Palo Alto Networks NG Firewalls Reviews

We're partners. Essentially, we take all the Palo Alto firewall policy information and all the device information, and we put it on a single pane of glass for them.

It provides a unified platform that natively integrates all security capabilities. This communication between security devices or security platforms is pretty important.

It helps to reduce downtime in our organization, but I don't have the metrics.

Their Prisma log collection is pretty great. Our product collects the logs, and it definitely makes the configuration of log collection easier.

Everything has been great. More machine learning would be something great to see, but I don't know if it's a priority for Palo Alto.

We're partners with Palo Alto. We've been partnering with them for about ten years for their firewalls.

It's pretty stable.

It's pretty scalable. Palo Alto does a great job across the board from small businesses to large enterprise solutions.

I have not had direct communication with their support.

We've worked with different firewall solutions such as Check Point, Cisco, ACI, and Fortinet, but Palo Alto is definitely among the ones that I like to work with.

Overall, it provides a wide range of features for securing an environment.

You get what you pay for.

The RSA Conference is great. You get to see a wide range of products all in one place. In terms of security, this is the place to be. It has been a great experience.

I believe attending the RSA Conference has an impact on our organization’s cybersecurity purchases made throughout the year afterward. It gives us a good forecast as to where the industry is going and what's to come so that we can be better prepared to partner with all different vendors.

To a colleague at another company who says, “We are just looking for the cheapest and fastest firewall,” I would say that Palo Alto is definitely not the cheapest. It's one of those things where you prefer quality.

Overall, I'd rate this solution a nine out of ten.

We have clients in the government and supermarkets, for example, who use this firewall for integration with EDR, NDR, CN, and IPS.

Palo Alto Networks NG Firewalls' IPS is more complete and is very good. This is a user-friendly solution that is easy to install, and it provides the best protection.

It's very important that Palo Alto Networks NG Firewalls embed machine learning in the core of the firewall to provide inline, real-time attack prevention because all components are moving laterally these days. We need tools that follow the zero-trust model.

These firewalls have helped reduce downtime in our organization as well.

Palo Alto needs to improve their training. They do not invest in their partners. I have been a partner for seven years, and it is very expensive for me to certify my engineers.

I've been working with these firewalls for almost seven years.

The firewalls are very stable.

Palo Alto's scalability is not as good as that of Check Point. With Check Point, I can integrate the firewall with other products.

We do not have technical support in Brazil, so I would rate it a two out of ten. However, Palo Alto's technical support in the US is good, and I would give them a rating of eight out of ten. 

Neutral

I have worked with Check Point, but it's very difficult to configure. Palo Alto is much easier to configure, and the dashboard is very user-friendly as well.

Because I have worked with Palo Alto for seven years, the initial setup is very easy for me. However, new engineers may find the configuration difficult.

Palo Alto Networks NG Firewalls are very expensive compared to other firewalls such as Fortinet. As a result, Palo Alto is losing some of its market share. 

I would rate Palo Alto Networks NG Firewalls an eight out of ten because it's a good product.

I like attending RSA conferences because it gives me the opportunity to see what competitors are doing and what is new on the market.

Attending RSAC does have an impact on our cyber security purchases, but I would like to see manufacturers offer more training, certifications, labs, and demos at RSAC. 

Our use cases include combining multiple next-gen firewalls and bringing them into the Panorama centralized platform.

In general, it's one of the better firewall brands out there. It definitely has the investment and the dedication of the Palo Alto team to constantly improve their product and move forward. They're not a static company, like some of the other companies out there, and that's why I like them.

From a firewall perspective, there is a unified platform that natively integrates all security capabilities, which is good because there is a single pane of glass. I don't have to go to every single firewall to look at certain things. I don't have to go to every single firewall to deploy rules. I can use Panorama to deploy the rules, so it's a one-stop job type of thing.

For securing data centers consistently across all workplaces, all next-gen firewalls pipe into the same Panorama centralized management solution. We can manage everything from a single pane of glass, deploy all that out, and make sure it goes through each firewall and updates correctly. That's huge. If you had to do it manually and you had thirty locations, that'd be like a day's job versus thirty minutes.

Having a centralized platform where they all feed into the Panorama solution significantly drops firewall-by-firewall management. We can use the Panorama solution to communicate with all of them.

I like the navigation of the general Panorama solution. I can easily navigate around and get to the thing I need. I'm not wasting time trying to find something.

Personally, I feel that their dashboards for reporting and things like that need some improvement.

We've been using Palo Alto for one to two years.

It has been very stable so far.

So far, it has been scalable enough to hit multiple divisions.

I have not personally contacted their support. That just dictates that they have a good product.

Positive

We also use Cisco firewalls.

I am not directly involved in its deployment, but I do help manage it. To my knowledge, the deployment was straightforward. It was easy to connect them into the Panorama platform.

There was a consultant. They knew their stuff.

There is typically no return on investment for firewalls because it's an IT cost, and we don't make money because we don't resell them.

It's pretty good.

We evaluated Fortinet and Check Point.

The value I receive from attending an RSA Conference is huge because I visit all my vendor partners to understand their roadmaps for the future. Attending an RSA Conference has had an impact on our organization’s cybersecurity purchases made throughout the year afterward because it brings out new features and subsets of the vendor partners. Also, if there is a deficiency in any of the current ones we currently use, we'll go engage other providers in order to find out if they can reach that gap or not, and then it'll dictate future proof of concepts and decisions.

Palo Alto embeds machine learning in the core of the firewall to provide inline, real-time attack prevention, but I personally haven't experienced that. It's a good thing that there hasn't been an attack where that became useful, but that's great to know.

As a result of our experience with Palo Alto NGFW, to a colleague at another company who says, “We are just looking for the cheapest and fastest Firewall,” I would say, "Go with Palo Alto."

Overall, I would rate Palo Alto NGFW an eight out of ten.

We chose Palo Alto Networks NG Firewalls to replace our outdated firewalls.

The overall security of the organization has been improved.

The most valuable aspect of this solution is pre-sales and post-sales because of the support and relationship building.

Palo Alto Networks NG Firewalls provide a unified platform that natively integrates all security capabilities. 

The integration of all security capabilities in Palo Alto NG Firewalls provides a unified platform, which is crucial as it reduces complexity.

Having machine learning embedded in the core of the solution for in-line, real-time attack prevention is of great importance to us, it is a top priority. 

This is significant because it enables automation, reducing the number of man-hours needed.

When evaluating the ability of Palo Alto Networks NG Firewalls to secure data centers consistently across all workplaces, I would give it a rating of eight out of ten.

By using Palo Alto Networks NG Firewalls, we have been able to decrease our downtime by several hours per month.

The solution could be more cost-effective.

I have been using Palo Alto Networks NG Firewalls for two years.

Palo Alto Networks NG Firewalls is a very stable solution.

Palo Alto Networks NG Firewalls are easily scalable.

We previously used Barracuda Networks.

We switched to Palo Alto Networks NG Firewalls after having a bad experience with our previous vendor for firewall solutions.

Palo Alto is more forward-thinking when compared to Barracuda.

I was involved in the initial setup. It was complex in multiple ways.

The solution itself is not a simple solution.

An integrator assisted us with the deployment.

They were helpful and knowledgeable.

I have experienced a return on investment with Palo Alto Networks NG Firewalls. One benefit is that there are fewer man-hours required for deployment and maintenance.

That solution's pricing and/or licensing are very convoluted.

Based on my experience with Palo Alto Networks NG Firewalls, if a colleague at another company said they were only looking for the cheapest and fastest firewall, I would not recommend Palo Alto.

I would rate Palo Alto Networks NG Firewalls a nine out of ten.

Attending an RSA conference provides high value and helps us to see the impact of our organization's cybersecurity purchases annually.

I use NG Firewalls for perimeter defense. 

We've seen better throughput compared to our previous firewall. End-users are happier with their connections through Palo Alto. 

Palo Alto offers better Layer 7 protection than competing solutions by Cisco and Fortinet. I also like the VPN client more. The interface is simple, so administrators can deploy and configure it much faster than other firewalls. The interoperability with other vendors is excellent. We can connect Palo Alto firewalls to all our other solutions. 

I would like to see more artificial intelligence. However, that is going beyond firewalls to products like Prisma. Palo Alto has those features in an entirely different ecosystem. It isn't a problem. Machine learning is valuable, but I rely more on threat intel. 

I have been using Palo Alto's solutions since 2014.

I rate Palo Alto NG Firewalls a nine out of ten for stability. We have had zero downtime except for scheduled maintenance. The firewalls are in a cluster that never goes down.

The scalability is excellent because you can always purchase a bigger firewall as you grow. 

I rate Palo Alto's support a seven out of ten. It is good overall but worse in some regions. The first level of support will usually do nothing for you. If you're an IT company, you're not looking for level-one support. You need to escalate. Other vendors have a direct support line for enterprise clients, but not Palo Alto.

Neutral

Palo Alto has a better interface and integration with other solutions than competing vendors. The only drawback is the price. Go with FortiGate if you're looking for a firewall that is cheap and decent. If you can't afford Palo Alto, FortiGate is the next cheapest. 

We can deploy Palo Alto firewalls faster and easier than most other solutions. We assess the traffic, buy the appropriate size, and implement it. 

Palo Alto firewalls are expensive, but they're worth what we pay. 

I rate Palo Alto NG Firewalls a nine out of ten. Technical support has some room for improvement, and there are several minor issues that aren't worth mentioning. 

I design networks for our customers; I always use a high-speed packet filter upfront because I work for a Juniper partner company. This is usually a Juniper SRX series firewall and it does most of the easy work. Behind that, I add a more intelligent firewall, Palo Alto NGFW. We are partnered with Palo Alto, but that's not the main reason we use their solution. I worked with Check Point products for four years, and the Palo Alto alternative seriously impressed me. Here in Hungary, Palo Alto is considered the de facto intelligent firewall, for good reason.

I work for an integrator and support company, and I support our customer's security platforms; we have many customers with Palo Alto Networks NG Firewalls.

The firewalls improved our organization. Creating firewall rules is much simpler. The solution is so straightforward that customers can configure it themselves, and they rarely call us for that, which is great for us as a support company. It makes our job much easier as Palo Alto NGFWs don't require a security specialist to configure; it can be done by systems engineers or IT support staff. 

All the features are valuable, but my main one is the straightforward and well-designed GUI. I'm over 50 and have been in this business since the internet started. I'm not a GUI guy; I prefer using the command line. The product's GUI is excellent, and so is the threat intelligence. It's also straightforward to configure and flexible. The solution even has good networking, such as VLAN and subinterfaces, which is great because, in my experience, if the firewall is good, then the router usually isn't and vice-versa, but Palo Alto has both.

We use the on-premises solution, and it's very impressive; both flexible and intelligent. The machine learning functionality is excellent, and I love the product as a support guy because it makes my job much easier. I have very little troubleshooting, and our customers haven't had a single security incident since implementing Palo Alto. I'm deeply impressed with this solution.

The machine learning against evolving threats works well. The best thing I can say is that none of our customers have had any security issues; I can't find any problems with the solution.

The support is outstanding; we are always alerted about potential issues such as bugs in advance, so we have time to adapt and prepare. Palo Alto has grown more effective; most importantly, there haven't been any security issues. I would give the product a 10 out of 10 for flexibility and at least a seven for security. I can't say precisely what security threats our customers face, but nothing has gotten through.

The solution provides a unified platform, which is essential because there is a significant shortage of experienced IT specialists in Hungary and elsewhere. Their effectiveness is amplified by the quality and straightforward nature of the solution, and the result is more robust security.

I don't have a direct view of our customer's security threats as it is privileged information, but I can say that there have been no security breaches. I would say the solution does eliminate security holes. 

Our Palo Alto firewalls have the zero-delay signature feature implemented, and it works fine. There haven't been any issues with us or any of our customers. This feature makes the whole security system more efficient. 

The network performance is top-notch; I would give it a 10 out of 10. Intelligent firewalls tend to be slower, but this solution is fast. Previously, I used a simple packet filter or zone-based packet filter in conjunction with an intelligent firewall, but Palo Alto is fast and secure enough for standalone use. I've been familiar with the solution's architecture from the beginning, and it's a very nice platform.

I recommend this solution to any engineer; technically speaking, it's the best product on the market. I know it isn't the cheapest, and decisions are often made on a financial level, but Palo Alto in Hungary always gives us a good deal. 

The solution's VPN, called GlobalProtect, could be improved as I've had a few issues with that. 

It can be challenging to migrate configurations between Palo Alto firewalls or restart with a backup configuration using the CLI. That could be improved. I think I'm one of the only people still using the CLI over the GUI, so that's just a personal issue.

I have been working with the solution for four years.

The solution is incredibly stable.

We work with hardware platforms, and they are usually slightly over designed to be on the safe side. The virtual firewall is highly customizable, but I have experience with the hardware platforms, and there is an upper limit on those, but I haven't had any scaling issues thus far.

In Hungary, where I live, the population is 10 million, similar to London. When I say we have 1000 end-users, it may seem like a small number, but that's relatively high for Hungary. Other vendors also supply the solution here, so 1000 is just our customers.

I mostly do deployments and maintenance alone. There are three systems engineers at our company.

The customer service and support are good. I have full support when I have a problem, and they can even do remote assistance. We had a big power failure, and the firewall didn't restart; they provided a hardware expert over the phone to solve the problem. They are very impressive. I would say Juniper offers the best support, but Palo Alto is almost as good, if not just as good for me.

Positive

I have been in this business from the beginning, so I used most firewall solutions. I focused on Cisco for 15 years, but that changed due to license-based selling in a very price-sensitive market. Cisco is not as viable an option as it used to be as customers consider it too expensive. I also used a Check Point solution, which was regarded as the go-to intelligent firewall five years ago, but now Palo Alto has taken that top spot. 

We are partners with several providers, including Juniper, Palo Alto, and a few others, but I always go with Palo Alto because it's a straightforward solution with easy installation.

The setup is easy; it's straightforward for anyone with basic networking and security knowledge. It's comparable to setting up a firewall at home, which is very impressive. It's still easy with very complex network setups, only the VPN concentrator, GlobalProtect, is more challenging, as it requires two-factor authentication, but it's still straightforward.

Initial setup time depends on the specific implementation, but we can do a new deployment in one or two days. It is more complicated when migrating from other platforms because the customer expects the same logic and features in the new platform. Palo Alto has an excellent marketing strategy, so their customers know their product uses a unique logic. This helps keep the implementation straightforward and shorter compared to other solutions. 

My implementation strategy begins with a plan for the customer's network based on their needs. Then I set up all the networking parameters and configure the solution in my lab device, so I can export it and import it on-site. Every setup begins in our lab, as it's more impressive to go to the customer and import the configuration right away. 

I don't know about the price of the platform or the license fees, as the finance department deals with that. I only bill for the materials involved in the design.

I don't know about the price. When there's a new project, I go to the meeting, but after a point, all the engineers leave when it comes to money because it's not our business. I know Palo Alto offers good discounts for the partners, and the solutions are good. They offer free trials and win many customers because it allows them to test products and see how well they perform.

The only thing I can say is it's a top technology. 

I would rate this solution a nine out of ten.

Cloud-based solutions are very unpopular in Eastern Europe, only private clouds are used, but on-premises is the favored deployment method. We use cloud solutions at home and for small companies or companies with particular use cases. I implemented the solution for a customer, and my first task was to disable all cloud-related features. It's exceedingly difficult to find a financial or government institution using a cloud-based platform; this market segment tends to have a more conservative mentality.

I don't use the solution personally, but I'm the first-level troubleshooter. If I can't solve a problem, I open a ticket to Palo Alto's customer support.

I have clients who used separate firewalls and VPN concentrators, but after switching to this solution, they now use the Palo Alto firewall and its VPN, GlobalProtect. I don't think it's the best VPN concentrator, it's an excellent firewall, but the weak point is the VPN.

I advise reading the documentation before configuring, which goes for any platform.

Generally, it is used for the main function of the firewall. It protects the applications and the servers of clients from attacks. We use it as a perimeter firewall for the traffic from the internet, and it is also being used because one of the customers needed a solution for PCI compliance. We have put the firewall between servers inside the network to do segmentation. So, with the firewalls, specific communication is open between the clients and the servers, between the servers, and between the servers, applications, and the database.

We have PA-5000 and PA-850 series firewalls. In terms of the version, we are using version 9.1, which is not the most recent version. It is the previous one. We manage all firewalls from Panorama.

The most important benefit is that we can manage VPNs inside this firewall. We have integrated it with Active Directory. We provide a certificate to a user, and the user of the certificate can connect with the GlobalProtect VPN, which is a Palo Alto solution. With this solution, we can easily manage about 1,000 VPNs daily. It supports integration with Active Directory, and it is very easy for us to manage the VPNs. Before using Palo Alto Next-Generation firewalls, there was another solution, and we had a lot of issues with that.

Palo Alto NGFW provides a unified platform that natively integrates all security capabilities. Our main customer is going for PCI certification, and a part of the certification requires the use of these kinds of firewalls to protect all the information that they have.

Palo Alto NGFW’s unified platform helped to eliminate security holes and protect from various threats. 

We have firewalls that automatically update the signatures every 15 minutes. It is very important for us because if something happens, we know that the threat will be eliminated because the firewall is updated to the latest signatures.

The trackability is most valuable. When a port is open for a protocol, such as port 443 for HTTPS, it can look inside the traffic and identify or verify the applications that are using the port, which was previously not possible with traditional firewalls.

It is very important that Palo Alto NGFW embeds machine learning in the core of the firewall to provide inline, real-time attack prevention. If something is different, the firewall identifies that based on the behavior of the traffic and alerts us. It can also block that so that nothing more happens.

We use Panorama to manage all firewalls. There is a dashboard, and there is a tab that shows you the real-time traffic that is passing through the firewall. We are able to get all the insights about the traffic.

We use ACC which is a tool for verifying the activity or traffic within your network. Currently, in ACC, the time of the samples that they offer is about five minutes. When you try to go down to a shorter duration, you can't. You only have five minutes. They can provide samples for shorter durations, such as one minute.

I have been using this solution for eight years.

In terms of usage, all the traffic is passing from these firewalls. In general, there are about 3,000 users and 1,000 servers. All the traffic travels through these firewalls. At this moment, there are no plans to increase its usage.

When we were migrating from one model to another, Palo Alto gave us a chance to replace the hardware because the previous model was old, and there was no support. We were able to acquire a new box at the same price that we would have had to pay to repair and maintain it. 

There is another person that is in charge of that. Their support is only in English, which has been challenging, but now, we have engineers who can talk in English.

It wasn't easy because we were migrating from Check Point to Palo Alto. It was difficult at the beginning, but after that it was easy. Overall, the implementation took us three months because we could only do it in certain time windows. It was implemented in phases.

There were some applications that didn't work fine in the beginning. We had to see what was happening and identified the issue.

In the beginning, we used Palo Alto, but after that, we did everything in-house. The support from Palo Alto was fine. Their support person helped us. We are in Mexico, and he helped in translating the support information from English to Spanish in the beginning. We had a few big issues, but in the end, we solved all of them. Now, I can operate these firewalls.

Its price is comparable to other companies. The license is on a one-year or three-year basis. It depends on the customers what they want to go for. There are some features that require an additional license, and there is also the cost of the support.

I would recommend this solution. It is a good solution. I would rate it a nine out of ten.

We use it to see and detect malware. It is also used for antivirus, anti-spyware, anti-malware, vulnerability, and Wildfire analysis. We support different kinds of authentication as well: Kerberos, LDAP, TACACS, and SAML. All in all, it is a security device that you can have anywhere on your network, as per the design considerations.

It is deployed in two different ways, either on-premises or on the cloud, which may require a different hypervisor. 

Nowadays, because of the pandemic, everyone is working from home or users are not sitting in the office to work. So, security has become a challenge. For that, we provide GlobalProtect, which is a VPN solution. This will connect to your organization's network, and then you can access anything that is required. This is the most widely used tool that we provide, and it is used worldwide. During the pandemic, it was a massive success for us.

Palo Alto NGFW provides a unified platform that natively integrates all security capabilities which is really important from the end customer point of view. If I have to set up an organization, I will go ahead and buy different devices or platforms. However, if I go ahead and buy Next-Generation Firewalls and put them on the edge of the network where I connect with ISPs, my Next-Generation Firewalls will take care of the security parameters. I don't need to worry about it that much anymore.

Its security profiles are a valuable feature. 

All the logs can be stored in a single place.

Panorama lets all the devices be managed centrally in a single place. This provides the best view for admins into any particular firewall, which decreases those admins' tasks because they can view everything in a single place. 

The machine learning tracks how many packets per second are coming into the firewall.

Any request coming in will go into the DNS sinkhole first, not to the user. We protect our users that way.

Within this one platform, you are getting everything that you want. This single device can provide you with antivirus, anti-spyware, volumetric protection, URL filtering where decryption is required, and file blocking with Wildfire analysis.

Palo Alto Networks NG Firewalls have a Single Pass Parallel Processing (SP3) Architecture, which has a different kind of code doing the work. It increases the packet processing rate. Whereas, without the SP3 Architecture, you are waiting for each job to complete, even if you have 100 jobs assigned.

There is always scope for improvement on any particular device in any particular organization. For example, when there was change from IPv4 to IPv6, some of the firewalls still didn't support IPv6. In North America, we have seen most customers are using IPv6, as they are getting the IPv6 IPs from their ISPs. Sometimes, when they go through the firewall, it denies the traffic.

It has been almost three years.

From a stability point of view, the firewall is very stable because the PAN-OS version doesn't change very often. If a new PAN-OS version is out in the market, our engineering team checks it multiple times.

The network performance is never compromised.

It is scalable. We have small and big clients.

For small clients, there is the PA-220 device, which is very small but still very productive and secure. 

I have worked with one of the TACs, where there are almost 500 TAC engineers present. They have different rules for case priority when a customer opens something. If a customer is paying more to get support, then we have a dedicated engineer assigned to that particular customer. This is much easier for the customer, as they are getting one of the best engineers out there to troubleshoot their network. They never compromise on that.

Sometimes, due to some issues, tickets don't get assigned. Or, they assign the tickets manually if something goes wrong, which is a very odd case. Customers don't understand that. So, we always apologize to customers, and say, "How can we help you out?"

Support is 10 out of 10. 

Positive

We ask the end customer, whosoever has the legacy network in their organization, if they don't need all their extra devices in order to cut down on costs. We then do an IPSec tunnel on the cloud as a gateway. From there, they can route the traffic to the Internet or wherever they would like.

Palo Alto is a unified device with a very streamlined voice. I have worked on Cisco routers and ASA as well, where you have to do a lot of stuff through the CLI and Linux shell scripting. With Palo Alto, those things are streamlined and engineering takes care of everything.

The initial setup is pretty straightforward. It is very user-friendly. Everyone in an organization can learn the platform quickly. When we give training to our new candidates, they learn it very quickly. So, it is a streamlined device.

There is an interface type called V-Wire. You just connect it to your network. It will not disturb anything. You don't need to provide IPs. It doesn't need a separate Mac address. It just connects to a particular interface as a bump in the wire. It inspects your traffic, giving you an overall idea of what applications your organization is using and what user is doing what. If needed, you can deploy it in your network later on. This makes it very easy for our customer to deploy the product in their network before they buy it.

When it comes to installing a new PAN-OS version, it doesn't require you to go to Linux and write tons of commands in order to download and activate the latest PAN-OS version. You just have to download it, click the download tab, click the install tab, and then you are done. Therefore, it is hassle-free and super easy like Windows.

We have a very large team for deployment.

If you buy Palo Alto Next-Generation Firewalls, everything is in a single platform. You don't need to go and buy the Wildfire analysis to track zero-day attacks and lots of other things. Therefore, cost is cut down by 50% to 60% if you go for Palo Alto Next-Generation Firewalls.

If someone doesn't have a security platform in their network, then the following licenses will be required: antivirus, anti-spyware, vulnerability, and Wildfire analysis. There are also licenses for GlobalProtect and support.

Overall, Palo Alto Networks NG Firewalls is a market leader.

With other devices, you need a controller and console to manage them. That is not the case with Palo Alto Networks NG Firewalls, where most of the work is done through the GUI. If you want to deep dive, then you go to the CLI. 

Cisco ASAs give some information on the Nexus Firewall, but they are not streamlined. Whereas, Palo Alto Networks NG Firewalls is a streamlined device and easy to use.

If someone is in a routing and switching domain and wants to come up to a security domain, they should choose Palo Alto Network NG Firewalls.

We are happy to assist customers whenever support is missing. Over a period of time, we see customers raise tickets because they are looking for a particular feature that is not available on the platform. We don't say to our customers, "We don't support this." Instead, we take it as an opportunity, giving that information to our engineering team.

I would rate the solution as nine out of 10. I am leaving room for improvement.