Try our new research platform with insights from 80,000+ expert users
Janardhan Reddy - PeerSpot reviewer
Manager-Information Technology at a computer software company with 51-200 employees
Real User
Top 20
Has geofencing features and helps to prevent security holes by 70-80 percent
Pros and Cons
  • "The tool's most valuable features are its security features, which are highly valued based on market standards and Gartner reports. We conducted a POC before procuring it, and from that perspective, it is very good. The machine learning feature helps prevent more threats, but no device or firewall can be 100 percent secure because threats evolve daily."
  • "The setup was complex. We have perimeter firewalls and multiple voice devices handling calls. Directing traffic through gateway perimeter firewalls becomes quite complex in such a scenario. The implementation took around two months and required three to four people for deployment."

What is most valuable?

The tool's most valuable features are its security features, which are highly valued based on market standards and Gartner reports. We conducted a POC before procuring it, and from that perspective, it is very good. The machine learning feature helps prevent more threats, but no device or firewall can be 100 percent secure because threats evolve daily.

We use geofencing in our firewalls to prevent unknown attacks from other countries. The solution stops these attacks in the cloud so they don't reach my firewall. Only allowed countries can access it.

The solution provides a unified platform that natively integrates with other security platforms. It is a must as a compliance requirement and aligns with standard security best practices. The platform also helps to prevent security holes by 70-80 percent. 

We have implemented the Zero-Delay Signature feature. It is important to prevent unwanted network penetration and information theft, so having it in the firewall at the gateway level is mandatory. 

What needs improvement?

The setup was complex. We have perimeter firewalls and multiple voice devices handling calls. Directing traffic through gateway perimeter firewalls becomes quite complex in such a scenario. The implementation took around two months and required three to four people for deployment.

For how long have I used the solution?

I have been working with the product for four years. 

What do I think about the stability of the solution?

Palo Alto Networks NG Firewalls' stability is very good. 

Buyer's Guide
Palo Alto Networks NG Firewalls
August 2025
Learn what your peers think about Palo Alto Networks NG Firewalls. Get advice and tips from experienced pros sharing their opinions. Updated: August 2025.
867,497 professionals have used our research since 2012.

What do I think about the scalability of the solution?

Based on our expected growth, we have some buffer and procured a model that offers an additional 10-20% capacity. Around 1,500 people in our company use it, and two to three administrators manage it around the clock. Currently, we have no plans to increase usage.

How are customer service and support?

The technical support is very good. We log a call and get a response within five to ten minutes. If there is any critical issue, they get on a call and resolve it. We opt for OEM direct support. It depends on whether an integrator will assist us or we must log in through the portal. 

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I decided to switch from FortiGate to Palo Alto Network NG Firewalls because we found that it performs better regarding security standards. It's considered an industry standard.

What about the implementation team?

A system integrator helped us with the implementation. 

What's my experience with pricing, setup cost, and licensing?

Cost-wise, I don't see much difference in network-related costs, but this is a premium-grade firewall. There is a cost involved, and you must pay for that to get the most out of it. Its licensing costs are straightforward. There aren't any hidden costs. 

What other advice do I have?

I need to check DNS security with Palo Alto Firewalls. I set it up initially, but my team manages it daily. I approve any changes, but my team handles the hands-on work. I can't say all tools will be integrated, but other tools might also be needed based on our business and use cases. This alone might not suffice.

Network performance is okay but not great because multiple hops are involved. Each tool, like an endpoint with antivirus, scans the traffic before it moves to the firewall, which also scans it before sending it out. So, there will be some performance regulation. We cannot expect 100% performance in any network once you have any firewall with all the built-in security features implemented.

When I recommend the tool to others, I first check their business needs and understand what they're looking for. If they're focused on security posture and are ready to invest, I'd recommend Palo Alto Networks NG Firewalls. But if they want something cheap, I'd suggest options like FortiGate or SonicWall. Also, I'd check if they have the in-house skills to manage it day-to-day.

I'm familiar with the PA-400 series of Palo Alto Networks NG Firewalls. It's good for small offices, and we use the same series in one of our branch offices. 

I've learned that using this solution is a continuous learning process. Every day, I analyze and evaluate the differences between each product to see if it meets our business requirements and is cost-effective. I rate it a ten out of ten. 

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Andres Briceño - PeerSpot reviewer
Cybersecurity Coordinator at Pronaca
Real User
Top 5
Offers robust integration, comprehensive log visibility, and effective threat prevention
Pros and Cons
  • "The Palo Alto Networks NG Firewalls excel in their integration capabilities."
  • "The integration with AI needs improvement."

What is our primary use case?

We have implemented peripheral firewalls and micro-segmentation within our LAN network. To further segment our data center, we have deployed firewalls in the middle of the network. Additionally, we utilize Palo Alto Networks NG Firewalls in our GCP environment for various use cases, including URL filtering, URP, file blocking, and threat prevention.

How has it helped my organization?

Palo Alto Networks NG Firewalls natively integrate all security capabilities, making it crucial for our XDR integration. To address the challenges of our small cybersecurity team, we have implemented significant optimizations. This streamlined approach allows us to efficiently monitor and analyze all logs, ultimately providing a comprehensive view of our security posture.

Palo Alto Networks NG Firewalls embed machine learning at their core to provide crucial, real-time inline attack prevention. In today's world of relentless cyber threats, detecting and blocking malware, viruses, and hacker intrusions is paramount. These attacks pose a constant threat to our data security, making firewalls essential tools for safeguarding our digital assets.

It provided immediate benefits to our organization through their seamless integration, automation capabilities, enhanced visibility, and robust traceability features.

Palo Alto Networks NG Firewalls are consistent in securing data centers across all our workplaces.

What is most valuable?

The Palo Alto Networks NG Firewalls excel in their integration capabilities. By combining them with XDR, Prisma Access, or other Palo Alto Networks SaaS products, organizations can achieve enhanced visibility, trust, and threat prevention. The integration with Cortex XDR enables automated threat prevention through the use of playbooks. This comprehensive solution is ideal for advanced threat detection, log correlation, and other security-related tasks.

What needs improvement?

The integration with AI needs improvement.

For how long have I used the solution?

I have been using Palo Alto Networks NG Firewalls for seven years.

How are customer service and support?

We provide the initial level of support for our customers' firewalls. If a customer requires direct assistance from Palo Alto support, we can open a case and facilitate their connection.

How would you rate customer service and support?

Positive

How was the initial setup?

The initial deployment is straightforward. I would rate the ease of deployment a nine out of ten.

Which other solutions did I evaluate?

When comparing Cisco, Check Point, and Palo Alto firewalls, I found Palo Alto to be the most effective. Its configuration interface is more intuitive, making it easier to set up policies and manage the firewall. In contrast, I encountered significant challenges with Cisco and Check Point firewalls. To date, I have not experienced any issues with Palo Alto.

What other advice do I have?

I would rate Palo Alto Networks NG Firewalls ten out of ten.

Palo Alto Networks NG Firewalls offer a robust security solution. However, when integrated with a comprehensive platform like Cortex XDR and XSOAR, their value proposition significantly increases for businesses. By leveraging indicators of compromise, NG Firewalls can generate Extended Detection and Response alerts, streamlining the identification and mitigation of threats. This automation eliminates the need for manual intervention by technicians and cybersecurity analysts, resulting in improved efficiency and overall security posture.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Buyer's Guide
Palo Alto Networks NG Firewalls
August 2025
Learn what your peers think about Palo Alto Networks NG Firewalls. Get advice and tips from experienced pros sharing their opinions. Updated: August 2025.
867,497 professionals have used our research since 2012.
AjayKumar17 - PeerSpot reviewer
Technical Superintendent at Indian Institute Of Technology, Patna
Real User
Top 5
Has AI and ML capabilities, which work well for real-time attack prevention
Pros and Cons
  • "The unified platform provided is very important to us as it allows us to manage all traffic and ensure security without using separate tools. It has AI and ML capabilities, which work well for real-time attack prevention."
  • "One area for improvement with Palo Alto Networks NG Firewall would be customer support. Currently, in regions like India, customer support is handled by third-party partners. Unfortunately, the support provided by these partners has not been satisfactory. It would be beneficial if the tool handled customer support directly, similar to how Cisco maintains high-quality customer care. This would ensure that customers receive the level of support they expect."

What is most valuable?

The unified platform provided is very important to us as it allows us to manage all traffic and ensure security without using separate tools. It has AI and ML capabilities, which work well for real-time attack prevention.

Since implementing Palo Alto, we've seen an 80-90 percent reduction in issues. It handles ISP links, ensuring minimal downtime. Recently, we upgraded our secondary ISP to 3 Gbps, and when the primary link goes down, it automatically switches to the secondary. As a result, end users do not experience bandwidth shortages or interruptions in internet access.

What needs improvement?

One area for improvement with Palo Alto Networks NG Firewall would be customer support. Currently, in regions like India, customer support is handled by third-party partners. Unfortunately, the support provided by these partners has not been satisfactory. It would be beneficial if the tool handled customer support directly, similar to how Cisco maintains high-quality customer care. This would ensure that customers receive the level of support they expect.

Getting reliable service is important when you're a customer, especially with critical devices like firewalls. Firewalls are key parts of a network; if they fail, the whole network can become unstable. So, the support you get needs to be just as reliable as the device itself.

For how long have I used the solution?

I have been working with the product for a year. 

What do I think about the stability of the solution?

I haven't experienced any downtime. 

Which solution did I use previously and why did I switch?

We used Cisco ASA before. At that time, Cisco didn’t have a unified next-generation (NG) firewall, and I’m unsure if they offer one now. The main reason we decided to switch was that we needed a unified NG firewall. Besides the unified features that NG firewalls provide, there were other differences between Cisco and Palo Alto Networks NG Firewalls, particularly in terms of features and price. However, the features are mostly similar across different firewalls; it depends on how they’re implemented, how effective they are for end users, and how well they handle security. This varies from company to company and firewall to firewall because each has its architecture, data plan, processing, control, and so on. So, it depends on the original equipment manufacturer.

How was the initial setup?

The tool's deployment is complex and takes seven to eight days to complete. 

What's my experience with pricing, setup cost, and licensing?

The tool's pricing is similar to that of Cisco. It's a security appliance; the cost depends on your network topology and specific requirements. The suitability of NG firewalls should be chosen based on your network and what you need. If a colleague from a different company asked for the cheapest and fastest firewall, I suggest they consider options like Sophos. Sophos took over Cyberoam, which was previously a leader in NG firewalls

What other advice do I have?

I work with the product, and we purchased our box after a demo. We also have IoT security, but I don't personally handle that. I rate the overall product a nine out of ten. 

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Muhammad-Nadeem - PeerSpot reviewer
Lead Network Security Engineer at PTA
Real User
Help fill security leaks by enhancing confidentiality, integrity, and availability
Pros and Cons
  • "The application IDs, application controls, URL filtering, visibility, monitoring, and reporting are the most valuable features."
  • "The cost has room for improvement."

What is our primary use case?

We are a consulting group that specializes in deploying Palo Alto Networks NG Firewalls for a telecom-related partner in Pakistan. Additionally, we implemented global protection for remote users. Furthermore, we configured different policies for internal users based on their job designations and privileges, such as URL filtering and application controls.

How has it helped my organization?

Palo Alto Networks NG Firewalls' advanced machine learning capabilities offer real-time attack prevention and are crucial in our security setup. We implemented a multi-layered security approach and are currently working towards a zero-trust model, including defense for development. According to the Gartner report, Palo Alto ranks second after Check Point, highlighting the significance of security in our environment.

We access all the firewalls via Panorama. We configured certain global user profiles to allow access to our site for remote or work-from-home situations, which we then access through GlobalProtect.

Before we started to use Palo Alto Networks NG Firewalls, we had a different FortiGate firewall that presented several issues such as deep security URL filtering and throughput issues. However, with Palo Alto, we were able to address these problems, particularly with the use of parallel processing. We have successfully deployed inbound and outbound SSL inspection, as well as different URL filtering, making Palo Alto a more resilient option compared to other products.

It is important the solution provides a unified platform that natively integrates all security capabilities. Compared to other products, Palo Alto Networks NG Firewalls' unified platform is a ten out of ten and suitable for all environments. 

Palo Alto Networks NG Firewalls help fill security leaks by enhancing confidentiality, integrity, and availability.

Palo Alto Networks NG Firewalls help automate multiple security tools and unify them.

The solution assisted us with managing our network operations and reducing related costs. We use various Network Management Systems to monitor our network, including Palo Alto which we monitor from its dashboard. Additionally, we use various Security Operations Center solutions, as well as SolarWinds. We also utilize different monitoring platforms to track network traffic.

The WildFire feature offers protection against Zero-Day attacks, and we find that Palo Alto is a valuable tool for mitigating such attacks using WildFire.

Palo Alto's single architecture provides parallel processing and reliability as well as superior visibility compared to other products. The reporting feature is excellent and can impress management during presentations or when accessing logs.

What is most valuable?

The application IDs, application controls, URL filtering, visibility, monitoring, and reporting are the most valuable features.

What needs improvement?

I would like to have an on-prem sandbox solution included in a future update.

The cost has room for improvement.

For how long have I used the solution?

I have been using the solution for five years.

What do I think about the stability of the solution?

I give the stability a nine out of ten.

What do I think about the scalability of the solution?

I give the scalability a ten out of ten.

How are customer service and support?

The technical team is good.

How would you rate customer service and support?

Positive

How was the initial setup?

The initial setup is straightforward. I give the setup a ten out of ten. The deployment took three months to complete. We require five to six people for deployment.

What about the implementation team?

The implementation is completed in-house.

What's my experience with pricing, setup cost, and licensing?

The cost of Palo Alto Network NG Firewalls is significantly higher compared to Huawei. For instance, while we can buy a Huawei box for 100 rupees, a Palo Alto box costs 100,000 rupees.

What other advice do I have?

I give the solution a nine out of ten.

Palo Alto Networks NG Firewalls is an impressive product.

The solution is used for our enterprise clients.

Although Palo Alto is not the most inexpensive firewall solution, it is worth the cost to ensure proper protection for our networks.

Palo Alto PA-400 series cost and performance for small offices are good.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
PeerSpot user
ImranKhan3 - PeerSpot reviewer
Senior Technical Consultant at Ericsson
Real User
A feature-rich solution including Wi-Fi analysis and zero-day threat protection, with excellent customer support
Pros and Cons
  • "The solution's most valuable feature is the robust firewall, which we can also use as a UTM device."
  • "The price could be more friendly, which would be good for Palo Alto and us. If the price were a little lower, then it would be a viable option for mid-level businesses, who may not be able to deploy at the current price point."

What is our primary use case?

Our primary use for the solution is as a perimeter device and firewall. 

How has it helped my organization?

Suppose a packet enters our organization with a new, unknown signature. In that case, the firewall can upload it to the primary database and generate user alerts to inform users of the malicious signature, blocking it if necessary.

What is most valuable?

The solution's most valuable feature is the robust firewall, which we can also use as a UTM device. 

The Wi-Fi analysis and zero-day threat prevention are very good features. 

The product defends our production, blocks files, and prevents data leakage. It's a complete package for advanced security, which is excellent for a firewall.

It's beneficial and vital to us that Palo Alto NGFW embeds machine learning in the firewall's core to provide inline, real-time attack prevention. Suppose it observes any abnormalities in our traffic. In that case, the product can detect that through machine learning and generate a lock so we can mitigate an attack or a vulnerability in the system.   

Palo Alto NGFW's machine learning works well to secure our network against threats that can evolve and morph rapidly. A particular strategy we encounter on our system is when a packet comes in and behaves abnormally. Palo Alto detects the abnormality, generates an alert, and responds based on our policies by blocking or discarding the package.   

We use the firewall's DNS security, and it's excellent for blocking DNS attacks thanks to the continuously updating Palo Alto threat database. For example, the product blocks users from accessing sites with a known malicious DNS.

What needs improvement?

The price could be more friendly, which would be good for Palo Alto and us. If the price were a little lower, then it would be a viable option for mid-level businesses, who may not be able to deploy at the current price point.

For how long have I used the solution?

We've been using the solution for one and a half years. 

What do I think about the stability of the solution?

The solution is very stable and robust. 

What do I think about the scalability of the solution?

The product is scalable and very easy to configure; we enjoy the configuration and operation of the firewall. 

How are customer service and support?

We contacted Palo Alto technical support on several occasions, and they're excellent; they always try to resolve our issues as soon as possible. 

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We previously used Cisco ASA and Check Point NGFW and switched to the Palo Alto solution because it offers more robust and complete protection and features.

How was the initial setup?

The initial setup is straightforward, and it depends on the network configuration. If we want to make few network changes, we can deploy the firewall in Virtual Wire mode, and we don't have to mess with IP addresses and so on. If we want to deploy with a new configuration, we can do that in Layer 3 mode.

If we upload a pre-planned configuration to our network firewall, the deployment can take as little as 10-15 minutes. We have a team of nine engineers responsible for daily policies, troubleshooting, etc.

What about the implementation team?

We deployed via an in-house team; we have a big team, so we deploy ourselves whenever possible.

What was our ROI?

The solution is worth the money for organizations operating in critical environments with lots of sensitive data and information. Data leaks can lead to broken trust with clients and a suffering reputation in the business community, including brand damage.

What's my experience with pricing, setup cost, and licensing?

Palo Alto NGFW is relatively expensive compared to the competition.

What other advice do I have?

I rate the solution 10 out of 10.

Palo Alto NGFW provides a unified platform that natively integrates all security capabilities, which is an important feature. It provides a robust kind of security counter at the perimeter level.  

The solution's unified platform helps eliminate security holes. For example, the firewall can easily block attempted SQL injections with the help of App-ID. 

Palo Alto NGFW's unified helped to eliminate multiple network security tools and the effort needed to get them to work with each other. The solution provides vulnerability assessment and protection, antivirus prevention, data leak prevention, file blocking, site blocking, and application blocking, all in one product. It's an excellent firewall device and very useful for our network. 

We have the zero-delay signatures feature implemented with our firewall, and it's essential because attack signatures are updated immediately. Attackers are trying to find new ways to harm our network daily, and the zero-delay feature makes it so that the network is updated in seconds, and the first user to see a new threat is the only one to experience first exposure. This functionality improved our security.   

To a colleague at another company who says they are looking for the cheapest and fastest firewall, it depends on their environment. I recommend Palo Alto or Check Point if they are a financial institution. If they are a mid-level non-financial institution, I recommend Cisco Secure Firewall because it's also a good firewall.

To someone looking to use Palo Alto NGFW for the first time, analyze the packet flow of your organization and understand which types of packets you're getting and which type of services you are providing in your data center or enterprise. Multiple data centers require a high security level, so I recommend activating the Layer 7 feature.

The biggest lesson I learned from using the solution is the importance of following all the steps in the operation manual when upgrading or updating. 

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
reviewer2152974 - PeerSpot reviewer
Senior Network Administrator at a financial services firm with 11-50 employees
Real User
An all-in-one solution for application layer security, VPN access, and ease of management
Pros and Cons
  • "Application layer firewalling has been the most valuable feature because it gives thousands of application IDs that we can use to control traffic into and out of our environment. The second most important feature has been the GlobalProtect VPN feature."
  • "The only problem that I see with the Palo Alto NGFW being an all-in-one appliance is that because of the different features that are being put into a single appliance, the OS tends to be beefier. Over the eight years, we have seen that the number of features or analyses being put into the appliance itself has a tendency to slow down the appliance, especially at the time of bootup. So, any time we are doing maintenance work, the time required for the appliance to boot up and be fully functional again is significantly longer than eight years ago. They could find a way to make this all-in-one appliance faster."

What is our primary use case?

We use it for perimeter security because it gives application layer security and we also use it for VPN access.

We use the PA-3200 and PA-200 models. In terms of the version, we are one version behind the latest one. The latest version is 11, and we are still on version 10.

How has it helped my organization?

The biggest benefit we have seen from it is the ability to identify the traffic of our networks based on the application ID that Palo Alto can provide. Palo Alto firewalls have the most extensive App-ID library, so we are able to identify which applications are necessary for business and which ones are not. We can then block those that are not crucial for business at the firewall itself, so App-ID in the firewall was the biggest benefit to us.

Palo Alto NGFW embeds machine learning in the core of the firewall to provide inline, real-time attack prevention, which is important and very helpful. I wouldn't be able to compare it to any other product because we have used Palo Alto for eight years, but the machine learning that they have embedded into their OS has been very helpful. Based on the learning that they have done, they have been able to analyze the traffic and coordinate traffic patterns to alert us about possible malware and even block it.

It provides a unified platform that natively integrates all security capabilities. Palo Alto NGFW has been able to give us all that we need from one particular appliance itself. If we wanted, we could have also used the DNS feature, and in that case, one device could have met all our needs.

Because it's a unified platform, management is easy. You have to learn only one particular management interface. Once our IT team gets familiar with the management interface, it's easier for them to apply security policies, monitor the traffic, and manage the plans using the same GUI. There are no learning curves for different products.

We try to keep our security fairly tight. The policies that we have created on the Palo Alto NGFW have been based on security requirements. As of now, we haven't detected anything that would point to a hole in our environment, so it is very hard to say whether Palo Alto NGFW’s unified platform helped to eliminate any security holes.

It has helped to eliminate multiple network security tools and the effort needed to get them to work together with each other. It has helped us consolidate into one vendor. Earlier, we used to have an appliance for the firewall, and then we had an appliance for VPN. We had a separate appliance for the collection and correlation of data. We have eliminated all of those. They are now in one box. The same firewall gives us security policies and lets us collect all the data about the traffic flowing in and out of the network and correlate events. It has helped us eliminate the VPN appliances that we were using in the past. It has helped us to eliminate two other vendors and bring all the services into one.

The single-pass architecture is good. Everything is analyzed just once, so it improves the performance. 

What is most valuable?

Application layer firewalling has been the most valuable feature because it gives thousands of application IDs that we can use to control traffic into and out of our environment. The second most important feature has been the GlobalProtect VPN feature.

What needs improvement?

The only problem that I see with the Palo Alto NGFW being an all-in-one appliance is that because of the different features that are being put into a single appliance, the OS tends to be beefier. Over the eight years, we have seen that the number of features or analyses being put into the appliance itself has a tendency to slow down the appliance, especially at the time of bootup. So, any time we are doing maintenance work, the time required for the appliance to boot up and be fully functional again is significantly longer than eight years ago. They could find a way to make this all-in-one appliance faster.

They should also make the documentation much easier to understand. Given all the features that they have built into the firewalls, it should be easier for the end users to understand the product and all the features available on the product. They should be able to utilize the product to the maximum capabilities. The documentation and the tech support available need to improve. The tech support of Palo Alto has deteriorated over the past few years, especially after our pandemic. Getting tech support on our issues is very difficult. They could definitely improve on that.

For how long have I used the solution?

I've been using it for about eight years.

What do I think about the stability of the solution?

It's very stable. We have had no issues. There are only two issues that I recall ever happening on our firewalls. The first one was when they released an application ID that caused a problem on the network, but they were able to resolve it quickly within a matter of hours. The second issue was also because of the change in the OS. In both cases, the resolution was quick.

What do I think about the scalability of the solution?

In terms of scalability, they have a huge range of models, so depending on what your requirements are, you can scale up from the very base model that goes from 100 megabits per second to the largest one that goes to 10 gigs per second. They have a wide range of appliances that you can upgrade to based on your needs.

In terms of the traffic that can pass through the firewall, it has been fairly good for us. We have not had to upgrade our network. Being a small company, we don't have too many users. In the past eight years, we have not had to change our bandwidth for the increase in traffic. Whatever we selected four years ago, they remain the same. We have not had to upgrade the hardware capabilities just because our traffic is increasing, but in terms of feature sets, we have added more and more features to the appliances. When we started off with Palo Alto, we were only using the firewall features, and then slowly, we added a VPN for mobile users. We added a VPN for site-to-site connectivity, and the scalability has been good. We have not had to upgrade the hardware. We have just been adding features to the existing hardware, and it has not caused any deterioration in the performance.

We have about fifty users that are split between the East Coast and the West Coast. Each coast has only about twenty-five users. All in all, we have about fifty users using these products.

How are customer service and support?

It used to be good in the past, but over the last few years, it has been very bad. You open a case, and you expect somebody to get back to you and help you out with the issue. They say that based on the SLAs, somebody will get back to you within a certain number of hours for the priority ticket that you created, but that getting back actually includes the initial response where somebody is just acknowledging that they have the ticket. That does not mean that somebody provides me with the solution or takes action on it. If I open a priority one case, which means my network is down, somebody will get back to me within two hours based on the SLA, but that response only includes the acknowledgment mentioning that your case has been received. That's it. It's a different question whether someone is going to get on the phone with you or give you an email about how to troubleshoot the issue and fix that issue.

I'd rate them a six out of ten based on the response time and the quality of the responses received over the last three or four years.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

We were using Cisco's router-based firewalls. They had some advantages, but they did not have a graphical interface for configuration, which was the weakest point. Getting team members on the team who were not familiar with the command line configurations for our Cisco firewalls made us select a product that provides a graphical interface for configuration, and that was a reason for moving to Palo Alto.

How was the initial setup?

It has been fairly easy to set up. The initial setup is good. The migration to a new box can also be pretty straightforward.

I have had experience with setting it up from scratch, and it has been good. It's more on the simpler side. The initial setup to get the firewall in place with basic security principles is straightforward. When you go to the advanced features, it gets trickier.

The deployment duration depends on the complexity of the network and the kind of rules that you want to implement. The physical appliances are relatively straightforward to set up. For the base security, it doesn't take more than a couple of hours to set it up, but it can take a relatively long time to set up and configure the firewalls that sit in the cloud.

We use physical appliances and virtual appliances. The physical appliances are in our on-prem environment, and the virtual appliances are in our cloud environment. It took about four hours to set up the physical appliances from scratch, whereas the virtual or VMCD ones took a lot longer. It took two to three days to set them up.

What about the implementation team?

For the VMCD ones, we had to get help from their pre-sales support team, but for the on-prem physical appliances, we did the implementation ourselves.

What's my experience with pricing, setup cost, and licensing?

It isn't cheap. It's cheaper to replace the equipment every three years than to upgrade. We have done two refreshes of their appliances. What I have seen is that the initial hardware cost is low, but you need a subscription and you need maintenance plans. After every three years, if you're trying to renew your maintenance or subscription, that can be very costly. It's cheaper to just get a newer solution with a three-year subscription and maintenance. It's cheaper to replace your hardware completely with a new subscription plan and a new maintenance plan than to renew the maintenance subscription on existing hardware. That's the reality of the Palo Alto pricing that gets to us.

You pay for the initial hardware, and then you have to pay the subscription cost for the features that you want to use. Every feature has an extra price. Your firewall features are included with the appliance, but the antivirus feature, DNS security feature, VPN feature, URL filtering, and file monitoring features are additional features that you need to pay for. So, you pay extra for every feature that you add, and then based on the features you purchase, you have to pay the maintenance plan pricing too.

Which other solutions did I evaluate?

Before moving to Palo Alto, we did evaluate other options. In those days, we tried out the Check Point firewall. We tried out Fortinet, but Palo Alto was the one that met our needs in terms of the features available and the ease of learning its features and configuration. We went for it also because of the price comparisons.

What other advice do I have?

Try to get hold of a presales engineer and do a PoC with all the features that you're looking at before you make a purchase decision.

It isn't cheap. It's definitely the faster one. It meets all the needs. If you're looking for an all-in-one solution, Palo Alto NGFW would definitely meet your needs, but it isn't the cheapest one.

We have not used their DNS security feature because we use a competitor's product. We use Cisco Umbrella for that. The reason is that for the DNS security to work, the traffic from those endpoints needs to flow through the firewalls, but we have a lot of mobile user devices whose traffic does not flow through the firewall and we'd like them to have DNS security. We use Cisco Umbrella because that's an endpoint application that protects the endpoints from vulnerabilities based on the DNS reputation, and all the traffic from those endpoints does not necessarily need to go through a central endpoint, like a firewall.

Overall, I would rate Palo Alto NGFW an eight out of ten. 

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
KUMAR SAIN - PeerSpot reviewer
Sr. Network and Security Engineer at Shopper Local, LLC
Real User
Enables us to process packets, regularly saving us processing time
Pros and Cons
  • "The user ID, Wildfire, UI, and management configuration are all great features."
  • "The stability, scalability for enterprise-level organizations, and technical documentation have room for improvement."

What is our primary use case?

We have multiple offices across the United States. Palo Alto Networks NG Firewalls is the best solution for securing our network, and the best part is that we can provide a single working solution.

How has it helped my organization?

Palo Alto Networks NG Firewalls' embedded machine learning is very important. Every packet is inspected by the firewall, and if it is heuristic or contains a virus or some other unknown packet, it is sent to the Wildfire feature for review. If the packet is safe, it is allowed to pass through, otherwise, a signature is left to protect the organization. The updated signature is then sent to the entire network for the same packet.

Palo Alto Networks NG Firewalls machine learning helps secure our networks against threats that are able to evolve rapidly.

Palo Alto Networks NG Firewalls DNS security helps prevent DNS-related attacks in combination with our policies and machine learning.

Palo Alto Networks NG Firewalls provide a unified platform that integrates with all security capabilities.

The zero-delay security feature with cloud technology is able to immediately releases the signature and update the database.

Palo Alto Networks NG Firewalls single-pass architecture has fast processing and security because of the separate models. The networking speeds rely more on the routers, not the firewall.

What is most valuable?

The solution provides the ability to process the packets regularly saving us processing time and that is very valuable.

The user ID, Wildfire, UI, and management configuration are all great features.

What needs improvement?

The stability, scalability for enterprise-level organizations, and technical documentation have room for improvement.

For how long have I used the solution?

I have been using the solution for six years.

What do I think about the stability of the solution?

When it comes to network security, there is no such thing as stability; every day brings different forms of attacks, which we must constantly work to prevent.

What do I think about the scalability of the solution?

The solution is scalable but has room for improvement at an enterprise level.

We have around 1,000 people using the solution.

How are customer service and support?

The technical support is good. We receive a quick resolution for our issues.

How would you rate customer service and support?

Positive

How was the initial setup?

The initial setup is straightforward. The deployment time depends on the type of implementation the organization requires but it is not complex. We can do everything from the firewall GUI without having to install any software.

What about the implementation team?

The implementation is completed in-house.

What's my experience with pricing, setup cost, and licensing?

The solution is expensive. Other vendors such as Fortinet provide the same features for less.

What other advice do I have?

I give the solution a nine out of ten.

Palo Alto Networks NG Firewalls is a good solution and I recommend it to others for their network security needs.

Compared to the other firewalls, Palo Alto Networks NG Firewalls are the quickest.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
reviewer2171649 - PeerSpot reviewer
CISO at a construction company with 1,001-5,000 employees
Real User
Enables us to secure environments that may pose more significant security challenges
Pros and Cons
  • "The centralization capability is the most valuable feature of this solution as it enables us to monitor our systems efficiently."
  • "A major concern is making the licensing more accessible to enable small municipalities to afford and manage their own systems independently."

What is our primary use case?

We use these firewalls to manage wastewater systems for over a hundred municipalities across the country. As a result, we exclusively use them in the operational technology (OT) space.

How has it helped my organization?

One of the key benefits is that it enables us to secure environments that may pose more significant security challenges.

What is most valuable?

The centralization capability is the most valuable feature of this solution as it enables us to monitor our systems efficiently. Additionally, the firewalls are excellent, with straightforward configuration and comprehensible interfaces that our engineers can set up with ease.

The cloud firewall solution offers a unified platform that integrates social security capabilities, but it comes at an additional cost.

I think having the ability to see the big picture is important for us, and that's not always easy to achieve. 

As for how important it is for us to have Palo Alto NG Firewalls and defense machine learning at the core of the firewall for real-time attack prevention, I think it's a bit premature to say. There are many players in that field currently, and I would prefer to see them get it right before jumping in just for the sake of being there.

What needs improvement?

A major concern is making the licensing more accessible to enable small municipalities to afford and manage their own systems independently.

For how long have I used the solution?

I have had experience working with Palo Alto Networks NG Firewalls for a minimum of three to four years.

What do I think about the stability of the solution?

I would rate the stability of Palo Alto Networks NG Firewalls a nine or ten out of ten.

What do I think about the scalability of the solution?

Palo Alto Networks NG Firewalls are very scalable.

How are customer service and support?

As far as I know, the technical support for this solution is excellent. 

My team has used it a few times and has always been satisfied with the service. I have never received any negative feedback regarding the support lines.

I would rate the technical support an eight or nine out of ten.

How would you rate customer service and support?

Positive

How was the initial setup?

A lot of the municipality's systems rely on Palo Alto Networks NG Firewalls to stay online, and we've found that they provide better uptime compared to most other solutions.

Our downtime has been reduced by 80 to 90% with the implementation of Palo Alto Networks NG Firewalls.

I was not involved in the deployment process.

What was our ROI?

We have seen a return on investment. By centralizing our monitoring of systems, we have been able to make our lives easier.

What's my experience with pricing, setup cost, and licensing?

The licensing leaves a lot to be desired. 

We buy the license and then we can't transfer the license without paying an exorbitant fee to our client if they leave us, and that just seems to be a bit of a pain point for us, and there's really no way to partner effectively to make that more reasonable.

Which other solutions did I evaluate?

We continuously review firewalls, whether it's Check Point or Fortinet, or Cisco. But Palo Alto has been the best for us.

What other advice do I have?

As most of our environments are in the cloud, we don't have a lot of experience in securing data centers.

If a colleague at another company is only looking for the cheapest and fastest firewall, I would advise them that Palo Alto Networks is not the right solution for them. 

While it may not be the most affordable or the quickest to set up, the investment in Palo Alto Networks NG Firewalls is well worth it in terms of reliability and security. 

Choosing a firewall based solely on cost and speed may result in a false sense of security and leave the organization vulnerable to breaches and downtime.

I would rate Palo Alto Networks NG Firewalls an eight out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer. Customer
PeerSpot user
Buyer's Guide
Download our free Palo Alto Networks NG Firewalls Report and get advice and tips from experienced pros sharing their opinions.
Updated: August 2025
Product Categories
Firewalls
Buyer's Guide
Download our free Palo Alto Networks NG Firewalls Report and get advice and tips from experienced pros sharing their opinions.