Palo Alto Networks VM-Series is a highly effective advanced threat protection (ATP) solution and firewall that can be hosted on cloud computing technologies designed by many different companies. It decreases the amount of time that it will take administrators to respond to threats. Users that deploy VM-series have 70% less downtime than those who use similar firewalls. Neither protection nor efficiency are concerns when this next-generation firewall is in play.
| Type | Title | Date | |
|---|---|---|---|
| Category | Firewalls | May 19, 2025 | Download |
| Product | Reviews, tips, and advice from real users | May 19, 2025 | Download |
| Comparison | Palo Alto Networks VM-Series vs Netgate pfSense | May 19, 2025 | Download |
| Comparison | Palo Alto Networks VM-Series vs Fortinet FortiGate | May 19, 2025 | Download |
| Comparison | Palo Alto Networks VM-Series vs OPNsense | May 19, 2025 | Download |
| Title | Rating | Mindshare | Recommending | |
|---|---|---|---|---|
| Fortinet FortiGate | 4.2 | 21.4% | 90% | 333 interviewsAdd to research |
| Netgate pfSense | 4.3 | 13.3% | 93% | 218 interviewsAdd to research |
VM-Series is being deployed to protect both public and private cloud environments. This level of flexibility empowers organizations to run the environment or environments that best meet their needs without worrying that they are going to be exposed to digital threats due to the environment that they choose.
In the public cloud, users of Palo Alto Networks VM-Series can automate their deployment and dynamically scale up their environment while experiencing a consistent level of protection. This dynamic scalability means that they also integrate their security into their DevOps workflows so that their security can keep up with their activities and requirements. Users of private cloud environments can set up security policies that can be automated to be provisioned as the need arises. Organizations don’t need to slow down when they deploy VM-Series because it makes the task of defending them so simple that they can set their defenses and forget that they are even there.
Users gain a deep level of visibility when they deploy Palo Alto Networks VM-Series. App-ID technology enables organizations to see their network traffic on the application level and spot threats that might be trying to sneak in through vulnerable points in their defenses. It also leverages Palo Alto Networks WildFire and advanced threat protection to block the threats before they can escalate.
Palo Alto Networks VM-Series Features:
Reviews from Real Users:
Palo Alto Networks VM-Series is a solution that stands out when compared to other similar solutions. Two major advantages that it offers are its ability to protect users without degrading the efficiency with which their networks perform and its centralized management system.
Jason H., the director of information technology at Tavoca Inc, writes, “There is no noticeable trade-off between security and network performance. In fact, so far, we've not seen any negative network performance with it. We're very impressed in that regard.”
An information technology manager at a tech services company says, “We use Palo Alto’s Panorama centralized management system. We have an on-prem firewall where Panorama is very good for pulling logs in from the cloud so we can see what is going on. It gives us visibility into that as well as shows us what attacks are coming in. Palo Alto’s Panorama centralized management system simplifies our security posture based on our requirements. Instead of manually pulling logs, then generating them into readable formats, it gives us the console in a readable format to view.”
Warren Rogers Associates
Ours is an enterprise environment and some of the services are hosted in our private data centers and some of the servers are hosted on Azure. We have the IPSec tunnels from the firewalls to our own data centers and from the firewall to the cloud as well. It depends on the type of application being hosted.
We are using Panorama for centralized management of all our firewalls around the world, as well as for centralized management of security policies and network settings. We have not completely migrated to the cloud. We are in transit.
Palo Alto has many features for troubleshooting real-time scenarios. The troubleshooting, compared to other firewalls has been optimized in a way that saves a lot of time.
I like the UI. Most things are accessible from the user interface and it is quite user-friendly. With respect to both VM-based firewalls and physical firewalls, it's easy to create updates.
They have a centralized Palo Alto Customer Support Portal and if we require any licenses, such as a next-generation firewall license, we can easily download and integrate them with this solution. We can also schedule periodic updates. That is quite user-friendly.
In terms of functionality, we are using IPSec tunneling and Palo Alto's WildFire feature. We use the security policies, Panorama, and Prisma Cloud as well.
We use Panorama to manage our security policy model across on-prem and public cloud environments. It plays a key role with respect to centralized management, for physical enterprise firewalls and cloud-based firewalls. It gives you centralized control over all the infrastructure. Unified policies can be pushed from that centralized place with templates.
When you deploy VM-Series Firewalls, they are quite flexible. You just have to select the instances, storage, security policies, and firewall rules. Within minutes, you can deploy the firewalls.
We are also able to adjust firewall sizing on the fly, which is important. Initially, we decided on a firewall based on the throughput assumptions. But in peak hours or during a peak month for traffic, we need to scale the firewalls. That should be automatically done. AWS and Azure provide very good features and, by using them, within a second it automatically scales, based on the incoming traffic.
Palo Alto has launched different products, such as physical firewalls as well as cloud and VM-based firewalls. Recently, they introduced their Prisma Cloud solution. Compared to the previous technologies, like Panorama, which is used for centralized firewall management, or even individual firewalls, it's a bit challenging to integrate the traditional firewall policies into Prisma Cloud. And the Prisma Cloud interface isn't very user-friendly.
Our organization has been using Palo Alto Networks VM-Series for more than five years, and I have worked on this solution for two years.
The solution is certainly stable. I have worked with many vendors' firewalls and Palo Alto's are definitely stable.
Obviously, it is scalable as long as you have the licenses and support with Palo Alto. You can implement the firewalls in high-availability mode or use the cloud functionality as well. For scalability, Palo Alto is optimized.
We have 30-plus sites around the world with more than 4,000 users.
Palo Alto has very good support. When you have a valid license, they can replace a device with a new one. They have the CSP portal and you can log in and see all the firewalls listed. You can raise TAC cases with a priority of low, medium, or high, and, based on the priority, they will send an email to you. They have live support as well. In case of an issue, you can call them directly and they will provide the required support.
Positive
Earlier, we were using many vendors' firewalls, per their suitability for our clients. Apart from Palo Alto, we were using Cisco ASA, Check Point, and Juniper. The network grew over the years and each site had its own set of firewalls. The issue was that we had to standardize things across the network. There was also a gradual change in the technology and features available. Our security team thought we needed a better implementation, for optimization and troubleshooting, and something that was friendly for daily operations.
We have both private cloud and hybrid. Some of the services are on the cloud and some are on-prem in our data center. Setting up Palo Alto firewalls is quite easy compared to other vendors.
Migrating our old infrastructure to Palo Alto took four to six months.
We did some pilot project testing with Palo Alto. If, for example, we want to migrate from XYZ vendor to Palo Alto, the very first thing we had to do was capture all the existing security and NAC policies and all the NGFW functionality. Palo Alto has specific features. For example, you can capture the logs in an inline environment, such as what traffic is going to the network, what security policies are there, et cetera. We deployed the Palo Alto firewalls in that way to only capture the traffic. We then analyzed the traffic, and we worked with Palo Alto TAC to understand the security policies and the exact throughput to determine the hardware we were going to use. We monitored all of that for a few months and then we started the migration from other vendors to Palo Alto.
We had 10 engineers involved in the deployment, but each on-site location had its own team as well. Three were senior network architects and the other seven were staff network engineers.
If you want to keep up to date in the network, it requires quite a bit of patching. It has many features, like Unified Threat Management and antivirus that can be auto-updated by scheduling an update for them. But the major patching has to be done manually. In our organization, we do it quarterly.
It is worth the cost.
Palo Alto Networks VM-Series is notably cheaper than other firewall vendors, except Fortigate. Fortigate is number one in terms of pricing.
Our security team tested various firewalls and it came down to FortiGate and Palo Alto and they found Palo Alto was quite suitable for the network.
Everything is moving to the cloud and we need a solution that can support all the multi-vendor platforms and the new technologies as well. That is quite important for any enterprise organization or service provider nowadays. If we talk about moving existing loads from our own data centers or enterprise sites to the cloud, we need a solution that can take care of everything, such as security compliance, and that is easy to use. Palo Alto is good in those terms.
With the introduction of Prisma Cloud, Palo Alto is encouraging clients to migrate their infrastructure, such as VPN and security solutions to Prisma Cloud. It has been highly optimized compared to Panorama. Palo Alto is promoting it and asking their clients to use Prisma Cloud to improve their security infrastructure.
I would advise, when you deploy a new site, to manage it from the centralized Panorama solution. With Panorama, you have a local login, so even if the internet is down you have access to the firewall management.
We had a situation, when performing patching, where the firewall lost the remote connection via the internet and it had not been onboarded to Panorama. That mean we lost connectivity and we had to involve the onsite technicians. To avoid that scenario, all firewalls should be centrally managed by Panorama.
And for troubleshooting, each firewall should have syslog profiles activated.
