reports on that level and the information is not easily available. I really need more advanced features that support the correlation of log files.
The command-line interface is something that some people struggle with and I think that they should have an option to go straight to the GUI. The interface for Panorama has not changed greatly and could be updated.
There should be an option for direct integration with the Azure platform. This would allow this product to take advantage of the auto-scaling that is offered by Azure. Because I am purchasing it as a SaaS model, I should get the complete functionality. I would like to see the direct support and product ownership from the principal vendor. Ideally, the vendor should maintain ownership and be responsible for the system, including that it is operating correctly. This would give my company a better value when purchasing the product. The pricing could be improved. The Panorama management license should come with this solution. We have eight nodes and we still have to purchase it separately. Everything should come with a single license, rather than something that is broken into many parts.
It can definitely improve on the performance. I would like more scalability included on the next release.
We have ran into issues with Palo Alto’s limitations for resolving large IP lists from DNS lookups, as well as the antivirus interfering with App-ID. I would like to see a more thorough QA process. We have had some difficulties from bugs in releases. I see more improvements needed from AWS than from Palo Alto on the VM-Series, namely a design centered on NGFW.
There is work to be done on the integration side, as AWS doesn't integrate well with third-party firewalls. I would like to see AWS have more integration with Palo Alto from a routing standpoint, so it could become a routing egress without having to redesigning it.
The product could provide protection above Layer 3, which gets into the application layer and provides better visibility into those aspects of application security. This would be very helpful. This way, there would be one tool that we could continue using. The data aspects of data security and data loss prevention could provide visibility which would be very useful.
I would like a way to do everything programmatically, or be able to copy the configs from different prices at different levels.
On the cloud side, they need to come up with more HA solutions to support the multi-region.
We still need to understand what are the best practices which we need to implement. We also don't know how it will scale once we start putting more load on it.
In the next release, I would like to see better integration of multi-factor authentication vendors.