Team Lead Network Infrastructure at a tech services company with 1-10 employees
Real User
Top 5Leaderboard
Stable with good performance and a fairly straightforward setup
Pros and Cons
  • "It's a next-generation firewall and it's pretty stable. You don't have to worry about if you restart it for some maintenance. It will just come back."
  • "Sometimes some of the applications the customer has do not respond as they normally should."

What is our primary use case?

The solution can be used in the data center it can be used as perimeter firewalls and gateways as well. It can be used anywhere. From the systems side, the data center side, or I typically recommend that it be deployed in a VM, as it may be able to see the internet traffic and specifically it would basically look into the details of a virtualized environment as well.

What is most valuable?

It's a next-generation firewall and it's pretty stable. You don't have to worry about if you restart it for some maintenance. It will just come back. Basically, it would come back in a straightforward manner. There are no stability issues.

The one thing that I like about Palo Alto is it's throughput is pretty straightforward. It supports bandwidth and offers throughput for the firewall.  The throughput basically decreases.

Palo Alto actually provides two throughput values. One is for firewall throughput and other is with all features. Whether you use one or all features, its throughput will be the same.

It's performance is better than other firewalls. That is due to the fact that it is based on SPD architecture, not FX. It basically provides you with the SB3 technology, a single path parallel processing. What other brands do is they have multiple engines, like an application engine and IPS engine and other even outside management engines. This isn't like that.

With other solutions, the traffic basically passes from those firewalls one after the other engine. In Palo Alto networks, the traffic basically passes simultaneously on all the engines. It basically improves the throughput and performance of the firewall. There's no reconfiguration required.

What needs improvement?

Palo Alto has all the features that any firewall should have. Other firewalls should actually copy Palo Alto so that they can provide better stability, performance, and protection - at levels that are at least at Palo-Alto's.

This isn't necessarily an issue with the product per se, however, sometimes basically there are some features, depending on the customer environment, do not work as well. Sometimes some of the applications the customer has do not respond as they normally should. Palo Alto support needs to understand the customer requirements and details so that they can resolve customer queries more effectively.

For how long have I used the solution?

I've been using the solution for the past six years at this point.

Buyer's Guide
Palo Alto Networks NG Firewalls
November 2022
Learn what your peers think about Palo Alto Networks NG Firewalls. Get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
655,465 professionals have used our research since 2012.

What do I think about the stability of the solution?

The solution offers very good stability. I don't have issues with bugs or glitches. It's reliable.

What do I think about the scalability of the solution?

We have a variety of customers ad they all have a different amount of users. Some have 50 users. Some have 100 users. Some have 1,000 users as well. It varies quite a bit. In that sense, it scales to meet the customer's needs.

How are customer service and support?

I've dealt with technical support in the past. Sometimes it is good and sometimes it's not as good. It depends on the complexity of the deployment. Overall, however, I would say that I have been satisfied with the level of service provided.

Which solution did I use previously and why did I switch?

There are multiple products from different vendors, and I basically deploy different firewalls from different vendors for the customers based on their needs. The solutions I work with include Cisco, Fortinet, and WatchGuard. There are a few others as well.

How was the initial setup?

The initial setup isn't too complex. It's pretty straightforward.

The deployment time basically depends on the deployment model. If it's a VMware model, it's pretty straightforward and you can basically deploy it in half an hour to one hour.

If it is in another deployment model, for example, if it's in Layer 3, it depends on the subnet environment, how many subnets they have, or how the traffic is routing from one end to the other end, etc. 

What about the implementation team?

I'm involved in system integration, so I basically deploy and manage the solution for the other customers.

What other advice do I have?

I'm an integrator. I work with many clients. My clients use both the cloud and on-premises deployment models.

I would recommend the solution to other organizations.

Overall, I would rate it at a nine out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Integrator
PeerSpot user
Solutions Architect at a comms service provider with 51-200 employees
Reseller
Top 5
A good solution with great stability and very good Policy Optimizer feature
Pros and Cons
  • "I love the Policy Optimizer feature. I am also completely happy with its stability."
  • "Its reporting can definitely be improved. I would like to have better graphical dashboards and more widgets for more clarity in the reporting area. In a third-generation firewall, you can generate some dashboards. It provides the information that we need, but from the C-level or a higher-level perspective, it is kind of rough and incomplete. Its data loss prevention (DLP) feature is not good enough. Currently, this feature is very basic and not suitable for enterprises. It would be nice if they can include a better DLP feature like Fortinet. We would like to have a local depot of Palo Alto in Latin America. Competitors such as Cisco and Check Point have a local depot here. If there is an issue with their hardware, you can go to the depot, and in about four hours, you can get a replacement device, but that's not the case with Palo Alto Networks because we need to import from Miami. It takes about two to three weeks."

What is our primary use case?

We mainly use it for perimeter protection between the internet and the local network. We are using it for application control. We exploit the applications with some policies about how the network traffic is going to be from the local LAN to the external network and vice versa. We are protecting our network from outsiders and stopping them from getting into the network.

What is most valuable?

I love the Policy Optimizer feature. I am also completely happy with its stability.

What needs improvement?

Its reporting can definitely be improved. I would like to have better graphical dashboards and more widgets for more clarity in the reporting area. In a third-generation firewall, you can generate some dashboards. It provides the information that we need, but from the C-level or a higher-level perspective, it is kind of rough and incomplete.

Its data loss prevention (DLP) feature is not good enough. Currently, this feature is very basic and not suitable for enterprises. It would be nice if they can include a better DLP feature like Fortinet.

We would like to have a local depot of Palo Alto in Latin America. Competitors such as Cisco and Check Point have a local depot here. If there is an issue with their hardware, you can go to the depot, and in about four hours, you can get a replacement device, but that's not the case with Palo Alto Networks because we need to import from Miami. It takes about two to three weeks.

For how long have I used the solution?

I have been using this solution for about three years.

What do I think about the stability of the solution?

I am completely happy with its stability. I have no issues with its stability.

What do I think about the scalability of the solution?

I don't need more scalability. I can use the new features without changing the hardware. The features are completely inside the hardware, so I have no issue with the scalability. Most of our customers are big businesses.

How are customer service and technical support?

I didn't have a very complex call with their technical support.

How was the initial setup?

It depends. It can be complex when we are replacing a solution with Palo Alto Networks and the customer doesn't know how the policy is going to be implemented in the solution. If that is not the case and it is a clean installation, it is very straightforward. It is not at all complex.

The deployment generally takes a whole week. This includes the planning stage and doing the initial setup. It takes about two days to set up a device, power it on, and turn on the policies.

What's my experience with pricing, setup cost, and licensing?

It is an expensive solution.

Which other solutions did I evaluate?

Our clients compare it with Check Point. Palo Alto Network has the application granularity. It enables you to handle the applications, policies, and Policy Optimizer. There is no need for splitting the management plane and the processing plane. In Check Point, you need two devices. You need one device for the management and one for the gateway. Palo Alto has both in one, which is a good feature.

Check Point is a kind of cheaper solution, and we can deploy that application on open servers. The open servers option in Check Point has a huge cost-saving. In terms of performance, I will always choose Palo Alto Network because its IPS feature is superior to Check Point. It is much better than Check Point.

What other advice do I have?

First of all, I would say that the engineer who is going to deploy the solution has to know how the network policy is going to be introduced into the firewall. It is very important for deployment because it is a new concept that Palo Alto introduced in the market. The second thing is to know the policies, not on the layer-4 basis, but in terms of policies, such as SMB, DSTP, and other such things.

I would rate Palo Alto Networks NG Firewalls a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
PeerSpot user
Buyer's Guide
Palo Alto Networks NG Firewalls
November 2022
Learn what your peers think about Palo Alto Networks NG Firewalls. Get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
655,465 professionals have used our research since 2012.
Jorge Huaman - PeerSpot reviewer
Technology Manager at Italtel
Real User
Top 5Leaderboard
Easy for clients to connect to their information
Pros and Cons
  • "They have a good system operator in the firewalls and it provides many tools that they can use to protect their networks."
  • "Maybe they could add some tools and more competing services, like servers, but that would increase the cost of the solution."

What is our primary use case?

Our primary use case is for the perimeter connection of our clients in the network. Our client brings their services to their clients, and they have the option to connect to a webpage. With Palo Alto Networks NG Firewalls they can safely provide a username and password to their clients.

It is mainly on-premise, because the majority of the clients at this point want that kind of option. But many of them are already asking for the cloud option, like Prisma, for example.

How has it helped my organization?

It has improved our clients' organizations because previously the clients did not have the option to fully connect. In this solution, they have the opportunity to add services to their web page and book clients.

What is most valuable?

The feature that I have found most valuable is the connection. It's very easy for the clients to connect to their information. They use an SSL connection by BPM.

What needs improvement?

We work very closely with the vendors here and at this point they use external support.

Maybe they could add some tools and more competing services, like servers, but that would increase the cost of the solution.

For how long have I used the solution?

My company has been using Palo Alto Networks NG Firewalls for almost one year. It is new for us. We have more experience with Cisco and Fortinet.

What do I think about the stability of the solution?

In my company, I am responsible for the development of the proposal that we give to the client. We develop the spectrum and the pricing. We make presentations to the customer to explain the solution and answer questions about it.

What do I think about the scalability of the solution?

The scalability is very strong. The vendor provides has high availability.

Our clients are medium sized businesses.

Palo Alto is not a cheap solution. It is expensive. But because of its technology it pays itself back. In each case we work with the vendor to obtain a major discount for their business. I give that discount to our customer, who benefit from the services that we can bring them.

How are customer service and technical support?

This is our first dealing with Palo Alto. With other vendors we have more experience, like with Cisco and Fortinet.

Palo Alto's documentation and manuals are very complete. It's very easy to obtain the information that way.

Which solution did I use previously and why did I switch?

The client still uses Cisco, Fortinet, and Checkpoint. Palo Alto has very good administration tools which is not the case with the others. You can't compare all vendors. Also, the granularity of the information that they can obtain from the firewalls is better.

How was the initial setup?

The initial setup depends. In the case of one client, for example, they have a very complex connection of networks, which is architectural. It is integrated and we need to pick it out and include all the rules that they have and to put in the firewalls which they want to buy in the next month. That kind of job is not easy for us, not just regarding Palo Alto but for other vendors, too.

What other advice do I have?

On a scale of one to ten, I would give Palo Alto Networks NG Firewalls a nine.

I would recommend this product to others.

In terms of what advice I would give to future customers looking into implementing Palo Alto Firewalls, I would tell them that they have a good system operator in the firewalls and that it provides many tools that they can use to protect their networks. You don't find that in the other vendors.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Amar-Patil - PeerSpot reviewer
Security Engineer at Hitachi Systems, Ltd.
Real User
Top 10
Enables us to monitor VPN compliance and integrate with multiple vendors
Pros and Cons
  • "With App-ID, we can identify exact traffic. Even if someone tries to fool the firewall with a different port number, or with the correct port number, Palo Alto is able to identify what kind of traffic it is."
  • "The solution has normal authentication, but does not have two-factor or multi-factor authentication. There is room for development there."

What is our primary use case?

These firewalls are only used for perimeter purposes, in gateway mode.

How has it helped my organization?

In addition to our environment being secure, we can monitor compliance of VPN users. Security and monitoring are the two big benefits.

It's also very critical for us that it provides a unified platform that natively integrates all security capabilities. We have multiple vendors and multiple solutions. Palo Alto has to work with them. For example, when it comes to authentication, we can integrate LDAP and RADIUS, among others. And in one of our customer's environments, we have integrated a new, passwordless authentication.

What is most valuable?

Apart from the security, Palo Alto NG Firewalls have nice features like App-ID and User-ID. These are the two most useful features.

With App-ID, we can identify exact traffic. Even if someone tries to fool the firewall with a different port number, or with the correct port number, Palo Alto is able to identify what kind of traffic it is.

With User-ID, we can configure single sign-on, which makes things easy for users. There is no need for additional authentication for a user. And for documentation and reporting purposes, we can fetch user-based details, based on User-ID, and can generate new reports.

Another good feature is the DNS Security. With the help of DNS security, we can block the initial level of an attack, and we can block malicious things from a DNS perspective.

The GlobalProtect VPN is also very useful.

What needs improvement?

The solution has normal authentication, but does not have two-factor or multi-factor authentication. There is room for development there.

For how long have I used the solution?

We have been using Palo Alto Networks NG Firewalls for two years. I've worked on the 800 Series and the 3000 Series.

What do I think about the stability of the solution?

It's quite stable. They are launching a new firmware version, but compared to other products, Palo Alto is quite stable.

How are customer service and support?

I have worked with Palo Alto's support many times and it is quite good. Whenever we create a support ticket, they are on time and they update us in a timely manner. In terms of technical expertise, they have good people who are experts in it. They are very supportive of customers.

How would you rate customer service and support?

Positive

How was the initial setup?

The initial deployment is straightforward; very simple. The primary access for these firewalls is quite simple. We can directly access them, after a few basic steps, and start the configuration. Even the hardware registration process and licensing are quite simple.

The time it takes to deploy a firewall depends upon hardware and upon the customer's environment. But a basic to intermediate deployment takes two to three months.

What was our ROI?

Our customers definitely see ROI with Palo Alto NG Firewalls, although I don't have metrics.

What's my experience with pricing, setup cost, and licensing?

I am not involved in the commercial side, but I believe that Palo Alto is quite expensive compared to others.

Which other solutions did I evaluate?

One of the pros of Palo Alto is the GlobalProtect, which is a VPN solution. GlobalProtect has broader compliance checks. I have worked on Check Point and FortiGate, but they don't have this kind of feature in their firewalls. Also, Check Point does not have DNS Security, which Palo Alto has.

What other advice do I have?

If you're going with Palo Alto, you have to use all its features, including the DNS Security, App-ID, and SSL decryption. Otherwise, there is no point in buying Palo Alto.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Srinivasa Rao R - PeerSpot reviewer
IT Security Manager and Security Consultant with 10,001+ employees
Real User
Top 10
An excellent firewall solution with outstanding features, and multi-level perimeter security functionality
Pros and Cons
  • "We like the fact that this product can provide multiple layers of protection depending on our clients requirements, and can be configured to whatever level of protection and the specific protocols that they want."
  • "We would like to see the external dynamic list for this solution improved. The current version does not automatically block malicious IP addresses, which would be very useful."

What is our primary use case?

We use this solution for perimeter security and security profile purposes.  This covers anti-virus and anti-spyware, as well as cyber security vulnerabilities through URL and file blocking.

What is most valuable?

We like the fact that this product can provide multiple layers of protection depending on our clients requirements, and can be configured to whatever level of protection and the specific protocols that they want.

We also like the fact that this solution has a wide range of features covering all types of system security, not focusing on just one area. Everything is geared into a single module, which means we no longer need several different devices.

As well as the single module functionality, this solution allows us to easily see the active sessions and how many users we have connected. Complete information, on one screen.

What needs improvement?

We would like to see the external dynamic list for this solution improved. The current version does not automatically block malicious IP addresses, which would be very useful.

For how long have I used the solution?

We have been using this solution for the last seven years.

What do I think about the stability of the solution?

We have experienced 100% stability with this solution.

What do I think about the scalability of the solution?

The scalability of this solution depends on the management CPU that is being utilized. To manage high level traffic, it requires high-specification hardware to be used, or performance can be affected.

How are customer service and support?

This vendor not only provides a lot of very clear documentation, but also has a community center to allow for self-diagnosis and fixes.

However, if this does not resolve the issue, the technical support team are very responsive and quick to fix any problems we take to them.

How would you rate customer service and support?

Positive

How was the initial setup?

The initial setup of this solution is straightforward, particularly when migrating from a different product and using their centralized management tool. This provides a configuration file that completes the majority of the setup automatically. All traffic is then automatically diverted through this firewall

The firewall is then registered in the providers portal, which allows for updates to be applied when they are released without the need for manual intervention.

What about the implementation team?

We implemented this using one member of our in-house team, and the deployment took three days to complete.

However, there was some pre-implementation work to be done registering firewall serial numbers, connecting console cables etc, but this is all straightforward.

What's my experience with pricing, setup cost, and licensing?

This solution is quite expensive because along with the license there is premium partner support that has to be purchased as a default addition. 

There is also a specific Threat Prevention License that has to be requested and purchased separately. However, licenses can be purchased for specific periods as opposed to just an annual offering.

Which other solutions did I evaluate?

We actually tested multiple solutions, and choose this one because it gave us the most benefits in one product.

What other advice do I have?

We would advise organizations who are migrating from a different provider to inquire about the centralized management console, and to understand the full costs involved up front.

Also, despite the fact that this solution provides a lot of features, there will still be areas that aren't covered as this only works on perimeter level security.

I would rate this solution a 10 out of 10.

Which deployment model are you using for this solution?

Private Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
PeerSpot user
Network Administrator at a healthcare company with 201-500 employees
Real User
Top 5
Great protection without requiring a special dedicated network team; saves us a lot of time
Pros and Cons
  • "Protection from a single packet and ease of making security rules."
  • "It's not so easy to scale out your security capabilities."

What is our primary use case?

We have two 3000 Series Firewalls placed in our primary location. We have two sites and the secondary site uses the primary site for internet access. All traffic to the secondary location goes through a VPN tunnel. I'm a network administrator. 

What is most valuable?

The value of this solution for me is the protection from a single packet and ease of making security rules. It also doesn't require a special dedicated network team, I'm able to do it myself. It's a time saver for me and now in this pandemic period, users have access from home.  

What needs improvement?

I'd like to see some changes to the licensing policies and, on the technical side, improvement in scalability. It's not so easy to scale out your security capabilities. With the situation in business today, everybody lacks money and if you have to increase your resources and to constantly pay more for that, it becomes a problem. 

For how long have I used the solution?

I've been using this solution for 10 years. 

What do I think about the stability of the solution?

It's been 10 years and I don't remember any outages because of a hardware failure or a logical error in configuration. We had problems with servers or switches initially but it works like a charm now. 

What do I think about the scalability of the solution?

Scalability is the main disadvantage of Palo Alto. They call themselves a firewall with router capabilities but it's not a router and it requires a good bandwidth in VPN which could become a problem because you have to scale to really big hardware. We can solve the issue with other solutions, but for me the idea is to have less devices in your environment.
It's all about the hardware.  

How are customer service and technical support?

The support is quite good. A couple of months ago, I sent an email with an issue and we got an answer in 15-20 minutes. In my experience, Palo Alto support is one of the best, maybe the best support available.

Which solution did I use previously and why did I switch?

We previously used Juniper which is currently called Net Screen. I also looked at Sonic Wall. We carried out a proof of concept five years ago and they had to decide whether to go with Palo Alto or another vendor. 

How was the initial setup?

For me, the initial setup is very easy. To get the device running with some capabilities but maybe not all security rules takes about an hour and it's the same for any upgrades. We have around 900 users and one admin person from our organization who deals with any issues. 

What's my experience with pricing, setup cost, and licensing?

Palo Alto is an expensive solution, we currently have a three year contract. I'm not sure what our terms are. People always want cheaper, nobody wants to pay more. In our region, I think if Palo Alto was cheaper, more companies would buy the solution. 

What other advice do I have?

I would absolutely recommend this product, it's expensive but I trust it. There is always room for improvement such as with scalability capabilities in Palo Alto. I know I'm not the only one who thinks this is an issue. It's possible that next time we will try virtualized firewalls, it may be a little cheaper for us. We would consider switching to something else but it would be a big move and quite complicated. Moving to a different vendor is a whole other story.

I rate this solution a nine out of 10. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Technical Manager at a tech services company with 201-500 employees
Real User
Machine learning and sandboxing are what differentiate this product from competitors
Pros and Cons
  • "The sandboxing is valuable and they are frequently updating their signature database. We get new updates every five minutes. That makes it easy to detect new and unknown attacks."
  • "The configuration part could be improved. It's very difficult to configure. It doesn't have a user-friendly interface. You have to know Palo Alto deeply to use it."

What is our primary use case?

It is used for protection against attacks and it is very fast and reliable. We have a lot of use cases for it.

How has it helped my organization?

We are an implementation partner for Palo Alto. One of the companies we implemented its Next-Generation Firewalls for was previously using Barracuda. A ransomware attack happened and they lost all their backup data, and their configuration. Once we implemented Palo Alto for them, there were similar attacks but they were blocked.

Along with Prisma, it helps in preventing a lot of attacks, especially Zero-day attacks.

What is most valuable?

The sandboxing is valuable and they are frequently updating their signature database. We get new updates every five minutes. That makes it easy to detect new and unknown attacks.

What needs improvement?

The configuration part could be improved. It's very difficult to configure. It doesn't have a user-friendly interface. You have to know Palo Alto deeply to use it.

Also, it doesn't support open-source protocols like EIGRP. We had to find another solution for that.

For how long have I used the solution?

I've been using Palo Alto Networks NG Firewalls for the last six years.

What do I think about the stability of the solution?

Palo Alto suggests version 9.1.7 for stability. When new features come out, things are not as stable.

What do I think about the scalability of the solution?

It's scalable. I recommend it for its scalability.

We generally deploy these firewalls into larger environments, but the PA-400 series is affordable.

How are customer service and support?

There are problems with the technical support. When we are facing an attack, it's very difficult to get a hold of people from the TAC. It's not like Cisco, especially in India. There are very few members of Palo Alto TAC in India. Sometimes we get support from people in other countries.

How would you rate customer service and support?

Neutral

How was the initial setup?

The initial deployment of these firewalls is very complex. The registration is a very difficult task. You have to go to the partner portal to register and it's not user-friendly. All the other solutions are not like that. With Juniper, for example, it's very easy to handle their portal.

The deployment time depends on the customer environment but it normally takes around three weeks. Our implementation strategy is to first understand the network we are dealing with and how we can deploy Palo Alto.

What's my experience with pricing, setup cost, and licensing?

The pricing for Palo Alto is very high. The price difference with other vendors is huge because Palo Alto has been the market leader for the last five or six years, and they have a reliable product. Everybody knows Palo Alto, like Cisco routing and switching. It's likely that only enterprise-level customers can afford this kind of firewall.

Which other solutions did I evaluate?

Palos Alto's firewalls have machine learning software and sandboxing. Everything is one step ahead of all the competitors.

Still, almost all vendors provide the same things. They call their technologies by different names, but that's the only big difference in features.

What other advice do I have?

According to the industry reviews Palo Alto has been the market leader for the last five or six years. They have better technology and the hardware is also good. It's the pricing and user interface where there are issues. Apart from them, everything is fine.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Security Expert at a aerospace/defense firm with 10,001+ employees
Real User
Top 5
All of the policies configured are related to the application and not to a port
Pros and Cons
  • "The strengths of Palo Alto Networks NG Firewalls are application visibility and application awareness. Their strong point is identifying applications for traffic. So all of the policies that are configured are related to the application and not to a port."
  • "This solution cannot be implemented on-premises; it's only a cloud solution. The price is high as well."

What is our primary use case?

We deployed the Palo Alto Next Generation Firewall on the perimeter of the network, so all traffic that flows to the company from the internet and from the company to the internet scanned by the Palo Alto Networks Firewall. In addition, all of the internal traffic from LAN users to services that are on the DMZ zone traverse the Palo Alto Firewall.

What is most valuable?

The strengths of Palo Alto Networks NG Firewalls are application visibility and application awareness. Their strong point is identifying applications for traffic. So all of the policies that are configured are related to the application and not to a port.

For example, let's say you want to allow HTTP traffic and the server is not listening on the standard http port which port 80 but listens on port 25 which Is the standard port for SMTP, this is not an obstacle has the firewall is focusing on the application, it identify the HTTP application and allow the HTTP application and block any other application on port 25. So we don't care on which port the app traverses.

It is easy to install and is stable too.

What needs improvement?

There is another solution from Palo Alto for endpoints - XDR  that integrates with the firewall  thus providing protection at the network level and also at the end point but the XDR solution is only a cloud based solution. I would really like it if would be possible to implement this solution on-premises this is something that I would love to see with Palo Alto Networks NG Firewalls.

The price could be lower.

For how long have I used the solution?

I've worked with Palo Alto Networks NG Firewalls within the last 12 months.

What do I think about the stability of the solution?

So far, it's stable. I haven't had any problem with it. I'm always authorizing to have the minor version aligned with the latest version. There haven't been any published vulnerabilities with the product so far.

What do I think about the scalability of the solution?

I'm using the cluster, and that's a great long term solution. So I haven't needed to expand.

There are more than 10,000 employees in the company. We hope to migrate the other branches that have a different vendor to Palo Alto.

How was the initial setup?

The initial setup was straightforward from my point of view.

What's my experience with pricing, setup cost, and licensing?

From a financial perspective, this solution is quite expensive.

The licensing is on a yearly basis even though we close the deal for three years upfront.

What other advice do I have?

I would advise that those thinking about Palo Alto Networks NG Firewalls need to switch how they think about a policy on the firewall. They should not to look at it from the point of view of the service and what port that policy is related to. Instead, they should look at it from the application side. Don't pay too much attention to the port. Just look at the application. For example, the NGFW doesn't care if SMTP traverses on port 25 or 65. It just enforces the protocol.

From a technical point of view, I don't think that there's something that's missing from the Palo Alto Networks NG Firewalls. So, I would rate it at nine on a scale from one to ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Palo Alto Networks NG Firewalls Report and get advice and tips from experienced pros sharing their opinions.
Updated: November 2022
Product Categories
Firewalls
Buyer's Guide
Download our free Palo Alto Networks NG Firewalls Report and get advice and tips from experienced pros sharing their opinions.