2018-12-05T07:52:00Z

What needs improvement with Palo Alto Networks VM-Series?


Please share with the community what you think needs improvement with Palo Alto Networks VM-Series.

What are its weaknesses? What would you like to see changed in a future version?

Guest
2222 Answers

author avatar
Top 10Real User

It can be improved in areas such as DevOps and quality assurance. The installation rules deployment process we also improved when we deployed these firewalls. In terms of new features, for simplicity reasons, it is faster, because as I mentioned above we can reused the same rules and the same objects from the local PAN that has a Panorama such as the single point of supervision. We are looking for ways to integrate with other cloud in the future. For this, we will require a more secure integration and encrypted connections with other companies.

2021-01-23T04:01:00Z
author avatar
Top 5Real User

The firewall itself is very complex. You have to do a lot of research, look through all the documentation, consult, and figure out how to use it. It's not so easy as a regular firewall, like Hypertable. It'll help if Palo Alto Networks provided better documentation. It would be even better if they had simple documentation on some use cases as well.

2021-01-05T17:34:14Z
author avatar
Top 5Real User

The implementation should be simplified.

2020-12-11T17:29:37Z
author avatar
Top 5Real User

The one issue that I didn't like is that the SNMP integration with interfaces didn't record the interface counters. It seems that you really need to upgrade to the very latest version, whereas the physical one has worked for ages now. I think that it narrowly affects the Azure deployment because I remember that we were using the VMware solution before, and we didn't have such issues. I think that the most important point for Palo Alto is to be as consistent and compatible as possible. It should be compliant such that all of the features are consistently available between the physical and virtualized deployments. It is not always easy to integrate Palo Alto into the network management system. This is significant because you want to compare what your network management system is giving you to what Palo Alto is giving you. Perhaps in the GUI, they can allow for being able to monitor the interface traffic statistics. The other things are pretty much great with traffic calls and sessions, but just being able to look at it on an interface physical level, would either avoid using the monitoring integration by SNMP or would create a reference, a baseline check. This would allow you to see whether your network monitoring system or tool is actually giving you correct traffic figures. You need traffic figures for being able to recognize trends and plan the capacity.

2020-10-13T07:21:29Z
author avatar
Top 5Real User

It would be good if the common features work consistently in physical and virtual environments. There was an integration issue in the virtual deployment where it didn't report the interface counters, and we had to upgrade to the latest version, whereas the same thing has been working in the physical deployment for ages now. It seems that it was because of Azure. We were using VMware before, and we didn't have any such issues. We do see such small issues where we expect things to work, but they don't because of some incompatibilities. There also seems to be a limitation on how to do high availability in a virtualized environment. All features should be consistently available in physical and virtual environments. It is not always easy to integrate Palo Alto in the network management system. We would like to be able to compare two network management systems. They can maybe allow monitoring an interface through the GUI to create a reference or do a baseline check about whether your network monitoring system is actually giving you the correct traffic figures. You need traffic figures to be able to recognize the trends and plan the capacity.

2020-10-07T07:04:33Z
author avatar
Top 20Real User

Its web interface is a bit outdated, and it needs to be updated. They can also improve the NAT functionality. We have had issues with the NAT setup.

2020-10-01T09:57:59Z
author avatar
Top 20Real User

The user interface could use some improvement. I would like to see SD-WAN features added in the future.

2020-10-01T09:57:00Z
author avatar
Top 10Consultant

We would really like to see Palo Alto put an effort into making a real Secure Access Service Edge (SASE). Especially right now where we are seeing companies where everybody is working from home, that becomes an important feature. Before COVID, employees were all sitting in the office at the location and the requirements for firewalls were a different thing. $180 billion a year is made on defense contracts. Defense contracts did not stop because of COVID. They just kept going. It is a situation where it seems that no one cared that there was COVID they just had to fulfill the contracts. When people claimed they had to work from home because it was safer for them, they ended up having to prove that they could work from home safely. That became a very interesting situation. Especially when you lack a key element, like the Secure Access Services. Palo Alto implemented SASE with Prisma. In my opinion, they made a halfhearted attempt to put in DLP (Data Loss Prevention), those things need to be fixed.

2020-09-21T06:33:11Z
author avatar
Top 20Real User

The disadvantage with Palo Alto is that they don't have a cloud-based solution that includes a secure web gateway. For example, if a person is working from home and you want a proxy then you have to rely on a secure web gateway. Palo Alto cannot do that because they don't have a cloud solution. So, if you want direct internet access and if you also want the proxies then Palo Alto is not a good choice.

2020-09-10T07:35:40Z
author avatar
Top 20Real User

From my understanding, we used to have the Sophos firewall and a nice feature that is missing in Palo Alto is the heartbeat that monitors each endpoint. It would be helpful if Palo Alto monitored the status of every endpoint. It could be that it was not set up correctly. In the next release, I would like to see better integration between the endpoints and the firewalls.

2020-08-23T08:17:00Z
author avatar
Top 5Real User

Even when the solution locks away a virus, there seems to be a delay for four or five minutes. It should be as little as one. Right now, it's such a long delay. It can be frustrating for clients and I need to answer a lot of questions surrounding that. The solution needs to have more easily searchable details or documentation about it online, so it's easier to Google if you have queries. The solution requires more use cases.

2020-07-15T07:11:39Z
author avatar
Top 5Real User

I would like to have automatic daily reporting, such as how many users have connected via SSL VPN. As it is now, we have to manually look at the logs, which is tedious. There are no ready-made reports on that level and the information is not easily available. I really need more advanced features that support the correlation of log files.

2020-04-16T08:44:43Z
author avatar
Real User

The command-line interface is something that some people struggle with and I think that they should have an option to go straight to the GUI. The interface for Panorama has not changed greatly and could be updated.

2020-04-13T06:27:32Z
author avatar
Top 5Real User

There should be an option for direct integration with the Azure platform. This would allow this product to take advantage of the auto-scaling that is offered by Azure. Because I am purchasing it as a SaaS model, I should get the complete functionality. I would like to see the direct support and product ownership from the principal vendor. Ideally, the vendor should maintain ownership and be responsible for the system, including that it is operating correctly. This would give my company a better value when purchasing the product. The pricing could be improved. The Panorama management license should come with this solution. We have eight nodes and we still have to purchase it separately. Everything should come with a single license, rather than something that is broken into many parts.

2020-04-08T06:36:56Z
author avatar
Real User

We have ran into issues with Palo Alto’s limitations for resolving large IP lists from DNS lookups, as well as the antivirus interfering with App-ID. I would like to see a more thorough QA process. We have had some difficulties from bugs in releases. I see more improvements needed from AWS than from Palo Alto on the VM-Series, namely a design centered on NGFW.

2019-01-14T13:16:00Z
author avatar
Consultant

It can definitely improve on the performance. I would like more scalability included on the next release.

2019-01-14T13:16:00Z
author avatar
Reseller

The product could provide protection above Layer 3, which gets into the application layer and provides better visibility into those aspects of application security. This would be very helpful. This way, there would be one tool that we could continue using. The data aspects of data security and data loss prevention could provide visibility which would be very useful.

2018-12-11T08:31:00Z
author avatar
Real User

There is work to be done on the integration side, as AWS doesn't integrate well with third-party firewalls. I would like to see AWS have more integration with Palo Alto from a routing standpoint, so it could become a routing egress without having to redesigning it.

2018-12-11T08:31:00Z
author avatar
Real User

We still need to understand what are the best practices which we need to implement. We also don't know how it will scale once we start putting more load on it.

2018-12-11T08:30:00Z
author avatar
Real User

On the cloud side, they need to come up with more HA solutions to support the multi-region.

2018-12-11T08:30:00Z
author avatar
Real User

I would like a way to do everything programmatically, or be able to copy the configs from different prices at different levels.

2018-12-11T08:30:00Z
author avatar
Real User

In the next release, I would like to see better integration of multi-factor authentication vendors.

2018-12-05T07:52:00Z
Learn what your peers think about Palo Alto Networks VM-Series. Get advice and tips from experienced pros sharing their opinions. Updated: May 2021.
509,570 professionals have used our research since 2012.