Network administrator at a educational organization with 201-500 employees
Real User
Top 20
A comfortable and easy to use solution with a helpful URL filtering feature
Pros and Cons
  • "There are many valuable features within the solution. This includes security, a user-friendly firewall, antivirus, and global protection."
  • "The VPN has room for improvement."

What is our primary use case?

We use the solution to protect our network environment. We use three versions: 230, 440, and 820. 

How has it helped my organization?

Palo Alto Networks NG Firewalls embed machine learning into the core of the firewall to provide real-time attack prevention, which is wonderful.

We check the machine learning logs to secure our networks against threats that are able to evolve more rapidly. 

I find the solution to be comfortable and easy to use. While I cannot completely authenticate my devices, I am able to distinguish between private devices and use them for authentication in some way, which is very helpful. The URL filtering feature is also helpful and I am very satisfied with the firewall delivery.

Palo Alto Networks NG Firewalls provide a unified platform that natively integrates all our security capabilities through Cortex XDR.

I give the solution's single-pass architecture for performance and security an eight out of ten.

What is most valuable?

There are many valuable features within the solution. This includes security, a user-friendly firewall, antivirus, and global protection.

Palo Alto Networks NG Firewalls' documentation, features, and user-friendliness are excellent.

What needs improvement?

The VPN has room for improvement.

Buyer's Guide
Palo Alto Networks NG Firewalls
March 2024
Learn what your peers think about Palo Alto Networks NG Firewalls. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,386 professionals have used our research since 2012.

For how long have I used the solution?

I have been using the solution for two and a half years.

What do I think about the stability of the solution?

For the most part, the stability is good but we sometimes face problems with the VPN connections.

What do I think about the scalability of the solution?

The solution is scalable. We have 150 people that use the solution.

How are customer service and support?

We often don't have to open a ticket as the documentation provided is usually comprehensive, and we can usually resolve most issues on our own. The one time I submitted a ticket, the technical support was not able to resolve the issue.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I previously used Forcepoint Next-Generation Firewall which is cheaper than Palo Alto Networks NG Firewalls but I prefer Palo Alto because it is user-friendly and supports more devices and features. 

How was the initial setup?

I was not involved in the initial setup but I did migrate the 820 to the 440 and it was straightforward. The migration took a few hours.

What's my experience with pricing, setup cost, and licensing?

Palo Alto Networks NG Firewalls are expensive.

There is an additional cost for support.

What other advice do I have?

I give the solution nine out of ten.

The maintenance consists of regular updates only.

Currently, we do not use Palo Alto Networks NG Firewalls across our entire network but we have plans to extend them in the future.

I recommend Palo Alto Networks NG Firewalls to others.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Network Solutions Architect at Ecobank Transnational Incorporated
Real User
Gives you a lot of information when you are monitoring traffic
Pros and Cons
  • "It is critical that Palo Alto Networks NG Firewalls embeds machine learning in the core of the firewall to provide inline, real-time attack prevention. In my environments, we have an integration with a third-party vendor. As soon as there is new information about new threats and the destination that they are trying to reach on any of our network devices, that traffic will be stopped."
  • "There is a bit of limitation with its next-generation capabilities. They could be better. In terms of logs, I feel like I am a bit limited as an administrator. While I see a lot of logs, and that is good, it could be better."

What is our primary use case?

We use it as an Internet-facing parameter firewall. In my environment, it has security and routing. It is on a critical path in terms of routing, where it does a deep inspection, etc.

How has it helped my organization?

There have been a lot of improvements from security to service.

It is critical that Palo Alto Networks NG Firewalls embeds machine learning in the core of the firewall to provide inline, real-time attack prevention. In my environments, we have an integration with a third-party vendor. As soon as there is new information about new threats and the destination that they are trying to reach on any of our network devices, that traffic will be stopped.

What is most valuable?

Setting up a VPN is quite easy. 

It gives you a lot of information when you are monitoring traffic. 

In terms of user experience, Palo Alto has very good user administration.

Machine learning is important. Although we have not exhausted the full capabilities of the firewall using machine learning, the few things that we are able to do are already very good because we have an integration with a third-party. We are leveraging that third-party to get threat intelligence for some destinations that are dangerous, as an example. Any traffic that tries to go to those destinations is blocked automatically. There is a script that was written, then embedded, that we worked on with the third-party. So, machine learning is actually critical for our business.

What needs improvement?

There is a bit of limitation with its next-generation capabilities. They could be better. In terms of logs, I feel like I am a bit limited as an administrator. While I see a lot of logs, and that is good, it could be better.

I wanted Palo Alto Networks engineering to look at the traffic log, because I see traffic being dropped that happens to be legitimate. It would be interesting for me to just right click on the traffic, select that traffic, and then create a rule to allow it. For example, you sometimes see there is legitimate traffic being dropped, which is critical for a service. That's when actually you have to write it down, copy, a rule, etc. Why not just right click on it and select that link since that log will have the source destination report number? I would like to just right click, then have it pop up with a page where I can type the name of the rule to allow the traffic.

For how long have I used the solution?

I started using Palo Alto in 2015.

What do I think about the stability of the solution?

It is very stable. We had two outages this year that were not good. They were related to OSPF bugs. Those bugs affected our service availability. 

What do I think about the scalability of the solution?

It is quite scalable. I have been able to create a lot of zones to subinterfaces for a number of environments. I don't really have any issues regarding scalability. It meets my expectations.

How are customer service and support?

Palo Alto Networks NG Firewalls technical support is very poor. Three or four months ago, I had a bug where the database of the firewall was locked. You cannot do anything with it. We looked for documentation, giving us a procedure to follow, but the procedure didn't work. We logged a complaint with Palo Alto Networks, and they gave us an engineer. The engineer relied on documentation that doesn't work, and we had already tested. In the end, the engineer gave us an excuse, "No, we need this account to be able to unlock it." This happened twice. The way out of it was just to restart the firewall. You can restart the firewall and everything goes back to normal. Therefore, I think the support that we got was very poor.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

I have used Check Point and Cisco ASA.

Initially, when I started with Palo Alto, we had Cisco ASA, but Palo Alto Networks beat ASA hands down.

We have a multi-vendor environment with different providers. Our standard is that we can't have the same firewall for each parameter, so there is some kind of diversity. 

We had ASA looking at one side of the network and Palo Alto Networks looking at the other side of the network. We also had Juniper looking at another side of the network. At the end of the day, ASA was very good, I don't dispute that. However, in terms of functionality and user experience, Palo Alto Networks was better. 

Palo Alto Networks beat ASA because it was a next-generation firewall (NGFW), while ASA was not.

How was the initial setup?

When we bought Palo Alto, we had Juniper devices in our environment. We were told that it was a bit like Juniper, so we were happy. However, some people were a bit skeptical and scared of Juniper firewalls. Because of that, it took us a very long time to put them on the network. However, as soon as we did the implementation, we realized that we were just thinking too much. It was not that difficult. 

We deployed Palo Alto Networks as part of a project for data center implementation. The implementation of the firewall didn't take long.

What about the implementation team?

We buy through a third-party. Our account is managed by IBM.

What was our ROI?

We have seen ROI. There is more visibility in the environment in terms of security. There was a time when we suspected a security breach, and this firewall was able to give us all the logs that we expected. 

What's my experience with pricing, setup cost, and licensing?

Palo Alto is like Mercedes-Benz. It is quite expensive, but the price is definitely justified.

Which other solutions did I evaluate?

One thing is system administration. In our opinion, Palo Alto administration is easier compared to other vendors. I know other vendors who have Check Point. You have to manage Check Point, and it is a bit cumbersome. It is a very nice, powerful firewall, but you need more knowledge to be able to manage Check Point compared to Palo Alto. Palo Alto is very straightforward and nice to use.

In our environment, troubleshooting has been easy. Anybody can leverage the Palo Alto traffic monitoring. In Cisco ASA and Check Point, you also have these capabilities, but capturing the traffic to see is one thing, while doing the interpretation is another thing. Palo Alto is more user-friendly and gives us a clearer interpretation of what is happening.

One thing that I don't like with Palo Alto is the command line. There isn't a lot of documentation for things like the command line. Most documents have a graphic user interface. Cisco has a lot of documents regarding command lines and how to maneuver their command line, as there are some things that we like to do with the command line instead of doing them with the graphic interface. Some things are easy to do on a graphic interface, but not in the command line. I should have the option to choose what I want to do and where, whether it is in the command line or a graphic interface. I think Palo Alto should try to make an effort in that aspect, as their documentation is quite poor.

We would rather use Cisco Umbrella for DNS security.

I compared the price of Palo Alto Networks with Juniper Networks firewall. The Juniper firewall is quite cheap. Also, Palo Alto Networks is a bit expensive compared to Cisco Firepower. Palo Alto Networks is in the same class of Check Point NGFW. Those two firewalls are a bit expensive.

It gives us visibility. In my opinion, the first firewall that I would put on our network is Palo Alto Network and the second would be Check Point.

What other advice do I have?

Palo Alto Networks NG Firewalls is a very good firewall. It is one of the best firewalls that I have used.

I would rate Palo Alto Networks as nine out of 10.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Palo Alto Networks NG Firewalls
March 2024
Learn what your peers think about Palo Alto Networks NG Firewalls. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,386 professionals have used our research since 2012.
Senior Network Engineer at a tech services company with 201-500 employees
MSP
Combines many tools in one appliance, giving us a single point of view for our firewall and all related security issues
Pros and Cons
  • "The most valuable features include the different security zones and the ability to identify applications not only by port numbers but by the applications themselves... And with the single-pass architecture, it provides a good trade-off between security and network performance. It provides good security and good network throughput."
  • "The machine learning in Palo Alto NG Firewalls for securing networks against threats that are able to evolve and morph rapidly is good, in general. But there have been some cases where we get false positives and Palo Alto has denied traffic when there have been new updates and signature releases. Valid traffic gets blocked. We have had some bad experiences with this. If there were an ability, before it denies traffic, to get some kind of notification that some traffic is going to be blocked, that would be good."

What is our primary use case?

We use it to segregate traffic between different tenant instances and to manage secure access to environments, DMZ zones, and to communicate what the firewall is doing.

How has it helped my organization?

With Palo Alto NG Firewalls, we can pass all compliance requirements. We trust it and we are building the security of our environment based on it. We feel that we are secure in our network.

It also provides a unified platform that natively integrates all security capabilities. It's very important because it gives us one solution that covers all aspects of security. The unified platform helps to eliminate security holes by enabling detection. It helps us to manage edge access to our network from outside sources on the internet and we can do so per application. It also provides URL filtering. The unified platform has helped to eliminate multiple network security tools and the effort needed to get them to work together with each other. In one appliance it combines URL filtering, intrusion prevention and detection, general firewall rules, and reporting. It combines all of those tools in one appliance. As a result, our network operations are better because we have a single point of view for our firewall and all related security issues. It's definitely a benefit that we don't need different appliances, different interfaces, and different configurations. Everything is managed from one place.

What is most valuable?

The most valuable features include the different security zones and the ability to identify applications not only by port numbers but by the applications themselves.

The DNS Security with predictive analytics and machine learning for instantly blocking DNS-related attacks works fine. We are happy with it.

And with the single-pass architecture, it provides a good trade-off between security and network performance. It provides good security and good network throughput.

What needs improvement?

The machine learning in Palo Alto NG Firewalls for securing networks against threats that are able to evolve and morph rapidly is good, in general. But there have been some cases where we get false positives and Palo Alto has denied traffic when there have been new updates and signature releases. Valid traffic gets blocked. We have had some bad experiences with this. If there were an ability, before it denies traffic, to get some kind of notification that some traffic is going to be blocked, that would be good.

In addition, there is room for improvement with the troubleshooting tools and packet simulator. It would help to be able to see how packets traverse the firewall and, if it's denied, at what level it is denied. We would like to see this information if we simulate traffic so we can predict behavior of the traffic flow, and not just see that information on real traffic.

For how long have I used the solution?

I have been using Palo Alto Networks NG Firewalls for about three years.

What do I think about the stability of the solution?

The solution is pretty stable.

What do I think about the scalability of the solution?

The scalability is good.

In terms of the extensiveness of use, it depends on business needs. Every communication from the company is going through this solution, so it's highly used and we are highly dependent on the solution. 

In terms of increasing our use of the solution, it all comes down to business needs. If the business needs it, and we get to the limit of the current appliance, we will consider updating it or adding more appliances. At this point, we're good.

Which solution did I use previously and why did I switch?

We previously used Cisco. The switch was a business decision and may have had to do with cost savings, but I'm not sure what the driver was.

How was the initial setup?

The initial setup was a little bit complex, but not terrible. The complexity was not related to the product. It was more to do with needing to prepare and plan things properly so that in the future the solution will be scalable. If there were some predefined templates for different use cases, that would help. Maybe it has that feature, but I'm not familiar with it.

The time needed for deployment depends on the requirements. We also continuously optimized it, so we didn't just deploy it and forget it.

Our implementation strategy was to start with allowing less access and then allowing more and more as needed. We made the first configuration more restrictive to collect data on denied traffic, and then we analyzed the traffic and allowed it as needed.

We have less than 10 users and their roles are security engineers and network engineers. We have three to four people for deployment and maintenance and for coordinating with the business, including things such as downtime and a cut-over. The network and security engineers work to confirm that the configuration of the solution is meeting our requirements.

What about the implementation team?

We did it ourselves.

What's my experience with pricing, setup cost, and licensing?

I'm not sure about pricing. I don't know if Palo Alto NG Firewalls are cheaper or not, but I would definitely recommend Palo Alto as an option.

If you need additional features, you need additional licenses, but I'm not aware of the cost details.

Which other solutions did I evaluate?

We evaluated Cisco, Sophos, Dell EMC SonicWall, and FortiGate. Cost and reputation were some of the key factors we looked at, as well as the flexibility of configuration. Another factor was how many users could comfortably work on the solution when publicly deployed.

What other advice do I have?

The fact that Palo Alto NG Firewalls embed machine learning in the core of the firewall to provide inline, real-time attack prevention is important, but I still don't completely trust it. I haven't really seen this feature. Maybe it's somewhere in the background, but I haven't gotten any notifications that something was found or prevented. At this point, we still use traditional approaches with human interaction.

Overall, what I have learned from using Palo Alto is that you need to be very detailed in  your requirements.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
CIO at a government with 201-500 employees
Real User
Provides a consistent experience for the management team as well as the end user
Pros and Cons
  • "The fact that I can perform several security functions in one device at wire speed is a valuable feature. I don't have to slow down my business transactions, and I don't have to inconvenience my users with 16 different solutions. I can have it all in one box, and it protects my organization at wire speed."
  • "Surfacing actionable intelligence right away could be better. You have to dig far to get some of the information. If the solution could surface the two or three things out of the 10,000 a day that we really need to deal with, it would be helpful."

What is our primary use case?

We use this solution as our external firewall and VPN.

What is most valuable?

The fact that I can perform several security functions in one device at wire speed is a valuable feature. I don't have to slow down my business transactions, and I don't have to inconvenience my users with 16 different solutions. I can have it all in one box, and it protects my organization at wire speed.

Palo Alto Networks NG Firewalls catch a lot of things that other firewalls may not catch and support more current security practices. We get updates several times a day from WildFire, and the firewalls do a great job of keeping us protected.

Within their domain, Palo Alto Networks NG Firewalls provide a unified platform that natively integrates all security capabilities. This is critical because I don't want to deal with multiple devices. I want to do it all with as few devices as possible and have it all work successfully.

It's very important that these firewalls embed machine learning into their core because the only way to keep up with the changing threat environment is to keep learning about it.

Palo Alto Networks NG Firewalls are the gold standard right now for securing data centers consistently across all workplaces, and I'm using them across all of my locations. They provide a consistent experience for the management team as well as the end user.

What needs improvement?

Surfacing actionable intelligence right away could be better. You have to dig far to get some of the information. If the solution could surface the two or three things out of the 10,000 a day that we really need to deal with, it would be helpful.

For how long have I used the solution?

I've been working with Palo Alto Networks NG Firewalls for about 20 years.

What do I think about the stability of the solution?

It is a rock-solid solution in terms of stability. You very rarely have to worry about it. If there's a problem, it's usually because a rule got configured incorrectly.

What do I think about the scalability of the solution?

Across the product line, the NG firewalls scale very well. Within the individual units, however, there are some limitations. It's not always clear to resellers as to what those limitations are. Therefore, as your organization grows you may start to bump into those limitations unexpectedly.

How are customer service and support?

Palo Alto's technical support is pretty good and is among the best. We have called them several times, and they've been on it. Sometimes, it can take a bit longer for them to understand an issue, but overall, I would rate technical support at eight.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We have used several firewalls including Cisco, Fortinet, and Check Point. We chose Palo Alto because it's the only one that brings it all together in one platform and lets me manage it. It also removes the complexity of what I have to manage and deal with.

How was the initial setup?

The initial setup is fairly straightforward. You put the firewall in with whatever might be there right now in learning mode, and then you can figure out where the holes are.

What was our ROI?

Palo Alto Networks NG Firewalls have prevented a number of things from happening. We would not have been able to prevent those things from happening had we had other firewalls.

What's my experience with pricing, setup cost, and licensing?

Palo Alto Networks NG Firewalls are the Cadillac standard, and you do pay Cadillac pricing. However, the protection is worth the steep price. 

What other advice do I have?

If you're looking for the fastest firewall, Palo Alto needs to be on your list. They seem to be the only ones that perform at wire speed right now. If you want the cheapest firewall, you will be able to find cheaper options, but you won't find better options than Palo Alto Networks NG Firewalls.

Overall, I would rate Palo Alto Networks NG Firewalls a nine on a scale from one to ten.

The biggest value of RSAC is being able to see everything I don't know anything about. It helps me keep up with where the industry is going.

Also, attending RSAC impacts our organization’s cybersecurity purchases made throughout the year. I chat with my existing vendors when I attend and have conversations with those my team recommends. We then make purchasing decisions based on what I see at RSAC.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
IT Supervisor at a educational organization with 51-200 employees
Real User
Powerful solution that provides good visibility, a user-friendly interface, and has good reporting
Pros and Cons
  • "It is an extremely powerful solution as it provides visibility into all the network traffic, and offers a range of actions such as blocking websites or graphics, as well as load balancing. It's a great tool."
  • "I believe it would be beneficial if the solution could integrate with Google Chrome, especially for students who use Chromebooks. However, as far as I know, the solution currently does not support Google Chrome."

What is our primary use case?

We use Palo Alto Networks NG Firewalls for cybersecurity and network security for our infrastructure for our districts, worldwide. 

What is most valuable?

The SIM's ability to analyze traffic and take appropriate action is the most valuable feature of this solution.

It is an extremely powerful solution as it provides visibility into all the network traffic, and offers a range of actions such as blocking websites or graphics, as well as load balancing. It's a great tool.

The solution's user-friendly interface and clear network visibility are highly valuable to us. It makes management easier, especially for those without extensive technical knowledge.

The benefit we derive from this solution is not only its ease of use but also how it enables collaboration among our team for special activities in our network.

Additionally, the reports that we can generate from the software are very valuable.

Using Palo Alto Networks NG Firewalls has helped us reduce downtime.

Compared to our previous solution, I believe it was Fortinet. It saves a lot of time, you know, especially running your reports and analyzing the traffic. I believe we save thirty to forty percent.

It provides a unified platform that natively integrates all security capabilities.

It has seamless integration with all our devices, including Mac and Windows, and also with our secret server. Moreover, it is even integrated with the Microsoft streaming application that we use.

The embedded machine learning functions seamlessly and can be easily accessed through the dashboard's dedicated tools. Its ease of use is impressive.

What needs improvement?

I believe it would be beneficial if the solution could integrate with Google Chrome, especially for students who use Chromebooks. However, as far as I know, the solution currently does not support Google Chrome.

For how long have I used the solution?

I have been using Palo Alto Networks NG Firewalls for five years.

What do I think about the stability of the solution?

The solution is incredibly stable. 

We have installed patches and updates, and they have all gone smoothly without any issues.

What do I think about the scalability of the solution?

We haven't fully used the capabilities of the firewall, but we purchased a larger scale to prepare for potential future growth.

The firewall is deployed across all six schools and the district office, protecting the entire infrastructure, including switches, access points, and other devices.

This is approximately 3,500 to 4,000 devices.

How are customer service and support?

The technical support team is readily available and very helpful. They provide great assistance whenever we encounter any issues.

There are delays at times, but overall, they are great. I would rate them a nine out of ten.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

Previously, we used Fortinet.

How was the initial setup?

I was involved in the deployment.

What about the implementation team?

We received assistance from the technical support team who helped us implement the project.

What was our ROI?

We have seen a return on our investment.

As previously mentioned, the firewall is easy to use and has helped us save a significant amount of time, approximately thirty to forty percent.

What's my experience with pricing, setup cost, and licensing?

The cost is quite high.

Which other solutions did I evaluate?

We evaluated Fortinet as well as Cisco.

The firewall we use is recommended by our county office of education, which also uses the same application. 

This makes it easier for us to collaborate with the county and share reports between different departments.

What other advice do I have?

I'm thoroughly impressed during my inaugural visit here. The array of products and the advanced technology showcased are truly exceptional. It's a great experience.

I plan to revisit it in the future.

Certainly, my attendance would have a significant impact on my cybersecurity-related buying choices as I would gain better insights into various vendors and their products available in the market. It would provide me with increased visibility and enable me to make informed purchasing decisions.

By attending the event and gaining insights into the different vendors and products available in the market, we can make informed decisions about which route to take in the future.

I would rate Palo Alto Networks NG Firewalls a nine out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
ImranKhan3 - PeerSpot reviewer
Senior Technical Consultant at Ericsson
Real User
A feature-rich solution including Wi-Fi analysis and zero-day threat protection, with excellent customer support
Pros and Cons
  • "The solution's most valuable feature is the robust firewall, which we can also use as a UTM device."
  • "The price could be more friendly, which would be good for Palo Alto and us. If the price were a little lower, then it would be a viable option for mid-level businesses, who may not be able to deploy at the current price point."

What is our primary use case?

Our primary use for the solution is as a perimeter device and firewall. 

How has it helped my organization?

Suppose a packet enters our organization with a new, unknown signature. In that case, the firewall can upload it to the primary database and generate user alerts to inform users of the malicious signature, blocking it if necessary.

What is most valuable?

The solution's most valuable feature is the robust firewall, which we can also use as a UTM device. 

The Wi-Fi analysis and zero-day threat prevention are very good features. 

The product defends our production, blocks files, and prevents data leakage. It's a complete package for advanced security, which is excellent for a firewall.

It's beneficial and vital to us that Palo Alto NGFW embeds machine learning in the firewall's core to provide inline, real-time attack prevention. Suppose it observes any abnormalities in our traffic. In that case, the product can detect that through machine learning and generate a lock so we can mitigate an attack or a vulnerability in the system.   

Palo Alto NGFW's machine learning works well to secure our network against threats that can evolve and morph rapidly. A particular strategy we encounter on our system is when a packet comes in and behaves abnormally. Palo Alto detects the abnormality, generates an alert, and responds based on our policies by blocking or discarding the package.   

We use the firewall's DNS security, and it's excellent for blocking DNS attacks thanks to the continuously updating Palo Alto threat database. For example, the product blocks users from accessing sites with a known malicious DNS.

What needs improvement?

The price could be more friendly, which would be good for Palo Alto and us. If the price were a little lower, then it would be a viable option for mid-level businesses, who may not be able to deploy at the current price point.

For how long have I used the solution?

We've been using the solution for one and a half years. 

What do I think about the stability of the solution?

The solution is very stable and robust. 

What do I think about the scalability of the solution?

The product is scalable and very easy to configure; we enjoy the configuration and operation of the firewall. 

How are customer service and support?

We contacted Palo Alto technical support on several occasions, and they're excellent; they always try to resolve our issues as soon as possible. 

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We previously used Cisco ASA and Check Point NGFW and switched to the Palo Alto solution because it offers more robust and complete protection and features.

How was the initial setup?

The initial setup is straightforward, and it depends on the network configuration. If we want to make few network changes, we can deploy the firewall in Virtual Wire mode, and we don't have to mess with IP addresses and so on. If we want to deploy with a new configuration, we can do that in Layer 3 mode.

If we upload a pre-planned configuration to our network firewall, the deployment can take as little as 10-15 minutes. We have a team of nine engineers responsible for daily policies, troubleshooting, etc.

What about the implementation team?

We deployed via an in-house team; we have a big team, so we deploy ourselves whenever possible.

What was our ROI?

The solution is worth the money for organizations operating in critical environments with lots of sensitive data and information. Data leaks can lead to broken trust with clients and a suffering reputation in the business community, including brand damage.

What's my experience with pricing, setup cost, and licensing?

Palo Alto NGFW is relatively expensive compared to the competition.

What other advice do I have?

I rate the solution 10 out of 10.

Palo Alto NGFW provides a unified platform that natively integrates all security capabilities, which is an important feature. It provides a robust kind of security counter at the perimeter level.  

The solution's unified platform helps eliminate security holes. For example, the firewall can easily block attempted SQL injections with the help of App-ID. 

Palo Alto NGFW's unified helped to eliminate multiple network security tools and the effort needed to get them to work with each other. The solution provides vulnerability assessment and protection, antivirus prevention, data leak prevention, file blocking, site blocking, and application blocking, all in one product. It's an excellent firewall device and very useful for our network. 

We have the zero-delay signatures feature implemented with our firewall, and it's essential because attack signatures are updated immediately. Attackers are trying to find new ways to harm our network daily, and the zero-delay feature makes it so that the network is updated in seconds, and the first user to see a new threat is the only one to experience first exposure. This functionality improved our security.   

To a colleague at another company who says they are looking for the cheapest and fastest firewall, it depends on their environment. I recommend Palo Alto or Check Point if they are a financial institution. If they are a mid-level non-financial institution, I recommend Cisco Secure Firewall because it's also a good firewall.

To someone looking to use Palo Alto NGFW for the first time, analyze the packet flow of your organization and understand which types of packets you're getting and which type of services you are providing in your data center or enterprise. Multiple data centers require a high security level, so I recommend activating the Layer 7 feature.

The biggest lesson I learned from using the solution is the importance of following all the steps in the operation manual when upgrading or updating. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Sr Security Analyst at a mining and metals company with 5,001-10,000 employees
Real User
Has an organized, user-friendly interface and is relatively stable
Pros and Cons
  • "Palo Alto Networks NG Firewalls have a very nice interface for logging and monitoring. I find it easy to navigate and use, and the interface is organized as well. I can find answers within a couple of hours and have seen time savings."
  • "The customer-facing side needs to be improved in terms of the engagement and involvement of support staff."

What is our primary use case?

We use Palo Alto Networks NG Firewalls for segmentation and basic routing. They are the gatekeepers for the network.

What is most valuable?

I like being able to investigate anonymous VPNs and also like to use traffic-capturing features. We've had some anonymous VPNs coming to our network, and we're trying to make sure that internal users are not able to use those to get past our security.

Palo Alto Networks NG Firewalls have a very nice interface for logging and monitoring. I find it easy to navigate and use, and the interface is organized as well. I can find answers within a couple of hours and have seen time savings.

We have Azure firewalls that are licensed through Palo Alto. It's super important that Palo Alto Networks NG Firewalls provide a unified platform that natively integrates all security capabilities because we are moving almost entirely to Azure. Thus, the more Azure integration we have, the better it's going to be for us long term.

These firewalls have been efficient at securing data centers consistently across all workplaces.

We haven't had many downtime issues with Palo Alto.

What needs improvement?

The customer-facing side needs to be improved in terms of the engagement and involvement of support staff.

For how long have I used the solution?

My first exposure to this solution was about a year and a half ago.

What do I think about the stability of the solution?

The firewalls are relatively stable. We have a few that go up and down, but that has more to do with licensing issues than with the firewall itself.

How are customer service and support?

Technical support needs to be improved with regard to the time to respond and the response itself. We've been getting the same responses over and over again. It would help us out a lot if the technical support staff were more engaged or involved.

From what I've heard from our firewall engineer, I would rate technical support a four out of ten.

How would you rate customer service and support?

Neutral

What was our ROI?

We utilize GlobalProtect and have seen a better return on investment with regard to security and peace of mind.

What's my experience with pricing, setup cost, and licensing?

Licensing is a big issue for us because of the complexity and the lack of engagement from Palo Alto. It has been hard to talk with them as we don't get the best answers.

Which other solutions did I evaluate?

We are always evaluating other vendors and are currently looking at Cisco. Though both Palo Alto and Cisco firewalls are feature-rich and provide very good value, Cisco is better at customer engagement. They are easier to talk to as well.

What other advice do I have?

Palo Alto Networks NG Firewalls are not the cheapest and fastest, but they are one of the top ones in terms of the most effective firewalls.

Overall, I would rate NG Firewalls an eight out of ten. They're definitely a top competitor.

I love the opportunity to see technical demos and take hands-on tours with some of the products at RSA conferences. They are the best part because I get to learn and gain exposure to new technology. It is particularly helpful when we want to look at other avenues.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Sr. Infrastructure Solution Architect and Engineer at a aerospace/defense firm with 10,001+ employees
Real User
Helped us meet our security requirements but the technical support needs improvement
Pros and Cons
  • "The fact that the Next-Gen firewalls are integrated with identity is the best. It gives us the ability to track what an individual is doing and helps us provide access to only what they need in order to do their job."
  • "Palo Alto Networks NG Firewalls don't provide a unified platform that natively integrates all security capabilities. It's missing some features for geofencing and understanding locations."

What is our primary use case?

We mainly use the solution for traditional firewall boundaries.

How has it helped my organization?

The solution helped us meet our security requirements.

What is most valuable?

The fact that the Next-Gen firewalls are integrated with identity is the best. It gives us the ability to track what an individual is doing and helps us provide access to only what they need in order to do their job.

Because we want to free up our operators from the routine tasks of investigations, it's important to us that Palo Alto Networks NG Firewalls embed machine learning in the core of the firewall to provide inline, real-time attack prevention.

What needs improvement?

Technical support could be improved. Palo Alto's technical support used to be great. Whenever I had a problem, I could pick up the phone and call and get answers. That's not the case any longer.

Palo Alto Networks NG Firewalls don't provide a unified platform that natively integrates all security capabilities. It's missing some features for geofencing and understanding locations.

These firewalls are primarily used for edge defense. In terms of securing data centers consistently across all workplaces, that is, from the smallest office to the largest data centers, Palo Alto Networks NG Firewalls don't have a strong zero trust model.

NG Firewalls have not helped us reduce downtime in our organization. Because of technical support issues, we've taken some hits.

For how long have I used the solution?

I've been using Palo Alto Networks NG Firewalls for 20 years.

What do I think about the stability of the solution?

It's always been a stable product.

What do I think about the scalability of the solution?

This solution is a firewall that's a hardware appliance, and that's not the direction the industry is heading. Everybody is going toward a software-defined perimeter. Palo Alto doesn't have a strong say on it. They took what they had for their hardware and just put it in the cloud without understanding what being cloud-centric is all about.

How are customer service and support?

I would rate the technical support a three out of ten.

How would you rate customer service and support?

Negative

What was our ROI?

Our ROI is that the firewalls have been used quite a few times for investigations. We've gathered the evidence we needed to act upon an issue.

What's my experience with pricing, setup cost, and licensing?

These firewalls are not cheap, but they have a reasonable licensing model.

What other advice do I have?

If you are considering attending an RSA Conference, note that you won't gain enough information by attending one conference. However, when you attend year after year, go through the expo, and talk to vendors, you will begin to see trends. You'll see that what's hype one year is no longer a reality another year. Thus, the experience with RSA is a multiple-year experience.

Attending RSAC has made an impact on our organization’s cybersecurity purchases. We've brought products back into our infrastructure based on what we discovered from talking to vendors at the RSAC.

Overall, I would rate Palo Alto Networks NG Firewalls a seven out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Palo Alto Networks NG Firewalls Report and get advice and tips from experienced pros sharing their opinions.
Updated: March 2024
Product Categories
Firewalls
Buyer's Guide
Download our free Palo Alto Networks NG Firewalls Report and get advice and tips from experienced pros sharing their opinions.