Palo Alto Networks NG Firewalls Reviews

We use them to do quite a bit of URL filtering, threat prevention, and we also use GlobalProtect. And application visibility is huge for us. Rather than having to do port-based firewalling, we're able to take it to an application level.

We have quite a number of security pieces that are implemented for our network, such as a DNS piece, although we're not using Palo Alto for that purpose. But with that, in line with our seam, we're able to better distinguish what normal traffic looks like versus what a potential threat would look like. That's how we're leveraging the NG Firewalls. Also, we have separated the network for our databases and we only allow specific users or specific applications to communicate with them. They're not using the traditional port base, they're using application-aware ports to make sure that the traffic that has come in is what it says it is.

Machine learning in Palo Alto's firewalls, for securing networks against threats that are able to evolve and morph rapidly, has helped us out significantly, in implementation with different security software and processes. The combination allows our security analysts to determine the type of traffic that is flowing through our network and to our devices. We're able to collect the logs that Palo Alto generates to determine if there's any type of intrusion in our network.

The machine learning in the core of the firewalls, for inline, real-time attack prevention, is very important to us. With the malware and ransomware threats that are out there, to keep abreast of and ahead of those types of attacks, it's important for our devices to be able to use AI to distinguish when there is malicious traffic or abnormal traffic within our environment, and then notify us.

The fact that in the NSS Labs Test Report from July 2019 about Palo Alto NG Firewalls, 100 percent of the evasions were blocked, is very important to us. 

The SD-WAN product is fairly new. They could probably improve that in terms of customizing it and making the configuration a little bit easier.

I've been using Palo Alto NG Firewalls for about five years.

The firewalls are very stable. We've had no issues with downtime.

They're very scalable. Because we use Panorama, we're able to have global firewall rules for areas that we want to block, across the network, for security reasons. We just push those down to all the devices in one shot.

Our corporate site has about 500 users, and our 14 remote sites, because they're retail, usually have anywhere from five to 10 users each.

Their support is generally very knowledgeable. Sometimes it depends though on who you get, but they've always addressed our issues in a timely manner.

We were using older versions of Palo Alto's firewalls and we also had Cisco firewalls in our environment.

For our remote stores we're able to use Panorama, along with Palo Alto's Zero Touch Provisioning hardware. Once a device is connected to the internet and can communicate back to our Panorama, it just pulls the configurations. That means it's very easy to deploy.

It took about two to three months to deploy about 14 sites. That wasn't because we were having issues, it was just the way we scheduled the deployment, because we had to bring down different entities and had to schedule them accordingly with a maintenance window. But if it wasn't for that scheduling, within a week we could have deployed all of the remote sites.

For our implementation strategy, at our corporate site we had both old and new firewalls sitting side by side on the network. As we went to a remote site we would take them from their legacy Cisco and cut them over to the new firewall. Once that was done, we moved all of the firewall rules that were on the old firewall over to the new one.

When it comes to maintenance and administration of the firewalls, my team of five people is responsible. We have a network architect, a network specialist, two senior network specialists, and a security manager.

We did it by ourselves. We have a certified Palo Alto engineer on staff and he did all the installation.

Definitely look into a multi-year license, as opposed to a single-year. That will definitely be more beneficial in terms of cost. We went with five-year licenses. After looking at the overall costs, we calculate that we're only paying for four years, because it works out such that the last year is negligible. If we were to be billed yearly, the last year's costs would be a lot more. With the five-year plan we're saving about a year's worth of licenses.

Based on the quantity of devices we purchased, we found that the hardware price was actually cheaper than most of the other vendors out there.

If a colleague at another company were to say, "We are just looking for the cheapest and fastest firewall," given my experience with Palo Alto's NG Firewalls, my answer would depend on the size of the company and how much traffic they're going to be generating. Palo Alto is definitely not the cheapest, but if you scale it the right way it will be very comparable to what's out there.

One of the things we like about Palo Alto is the fact that the hardware appliances we have are not impacted in terms of resources. The CPU and memory stay low, so we don't have a bottleneck where it's trying to process a whole bunch of traffic and things are slow. We were looking at various brands because we were going from older hardware to newer, and we wanted to evaluate what the other vendors were doing. After that evaluation, we were comfortable that Palo Alto would be able to handle all of our network traffic without impacting performance.

We looked at Fortinet and Cisco. Cisco is a bit pricey when compared to our Palo Altos. Fortinet was definitely cheaper, but we were skeptical about their performance when we bundled all of the features that we wanted. We didn't think it was going to be fast enough to handle the network traffic that we were generating across the board. We believe Cisco would have handled our traffic, but their next-gen platform, along with SD-WAN, required us to have two separate devices. It wasn't something that would have been on one platform. That's probably why we didn't go down that road.

Part of what we considered when we were looking around was how familiar we were with the technology. That was also a big area for us. Most of the guys on our team were pretty familiar with Cisco and Palo Alto devices. They weren't too familiar with Fortinet or Check Point. We narrowed it down based on if we had a security breach, how easy would it be for us to start gathering information, remediating and troubleshooting, and looking at the origin of the threat. We looked at that versus having to call support because we weren't too familiar with a particular product. That was huge for us when we were doing the evaluation of these products.

Other than the SD-WAN, everything else has been functioning like our previous setup because it's a pretty similar license. The way that the new hardware handles URL filtering, threat protection, and GlobalProtect has been pretty solid. I don't have any issues with those.

Overall, I would rate Palo Alto NG Firewalls at nine out of 10. It's definitely not the cheapest product out there. Cost is the main reason I wouldn't put it at a 10.

We use this firewall to segment our network into two parts and control traffic between them, providing a secure and efficient way to manage our network.

The product's most valuable features are the ease of deployment, regularly updated security information, and robust hardware.

Palo Alto's various products need better integration to ensure they work harmoniously.

We have been using Palo Alto Networks NG Firewalls for the past six years.

The firewall is very stable; I rate it ten out of ten in terms of stability.

The solution is highly scalable, accommodating around 5,000 users at our site. We plan to increase usage, which is a matter of purchasing new licenses without affecting current operations.

While I have not used technical support service, my team has, and they have found it to be very good.

Positive

We switched from AWS to Oracle Advanced Analytics because while AWS was easy to use, it was more expensive.

The setup is easy but requires careful planning and expert design to ensure optimal deployment. The process involves planning, reviewing requirements, designing, implementing, and operating the firewall.

Palo Alto NG Firewall effectively prevents threats and helps maintain a secure network environment.

I rate it a nine out of ten.

The product’s most valuable feature is security.

Palo Alto Networks NG Firewalls work slowly for vulnerability management. Its performance could be faster.

We have been using Palo Alto Networks NG Firewalls for five years.

The product is stable. I rate its stability a ten out of ten.

I rate the product’s scalability a nine out of ten.

The technical support services are good. They respond immediately.

Positive

We used FortiGate earlier. We plan to switch again to FortiGate as per our vendor’s preference.

The initial setup process is quite easy. It took less than a month to complete.

I rate the product’s pricing an eight out of ten.

We evaluated Check Point. We decided to go to Palo Alto for better pricing.

I rate Palo Alto Networks NG Firewalls a nine out of ten.

We use Palo Alto Networks NG Firewalls for our gateway security.

Embedded machine learning is important.

The user experience is good and the configuration is very easy.

Palo Alto Networks NG Firewalls provide a unified platform that natively integrates security capabilities.

IDM is the most valuable feature.

The process of applying updates to Palo Alto Networks NG Firewalls has room for improvement.

The price also has room for improvement and the technical support could respond faster.

I have been using Palo Alto Networks NG Firewalls for one year.

The solution is extremely stable.

The solution is scalable. We have 60 people that use the solution in our organization.

The technical support is good but can sometimes be slow.

Positive

I previously used WatchGuard XTM firewalls, but I switched to Palo Alto Networks NG Firewalls because of their superior performance and features.

We have seen a good return on investment.

Palo Alto Networks NG Firewalls are expensive compared to WatchGuard XTM firewalls.

I give Palo Alto Networks NG Firewalls a ten out of ten.

We have to perform regular updates for the solution.

We use Palo Alto Networks NG Firewalls mostly for firewalls.

Palo Alto Networks NG Firewalls saves our company time and resources, which equals money.

Palo Alto Networks NG Firewalls saves us time. The solution's firewalls have secured our company, and we don't have to worry about anything.

I would like more reporting and metrics in the solution.

We have been using Palo Alto Networks NG Firewalls for two years.

It is a stable solution.

It is a very scalable solution.

We have seen an ROI with Palo Alto Networks NG Firewalls because it saves us time. We haven't worried about any security issues and feel very protected with Palo Alto Networks NG Firewalls.

It is expensive but is worth the price.

Before choosing Palo Alto Networks NG Firewalls, we did evaluate other options.

We're fine with the firewall and not shopping around for a firewall.

The fact that it embeds machine learning in the core of the firewall to provide inline, real-time attack prevention is invaluable to me.

Palo Alto NGFW provides a unified platform that natively integrates all security capabilities, which is invaluable to me.

It does a great job of securing data centers consistently across all workplaces, i.e., from the smallest office to the largest data centers, and we have zero complaints.

Palo Alto Networks NG Firewalls have helped us reduce about twenty extra hours a week of downtime in our organization.

I rate the value we receive from attending an RSA Conference a ten out of ten.

Attending RSAC will surely have an impact on our organization's cybersecurity purchases made throughout the year afterward.

Overall, I rate the solution a ten out of ten.

Solutions like firewalls and routers improve any company. If you don't have them, then I wouldn't be doing business with you. 

Palo Alto has embedded machine learning in the core of the firewall to provide inline, real-time attack prevention. That's big. We're embedding that type of security and information into every part of our corporate network as well as our products.

It has helped to reduce downtime in our organization. The savings are probably in single digits.

I typically get involved with it when it comes to audit and compliance and having to gather evidence of those firewalls, routers, and rule sets. The evidence that I typically need is there.

We got a lot of integrations into it, but I don't know if it integrates with all.

I don't deal with it from a day-to-day perspective, but I can say that the evidence that I typically need is there, but sometimes, it's a task to actually get it and pull it out. They can make it easier to gather that evidence. From our NetOps team's perspective also, they can make it easier to manage and constantly update those rule sets.

I don't know for how long exactly we have been using this solution, but I've been aware that we've had them probably since about 2016 or 2017.

It's very stable. They are highly ranked within their space.

It's a good product for securing all types of workplaces. It's specifically good for data centers, which are all brick-and-mortar houses. Small businesses must also have it because they don't have the ability to have everything in a cloud or virtualized firewalls and other things like that.

I haven't dealt with their support team.

I was not involved in its initial deployment.

I am able to gather some of the evidence and things that I need. Our NetOps team uses it heavily, and they love it.

I would assume that it's still within mid-range given its company structure and everything else. My guess is it's still okay.

To someone at another company who says, “We are just looking for the cheapest and fastest firewall,” I would say that you just lost the customer because I'm not going to do business with somebody who is going for the cheapest. I'm always looking for a vendor or customer that has more input and cares about the security of their systems.

The value received from attending an RSA Conference includes prizes and other things, but on a personal level, I love the tech talks, knowing about a lot of industry changes, and different product solutions being showcased.

RSAC definitely has an impact on our organization’s cybersecurity purchases made throughout the year. One of my main roles is vendor due diligence, so I come to RSA quite often, and I have conversations with many different sales engineers who can explain the security of their products because that's what I focus on during our onboarding process. 

Overall, I would rate this solution a seven out of ten.

We're partners. Essentially, we take all the Palo Alto firewall policy information and all the device information, and we put it on a single pane of glass for them.

It provides a unified platform that natively integrates all security capabilities. This communication between security devices or security platforms is pretty important.

It helps to reduce downtime in our organization, but I don't have the metrics.

Their Prisma log collection is pretty great. Our product collects the logs, and it definitely makes the configuration of log collection easier.

Everything has been great. More machine learning would be something great to see, but I don't know if it's a priority for Palo Alto.

We're partners with Palo Alto. We've been partnering with them for about ten years for their firewalls.

It's pretty stable.

It's pretty scalable. Palo Alto does a great job across the board from small businesses to large enterprise solutions.

I have not had direct communication with their support.

We've worked with different firewall solutions such as Check Point, Cisco, ACI, and Fortinet, but Palo Alto is definitely among the ones that I like to work with.

Overall, it provides a wide range of features for securing an environment.

You get what you pay for.

The RSA Conference is great. You get to see a wide range of products all in one place. In terms of security, this is the place to be. It has been a great experience.

I believe attending the RSA Conference has an impact on our organization’s cybersecurity purchases made throughout the year afterward. It gives us a good forecast as to where the industry is going and what's to come so that we can be better prepared to partner with all different vendors.

To a colleague at another company who says, “We are just looking for the cheapest and fastest firewall,” I would say that Palo Alto is definitely not the cheapest. It's one of those things where you prefer quality.

Overall, I'd rate this solution a nine out of ten.

We use Palo Alto as our perimeter firewall. We also use the GlobalProtect VPN solution.

It gives visibility into different threats. There is a wide range of threats that can be identified.

We collect logs from Palo Alto into our Rapid7 SIEM solution. It's pretty well integrated. This integration is important because we don't necessarily want a solution from the same vendor. I know Palo Alto has Cortex for collection. Being open to other vendors in order to ingest the data or logs is a great thing.

Palo Alto has embedded machine learning in the core of the firewall to provide inline, real-time attack prevention, which is important because AI is the future. All cybersecurity companies are going to start using it. It's definitely a good thing. We just need to make sure that there's still the human component because AI can still fail.

Palo Alto has a wide range of different appliances or virtual machines. It can be installed anywhere from a small branch to a data center. It helps to secure small businesses to large enterprises.

The most valuable feature is advanced URL filtering. Its prevention capabilities and DNS security are also valuable. It pinpoints any suspicious activities and also prevents the users from doing certain things. For example, DNS security prevents users from reaching certain websites, so it's really interesting.

Palo Alto should improve their support. It's sometimes difficult to get the right technician or engineer to fix the problem as soon as possible.

We have been using Palo Alto for at least five years. 

They're pretty robust. They also have Unit 42, which is their threat intelligence team. They make you feel safer because they can identify the threats and then implement protection from those into their firewall.

Scalability is pretty good on the virtual side. Because the virtual environment licensing model is based on credit, if you don't wanna use UI protection tomorrow, you can get rid of it and use those credits for another product or another license.

Because of the pandemic, there's a lot of turnover and the quality of the support technicians is not great. I hope they will improve. I would rate their support a seven out of ten.

Neutral

I didn't use any other solution previously.

It was straightforward. They have great documentation. We use Palo Alto in the Azure environment, and their Azure documentation is one of the best documentation I've ever seen. It's very detailed. It can be confusing sometimes because there's a lot of information, but it's definitely good. They're good at documenting, and their knowledge base is really interesting for troubleshooting. There's a lot of useful information.

We deployed it ourselves. We didn't use any company to deploy it.

It's hard to tell. It's preventing attacks, but I don't have any specific case where I can say whether a particular attack would not have been blocked by another vendor.

It can be quite expensive, but there's a good incentive for the three-year contracts. The part that is especially confusing is for the virtual environment. The credits or the licensing system can be very confusing.

We didn't evaluate any other options.

As a result of my experience with Palo Alto NGFW, to a colleague at another company who says, “We are just looking for the cheapest and fastest firewall,” I would say that the cheapest and fastest means there is a potential risk of breach. Even though Palo Alto is quite expensive, it definitely makes you feel secure. The configuration of the appliances or virtual machines is pretty straightforward, so you don't need to be highly trained in order to be the administrator of the platform.

It's important to attend an RSA Conference even if you're already a customer. That's because you might not be necessarily aware of the new products, so going to an RSA Conference can help you identify new solutions that may be valuable for your company. 

Attending an RSA Conference will have an impact on our organization’s cybersecurity purchases made throughout the year afterward. There are a lot of different vendors that I've found, and I will probably get in touch soon.

Overall, I would rate this solution a nine out of ten.