Security Expert at a aerospace/defense firm with 10,001+ employees
Real User
All of the policies configured are related to the application and not to a port
Pros and Cons
  • "The strengths of Palo Alto Networks NG Firewalls are application visibility and application awareness. Their strong point is identifying applications for traffic. So all of the policies that are configured are related to the application and not to a port."
  • "This solution cannot be implemented on-premises; it's only a cloud solution. The price is high as well."

What is our primary use case?

We deployed the Palo Alto Next Generation Firewall on the perimeter of the network, so all traffic that flows to the company from the internet and from the company to the internet scanned by the Palo Alto Networks Firewall. In addition, all of the internal traffic from LAN users to services that are on the DMZ zone traverse the Palo Alto Firewall.

What is most valuable?

The strengths of Palo Alto Networks NG Firewalls are application visibility and application awareness. Their strong point is identifying applications for traffic. So all of the policies that are configured are related to the application and not to a port.

For example, let's say you want to allow HTTP traffic and the server is not listening on the standard http port which port 80 but listens on port 25 which Is the standard port for SMTP, this is not an obstacle has the firewall is focusing on the application, it identify the HTTP application and allow the HTTP application and block any other application on port 25. So we don't care on which port the app traverses.

It is easy to install and is stable too.

What needs improvement?

There is another solution from Palo Alto for endpoints - XDR  that integrates with the firewall  thus providing protection at the network level and also at the end point but the XDR solution is only a cloud based solution. I would really like it if would be possible to implement this solution on-premises this is something that I would love to see with Palo Alto Networks NG Firewalls.

The price could be lower.

For how long have I used the solution?

I've worked with Palo Alto Networks NG Firewalls within the last 12 months.

Buyer's Guide
Palo Alto Networks NG Firewalls
March 2024
Learn what your peers think about Palo Alto Networks NG Firewalls. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,234 professionals have used our research since 2012.

What do I think about the stability of the solution?

So far, it's stable. I haven't had any problem with it. I'm always authorizing to have the minor version aligned with the latest version. There haven't been any published vulnerabilities with the product so far.

What do I think about the scalability of the solution?

I'm using the cluster, and that's a great long term solution. So I haven't needed to expand.

There are more than 10,000 employees in the company. We hope to migrate the other branches that have a different vendor to Palo Alto.

How was the initial setup?

The initial setup was straightforward from my point of view.

What's my experience with pricing, setup cost, and licensing?

From a financial perspective, this solution is quite expensive.

The licensing is on a yearly basis even though we close the deal for three years upfront.

What other advice do I have?

I would advise that those thinking about Palo Alto Networks NG Firewalls need to switch how they think about a policy on the firewall. They should not to look at it from the point of view of the service and what port that policy is related to. Instead, they should look at it from the application side. Don't pay too much attention to the port. Just look at the application. For example, the NGFW doesn't care if SMTP traverses on port 25 or 65. It just enforces the protocol.

From a technical point of view, I don't think that there's something that's missing from the Palo Alto Networks NG Firewalls. So, I would rate it at nine on a scale from one to ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Faisal Ghaus - PeerSpot reviewer
Senior Presales Consultant at a tech services company with 11-50 employees
Reseller
Features excellent packet inspection in a unified platform
Pros and Cons
  • "The best feature is the packet inspection; compared to solutions like Cisco and FortiGate, Palo Alto's packet inspection is much less CPU intensive, allowing it to detect threats embedded within packages more quickly and efficiently."
  • "The solution doesn't support routing in virtual firewall creation, and we want that to be enabled."

What is our primary use case?

Our primary use case is to provide our clients with an internet gateway. 

What is most valuable?

The best feature is the packet inspection; compared to solutions like Cisco and FortiGate, Palo Alto's packet inspection is much less CPU intensive, allowing it to detect threats embedded within packages more quickly and efficiently. 

Palo Alto Networks NGFW provides a unified platform that natively integrates all security capabilities; it's easy to integrate with other platforms, and we never faced any issues doing so.  

Using Palo Alto Networks NGFW's unified platform, our clients have eliminated multiple network security tools and the effort needed to get them to work together.

What needs improvement?

The solution doesn't support routing in virtual firewall creation, and we want that to be enabled. 

For how long have I used the solution?

We've been involved with Palo Alto Networks since 2008 and are a reseller, so we implement the solutions for our clients.

What do I think about the stability of the solution?

The solution is very stable; we don't have any problems with the stability. 

What do I think about the scalability of the solution?

The product is very scalable. Most of our customers are enterprise-sized financial institutions with over 3,000 branches. 

How are customer service and support?

Palo Alto Networks doesn't directly support Pakistan but rather through distributors. Out tickets go to the distributors, which are then forwarded to Palo Alto.

How would you rate customer service and support?

Neutral

How was the initial setup?

The initial setup is very straightforward; we can complete it three to four hours after activating the licenses.

What's my experience with pricing, setup cost, and licensing?

The product is expensive. With one being the cheapest and ten being the most expensive, I give it an eight.

What other advice do I have?

I rate the solution nine out of ten. 

Palo Alto Networks NGFW is an excellent solution; 90% of the financial institutions in Pakistan use it as their ultimate gateway. 

People are just starting to get into machine learning in Pakistan, so we're not 100% sure of its capabilities and potential. I believe machine learning becomes more efficient in a cloud environment than a hybrid one, though I have yet to research this thoroughly.

To a colleague at another company who says they want the cheapest and fastest firewall, Palo Alto Networks provides an expensive solution, but you can't compromise on security. You can buy the most inexpensive firewall, but you'll have to purchase add-ons and subscriptions to enable a complete security infrastructure in your organization. One solution for every situation that doesn't require any additional services is a better choice. 

I advise those considering the solution to understand where they want to deploy it in the organization, as a broad installation is best for internet gateways. Next, the sensitivity of the data is important; for a financial institution like a bank, I recommend Palo Alto NGFWs because of the quality of the security and machine learning.

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
PeerSpot user
Buyer's Guide
Palo Alto Networks NG Firewalls
March 2024
Learn what your peers think about Palo Alto Networks NG Firewalls. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,234 professionals have used our research since 2012.
Deputy Project Leader for CVE at a tech services company with 1-10 employees
Real User
Saves our company time and resources, which equals money saved
Pros and Cons
  • "Palo Alto Networks NG Firewalls saves us time."
  • "I would like more reporting and metrics in the solution."

What is our primary use case?

We use Palo Alto Networks NG Firewalls mostly for firewalls.

How has it helped my organization?

Palo Alto Networks NG Firewalls saves our company time and resources, which equals money.

What is most valuable?

Palo Alto Networks NG Firewalls saves us time. The solution's firewalls have secured our company, and we don't have to worry about anything.

What needs improvement?

I would like more reporting and metrics in the solution.

For how long have I used the solution?

We have been using Palo Alto Networks NG Firewalls for two years.

What do I think about the stability of the solution?

It is a stable solution.

What do I think about the scalability of the solution?

It is a very scalable solution.

What was our ROI?

We have seen an ROI with Palo Alto Networks NG Firewalls because it saves us time. We haven't worried about any security issues and feel very protected with Palo Alto Networks NG Firewalls.

What's my experience with pricing, setup cost, and licensing?

It is expensive but is worth the price.

Which other solutions did I evaluate?

Before choosing Palo Alto Networks NG Firewalls, we did evaluate other options.

What other advice do I have?

We're fine with the firewall and not shopping around for a firewall.

The fact that it embeds machine learning in the core of the firewall to provide inline, real-time attack prevention is invaluable to me.

Palo Alto NGFW provides a unified platform that natively integrates all security capabilities, which is invaluable to me.

It does a great job of securing data centers consistently across all workplaces, i.e., from the smallest office to the largest data centers, and we have zero complaints.

Palo Alto Networks NG Firewalls have helped us reduce about twenty extra hours a week of downtime in our organization.

I rate the value we receive from attending an RSA Conference a ten out of ten.

Attending RSAC will surely have an impact on our organization's cybersecurity purchases made throughout the year afterward.

Overall, I rate the solution a ten out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer:
PeerSpot user
M&B at a computer software company with 11-50 employees
Real User
Good protection, easy to install, and reliable
Pros and Cons
  • "The most valuable feature of the solution is the network protection."
  • "The support could be improved. Palo Alto does not have a support team located in Bangladesh, and their support team operates from another location. Therefore, when we raise a ticket, it takes some time for them to respond, which can be problematic for us."

What is our primary use case?

I am a customer of Palo Alto Networks. If any issue arises, I raise a ticket with Palo Alto.

How has it helped my organization?

We are currently using Palo Alto in our national data center, which is a large Tier Three data center. As all communication is now going through APIs, it would be beneficial to improve Palo Alto by adding an API scanner in the future.

What is most valuable?

The most valuable feature of the solution is the network protection.

We decided to use Palo Alto because they are the leader in the market.

Palo Alto does provide a unified platform that natively integrates all security capabilities.

These days, DDoS attacks are becoming more frequent, especially in external data centers. Therefore, we need to enhance the DDoS attack block list and update patches in our national data center.

What needs improvement?

The API scanner could be improved.

The support could be improved. 

Palo Alto does not have a support team located in Bangladesh, and their support team operates from another location. Therefore, when we raise a ticket, it takes some time for them to respond, which can be problematic for us.

For how long have I used the solution?

I have been working with Palo Alto Networks NG Firewalls for seven years.

What do I think about the stability of the solution?

Since we have definitely used Palo Alto Networks NG Firewalls, it's not possible to compare them with any other product.

The stability of Palo Alto Networks NG Firewalls is good.

What do I think about the scalability of the solution?

The current solution is satisfactory, but we require more scalability from Palo Alto.

How are customer service and support?

Technical support is good.

I would rate the technical support a nine out of ten.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

Previously, we did not use another solution.

How was the initial setup?

The initial setup was straightforward, as we prioritize quality over price for our federal work. Our main concern is protection, as we need to safeguard national assets.

What about the implementation team?

I am the consultant.

What was our ROI?

We have observed a positive return on investment because if a DDoS attack were to occur, it would result in a loss of business and other adverse effects.

By using Palo Alto to protect our data, we can prevent such attacks and ensure that our business runs smoothly.

What's my experience with pricing, setup cost, and licensing?

We always aim to reduce the pricing, as it is currently a bit high and needs to be lowered.

Before my organization purchases any product, they must obtain my permission and also conduct an evaluation.

Which other solutions did I evaluate?

From the very beginning, we have been using Palo Alto Networks NG Firewalls, I cannot make a comparison with other firewall solutions.

What other advice do I have?

Palo Alto is the market leader in firewall technology, and we also use their firewall. However, we have been experiencing DDoS attacks and are using Palo Alto to protect against them. 

In some cases, we may need to increase the DDoS block list and update patches through Palo Alto.

As someone who works in the national data center, we always strive to use the very best, not the cheapest.

I would rate Palo Alto Networks NG Firewalls a nine out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Ahmed Hesham - PeerSpot reviewer
Network Security Engineer at Raya Integration
Reseller
Top 5Leaderboard
A next-generation firewall with useful functions and features
Pros and Cons
  • "I like all the functions and features."
  • "I think automation and machine learning can be improved to make bulk configurations simpler, easier, and faster"

What is our primary use case?

We use it for LAN users, internet access, and more. The NG Firewall has many functions like user control, access control for servers, natural controls based on applications, schedules, ports, RTs, and IPS functionality with antivirus or security functionality. We also use it to control internet access, traffic shaping for bandwidth control, and fraud prevention.

What is most valuable?

I like all the functions and features.

What needs improvement?

I think automation and machine learning can be improved to make bulk configurations simpler, easier, and faster. Scalability can also be better.

For how long have I used the solution?

I've been working with NG Firewalls for six years.

What do I think about the stability of the solution?

Palo Alto Networks NG Firewalls is a stable solution.

What do I think about the scalability of the solution?

I don't think Palo Alto and Fortinet firewalls are scalable. Only Cisco is scalable. For clustering, Cisco activity models like the 4000 model are better. For example, if the firewall is undersized due to expansion, you can cluster and add more appliances to the system.

How are customer service and technical support?

I think Palo Alto has good support. Technical support helped me solve most of my issues very quickly. 

How was the initial setup?

The initial setup depends on the client's infrastructure and the project's scope. 

If it's migration, Palo Alto has a great tool called the Expedition tool. It helps to migrate any firewall to the Palo Alto firewall. This process takes about a day, and it's very simple.

If it's a fresh installation, it depends on the number of policies you need to apply and the number of metrics. You can do it using the command line. You can do it easily and quickly, but it depends on how much the customers prepare. Sometimes the customer has no information to provide, and you struggle to get this information. Sometimes this process can take two to five days or take weeks. 

What about the implementation team?

We implement and maintain Palo Alto Networks NG Firewalls for our customers.

What's my experience with pricing, setup cost, and licensing?

Paul Alto is the most expensive solution in this category. The subscriptions and support are also expensive, but everything is included in the hardware, including the subscriptions.

If a customer is price-sensitive, I will go for Fortinet without a second thought. If customers are willing to invest in their data centers, I might go with Palo Alto and Cisco.

What other advice do I have?

On a scale from one to ten, I would give Palo Alto Networks NG Firewalls a ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Nils Paley - PeerSpot reviewer
Network responsible at NMD
Real User
Top 20
Stable product with valuable technical support services
Pros and Cons
  • "The initial setup process is quite easy."
  • "Palo Alto Networks NG Firewalls work slowly for vulnerability management. Its performance could be faster."

What is most valuable?

The product’s most valuable feature is security.

What needs improvement?

Palo Alto Networks NG Firewalls work slowly for vulnerability management. Its performance could be faster.

For how long have I used the solution?

We have been using Palo Alto Networks NG Firewalls for five years.

What do I think about the stability of the solution?

The product is stable. I rate its stability a ten out of ten.

What do I think about the scalability of the solution?

I rate the product’s scalability a nine out of ten.

How are customer service and support?

The technical support services are good. They respond immediately.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We used FortiGate earlier. We plan to switch again to FortiGate as per our vendor’s preference.

How was the initial setup?

The initial setup process is quite easy. It took less than a month to complete.

What's my experience with pricing, setup cost, and licensing?

I rate the product’s pricing an eight out of ten.

Which other solutions did I evaluate?

We evaluated Check Point. We decided to go to Palo Alto for better pricing.

What other advice do I have?

I rate Palo Alto Networks NG Firewalls a nine out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Manager IT Security & Infrastructure at Currimjee Jeewanjee & Co. Ltd.
Real User
Top 10
Gives us visibility and reporting that we didn't have, improving our ability to monitor and secure our network
Pros and Cons
  • "You can easily integrate it with Active Directory, and you can use the GlobalProtect VPN for internal and external purposes. The URL Filtering is also clear and the application filtering is a plus. The application filtering is much better when you compare it to FortiGate or other firewall vendors."
  • "There has been a recent change in the graphical interface. For the monitoring part, they could have a better UI."

What is our primary use case?

We have implemented our own private cloud where we host different services for a number of internal companies that are part of a group. We have financial companies, hospitality, and construction companies; a large variety. We use Palo Alto to provide security protection for all these companies.

How has it helped my organization?

Previously, with our old firewalls, we did not have any visibility. The application layer was zero. We didn't have any visibility there. And we also didn't have any reports. Now, we have good visibility and we are able to get reports and we can monitor the network much better. That's a big change for us and a big help.

What is most valuable?

There are a lot of helpful features

  • monitoring
  • reporting
  • WiFi.

You can easily integrate it with Active Directory, and you can use the GlobalProtect VPN for internal and external purposes. The URL Filtering is also clear and the application filtering is a plus. The application filtering is much better when you compare it to FortiGate or other firewall vendors.

Also, the fact that Next-Gen Firewalls from Palo Alto embed machine learning in the core of the firewall to provide inline and real-time attack prevention is very important. Nowadays, all the modern attacks, hackers, and bad people are becoming more intelligent and automating attacks. Embedding AI is a good idea.

We have complete visibility through the logs and the alerting. It depends on how you configure the firewall. You can configure it to get alerts whenever there's an attack or whenever something is happening. That's how we can assess if the firewall is doing the job correctly or not. We are happy with the way the firewall does its job.

What needs improvement?

There has been a recent change in the graphical interface. For the monitoring part, they could have a better UI.

For how long have I used the solution?

We have been using Palo Alto Networks NG Firewalls since 2012.

What do I think about the stability of the solution?

The big firewalls, like the PA-300 and the PA-3020, are very good, stable, and performant. They are very reliable. The smaller models are reliable, but the performance on their management plane is a bit slow. Even the management plane of the PA-850 is a bit slow when you compare it to some of the bigger models.

What do I think about the scalability of the solution?

Scaling is easy. We currently have about 1,000 endpoints.

How are customer service and support?

We haven't worked with their technical support.

Which solution did I use previously and why did I switch?

We replaced a Cisco ASA Firewall with Palo Alto, and then we started replacing all our other firewalls with Palo Alto. Cisco ASA was not a next-generation firewall at that time. And no firewall could beat the traffic monitoring and the visibility that we had on Palo Alto.

We did a PoC before going to Palo Alto. We placed the Palo Alto in virtual wire mode, meaning a transparent mode. Without changing our existing network infrastructure, we were able to plug the Palo Alto into our network where we could see all the incoming and all the outgoing traffic. Without creating any policies or any blocking, we were able to see all the traffic and we were impressed with that part and we decided to switch to Palo Alto.

How was the initial setup?

The first deployment was very complex. I was not the one who implemented it, it was an integrator, but it was a headache due to some difficulties. After that, things became easy. We have implemented six or seven Palo Altos, and things are easy because of our familiarity with the whole deployment process. The first time we were using this firewall we were not at ease with the product. After that, we got used to it and it became easier.

Because of the issues with the first one, it took one week for the deployment, for the complete transition from Cisco ASA to Palo Alto. Since then, all the deployments have been done in one day.

What was our ROI?

We have seen ROI as a result of the visibility and reporting. These are two things we didn't have, and now that we have the visibility, we can ensure  that our network is secure.

What's my experience with pricing, setup cost, and licensing?

If you compare Palo Alto with other firewalls, it's a bit expensive.

Which other solutions did I evaluate?

At that time, Palo Alto was the leader and I think it was the only next-gen firewall.

We have looked into other firewalls since then. In 2017 or 2018, we decided to replace one Palo Alto with a Forcepoint Next-Gen Firewall. We placed that in the network but, after six months, we replaced it with Palo Alto.

What other advice do I have?

If someone is looking for the cheapest and fastest firewall, I would say the fastest is good, but not cheapest. Palo Alto Firewalls are not cheap.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Director of Information Technology at a hospitality company with 10,001+ employees
Real User
A stable next-generation firewall solution
Pros and Cons
  • "I like that they are more stable than the previous ones, and they allow a lot of other features."
  • "It would be better to have more tools to control Palo Alto Networks NG Firewalls. We don't have too many tools to access Palo Alto. For example, the IT team doesn't have access to it. We can see it physically and see if it's running or not. We need to contact a special team to receive that information. I would also like to see more reporting in the next release."

What is our primary use case?

We use Palo Alto Networks NG Firewalls to manage the villains. Basically, to protect the environment. 

What is most valuable?

I like that they are more stable than the previous ones, and they allow a lot of other features.

What needs improvement?

It would be better to have more tools to control Palo Alto Networks NG Firewalls. We don't have too many tools to access Palo Alto. For example, the IT team doesn't have access to it. We can see it physically and see if it's running or not. We need to contact a special team to receive that information. I would also like to see more reporting in the next release.

For how long have I used the solution?

I have been using Palo Alto Networks NG Firewalls for two years.

What do I think about the stability of the solution?

Palo Alto Networks NG Firewalls is stable.

What do I think about the scalability of the solution?

Palo Alto Networks NG Firewalls is scalable. We have about 250 people using it at our hotel.

How are customer service and technical support?

We use Trustwave, a company that provides the devices. We have an agreement with them, and we're satisfied with the support.

Which solution did I use previously and why did I switch?

We used to use Juniper and Fortinet.

How was the initial setup?

The initial setup is pretty much straightforward. It takes us about two hours to set up and deploy this solution. It takes a team of two guys to deploy and maintain this solution.

What other advice do I have?

I would recommend this solution to new users.

On a scale from one to ten, I would give Palo Alto Networks NG Firewalls a nine.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Palo Alto Networks NG Firewalls Report and get advice and tips from experienced pros sharing their opinions.
Updated: March 2024
Product Categories
Firewalls
Buyer's Guide
Download our free Palo Alto Networks NG Firewalls Report and get advice and tips from experienced pros sharing their opinions.