Palo Alto Networks NG Firewalls Reviews

We use the solution to filter out the traffic from our internal networks, not a public-facing network.

The predictive analytics and machine learning for blocking DNS-related attacks keep track of IP addresses and DNS names from other countries requesting access to our resources. The solution helps us identify any malicious activity and maintain our network safety. We first check the DNS issue and put it into the blacklist. If we get a similar DNS issue from another country in the future, we block the IP range altogether.

Apart from traditional technologies, we have been relying on signature-based identities. For example, we have been following up on what is in the data system and the firewall. These systems can only detect what has already been returned by the data system. If any security vendor does not update its databases or firewalls, or if its upgrades or firmware are not up to date, then malicious attacks can occur. The advantage of Palo Alto is its real-time analysis, as opposed to traditional methods that use signatures. Palo Alto Network NG Firewall has come up with some great behavioral analytics and the Wildfire feature, which helps organizations stay safe from false positive notifications or alerts.

The unified platform helps eliminate security gaps. We had certain servers that we hosted with open ports and we needed to ensure that these ports were closed. When we first set up the solution in the production environment for testing purposes, we detected traffic coming from ports on the server that had not been identified by our previous firewall. Palo Alto Network NG Firewalls uses all of its resources to detect security threats. The solution helps our organization close security vulnerabilities, Palo Alto Network NG Firewalls provide us with the instruments we need to complete our job. 

The unified platform helped eliminate multiple network security tools and the effort needed to get them to work together. We need to be able to detect the type of traffic being generated from which applications are on which systems and by which users. This will help us identify which IPs are making the requests. Previously we had to rely on multiple tools to collect this information. Palo Alto Network NG Firewalls also provide one graphical interface to display all the information. The solution simplified the process by dropping two to three tools and giving us a clear view of some first-hand data, especially data that has been preliminarily investigated in the case of cybercrime, which is essential.

Security is our primary concern which we build our networking concept around and networking is secondary. We have a single sign-on agent and a dedicated service to run the firewalls. Our architecture is set up in a way that, if a DDoS attack occurs, all the traffic would go down and we have to be prepared. When we consider both the network and security features, we are more inclined toward the security side. Our clients are usually understanding if the downtime is only two to ten minutes and we can recover quickly. 

There are no actual delays happening on the side of setting the solution up because we have all the resources documented on YouTube and on the website itself. We haven't experienced any delays in identifying and collecting the documents or installing the server. However, once we began the onboarding process, some technical issues arose. We forgot to include a customer's request for support from Palo Alto and as a result, the customer executed support themselves either through our website or a call, but a customer service agent acknowledged and resolved the request quickly. Because of that issue, we have been able to allocate adequate resources for implementation. We feel as if we are receiving premium service.

The most valuable features of Palo Alto Network NG Firewalls are policy editing and rule assigning for firewalls, as well as Wildfire. The solution does a great job of identifying malicious items and vulnerabilities with URL filtering. When combined with Fortinet, we have instant results.

Palo Alto Network NG Firewalls is doing impressive work with its AI technology, which is important to our organization. I have forwarded the papers to the director board in a recommendation to make the solution public-facing. We are considering using Palo Alto as an internet-facing firewall for our next project because the solution is an excellent firewall appliance with impressive features and a great UI.

The user interface can be significantly simplified. The dashboard and other features can be more thoughtfully designed. We get all the data in a single dashboard, which gives us additional insights. However, it takes time to sort it all out so it's easily accessible. If the data can be presented in a more graphical and structured way, it would be more helpful.

I have been using the solution for eight months.

We have had a very minimal number of false positives with the solution and it has been very stable. There have been no issues with the firewall itself. In the previous case, we had a lot of tension between the firmware update and the customer service department. This was due to the system working itself up. We had absolutely zero capability issues.

The solution is scalable with the Azure environment. I believe it is scalable because we have many data connectors. We were able to speed up the process within the hybrid environment.

We had some technical support from Palo Alto at the time of installation.

Positive

We have been using the FortiGate firewall for almost 20 years in our environment, but we recognized the Wildfire feature and some of the AIM firewall systems. FortiGate is not a next-gen firewall. Other applications such as Gartner insight offer better connections and recommend a firewall, similar to Palo Alto Networking NG Firewalls, for better application performance. We procured the solution and we have been testing it. We don't like to put all our eggs in one basket. We need multiple firewall solutions to connect with our environment. If one fails for any reason, we can have the second one take over the job. We have servers hosted in the cloud environment and each server has a different firewall installed. If we lose our connection due to a firewall issue, a firmware issue, or if Fortinet couldn't detect malware or a zero-day attack, we would be out of luck without Palo Alto Networks NG Firewalls. We are considering utilizing both solutions to best suit our needs. 

The initial setup is straightforward. Depending on the resources and skill set of the network engineers the deployment should take between 15 and 20 minutes.

The solution provides good protection and is worth the price.

The only additional cost to our organization comes from having to train our engineers on the proper use of the solution.

I give the solution an eight out of ten.

We have two network administrators, which have been working on the design end, three analysts working on the system itself who are continuously monitoring the firewall status, three cybersecurity engineers, and two network engineers to deal with the networking concepts and any delays with the networking protocols. We also have three cybersecurity engineers to follow up with the monitoring, checking the security incidents, and responding. In total there are five users administrating this firewall on eight servers. The firewall acts as a router, filtering the packages between five servers on the other side. This provides an eight versus five network filtering job. The firewall is not public-facing. We are utilizing it to filter up the data, and packets of files, which are moving between the load balances.

We have an environment for production and for development. The development environment is for scaling our application. The production environment goes to the public, and we have a staging environment for testing our application. We have a joint venture with our clients, which we call UIT. This joint venture helps to reduce costs and create an environment that is beneficial for both our clients and us. We only use our staging environment occasionally, whenever we need to push something new to our service for testing purposes. It will be used around two to three days a week, or twelve to fifteen days a month. We are underutilizing the solution currently because we have only completed five percent of the development. We have analyzed the cost and are trying to procure the solution in our live environment.

The cost of security can be expensive when we analyze new technology and the need for new technologies to cover emerging vulnerabilities and malicious acts. I recommend Palo Alto Networks NG Firewalls because most of the colleagues in our environment, such as Cognizant, Deloitte, and many other IT companies use Palo Alto Networks NG Firewalls. 10 to 12 years ago, Fortinet was the leading security solution that most people were using followed by Cisco Firewall. Presently Palo Alto Networks NG Firewalls provide the most value from a security solution, such as the detection of vulnerabilities and malware, in a cost-effective way. 

Apart from the standard features of any firewall system, Palo Alto Networks offers some additional benefits that make it worth the price. These features include URL filtering and deep packet inspection, with the best feature being Wildfire. I recommend the solution.

We have implemented peripheral firewalls and micro-segmentation within our LAN network. To further segment our data center, we have deployed firewalls in the middle of the network. Additionally, we utilize Palo Alto Networks NG Firewalls in our GCP environment for various use cases, including URL filtering, URP, file blocking, and threat prevention.

Palo Alto Networks NG Firewalls natively integrate all security capabilities, making it crucial for our XDR integration. To address the challenges of our small cybersecurity team, we have implemented significant optimizations. This streamlined approach allows us to efficiently monitor and analyze all logs, ultimately providing a comprehensive view of our security posture.

Palo Alto Networks NG Firewalls embed machine learning at their core to provide crucial, real-time inline attack prevention. In today's world of relentless cyber threats, detecting and blocking malware, viruses, and hacker intrusions is paramount. These attacks pose a constant threat to our data security, making firewalls essential tools for safeguarding our digital assets.

It provided immediate benefits to our organization through their seamless integration, automation capabilities, enhanced visibility, and robust traceability features.

Palo Alto Networks NG Firewalls are consistent in securing data centers across all our workplaces.

The Palo Alto Networks NG Firewalls excel in their integration capabilities. By combining them with XDR, Prisma Access, or other Palo Alto Networks SaaS products, organizations can achieve enhanced visibility, trust, and threat prevention. The integration with Cortex XDR enables automated threat prevention through the use of playbooks. This comprehensive solution is ideal for advanced threat detection, log correlation, and other security-related tasks.

The integration with AI needs improvement.

I have been using Palo Alto Networks NG Firewalls for seven years.

We provide the initial level of support for our customers' firewalls. If a customer requires direct assistance from Palo Alto support, we can open a case and facilitate their connection.

Positive

The initial deployment is straightforward. I would rate the ease of deployment a nine out of ten.

When comparing Cisco, Check Point, and Palo Alto firewalls, I found Palo Alto to be the most effective. Its configuration interface is more intuitive, making it easier to set up policies and manage the firewall. In contrast, I encountered significant challenges with Cisco and Check Point firewalls. To date, I have not experienced any issues with Palo Alto.

I would rate Palo Alto Networks NG Firewalls ten out of ten.

Palo Alto Networks NG Firewalls offer a robust security solution. However, when integrated with a comprehensive platform like Cortex XDR and XSOAR, their value proposition significantly increases for businesses. By leveraging indicators of compromise, NG Firewalls can generate Extended Detection and Response alerts, streamlining the identification and mitigation of threats. This automation eliminates the need for manual intervention by technicians and cybersecurity analysts, resulting in improved efficiency and overall security posture.

The unified platform provided is very important to us as it allows us to manage all traffic and ensure security without using separate tools. It has AI and ML capabilities, which work well for real-time attack prevention.

Since implementing Palo Alto, we've seen an 80-90 percent reduction in issues. It handles ISP links, ensuring minimal downtime. Recently, we upgraded our secondary ISP to 3 Gbps, and when the primary link goes down, it automatically switches to the secondary. As a result, end users do not experience bandwidth shortages or interruptions in internet access.

One area for improvement with Palo Alto Networks NG Firewall would be customer support. Currently, in regions like India, customer support is handled by third-party partners. Unfortunately, the support provided by these partners has not been satisfactory. It would be beneficial if the tool handled customer support directly, similar to how Cisco maintains high-quality customer care. This would ensure that customers receive the level of support they expect.

Getting reliable service is important when you're a customer, especially with critical devices like firewalls. Firewalls are key parts of a network; if they fail, the whole network can become unstable. So, the support you get needs to be just as reliable as the device itself.

I have been working with the product for a year. 

I haven't experienced any downtime. 

We used Cisco ASA before. At that time, Cisco didn’t have a unified next-generation (NG) firewall, and I’m unsure if they offer one now. The main reason we decided to switch was that we needed a unified NG firewall. Besides the unified features that NG firewalls provide, there were other differences between Cisco and Palo Alto Networks NG Firewalls, particularly in terms of features and price. However, the features are mostly similar across different firewalls; it depends on how they’re implemented, how effective they are for end users, and how well they handle security. This varies from company to company and firewall to firewall because each has its architecture, data plan, processing, control, and so on. So, it depends on the original equipment manufacturer.

The tool's deployment is complex and takes seven to eight days to complete. 

The tool's pricing is similar to that of Cisco. It's a security appliance; the cost depends on your network topology and specific requirements. The suitability of NG firewalls should be chosen based on your network and what you need. If a colleague from a different company asked for the cheapest and fastest firewall, I suggest they consider options like Sophos. Sophos took over Cyberoam, which was previously a leader in NG firewalls

I work with the product, and we purchased our box after a demo. We also have IoT security, but I don't personally handle that. I rate the overall product a nine out of ten. 

We are a consulting group that specializes in deploying Palo Alto Networks NG Firewalls for a telecom-related partner in Pakistan. Additionally, we implemented global protection for remote users. Furthermore, we configured different policies for internal users based on their job designations and privileges, such as URL filtering and application controls.

Palo Alto Networks NG Firewalls' advanced machine learning capabilities offer real-time attack prevention and are crucial in our security setup. We implemented a multi-layered security approach and are currently working towards a zero-trust model, including defense for development. According to the Gartner report, Palo Alto ranks second after Check Point, highlighting the significance of security in our environment.

We access all the firewalls via Panorama. We configured certain global user profiles to allow access to our site for remote or work-from-home situations, which we then access through GlobalProtect.

Before we started to use Palo Alto Networks NG Firewalls, we had a different FortiGate firewall that presented several issues such as deep security URL filtering and throughput issues. However, with Palo Alto, we were able to address these problems, particularly with the use of parallel processing. We have successfully deployed inbound and outbound SSL inspection, as well as different URL filtering, making Palo Alto a more resilient option compared to other products.

It is important the solution provides a unified platform that natively integrates all security capabilities. Compared to other products, Palo Alto Networks NG Firewalls' unified platform is a ten out of ten and suitable for all environments. 

Palo Alto Networks NG Firewalls help fill security leaks by enhancing confidentiality, integrity, and availability.

Palo Alto Networks NG Firewalls help automate multiple security tools and unify them.

The solution assisted us with managing our network operations and reducing related costs. We use various Network Management Systems to monitor our network, including Palo Alto which we monitor from its dashboard. Additionally, we use various Security Operations Center solutions, as well as SolarWinds. We also utilize different monitoring platforms to track network traffic.

The WildFire feature offers protection against Zero-Day attacks, and we find that Palo Alto is a valuable tool for mitigating such attacks using WildFire.

Palo Alto's single architecture provides parallel processing and reliability as well as superior visibility compared to other products. The reporting feature is excellent and can impress management during presentations or when accessing logs.

The application IDs, application controls, URL filtering, visibility, monitoring, and reporting are the most valuable features.

I would like to have an on-prem sandbox solution included in a future update.

The cost has room for improvement.

I have been using the solution for five years.

I give the stability a nine out of ten.

I give the scalability a ten out of ten.

The technical team is good.

Positive

The initial setup is straightforward. I give the setup a ten out of ten. The deployment took three months to complete. We require five to six people for deployment.

The implementation is completed in-house.

The cost of Palo Alto Network NG Firewalls is significantly higher compared to Huawei. For instance, while we can buy a Huawei box for 100 rupees, a Palo Alto box costs 100,000 rupees.

I give the solution a nine out of ten.

Palo Alto Networks NG Firewalls is an impressive product.

The solution is used for our enterprise clients.

Although Palo Alto is not the most inexpensive firewall solution, it is worth the cost to ensure proper protection for our networks.

Palo Alto PA-400 series cost and performance for small offices are good.

Our primary use for the solution is as a perimeter device and firewall. 

Suppose a packet enters our organization with a new, unknown signature. In that case, the firewall can upload it to the primary database and generate user alerts to inform users of the malicious signature, blocking it if necessary.

The solution's most valuable feature is the robust firewall, which we can also use as a UTM device. 

The Wi-Fi analysis and zero-day threat prevention are very good features. 

The product defends our production, blocks files, and prevents data leakage. It's a complete package for advanced security, which is excellent for a firewall.

It's beneficial and vital to us that Palo Alto NGFW embeds machine learning in the firewall's core to provide inline, real-time attack prevention. Suppose it observes any abnormalities in our traffic. In that case, the product can detect that through machine learning and generate a lock so we can mitigate an attack or a vulnerability in the system.   

Palo Alto NGFW's machine learning works well to secure our network against threats that can evolve and morph rapidly. A particular strategy we encounter on our system is when a packet comes in and behaves abnormally. Palo Alto detects the abnormality, generates an alert, and responds based on our policies by blocking or discarding the package.   

We use the firewall's DNS security, and it's excellent for blocking DNS attacks thanks to the continuously updating Palo Alto threat database. For example, the product blocks users from accessing sites with a known malicious DNS.

The price could be more friendly, which would be good for Palo Alto and us. If the price were a little lower, then it would be a viable option for mid-level businesses, who may not be able to deploy at the current price point.

We've been using the solution for one and a half years. 

The solution is very stable and robust. 

The product is scalable and very easy to configure; we enjoy the configuration and operation of the firewall. 

We contacted Palo Alto technical support on several occasions, and they're excellent; they always try to resolve our issues as soon as possible. 

Positive

We previously used Cisco ASA and Check Point NGFW and switched to the Palo Alto solution because it offers more robust and complete protection and features.

The initial setup is straightforward, and it depends on the network configuration. If we want to make few network changes, we can deploy the firewall in Virtual Wire mode, and we don't have to mess with IP addresses and so on. If we want to deploy with a new configuration, we can do that in Layer 3 mode.

If we upload a pre-planned configuration to our network firewall, the deployment can take as little as 10-15 minutes. We have a team of nine engineers responsible for daily policies, troubleshooting, etc.

We deployed via an in-house team; we have a big team, so we deploy ourselves whenever possible.

The solution is worth the money for organizations operating in critical environments with lots of sensitive data and information. Data leaks can lead to broken trust with clients and a suffering reputation in the business community, including brand damage.

Palo Alto NGFW is relatively expensive compared to the competition.

I rate the solution 10 out of 10.

Palo Alto NGFW provides a unified platform that natively integrates all security capabilities, which is an important feature. It provides a robust kind of security counter at the perimeter level.  

The solution's unified platform helps eliminate security holes. For example, the firewall can easily block attempted SQL injections with the help of App-ID. 

Palo Alto NGFW's unified helped to eliminate multiple network security tools and the effort needed to get them to work with each other. The solution provides vulnerability assessment and protection, antivirus prevention, data leak prevention, file blocking, site blocking, and application blocking, all in one product. It's an excellent firewall device and very useful for our network. 

We have the zero-delay signatures feature implemented with our firewall, and it's essential because attack signatures are updated immediately. Attackers are trying to find new ways to harm our network daily, and the zero-delay feature makes it so that the network is updated in seconds, and the first user to see a new threat is the only one to experience first exposure. This functionality improved our security.   

To a colleague at another company who says they are looking for the cheapest and fastest firewall, it depends on their environment. I recommend Palo Alto or Check Point if they are a financial institution. If they are a mid-level non-financial institution, I recommend Cisco Secure Firewall because it's also a good firewall.

To someone looking to use Palo Alto NGFW for the first time, analyze the packet flow of your organization and understand which types of packets you're getting and which type of services you are providing in your data center or enterprise. Multiple data centers require a high security level, so I recommend activating the Layer 7 feature.

The biggest lesson I learned from using the solution is the importance of following all the steps in the operation manual when upgrading or updating. 

We use it for perimeter security because it gives application layer security and we also use it for VPN access.

We use the PA-3200 and PA-200 models. In terms of the version, we are one version behind the latest one. The latest version is 11, and we are still on version 10.

The biggest benefit we have seen from it is the ability to identify the traffic of our networks based on the application ID that Palo Alto can provide. Palo Alto firewalls have the most extensive App-ID library, so we are able to identify which applications are necessary for business and which ones are not. We can then block those that are not crucial for business at the firewall itself, so App-ID in the firewall was the biggest benefit to us.

Palo Alto NGFW embeds machine learning in the core of the firewall to provide inline, real-time attack prevention, which is important and very helpful. I wouldn't be able to compare it to any other product because we have used Palo Alto for eight years, but the machine learning that they have embedded into their OS has been very helpful. Based on the learning that they have done, they have been able to analyze the traffic and coordinate traffic patterns to alert us about possible malware and even block it.

It provides a unified platform that natively integrates all security capabilities. Palo Alto NGFW has been able to give us all that we need from one particular appliance itself. If we wanted, we could have also used the DNS feature, and in that case, one device could have met all our needs.

Because it's a unified platform, management is easy. You have to learn only one particular management interface. Once our IT team gets familiar with the management interface, it's easier for them to apply security policies, monitor the traffic, and manage the plans using the same GUI. There are no learning curves for different products.

We try to keep our security fairly tight. The policies that we have created on the Palo Alto NGFW have been based on security requirements. As of now, we haven't detected anything that would point to a hole in our environment, so it is very hard to say whether Palo Alto NGFW’s unified platform helped to eliminate any security holes.

It has helped to eliminate multiple network security tools and the effort needed to get them to work together with each other. It has helped us consolidate into one vendor. Earlier, we used to have an appliance for the firewall, and then we had an appliance for VPN. We had a separate appliance for the collection and correlation of data. We have eliminated all of those. They are now in one box. The same firewall gives us security policies and lets us collect all the data about the traffic flowing in and out of the network and correlate events. It has helped us eliminate the VPN appliances that we were using in the past. It has helped us to eliminate two other vendors and bring all the services into one.

The single-pass architecture is good. Everything is analyzed just once, so it improves the performance. 

Application layer firewalling has been the most valuable feature because it gives thousands of application IDs that we can use to control traffic into and out of our environment. The second most important feature has been the GlobalProtect VPN feature.

The only problem that I see with the Palo Alto NGFW being an all-in-one appliance is that because of the different features that are being put into a single appliance, the OS tends to be beefier. Over the eight years, we have seen that the number of features or analyses being put into the appliance itself has a tendency to slow down the appliance, especially at the time of bootup. So, any time we are doing maintenance work, the time required for the appliance to boot up and be fully functional again is significantly longer than eight years ago. They could find a way to make this all-in-one appliance faster.

They should also make the documentation much easier to understand. Given all the features that they have built into the firewalls, it should be easier for the end users to understand the product and all the features available on the product. They should be able to utilize the product to the maximum capabilities. The documentation and the tech support available need to improve. The tech support of Palo Alto has deteriorated over the past few years, especially after our pandemic. Getting tech support on our issues is very difficult. They could definitely improve on that.

I've been using it for about eight years.

It's very stable. We have had no issues. There are only two issues that I recall ever happening on our firewalls. The first one was when they released an application ID that caused a problem on the network, but they were able to resolve it quickly within a matter of hours. The second issue was also because of the change in the OS. In both cases, the resolution was quick.

In terms of scalability, they have a huge range of models, so depending on what your requirements are, you can scale up from the very base model that goes from 100 megabits per second to the largest one that goes to 10 gigs per second. They have a wide range of appliances that you can upgrade to based on your needs.

In terms of the traffic that can pass through the firewall, it has been fairly good for us. We have not had to upgrade our network. Being a small company, we don't have too many users. In the past eight years, we have not had to change our bandwidth for the increase in traffic. Whatever we selected four years ago, they remain the same. We have not had to upgrade the hardware capabilities just because our traffic is increasing, but in terms of feature sets, we have added more and more features to the appliances. When we started off with Palo Alto, we were only using the firewall features, and then slowly, we added a VPN for mobile users. We added a VPN for site-to-site connectivity, and the scalability has been good. We have not had to upgrade the hardware. We have just been adding features to the existing hardware, and it has not caused any deterioration in the performance.

We have about fifty users that are split between the East Coast and the West Coast. Each coast has only about twenty-five users. All in all, we have about fifty users using these products.

It used to be good in the past, but over the last few years, it has been very bad. You open a case, and you expect somebody to get back to you and help you out with the issue. They say that based on the SLAs, somebody will get back to you within a certain number of hours for the priority ticket that you created, but that getting back actually includes the initial response where somebody is just acknowledging that they have the ticket. That does not mean that somebody provides me with the solution or takes action on it. If I open a priority one case, which means my network is down, somebody will get back to me within two hours based on the SLA, but that response only includes the acknowledgment mentioning that your case has been received. That's it. It's a different question whether someone is going to get on the phone with you or give you an email about how to troubleshoot the issue and fix that issue.

I'd rate them a six out of ten based on the response time and the quality of the responses received over the last three or four years.

Neutral

We were using Cisco's router-based firewalls. They had some advantages, but they did not have a graphical interface for configuration, which was the weakest point. Getting team members on the team who were not familiar with the command line configurations for our Cisco firewalls made us select a product that provides a graphical interface for configuration, and that was a reason for moving to Palo Alto.

It has been fairly easy to set up. The initial setup is good. The migration to a new box can also be pretty straightforward.

I have had experience with setting it up from scratch, and it has been good. It's more on the simpler side. The initial setup to get the firewall in place with basic security principles is straightforward. When you go to the advanced features, it gets trickier.

The deployment duration depends on the complexity of the network and the kind of rules that you want to implement. The physical appliances are relatively straightforward to set up. For the base security, it doesn't take more than a couple of hours to set it up, but it can take a relatively long time to set up and configure the firewalls that sit in the cloud.

We use physical appliances and virtual appliances. The physical appliances are in our on-prem environment, and the virtual appliances are in our cloud environment. It took about four hours to set up the physical appliances from scratch, whereas the virtual or VMCD ones took a lot longer. It took two to three days to set them up.

For the VMCD ones, we had to get help from their pre-sales support team, but for the on-prem physical appliances, we did the implementation ourselves.

It isn't cheap. It's cheaper to replace the equipment every three years than to upgrade. We have done two refreshes of their appliances. What I have seen is that the initial hardware cost is low, but you need a subscription and you need maintenance plans. After every three years, if you're trying to renew your maintenance or subscription, that can be very costly. It's cheaper to just get a newer solution with a three-year subscription and maintenance. It's cheaper to replace your hardware completely with a new subscription plan and a new maintenance plan than to renew the maintenance subscription on existing hardware. That's the reality of the Palo Alto pricing that gets to us.

You pay for the initial hardware, and then you have to pay the subscription cost for the features that you want to use. Every feature has an extra price. Your firewall features are included with the appliance, but the antivirus feature, DNS security feature, VPN feature, URL filtering, and file monitoring features are additional features that you need to pay for. So, you pay extra for every feature that you add, and then based on the features you purchase, you have to pay the maintenance plan pricing too.

Before moving to Palo Alto, we did evaluate other options. In those days, we tried out the Check Point firewall. We tried out Fortinet, but Palo Alto was the one that met our needs in terms of the features available and the ease of learning its features and configuration. We went for it also because of the price comparisons.

Try to get hold of a presales engineer and do a PoC with all the features that you're looking at before you make a purchase decision.

It isn't cheap. It's definitely the faster one. It meets all the needs. If you're looking for an all-in-one solution, Palo Alto NGFW would definitely meet your needs, but it isn't the cheapest one.

We have not used their DNS security feature because we use a competitor's product. We use Cisco Umbrella for that. The reason is that for the DNS security to work, the traffic from those endpoints needs to flow through the firewalls, but we have a lot of mobile user devices whose traffic does not flow through the firewall and we'd like them to have DNS security. We use Cisco Umbrella because that's an endpoint application that protects the endpoints from vulnerabilities based on the DNS reputation, and all the traffic from those endpoints does not necessarily need to go through a central endpoint, like a firewall.

Overall, I would rate Palo Alto NGFW an eight out of ten. 

We have multiple offices across the United States. Palo Alto Networks NG Firewalls is the best solution for securing our network, and the best part is that we can provide a single working solution.

Palo Alto Networks NG Firewalls' embedded machine learning is very important. Every packet is inspected by the firewall, and if it is heuristic or contains a virus or some other unknown packet, it is sent to the Wildfire feature for review. If the packet is safe, it is allowed to pass through, otherwise, a signature is left to protect the organization. The updated signature is then sent to the entire network for the same packet.

Palo Alto Networks NG Firewalls machine learning helps secure our networks against threats that are able to evolve rapidly.

Palo Alto Networks NG Firewalls DNS security helps prevent DNS-related attacks in combination with our policies and machine learning.

Palo Alto Networks NG Firewalls provide a unified platform that integrates with all security capabilities.

The zero-delay security feature with cloud technology is able to immediately releases the signature and update the database.

Palo Alto Networks NG Firewalls single-pass architecture has fast processing and security because of the separate models. The networking speeds rely more on the routers, not the firewall.

The solution provides the ability to process the packets regularly saving us processing time and that is very valuable.

The user ID, Wildfire, UI, and management configuration are all great features.

The stability, scalability for enterprise-level organizations, and technical documentation have room for improvement.

I have been using the solution for six years.

When it comes to network security, there is no such thing as stability; every day brings different forms of attacks, which we must constantly work to prevent.

The solution is scalable but has room for improvement at an enterprise level.

We have around 1,000 people using the solution.

The technical support is good. We receive a quick resolution for our issues.

Positive

The initial setup is straightforward. The deployment time depends on the type of implementation the organization requires but it is not complex. We can do everything from the firewall GUI without having to install any software.

The implementation is completed in-house.

The solution is expensive. Other vendors such as Fortinet provide the same features for less.

I give the solution a nine out of ten.

Palo Alto Networks NG Firewalls is a good solution and I recommend it to others for their network security needs.

Compared to the other firewalls, Palo Alto Networks NG Firewalls are the quickest.

We use these firewalls to manage wastewater systems for over a hundred municipalities across the country. As a result, we exclusively use them in the operational technology (OT) space.

One of the key benefits is that it enables us to secure environments that may pose more significant security challenges.

The centralization capability is the most valuable feature of this solution as it enables us to monitor our systems efficiently. Additionally, the firewalls are excellent, with straightforward configuration and comprehensible interfaces that our engineers can set up with ease.

The cloud firewall solution offers a unified platform that integrates social security capabilities, but it comes at an additional cost.

I think having the ability to see the big picture is important for us, and that's not always easy to achieve. 

As for how important it is for us to have Palo Alto NG Firewalls and defense machine learning at the core of the firewall for real-time attack prevention, I think it's a bit premature to say. There are many players in that field currently, and I would prefer to see them get it right before jumping in just for the sake of being there.

A major concern is making the licensing more accessible to enable small municipalities to afford and manage their own systems independently.

I have had experience working with Palo Alto Networks NG Firewalls for a minimum of three to four years.

I would rate the stability of Palo Alto Networks NG Firewalls a nine or ten out of ten.

Palo Alto Networks NG Firewalls are very scalable.

As far as I know, the technical support for this solution is excellent. 

My team has used it a few times and has always been satisfied with the service. I have never received any negative feedback regarding the support lines.

I would rate the technical support an eight or nine out of ten.

Positive

A lot of the municipality's systems rely on Palo Alto Networks NG Firewalls to stay online, and we've found that they provide better uptime compared to most other solutions.

Our downtime has been reduced by 80 to 90% with the implementation of Palo Alto Networks NG Firewalls.

I was not involved in the deployment process.

We have seen a return on investment. By centralizing our monitoring of systems, we have been able to make our lives easier.

The licensing leaves a lot to be desired. 

We buy the license and then we can't transfer the license without paying an exorbitant fee to our client if they leave us, and that just seems to be a bit of a pain point for us, and there's really no way to partner effectively to make that more reasonable.

We continuously review firewalls, whether it's Check Point or Fortinet, or Cisco. But Palo Alto has been the best for us.

As most of our environments are in the cloud, we don't have a lot of experience in securing data centers.

If a colleague at another company is only looking for the cheapest and fastest firewall, I would advise them that Palo Alto Networks is not the right solution for them. 

While it may not be the most affordable or the quickest to set up, the investment in Palo Alto Networks NG Firewalls is well worth it in terms of reliability and security. 

Choosing a firewall based solely on cost and speed may result in a false sense of security and leave the organization vulnerable to breaches and downtime.

I would rate Palo Alto Networks NG Firewalls an eight out of ten.