Palo Alto Networks NG Firewalls Reviews

I primarily help users migrate from traditional firewalls to Palo Alto NG Firewalls. This involves troubleshooting, assisting with application control and backup configuration, and teaching users how to optimize the firewall for their needs. Additionally, I guide users through the process of redesigning their firewalls and migrating their servers, which often includes helping them understand and manage the vast number of applications they have. Sometimes, the firewall cannot identify specific applications, requiring customization to ensure accurate recognition and security. Currently, I am working on a management query language, which involves collaborating with other teams to assess the necessity of specific applications and connections between the firewall and various assets. This ensures optimal security and network efficiency.

Although Palo Alto Networks NG Firewalls now utilize machine learning, its significance wasn't initially apparent to me. My first experience with Palo Alto revealed the power of their machine learning through features like WildFire, which uses real-time analysis to understand and combat hacker attacks. While early versions had tools like Power Tool that hinted at machine learning capabilities, Palo Alto didn't explicitly promote this functionality until version 10, likely in response to increasing market competition and the growing prominence of machine learning in firewalls. The embedded machine learning is helpful.

Palo Alto NG Firewalls has improved our organization's security by providing strong protection through network segmentation and XDR. The firewall has proven effective in reducing security risks and monitoring endpoint activity. It offers excellent application recognition and thorough threat analysis, boosting overall network security.

Palo Alto NG Firewalls have reduced over 90 percent of our network downtime.

Palo Alto NG Firewalls offer an efficient interface that simplifies log checking, troubleshooting connection issues, and firewall policy configuration. The process is user-friendly, guiding users through network infrastructure setup, interface creation, settings application, and policy configuration in a clear and intuitive manner.

Palo Alto Firewalls can improve their support structure, especially concerning longer working hours for engineers. Enhancing support teams' capability to handle cases without much delay would be beneficial. Additionally, the high cost of the product could be re-evaluated.

I have been using Palo Alto Next Generation Firewalls for over ten years.

Palo Alto NG Firewalls are stable. On a scale of one to ten, I would rate them around seven or eight for stability.

I find Palo Alto NG Firewalls to be highly scalable, and would rate their scalability as eight out of ten.

Customer support's effectiveness depends on the clarity and completeness of information provided by users.

I've used Check Point and Fortinet in addition to Palo Alto, but I prefer Palo Alto's interface and performance.

The initial setup for Palo Alto NG Firewalls is clear and instructive, detailing network infrastructure setup before advancing to policy configuration.

A fresh deployment of Palo Alto NG Firewalls can be completed in three days, followed by a two-day handover session to train users. This totals five days for deployment and training. However, migrations for companies with over 10,000 users and 20 subnets can take up to a month, potentially involving additional user requests or a phased approach.

I have vast experience deploying these firewalls on-premises within our team, making use of the intuitive interface provided by Palo Alto for implementation.

Although Palo Alto is expensive, its superior security functions, application identification, and overall performance justify the cost and make it stand out from the competition.

I would rate Palo Alto NG Firewalls nine out of ten. The Palo Alto NG Firewalls are great, but they are expensive.

I'm most interested in Palo Alto NG Firewalls, specifically how to improve their efficiency and application identification capabilities. Sometimes applications have unique requirements or behave differently, making accurate identification crucial. Palo Alto NG Firewalls excel at application-level security because they can block traffic, prevent attacks, and identify potentially compromised applications. Unlike traditional firewalls, Palo Alto NG Firewalls go beyond basic policy enforcement and traffic filtering by incorporating intrusion prevention systems and antivirus functionality. This allows them to analyze internal traffic for risks, similar to how antivirus software protects endpoints.

Future users need to appreciate the costs involved in using Palo Alto, and the manual configuration required is beneficial because it ensures clarity and control over what is being configured. To enhance your organization's security posture and management, I recommend implementing Palo Alto Networks NG Firewalls.

Three people in our organization are directly using the Palo Alto NG Firewalls.

Upgrading Palo Alto Next-Generation Firewalls requires some maintenance.

We primarily use Palo Alto Networks NG Firewalls for a DMZ firewall. Its primary function is to separate our network into four layers: a DMZ zone for all publishing services, an internal zone for internal user access to publishing services, a zone for terminating connections between VPN consultants and internal services, and a zone for Internet access.

We implemented Palo Alto Networks NG Firewalls to secure our network and control access using filtering and application control. We also use Palo Alto WildFire for vulnerability scanning.

We have Palo Alto Networks NG Firewalls deployed on the cloud and on-prem.

Palo Alto helps us secure our network against suspicious activity from both internal and external sources. Its integration with our SIEM aids our SOC team in blocking malicious activity.

Palo Alto Networks NG Firewalls do a good job securing our environment. To access any solution, the first step is to calculate the required throughput. Because we are working with a small network or environment, we need a specific amount of throughput from a Firewall model. I chose this particular model based on my throughput requirements. The second consideration is the level of security achievable by the solution. We are using additional methods, such as performing a gap analysis and assessing the solution, to determine this. This involves simulating attacks passing through the Firewalls to observe how the solution detects or blocks them.

The most valuable feature of Palo Alto Networks NG Firewalls is its application visibility, which allows us to see all users and their accessed resources. Additionally, its user-friendliness and customization options contribute to its overall value.

The reporting feature needs significant improvement. Generating reports in Palo Alto is challenging because it relies on specific attributes and source IDs. We want to create reports to view the number of users and consumption, but customization is difficult. The interface for generating reports is user-unfriendly, making it difficult to find information. Overall, the reporting capabilities are weak compared to other firewall solutions.

The SD-WAN feature needs improvement. It currently relies on the physical interface instead of the sub-interface, requiring Panorama rather than a local firewall. Furthermore, the configuration customization for SD-WAN application source and subnetting is significantly limited compared to other firewalls.

The technical support is slow and needs improvement.

I have been using Palo Alto Networks NG Firewalls for five years.

I would rate the stability of Palo Alto Networks NG Firewalls ten out of ten.

I would rate the scalability of Palo Alto Networks NG Firewalls ten out of ten.

Palo Alto does not provide direct support to customers. Each region has support partners, so to get direct support from Palo Alto, you need to be a very large customer. This is why resolving issues with Palo Alto takes a long time. We go through our partner, and they take some time to investigate and try to solve the problem. If they can't, they escalate the case to Palo Alto, which takes additional time to investigate and try solutions. This is why our cases may take days or weeks to resolve.

Negative

I work with numerous firewall solutions, including FortiGate, Cisco Firepower, Cisco Sourcefire, and Forcepoint Firewalls. I've found that each firewall excels in specific areas. For instance, I recommend Cisco Firepower for central firewall management. However, for DMZ and application control, I suggest Palo Alto. Finally, I recommend FortiGate for perimeter firewall deployment based on its extensive features and overall stability.

The initial deployment is straightforward and can be completed in a few hours for small environments. However, larger environments with multiple policies will require additional deployment time.

We have seen a return on investment of 30 percent from Palo Alto Networks NG Firewalls. 

Palo Alto is a more expensive firewall solution than others. However, it is the top choice for a DMZ and a valuable investment overall. We still need to invest in an additional firewall with more advanced features to enhance perimeter security.

I would rate Palo Alto Networks NG Firewalls seven out of ten.

Those looking for the cheapest and fastest firewall won't find that combination. They must invest money to get a fast firewall suitable for their environment. Gather their requirements before choosing a firewall that fits their budget and features. They can opt for the quickest or cheapest option or select a device compatible with their needs.

We have Palo Alto Networks NG Firewalls deployed in multiple locations, serving both on-premises and cloud departments. There are three people in our organization that work with the NG Firewalls. Our clients are enterprises.

Palo Alto Networks NG Firewalls require maintenance for software upgrades, and after several years, the hardware will also need upgrades.

I recommend Palo Alto Networks NG Firewalls for their stability and high level of security. If the security of your infrastructure is critical, Palo Alto is a strong choice, though it comes with a higher price tag. If budget is a concern or security isn't a top priority, then Palo Alto may not be the best fit.

As a reseller, our primary customers utilizing Palo Alto Networks NG Firewalls are in the financial services, government, and manufacturing sectors. They select Palo Alto Networks NG Firewalls due to their superior performance and security capabilities compared to alternative firewall solutions.

Palo Alto Networks NG Firewalls provides a unified platform that natively integrates all security capabilities for our customers.

Palo Alto Firewalls integrate machine learning into their core functionality to offer real-time, inline attack prevention that our customers rely on.

Palo Alto Networks NG Firewalls offer a variety of models designed to protect data centers in all work environments. These models share standard features.

Palo Alto Networks NG Firewalls can significantly reduce downtime, and replacing a firewall typically takes only one to two minutes.

Palo Alto Networks NG Firewalls' single-path architecture offers a valuable feature, ensuring stable performance for our customers.

Palo Alto Networks NG Firewalls pricing has room for improvement.

I would like Palo Alto Networks to provide a free virtual firewall.

I have been using Palo Alto Networks NG Firewalls for three years.

I have not encountered any stability issues using Palo Alto Networks NG Firewalls.

The scalability of Palo Alto Networks NG Firewalls is limited because of the lack of a virtual firewall.

The local support is better than the corporate support.

Neutral

Palo Alto Networks NG Firewalls are expensive compared to other solutions.

I would rate the price eight out of ten, with ten being the most costly.

I would rate Palo Alto Networks NG Firewalls eight out of ten.

Although Palo Alto Networks NG Firewalls are more expensive than other firewalls, they provide better protection and are a better value for your money.

On certain levels, it protects our information. Luckily, I had switched to Palo Alto as our VPN solution for our users. We finished that in December of 2019, just in time for COVID to hit. We had a system that was able to support 650 to 700 users remoting into our campus through the VPN. This was a huge use case for us, as it was not intended to be the solution for COVID, but it turned out to be the solution for COVID. So, it was a great use case. Obviously, we want to protect our servers, virtual servers in the cloud, and on-prem. 

We have the eighth fastest supercomputer in the world. Unfortunately, we don't get to protect that because it has so much data going through it, i.e., petabytes a day. There isn't a firewall that can keep up with it. We just created a science DMZ for that kind of stuff as well as large data movers since we do weather data for the world. We research the ocean, sky, and solar weather. We have 104 universities who work with us around the world. Therefore, we need to have data available for all of them. We need to be protected as much as we can.

We started with Palo Alto 5060, then the 3060 came in, which was the next form. We have now switched to an HA system and have four firewalls as our base: a pair of 5220s and a pair of 5250s. We have been running the different OSs from PAN-OS 8.0, 8.1, 9.0, 9.1, and then 10.1. We are about to move to 10.2. We are in the process of doing that over the next week. We like to stay on the cutting edge because they are always adding more features and security.

We have it deployed in a number of different ways. We have our four main firewalls, which have two high availability pairs. One is set primarily for users and outward-facing functions. Therefore, our DMZ servers, staff, and guest networks are on one pair of firewalls. Back behind the scenes, labs and our HR department are on a separate set of firewalls. We call them: untrust and trust. Then, we have another set of firewalls, both in our Wyoming supercomputing center and in our Boulder main campus, which runs a specific program that has a DOD contract that requires more security, so they have their own set of firewalls. We also have firewalls in Azure Cloud for our tests and production environments. I am in the process of purchasing another VM firewall to put on the AWS Cloud. The last set that we have is at our Mauna Loa Solar Observatory, where we have an HA pair of just 800s because we only have a one gig radio link down the side of the volcano to the University of Hawaii.

We have between 1,200 and 1400 staff at any given time. Essentially all of them use the solution one way or another, either to access systems or through the VPN. We also have remote users who aren't employees but instead collaborators, and they can be anywhere in the world and remote into our systems. We then have people who are doing PhD programs at universities around the world who need to get into our systems to download data sets as part of their PhD or Master's program. Thus, the solution is not limited to our employees.

We have been around since the late 50s to early 60s. We were one of the original people who helped set up the ARPANET, which was a precursor to the Internet. Historically, our science has been open science. We want everyone to have it. The mindset has been that our network is flat and open to everything, and we have slowly reeled that in. Now, more of our stuff is behind firewalls. We are now going through a project where we are doing some more segmentation within the protected part. Each lab is protected from each other, or at least can be. They still talk to each other all the time, so we have rules for that. If we need to, we can shut access down right away because of the firewalls.

One of the best features is that Palo Alto NGFW can embed machine learning in the core of the firewall to provide inline, real-time attack prevention. We aren't using the AWS-offered firewalls in the cloud or Azure. When I read over the specs on it, it is more like a traditional firewall where a port is open to an IP address, and that is all you know. Palo Alto can decide if traffic is of a certain kind, regardless of what port and protocol it is using. Then, it can figure that out and I can write my rules based on that. That is a huge functionality and super important to me. The machine learning as well as being able to send stuff to WildFire is pretty important too. We like to get those types of reports and know that we have more protection from zero days than most traditional companies would.

The WildFire reporting and Cortex XDR platform have huge infrastructures in the cloud that secures the network against threats. So, we have the potential on the system, specifically for users, where we take care of this since the user is the most dangerous. We get reports back from WildFire on a minute-by-minute basis, rather than a daily or weekly update like I used to with different AV vendors. These features can detect viruses and malware more quickly, which is super important.

We have some large data movers that we can't put behind the firewalls. We don't have the largest firewalls, we have the 5200 Series firewalls. Their throughput is about 20 gigs a second, and it is protecting networks that have 100 gig connections. So, we have to be kind of choosy as to what we put behind the firewalls, but for the stuff that we put behind it, the latency really isn't problematic at all. Even though the firewall location is just one aspect, we have three different areas that talk to each other over multiple 240 gig links or 200 gig lengths. The firewall is not hindering that at all.

The biggest thing that needs to be improved with them is their training. I took a training class for the 8.0 build, then I took it again for the 9.0 and 10 builds. They add new features every time that they do a new major release, but the training doesn't keep up. It is the same basic training that probably was with the 3.0 build, and they just change the screenshots. I would love to see them do some more work since they have all these bells and whistles, but we don't know how to use those features on a large scale.

I know this little section here about the firewall, but I know there is a huge amount that still could be done with it. I am not touching enough of it because I just don't know how. It seems like the more I learn about it, the more I learn that there is to learn

We have been using Palo Alto Firewalls for the past six years. We started with a single firewall, then built up from that.

It is very stable. A lot of times, it depends on what our network tweaks are, e.g., we monitor the link between the firewall and the router. If it misses some heartbeats on that, then it will switch over. That is part of how the HA process works. If it says I am not getting network connectivity, then it tells the other one to take over. We actually have an exciting way to do that because we have one data center at the top of the hill at the front-end of Boulder (or on the south-end.) We have another one in the HA link about 13 miles away at the north-end of Boulder. We actually do an HA pair across there using a 200-gig link with dark fiber between them. Most people, with their HA pairs, will be right next to each other, but ours are only that way on a globe.

The firewall tech support team has been very good and responsive. Sometimes, they are too responsive. They call when I am in a different meeting, then I have to figure out with whom I am going to talk. The sales engineering team is also really good because they will monitor some of that, then call me about it separately to see if I need additional support.

For the VPN only, we used Cisco's old ASA firewalls. That was set up before my time. We moved away from that when we went to GlobalProtect in December 2019.

Primarily, I wanted a single platform. We had Palo Alto Firewalls doing firewalling things and Cisco firewalls doing the AnyConnect VPN solution. Paying maintenance of both sets didn't make a whole lot of sense to me. Also, ASAs didn't seem to be able to support as many users concurrently as the Palo Alto solution looked like it could support. So, I just got rid of the Ciscos and went to the Palo Alto NG Firewalls and GlobalProtect.

I have actually done a lot of initial setups. They are fairly straightforward at this point. The hardest part was where I had to just send them out to Mauna Loa, and I wasn't allowed to go to Hawaii for that. I had to set them up in Boulder, then I would think how they should be used and ship them over. That was a little difficult, since once they were on the ground in Hawaii, the final steps were slightly difficult to handle. As soon as they unplugged from the switch that was currently handling traffic and plugged into the switch where the firewall was connected, the person at the other end's laptop no longer had a connection for all the stuff that had been having traffic. We had to do everything by the old phone method. It was challenging, but we got through it.

Usually, I can get the initial deployment done in a few hours. However, going through and working with people to get what they need set up, as far as the rules and different areas behind the firewall, that takes a few weeks to a couple of months. A lot of that is based on people's time.

The first thing is get the basic things working: the networking, any routing that we need to do, and build communication to our RADIUS servers and Active Directory so we can log in and use our multi-factor authentication to manage the firewall. After that, I work with different groups who will be behind the firewall to find out what IP ranges they need supported, what kind of routing, who they want to talk to, and with whom they want talking to them. I have to know all that stuff. A lot of times, it is kind of teasing out information as far as what protocols they will be talking on or will they be using SSL or SNMP.

A lot of times that is a do-it on-the-fly kind of thing. You sort of stand stuff up, and say, "Check it now," and then they say, "Well, this one is not working now." Or, we just added a new service and this needs to be turned on. So, there is a lot of movement back and forth.

I have done all of it by myself, except for the very first installation of the firewall that was done in conjunction with a reseller. That was before my time.

There are two of us on the firewall team. There are another three or four guys from the networking side team who also help out.

We had an external pen test a couple of years ago. They found a number of findings for the areas of our network that hadn't yet moved behind the firewall and no findings at all for the ones that had. This was just because of the way that we wrote the rules and because of the firewalls, which prevented an external source from being able to view and enumerate our systems. If something wasn't behind the firewall, they were able to get a response back in many cases, even when they weren't supposed to be outward-facing.

I have information that Palo Alto NGFW has blocked malicious activity. We use the Palo Alto High Confidence block lists. 

There is an advantage to going with the high availability pair licensing model versus the standalone. It gives you a high availability pair, but the pricing is only a slight increase over a single system. It makes sense to take a look at your add-on functionality, like the Applications and Threats subscription and URL protection subscription. On the user side, I might want everything. However, on the server side, I might not need very much. I might want the Applications and Threats subscription and not much else. So, you don't have to buy all the bells and whistles for every firewall. Depending on what the function is, there are ways around it.

There are a lot of other subscriptions available, such as DNS Security and URL protection. I have heard there is an advanced URL protection going to be released soon. Also, there are a few others, like SD-WAN and GlobalProtect, which is one that we have because we have users who use Macs, Linux Boxes, and Windows systems. So, we need to support all of that.

Someone else made the decision to buy the initial Palo Alto gear. When they left, I had to learn the Palo Alto gear. At that point, I said, "I know Palo Alto. I like it. Why would I change away from it?" So, I have looked at different solutions throughout the years, but Palo Alto is one of the best out there.

We use Cisco Umbrella for DNS. We have done this for 15 years since it was open DNS as part of an MSF stipulation.

All data goes through the firewall,since our HR and finance departments are behind the firewall. A lot of our labs are behind the firewall. We have some plans to expand, as I am about to put a virtual firewall in AWS Cloud for a project. We have a C-130 hub that has been flying into hurricanes and tornadoes for years. I want to put a firewall on that to protect the instrumentation from outside sources.

If you are just looking for the cheapest, fastest firewall out there, that is a foolish attitude. The point of a firewall is to increase your security, not to increase your throughput. You don't want it to degrade your throughput, but the cheapest solution and the solution that makes sense aren't necessarily the same thing.

The main advice would be to plan on starting small, then build up. Don't try to do everything at once. Also, make sure you do the available training prior to use or at the same time, at least the basic one, because that is important. 

Make sure you have a good networking background or a good network engineer standing next to you because talking to the routers is key.

I would rate it at about eight and a half to nine out of 10. There is no perfect answer, but this is a pretty good one.

We have implemented peripheral firewalls and micro-segmentation within our LAN network. To further segment our data center, we have deployed firewalls in the middle of the network. Additionally, we utilize Palo Alto Networks NG Firewalls in our GCP environment for various use cases, including URL filtering, URP, file blocking, and threat prevention.

Palo Alto Networks NG Firewalls natively integrate all security capabilities, making it crucial for our XDR integration. To address the challenges of our small cybersecurity team, we have implemented significant optimizations. This streamlined approach allows us to efficiently monitor and analyze all logs, ultimately providing a comprehensive view of our security posture.

Palo Alto Networks NG Firewalls embed machine learning at their core to provide crucial, real-time inline attack prevention. In today's world of relentless cyber threats, detecting and blocking malware, viruses, and hacker intrusions is paramount. These attacks pose a constant threat to our data security, making firewalls essential tools for safeguarding our digital assets.

It provided immediate benefits to our organization through their seamless integration, automation capabilities, enhanced visibility, and robust traceability features.

Palo Alto Networks NG Firewalls are consistent in securing data centers across all our workplaces.

The Palo Alto Networks NG Firewalls excel in their integration capabilities. By combining them with XDR, Prisma Access, or other Palo Alto Networks SaaS products, organizations can achieve enhanced visibility, trust, and threat prevention. The integration with Cortex XDR enables automated threat prevention through the use of playbooks. This comprehensive solution is ideal for advanced threat detection, log correlation, and other security-related tasks.

The integration with AI needs improvement.

I have been using Palo Alto Networks NG Firewalls for seven years.

We provide the initial level of support for our customers' firewalls. If a customer requires direct assistance from Palo Alto support, we can open a case and facilitate their connection.

Positive

The initial deployment is straightforward. I would rate the ease of deployment a nine out of ten.

When comparing Cisco, Check Point, and Palo Alto firewalls, I found Palo Alto to be the most effective. Its configuration interface is more intuitive, making it easier to set up policies and manage the firewall. In contrast, I encountered significant challenges with Cisco and Check Point firewalls. To date, I have not experienced any issues with Palo Alto.

I would rate Palo Alto Networks NG Firewalls ten out of ten.

Palo Alto Networks NG Firewalls offer a robust security solution. However, when integrated with a comprehensive platform like Cortex XDR and XSOAR, their value proposition significantly increases for businesses. By leveraging indicators of compromise, NG Firewalls can generate Extended Detection and Response alerts, streamlining the identification and mitigation of threats. This automation eliminates the need for manual intervention by technicians and cybersecurity analysts, resulting in improved efficiency and overall security posture.

The unified platform provided is very important to us as it allows us to manage all traffic and ensure security without using separate tools. It has AI and ML capabilities, which work well for real-time attack prevention.

Since implementing Palo Alto, we've seen an 80-90 percent reduction in issues. It handles ISP links, ensuring minimal downtime. Recently, we upgraded our secondary ISP to 3 Gbps, and when the primary link goes down, it automatically switches to the secondary. As a result, end users do not experience bandwidth shortages or interruptions in internet access.

One area for improvement with Palo Alto Networks NG Firewall would be customer support. Currently, in regions like India, customer support is handled by third-party partners. Unfortunately, the support provided by these partners has not been satisfactory. It would be beneficial if the tool handled customer support directly, similar to how Cisco maintains high-quality customer care. This would ensure that customers receive the level of support they expect.

Getting reliable service is important when you're a customer, especially with critical devices like firewalls. Firewalls are key parts of a network; if they fail, the whole network can become unstable. So, the support you get needs to be just as reliable as the device itself.

I have been working with the product for a year. 

I haven't experienced any downtime. 

We used Cisco ASA before. At that time, Cisco didn’t have a unified next-generation (NG) firewall, and I’m unsure if they offer one now. The main reason we decided to switch was that we needed a unified NG firewall. Besides the unified features that NG firewalls provide, there were other differences between Cisco and Palo Alto Networks NG Firewalls, particularly in terms of features and price. However, the features are mostly similar across different firewalls; it depends on how they’re implemented, how effective they are for end users, and how well they handle security. This varies from company to company and firewall to firewall because each has its architecture, data plan, processing, control, and so on. So, it depends on the original equipment manufacturer.

The tool's deployment is complex and takes seven to eight days to complete. 

The tool's pricing is similar to that of Cisco. It's a security appliance; the cost depends on your network topology and specific requirements. The suitability of NG firewalls should be chosen based on your network and what you need. If a colleague from a different company asked for the cheapest and fastest firewall, I suggest they consider options like Sophos. Sophos took over Cyberoam, which was previously a leader in NG firewalls

I work with the product, and we purchased our box after a demo. We also have IoT security, but I don't personally handle that. I rate the overall product a nine out of ten. 

We are a consulting group that specializes in deploying Palo Alto Networks NG Firewalls for a telecom-related partner in Pakistan. Additionally, we implemented global protection for remote users. Furthermore, we configured different policies for internal users based on their job designations and privileges, such as URL filtering and application controls.

Palo Alto Networks NG Firewalls' advanced machine learning capabilities offer real-time attack prevention and are crucial in our security setup. We implemented a multi-layered security approach and are currently working towards a zero-trust model, including defense for development. According to the Gartner report, Palo Alto ranks second after Check Point, highlighting the significance of security in our environment.

We access all the firewalls via Panorama. We configured certain global user profiles to allow access to our site for remote or work-from-home situations, which we then access through GlobalProtect.

Before we started to use Palo Alto Networks NG Firewalls, we had a different FortiGate firewall that presented several issues such as deep security URL filtering and throughput issues. However, with Palo Alto, we were able to address these problems, particularly with the use of parallel processing. We have successfully deployed inbound and outbound SSL inspection, as well as different URL filtering, making Palo Alto a more resilient option compared to other products.

It is important the solution provides a unified platform that natively integrates all security capabilities. Compared to other products, Palo Alto Networks NG Firewalls' unified platform is a ten out of ten and suitable for all environments. 

Palo Alto Networks NG Firewalls help fill security leaks by enhancing confidentiality, integrity, and availability.

Palo Alto Networks NG Firewalls help automate multiple security tools and unify them.

The solution assisted us with managing our network operations and reducing related costs. We use various Network Management Systems to monitor our network, including Palo Alto which we monitor from its dashboard. Additionally, we use various Security Operations Center solutions, as well as SolarWinds. We also utilize different monitoring platforms to track network traffic.

The WildFire feature offers protection against Zero-Day attacks, and we find that Palo Alto is a valuable tool for mitigating such attacks using WildFire.

Palo Alto's single architecture provides parallel processing and reliability as well as superior visibility compared to other products. The reporting feature is excellent and can impress management during presentations or when accessing logs.

The application IDs, application controls, URL filtering, visibility, monitoring, and reporting are the most valuable features.

I would like to have an on-prem sandbox solution included in a future update.

The cost has room for improvement.

I have been using the solution for five years.

I give the stability a nine out of ten.

I give the scalability a ten out of ten.

The technical team is good.

Positive

The initial setup is straightforward. I give the setup a ten out of ten. The deployment took three months to complete. We require five to six people for deployment.

The implementation is completed in-house.

The cost of Palo Alto Network NG Firewalls is significantly higher compared to Huawei. For instance, while we can buy a Huawei box for 100 rupees, a Palo Alto box costs 100,000 rupees.

I give the solution a nine out of ten.

Palo Alto Networks NG Firewalls is an impressive product.

The solution is used for our enterprise clients.

Although Palo Alto is not the most inexpensive firewall solution, it is worth the cost to ensure proper protection for our networks.

Palo Alto PA-400 series cost and performance for small offices are good.

We provide localization services and use Palo Alto Networks NG Firewalls to protect our environment.

We have two on-premises Palo Alto Networks NG Firewalls that are managed in the cloud.

Palo Alto Networks NG Firewalls provide a unified platform for centralized management. This is one of the most critical features of the NG Firewalls.

Palo Alto Networks NG Firewalls utilize embedded machine learning to combat the evolving landscape of cyber threats. This is crucial because traditional security methods often fall short against modern malware and sophisticated attacks. By employing machine learning, these firewalls proactively identify and mitigate risks in a way that static rules-based systems cannot, effectively countering the advanced techniques increasingly used by malicious actors.

It helps reduce downtime in our organization by 98 percent.

Palo Alto Networks NG Firewalls offer a comprehensive suite of security features, with Intrusion Prevention System and certificate inspection being among the most valuable.

The machine learning feature, with its continuous potential for improvement, directly enhances the security of Palo Alto Networks NG Firewalls.

I have been using Palo Alto Networks NG Firewalls for almost 12 years.

The technical support is good, and Palo Alto has excellent documentation.

Positive

We also use FortiGate Firewalls in addition to Palo Alto Networks NG Firewalls. Both offer similar features and prices and are considered top competitors in the market.

The return on investment from Palo Alto Networks Next-Generation Firewalls has been significant, as the enhanced security they provide to the enterprise effectively offsets their cost.

Palo Alto Networks NG Firewalls are affordable, and we get what we pay for.

I would rate Palo Alto Networks NG Firewalls ten out of ten.

We have over 10,000 end users.

When choosing a firewall, cost often reflects capability. While budget-friendly options exist, their security levels may not match those of higher-end providers like Palo Alto or Fortinet. Investing in a robust firewall often provides enhanced protection and advanced features, justifying the higher cost.

We have three employees and one consultant who are responsible for the maintenance of our NG Firewalls.