Palo Alto Networks NG Firewalls Reviews

Our primary use case was to configure our PSAs for our customized configuration. 

I like that it has high security. 

The whole performance takes a long time. It takes a long time to configure. 

I have been using Palo Alto for six years. 

I contact Palo Alto by email or by phone. Their support is good. 

I have previously worked with Cisco ASA. Palo Alto is a lot easier especially in regards to security. It is a well-integrated software.

The difficulty of the deployment depends on our clients' environment and their requests.

We require a two-member team for support. 

In terms of how long it takes to deploy, again, it depends on the customers' environment. If the request is easy, it can take around two weeks.

I would rate Palo Alto a nine out of ten. 

In the next release, they should simplify the deployment process. 

We use this firewall as part of our overall security solution. It is used to protect our perimeter on the internet side. We have the on-premises version installed for our offices and the cloud-based version for our cloud offerings. For our cloud setup, we use both Azure and AWS.

The most valuable feature is the security provided by the ATP. It is definitely better than the security provided by other firewalls.

The API is available for integration with tools for automation and AI, which is very good.

The interface contains some decentralized tools, so simplifying it would be an improvement.

I would like the option to be able to block the traffic from a specific country in a few clicks.

Some of the implements under artificial intelligence should provide better visibility in terms of my traffic, such as where it originates and where it is going.

Better integration with industry tools would allow me to do quicker automation and reduce my operational costs.

We have been using the Palo Alto Next-Generation firewall for almost five years.

This solution is definitely not scalable. Although it is a next-generation firewall, it has its limitations in terms of policies. At one point in time, it becomes the bottleneck, which is something that we have to optimize.

We are using this firewall at between 10 and 15 locations.

We have been in contact with technical support and we are satisfied with the service.

We also use FortiGate VDOM, although this is for internal protection. The FortiGate interface is simpler in design than Palo Alto.

Prior to Palo Alto, we were using the Cisco ASA platform. When it was through with its lifecycle, we switched. Seeing the next-generation firewall competition in the market, Cisco definitely has a larger portfolio, but it is not as competitive in the security domain. Solutions from Palo Alto and Fortinet are better in this space.

It is easy to install and we did not find the initial setup complex at all. The basic firewall can be set up, and then it takes a little time for the hardening. In total, the deployment can usually be completed within two or three hours.

The pricing is competitive in the market.

Palo Alto NG is definitely a firewall that I recommend for the right size of deployment.

I would rate this solution an eight out of ten.

The solution has many great features. I don't know if there's one single one that stands above and beyond everything, however.

The application visibility is excellent. There is no other solution that does it quite as well. Palo Alto definitely has an edge in that sense.

The ability of the security features to adapt is also very good. They offer great DNS protection.

They include everything from a network point of view and a security perspective. For the most part, the endpoints are great.

The interface and dashboards are good.

The GSW needs some improvements right now.

The endpoints could use improvement. The solution is mostly a cloud solution now, and there are a lot of competing solutions that are playing in the space and may be doing things a bit better.

The pricing could be improved upon.

We've been dealing with the solution for the last four or five years at least.

The stability of the solution is good. It's quite reliable. I haven't experienced bugs or glitches that affect its performance. It doesn't crash.

If you size everything appropriately, you shouldn't have any issues with scaling. It's quite good. Users can scale it up if they need to.

I'd say that technical support is excellent. They are very helpful. We've quite satisfied with the level of support we got from the company.

I've never dealt with Huawei, however, our company has worked with Cisco, Dell, and HP among other solutions.

The pricing of the solution is quite high. It's too expensive, considering there's so much competition in the space.

There aren't extra costs on top of the standard licensing policy. Still, Palo Alto seems to be adding some premium costs that competitors just don't have.

While we mainly deal with on-premises deployment models, occasionally we also do hybrid deployments.

We're not a customer. We're a systems integrator. We're a reseller. We sell solutions to our clients.

Palo Alto is very good at policymaking. It's like they have a single policy that you can use. Other solutions don't have single policy use, which means you have to configure everything. There may be many consoles or many tasks that you'll have to worry about other solutions. Multiple task configuration should not be there, and yet, for many companies, it is. This isn't the case with Palo Alto. Palo Alto is easy compared to Fortinet. 

It's overall a very solid solution. I would rate it nine out of ten.

We primarily use the solution for the firewalls. We're also using the next-gen features to shape what's going on. For example, to figure out what is allowed out and what isn't allowed out on a layer-7 application-aware firewall. We can block based on the application, as opposed to port access.

The solution helped us stop being policemen to our users. We don't have to run around telling people they can't do certain things. We can just not allow it and walk away from it. We're not out there seeing who is doing what, we just don't allow the what.

The solution allows us to set parameters on where our users can go. We can block certain sites or ads if we want to.

The firewall capabilities are very good.

We're working with the entry-level appliances, so I don't know what the higher-end ones are like, however, on the entry-level models I would say commit speeds need to be improved. 

The appliances I'm working on are relatively old now. We're talking five-year old hardware. That slow commit speed might be addressed with just the newer hardware. However, even though it is slow, the speed at which they do their job is very acceptable. The throughput even from a five-year-old appliance shocks me sometimes.

Currently, if I make changes on the firewall and I want to commit changes, that can take two or three minutes to commit those changes. It doesn't happen instantly.

The solution doesn't offer spam filtering. I don't know whether it's part of their plan to add something of that aspect in or not. I can always get spam filtering someplace else. It's not a deal-breaker for me. A lot of appliances do that, and there are just appliances that handle nothing but spam. 

I've been using the solution for five years.

The stability is awesome. I haven't had any issues with the solution stability-wise. I've got the same firewalls that have been out there for five years and they work great.

I don't work with enterprise-class products. I'm not in that environment. However, so as far as I know, Palo Alto has products that will go that large. Panorama may be able to scale quite well. You can manage all your appliances out of it. They are a very popular license.

Their GlobalProtect license is very much like Cisco's AnyConnect. It does the endpoint security checks. It makes sure they've got the latest patches on and the antivirus running and they've got the latest antivirus definitions and whatnot installed before they allow the VPN connection to happen. It's quite nice.

Their support is very good. I've never had any issues with their support. I would say that we've been satisfied with their level of service. 

Occasionally there may be a bit of a language issue based on where their support is located.

The initial setup is pretty typical. It's like any firewall. As long as you've worked with next-gen firewalls, it's just a matter of getting your head around the interface. It's the same sort of thing from one firewall to the other. It's just a matter of learning how Palo Alto does stuff. Palo Alto as a system, for me, makes a whole lot of sense in the way that they treat things. It makes sense and is easy to figure out. That's unlike, for example, the Cisco firewalls that seem to do everything backwards and in a complicated way to me. 

I haven't worked with enough Cisco due to the fact I don't really like the way they work. That isn't to say that Cisco firewalls are bad or anything. It's just that they don't operate the way I think. That might have changed since they acquired FireEye which they bought a couple of years back.

I know the solution is not inexpensive. It depends on what you ultimately sign up for or whether you just want the warranty on the hardware. 

I'm not really a customer. I'm like a consultant. I'm an introduction expert. If I think a client needs a certain technology I point them in the direction of whoever sells it. I do go in and configure it, so I do have experience actually using the product.

When I'm looking for something, I just find someone that sells Palo Alto and I redirect the client towards them. I'm not interested in being in a hardware vendor. There's no money in it. There's so much competition out there with people selling hardware. It doesn't matter where the client gets it from.

We tend to use the 200-series models of the solution.

I'd rate the solution eight out of ten. They do a very good job. The product works well.

We are basically using a double protection layer in which we take care of all our DMV, VPN, tunnels, and internal network. We are basically using it for application based configuration  controlling our traffic on applications with layers four to seven. We are customers of Palo Alto and I'm an information security specialist. 

I like the training material they provide and the reporting is very good. The solution is very easy to configure, and very easy to understand and explain. Compared to firewalls offered by their competitors, I find it easier to use and more thorough. The most important thing the solution provides is, of course, the firewalling up to the application level.

There could be improvement with their logs, especially their CLI. When you go to the command line to understand the command line interface it's tricky and requires a deep understanding of the product. We recently faced one issue where the server side configuration changed and it wasn't replicated at the firewall. It required us to tweak things and now it is working fine. Finally, the HIPS and audio call features could be improved. 

I've been using this solution for two years. 

In the past two years I haven't had any issues with the stability. That applies to the hardware, software, upgrades, updates, new feeds. I haven't faced any big issue, you can say that. 

We are using their big boxes, like the 7,000 series. So it's already at that level. We're already using 120 GB, like three 40 gigs and it's working fine for us. You can scale as you wish.
We have over 10,000 people using the service through this firewall. It's working 24/7 and it's been that way for the past two and a half years. 

The initial setup is not complex. It took us 15 to 20 days because we were migrating from the other firewall. The strategy was to take the backup and simultaneously create a leg and transfer to that. The first time we deployed, we used the integrator recommended by the vendor. That worked very well. Our team worked with the integrator. We planned everything and they supervised us. 

We currently have four people helping with maintenance. They are security admins and their job is with the firewalls, like configuring and maintaining and upgrading all those things. 

Yes, we evaluated other options. Cisco was there, as was FortiGate. We were using Juniper at that time, and then Palo Alto came into picture. We carried out a comparison of pricing, support, features, etc. and then we made our choice. It was really the next generation features and application level security that were key to our decision. 

The advice I can give is that this is a good solution: Easy to deploy, easy to manage, easy to understand, reporting is very good, and it will give you the full picture up to the layer seven. Their VPN service is very good. 

The good thing is that whenever you need to train anyone on these devices, it's very easy to explain. Previous firewalls I've used, required a lot more work before you could configure. This isn't like that, it takes maybe 30 minutes and it's done. 

We use this solution as a firewall. We use it for VPN setup, threat protection, and for internet breakout also. We actually deploy several different versions. We have a TA200, a PA820, and a PA3200 series.

The most valuable features are the threat prevention and policy-based routing features. 

I think they need to have a proper hardware version for a smaller enterprise. We had to go to a very high-end version which is very expensive. If we chose the lower-end version, it would not meet our goals. A middle-end is missing in its portfolio.

For example, there's the PA820 and the PA220, but there's nothing between. So they are really missing some kind of small-size or medium-size usage. Right now, you have to choose either a big one or you have a very small one, which is not really good.

In the next release, it would be helpful if there was some kind of a visualized feature that showed the traffic flow, or something like that, to be able to simulate. When we define something if we could see a simulation of how the flow will be treated that would be great. Because today everything is done by experts by checking logs, but it's very time-consuming. If there's also a simulator to use when you apply some configuration, you can also apply on the simulator, to copy the configuration. So, you can see maybe to generate some traffic and to see how it will be treated. That will be very good.

The solution is pretty stable. Once you have it configured, normally it shouldn't have any issues. It does sometimes impact the metric flow, but that's natural because it filters everything going through, so it slows down the speed.

I don't think that product is really scalable. You have to either replace it with a higher version or use what you have. I think that's the only way. You cannot add something to increase its capacity, so you have to replace the current equipment to a new version or a new, higher version.

For technical support, we have a contract with some local suppliers. It depends on our partner, so it's probably different from location to location, but as long as they are certified with Palo Alto, normally they should have a one or two experts in their organization. So you just need to find a good person to work with.

We did previously have a different kind of a firewall. We used Check Point before. We also used NetScreen and Cisco. But in the end, we defined our standard and now use Palo Alto.

Firewalls are never easy. You have to have very good network expertise to set it up, so it's not about the product being easy to use or not. It's because of the nature of the firewall. You have to understand how it works, how it should be set up, and to understand your data flows and things like that. 

I'm not really the person who does the hands-on setup and integration. I'm the guy who monitors the global deployment. I'm in charge of defining the standard, to deploy the standard to the site, but there's an operational team to do the final installation, configuration, and those types of things.

On the one side, it will take maybe two or three days to enable the firewall, but if you are talking about the global deployment, that depends on the budget, and the resources that will take different time periods to deploy worldwide, so we are still not finished for all the locations. So we are still doing it.

Globally we have around 100 locations. We have two major network engineers who manage the firewall, but to deploy it you also need a local IT because they have to physically be on site. And the two experts remotely control the equipment, configuration, and upgrades, etc. So it's very hard to say how many people you need. It depends on your company size and where your locations are based. For us, we have two dedicated people, but we also have the local IT when we need them to physically help in the integration. 

We do use external partners for the setup. We use also our internal teams as well.

It's a bit pricey.

Once you install it, you use it every day. You can't stop because it's a security feature and a precaution. Also, we are using it to do some local breakouts, so we use utilize the local internet to carry some business traffic, to ensure there's no interruption. You have to let it run 24/7.

I would suggest you be careful when choosing your model. Consider your bandwidth as well as how you want to run the local area network because the throughput of the firewall has to be well designed.

I would rate this solution a nine out of10.

We use the solution to secure our Internet traffic and the application traffic from the Internet. 

There is also no need to connect to a VPN most of the time.

The payload is a very valuable feature. 

The technical support needs improvement. 

I have been using Palo Alto Networks NG Firewalls for six years. 

It is a stable solution. 

The deployment takes five to ten minutes. 

There are security licenses. 

Overall, I rate the solution a nine out of ten. 

We utilize advanced threat prevention features like web filtering and SSL decryption, which haven't caused any issues.

The tool's central management system is complicated, making it challenging to manage multiple devices centrally. Individually, the firewalls are easy to use and manage.

I'd like to see better central management features in the next release. They've introduced some, but I haven't tried them yet, so I can't say how effective they are. However, having a single management interface would be a big improvement.

I have been working with the product for six years. 

The product is scalable. 

The tool is stable. 

The tool's technical support is good compared to other vendors. 

Positive

Setting up the tool can be challenging, especially if configuring them individually. There's an option for zero-touch configuration, but it still involves managing Palo Alto Networks NG Firewalls, which adds complexity and doesn't always justify the cost. If you're experienced with the technology and starting from scratch, expect a steep learning curve.

The tool is expensive, especially considering all the necessary licenses for centrally managing firewalls. For medium-sized companies like ours, it's often not feasible within our budget constraints.

We pay around €200k yearly for all our firewalls. Additionally, we received a quote of over 1 million per year for Prisma Access. There is a significant cost difference compared to other options, where it's around €200k per year.

We have to pay a license for support. 

We started with on-premise infrastructure, including domain controllers. Still, as we moved to the cloud, there was a gap in group membership management until Palo Alto came up with a solution. We have multiple firewalls, about 50 of which are difficult to manage. However, the features offered by the firewalls themselves are really good.

In the future, we might consider switching from Palo Alto Networks NG Firewalls. We're currently evaluating a new solution. However, cost is a concern, as it seems more expensive than other products and SaaS solutions.

Integration with Palo Alto Networks NG Firewalls and other security tools or IT infrastructure is not entirely straightforward but manageable. It's easier compared to some other vendors but still requires effort. I have tried to integrate it with Cisco ISE. 

I recommend Palo Alto NG Firewalls for large enterprises. However, due to their high price, I wouldn't recommend them for small—to medium-sized companies, especially those with limited IT budgets.

We've found that Palo Alto NG Firewalls are particularly good at stopping zero-day attacks. Compared to other companies like Fortinet, we've had fewer security breaches with it.

I rate the overall solution a seven out of ten.