Palo Alto Networks NG Firewalls Reviews

We mainly use the solution for traditional firewall boundaries.

The solution helped us meet our security requirements.

The fact that the Next-Gen firewalls are integrated with identity is the best. It gives us the ability to track what an individual is doing and helps us provide access to only what they need in order to do their job.

Because we want to free up our operators from the routine tasks of investigations, it's important to us that Palo Alto Networks NG Firewalls embed machine learning in the core of the firewall to provide inline, real-time attack prevention.

Technical support could be improved. Palo Alto's technical support used to be great. Whenever I had a problem, I could pick up the phone and call and get answers. That's not the case any longer.

Palo Alto Networks NG Firewalls don't provide a unified platform that natively integrates all security capabilities. It's missing some features for geofencing and understanding locations.

These firewalls are primarily used for edge defense. In terms of securing data centers consistently across all workplaces, that is, from the smallest office to the largest data centers, Palo Alto Networks NG Firewalls don't have a strong zero trust model.

NG Firewalls have not helped us reduce downtime in our organization. Because of technical support issues, we've taken some hits.

I've been using Palo Alto Networks NG Firewalls for 20 years.

It's always been a stable product.

This solution is a firewall that's a hardware appliance, and that's not the direction the industry is heading. Everybody is going toward a software-defined perimeter. Palo Alto doesn't have a strong say on it. They took what they had for their hardware and just put it in the cloud without understanding what being cloud-centric is all about.

I would rate the technical support a three out of ten.

Negative

Our ROI is that the firewalls have been used quite a few times for investigations. We've gathered the evidence we needed to act upon an issue.

These firewalls are not cheap, but they have a reasonable licensing model.

If you are considering attending an RSA Conference, note that you won't gain enough information by attending one conference. However, when you attend year after year, go through the expo, and talk to vendors, you will begin to see trends. You'll see that what's hype one year is no longer a reality another year. Thus, the experience with RSA is a multiple-year experience.

Attending RSAC has made an impact on our organization’s cybersecurity purchases. We've brought products back into our infrastructure based on what we discovered from talking to vendors at the RSAC.

Overall, I would rate Palo Alto Networks NG Firewalls a seven out of ten.

We are resellers. We're testing this solution in our network and learning about the scalability, how to set up the firewall, and the rules. It's a layer 7 firewall, so we want to know about the capabilities and detection.

The solution is deployed on-premises.

The most important feature is the firewall. We can make rules to filter the application layer of traffic. It's a very helpful feature.

The interface is user-friendly. It minimizes clicks and the need to type comments. With the GUI, we just have to drag and drop. It's quite helpful. For those who don't have a lot of experience with Palo Alto, there's a lot of good documentation.

The machine learning is very good. From our tests, the detection is quite good. I would rate the machine learning a nine out of ten.

I would like to see more integration.

I have used this solution for about eight months.

I'm a consultant and appliance tester. My job is to test the network and know how it works.

The stability is good.

I don't know about the scalability because we only have one appliance, which we haven't upgraded.

I haven't contacted technical support, but all of the answers to my questions are available in the documentation.

We previously used Fortinet.

The installation is straightforward. It's just a simple button. The deployment took less than two hours.

We used four people for testing the capabilities and for the deployment. There were also three or four people outside my team who were involved.

I would rate this solution a nine out of ten. 

To those who are interested in using this solution, what I would first say is that Palo Alto is a leader in Gartner. I would give them recommendations about the technical side, what we have done in our testing, the protection rate, the benefits, and how quickly and accurately the firewall can detect threats.

We use this solution for perimeter security and security profile purposes.  This covers anti-virus and anti-spyware, as well as cyber security vulnerabilities through URL and file blocking.

We like the fact that this product can provide multiple layers of protection depending on our clients requirements, and can be configured to whatever level of protection and the specific protocols that they want.

We also like the fact that this solution has a wide range of features covering all types of system security, not focusing on just one area. Everything is geared into a single module, which means we no longer need several different devices.

As well as the single module functionality, this solution allows us to easily see the active sessions and how many users we have connected. Complete information, on one screen.

We would like to see the external dynamic list for this solution improved. The current version does not automatically block malicious IP addresses, which would be very useful.

We have been using this solution for the last seven years.

We have experienced 100% stability with this solution.

The scalability of this solution depends on the management CPU that is being utilized. To manage high level traffic, it requires high-specification hardware to be used, or performance can be affected.

This vendor not only provides a lot of very clear documentation, but also has a community center to allow for self-diagnosis and fixes.

However, if this does not resolve the issue, the technical support team are very responsive and quick to fix any problems we take to them.

Positive

The initial setup of this solution is straightforward, particularly when migrating from a different product and using their centralized management tool. This provides a configuration file that completes the majority of the setup automatically. All traffic is then automatically diverted through this firewall

The firewall is then registered in the providers portal, which allows for updates to be applied when they are released without the need for manual intervention.

We implemented this using one member of our in-house team, and the deployment took three days to complete.

However, there was some pre-implementation work to be done registering firewall serial numbers, connecting console cables etc, but this is all straightforward.

This solution is quite expensive because along with the license there is premium partner support that has to be purchased as a default addition. 

There is also a specific Threat Prevention License that has to be requested and purchased separately. However, licenses can be purchased for specific periods as opposed to just an annual offering.

We actually tested multiple solutions, and choose this one because it gave us the most benefits in one product.

We would advise organizations who are migrating from a different provider to inquire about the centralized management console, and to understand the full costs involved up front.

Also, despite the fact that this solution provides a lot of features, there will still be areas that aren't covered as this only works on perimeter level security.

I would rate this solution a 10 out of 10.

We have deployed Palo Alto Networks NG Firewalls and every web filter security available. So, we came to know each website user who got blocked and the "not required" categories. These categories are permanently blocked, and if any changes are required in these categories, we will first get approval from management. 

I like the sandbox feature, and it's very good. It kills each malware deployment in the sense of signatures within five minutes. So, we can secure our network and infrastructure very well within the stipulated time.

The WildFire functionality is very good because a few files are also getting blocked. It's critical as malware attacks are also getting ignored, and the logging is very well maintained in this firewall.

The most valuable solutions in this field are application-based firewalls. That is the main criteria of the firewall and functionality. We can get all the logs related to this and each and every packet. I like that the firewall is working as an application. The application-based entity we have deployed is well maintained and working very well.

We were able to find lots of vulnerabilities when we deployed it, but we could not disclose all. But there were vulnerabilities we could block by updating the firewall and taking actions on clientside machines. So, we got to know that we have lots of vulnerabilities inside the organization too, and we took lots of steps and resolved the number of vulnerabilities.

Palo Alto Networks NG Firewalls is an all-in-one solution. It provides every entity log, which is a very good functionality of this firewall. It gives every packet and aspect that the firewall is performing through its logs, and it does it very well.

This firewall's unified platform helped eliminate multiple network security tools. If anyone uses P2P sites, cryptocurrency websites, or any illegal sites, we can block it easily. It gives us a proper alert for these kinds of sites, and it properly secures our network. Monitoring is the best thing we are doing here, and we can block this kind of vulnerability as soon as it comes to us.

We are not happy with Palo Alto at all. It would be better if they provided more support for the firewall. We have a few pending issues with the configuration for each application. We cannot deploy them yet due to some support-related problems in the firewall.

We have deployed a few policies for DNS spoofing and DNS attacks, but we could only block a few IP addresses through the policy. That's DNS security, and we have configured a few policies for DNS spoofing and more.

URL categorization and URL filtering are not yet adequately maintained. For example, if you created a few rules in the rule-based configuration and made some rules downstairs, you will lose some of them if you give access upstairs. It's not giving us a proper solution for which route it is using. We need to apply the application-based policies and URL filtering-based policies. It creates more issues because we are not getting good support from the team.

I have been using Palo Alto Networks NG Firewalls for the last three or four years.

Stability in the sense of security and alerts, this solution is very good, and we have not had had any issues. However, web filtering and application-based approach are very poor.

Palo Alto Networks NG Firewalls is a scalable solution.

Palo Alto Networks support could be better. We bought this solution for security purposes, and we asked the support team to convert each and every entity. They have not been able to convert this New Generation Firewall to date. 

Their name suggests that the product will use every application and work as a New-Generation Firewall. Yet, it's not configured, and we can only configure 30% to 40% of the applications. That is also giving us some problems sometimes.

On a scale from one to ten, I would give Palo Alto Networks support a three.

We have a policy in our organization to change the firewall every five years. So, I have experience working on FortiGate, SonicWall, and WatchGuard over the last 20 years.

WatchGuard is very good at web filtering. FortiGate is also very good, and they have their own application to manage the firewall, and SonicWall is also very good. 

Palo Alto is a web-based firewall, and there are no applications to deploy and support. I mean, I take all the logs and all things from the client-side. As it's web-based, it's extremely slow. 

When you click on a particular log, it will take a lot of time because it generates lots of logs. That is a good thing, but performance is a little slow. Both WatchGuard and FortiGate are very good for this kind of thing. Also, WatchGuard is application-based, and I didn't have to deploy it. I came to know about Palo Alto from my friends who said it was very good for application-based security. 

The initial setup and deployment are straightforward. We did not have any issues at all. It took us about 15 to 20 days to implement this solution. 

The policies we have with Atelier and WatchGuard were exported, and we tried to deploy these policies on the new firewall. The reseller helped us configure it but without our concession or permission and could not deploy the firewall. We later had more problems, and the reseller helped us with that as well.

Video Import Solutions is our local reseller in Pune, India. In our experience, not every engineer knew the firewall concept. I mean, not at all. If we wanted something new or had to deal with this application-related issue, they always told us they would log a case and resolve it. But they did not support us at all and did not give us any reason why they could not do it.

I am a technical guy, and I would say that you will not get a return on your investment. Even FortiGate and WatchGuard will offer next-generation solutions that perform better than Palo Alto Networks.

The price could be better. Pricing is very different compared to WatchGuard, which costs around 60 lakhs, and FortiGate, which costs approximately 40 lakhs. Palo Alto Networks costs about a crore which is very high pricing.

We bought this firewall, and our organization did not want to pay so much. We spent around one crore rupees which is not within our budget at all, and we are unhappy with them.

This firewall provides a unified platform that natively integrates all security
capabilities. It will queue all functionalities like firewall protection and alerts and track all DDoS attacks. It shares all the information with us, and we can monitor and take immediate action on the other alerts we receive.

I would advise potential users to only go for this solution if they have the budget and don't require any support. Only buy this firewall if you can install, configure, and solve potential problems on your own. If not, FortiGate and WatchGuard are much better options.

On a scale from one to ten, I would give Palo Alto Networks NG Firewalls a five.

We use Palo Alto Networks NG Firewalls to manage the villains. Basically, to protect the environment. 

I like that they are more stable than the previous ones, and they allow a lot of other features.

It would be better to have more tools to control Palo Alto Networks NG Firewalls. We don't have too many tools to access Palo Alto. For example, the IT team doesn't have access to it. We can see it physically and see if it's running or not. We need to contact a special team to receive that information. I would also like to see more reporting in the next release.

I have been using Palo Alto Networks NG Firewalls for two years.

Palo Alto Networks NG Firewalls is stable.

Palo Alto Networks NG Firewalls is scalable. We have about 250 people using it at our hotel.

We use Trustwave, a company that provides the devices. We have an agreement with them, and we're satisfied with the support.

We used to use Juniper and Fortinet.

The initial setup is pretty much straightforward. It takes us about two hours to set up and deploy this solution. It takes a team of two guys to deploy and maintain this solution.

I would recommend this solution to new users.

On a scale from one to ten, I would give Palo Alto Networks NG Firewalls a nine.

Palo Alto Networks NG Firewalls are being used for cloud security in our organization. Along with that, we have implemented SD-WAN, secure access, and XDR. These are the primary firewalls that we have in place.

Essentially, we have almost all of their products across their three suites.

The previous brand we used had a steeper learning curve for our engineers and analysts compared to Palo Alto, which is easier to use. 

We also have an excellent partner in Costa Rica who works with Palo Alto's team there, providing valuable support. Overall, our experience with Palo Alto has been very positive.

Some of Palo Alto Networks NG Firewalls' valuable features are their powerful capabilities and user-friendliness. 

Our security team has found it easy to learn and obtain the necessary certifications and training from Palo Alto.

Overall, we have had a very positive experience with this suite of solutions, including the training they have provided us.

We like the Palo Alto ecosystem and how its different suites of products integrate seamlessly. 

The sharing of information has enhanced our security posture as a company. Overall, our experience with Palo Alto has been very positive.

I believe that It is important that the firewall integrates machine learning to take advantage of all the information that is available, all the data that is available.

You have to integrate machine learning AI and things like that to be able to be a step ahead of the hackers.

Using Palo Alto Networks NG Firewalls, we have experienced zero downtime.

The solution is user-friendly, which is important as it allows us to concentrate on other essential aspects of the company rather than spending time and effort maintaining the solution.

The level of control and granularity in terms of rule customization could be enhanced. However, compared to our previous solution, Palo Alto provides much better drill-down capabilities.

It is a solid solution.

We have been using Palo Alto Networks NG Firewalls for six years.

It is a very solid, stable solution. We haven't had any issues with it, you know when we have to do updates there are no problems whatsoever. it's a very good solution.

Scalability is an important issue. It is very scalable.

We are currently protecting around 11,000 endpoints.

In my experience, I would rate the technical support a ten out of ten.

They are excellent.

Positive

Initially, I was involved in the setup, but then other team members took over and completed the work. In the end, we reviewed and went over the setup together.

We had a lot of support from their local partner So it was very straightforward at the time.

I didn't come across any significant issues, but as engineers, we are always prepared to face challenges. 

Nowadays, nothing works as simple as plug-and-play like it used to be. However, we try to reduce the likelihood of issues as much as possible by working closely with project managers and performing thorough preparations beforehand.

Before doing the implementation. It was okay.

I believe we have seen a return on investment.

The time we used to spend on various tasks previously has significantly reduced with the implementation of Palo Alto Networks. 

The system is very reliable with no downtime, providing us with a sense of security that is important in cybersecurity.

The price of Palo Alto Networks NG Firewalls is high, but it is worth it if you have the budget for it. 

Budget is always an important factor in decision-making, but it was within our budget, and we were impressed by what we heard, tested, and experienced with Palo Alto.

It is difficult to know and assume the thought process of others. If they have budget constraints, there may be other manufacturers with a lower price point that would be a good fit. We try to evaluate from different angles, not just the budget, but also the technology and how it will fit with our needs. We look for strong capabilities where necessary, such as with Sophos and WatchGuard for smaller companies.

It can be difficult to know the thought process behind a company's decision when it comes to choosing a firewall solution. Budget constraints may play a role, and there are other manufacturers that offer lower price points, which can be a good option. However, it's important to consider technology and how it fits with the company's needs, as well as the strength of the solution. 

Smaller companies like Sophos and WatchGuard also offer solid platforms, and they may be a good fit for those looking for a lower price point. Ultimately, it's important to assess what's important for the company and find a solution that fits those needs, both in terms of functionality and price.

Our process for evaluating firewall solutions usually involves consulting Gartner for their feedback, having sessions with our analysts, and focusing on the leading firewall manufacturers.

We evaluated several firewall manufacturers, including Check Point and Fortinet, but ultimately, we as a group decided that Palo Alto was the best fit for us. 

The decision was not solely mine but rather made by our managers based on the evaluations and presentations given by each vendor. 

We were particularly impressed with Palo Alto's presentation and even visited their headquarters located south of San Francisco. And we just felt comfortable, and it was a good decision.

The RSA sessions have been very informative and enjoyable. Today is actually my last day at the expo, and I've been visiting some of the manufacturers that we already work with as well as some that I want to learn more about. Overall, I think it's been a great experience.

From an engineering standpoint, the expo is a great opportunity to connect with knowledgeable people beyond the marketing façade. It's worth investing time to engage with them, learn about their products and solutions, and find out what they're working on and what's upcoming.

Attending RSA has had a significant impact on our company's cybersecurity purchases for the next year. In fact, I am here with two other colleagues who are actively researching and taking notes on various companies and their offerings. They are gathering valuable information to inform our future purchasing decisions.

We've been coming here for many years now, and we'll not come back. It's a good place to get up to date on what's happening.

I would rate Palo Alto Networks NG Firewalls a ten out of ten.

I use Palo Alto Networks NG Firewalls to handle my perimeter security, which is the most critical point of my network.

Layer 3 and Layer 4 are part of the core functionality of any firewall, but this firewall brings more information into the inspection via Layer 7. Thus, the entire threat landscape has changed for us as a company.

We can integrate all the Palo Alto firewalls to have a single insight experience across all firewalls.

On a major scale, Palo Alto NGFW can be helpful in eliminating some security tools. It doesn't eliminate all of our other security tools, but it does bring down the dependency on some tools.

Security and network performance are of equal importance to us. This solution doesn't compromise your network's performance for security, which is a good trade-off.

The most valuable features are application inspection and sandboxing. Application inspection decides where traffic is transmitted. If I have a perimeter report for a particular service, then other services or malicious services cannot use an open port. In this way, application inspection is doing a fantastic job. We also have a very good sandbox with almost no rate limit. It will inspect any file that comes in and goes out in a dedicated patch to identify malware. Therefore, these two things help me to protect our organization from any bad actors.

It is extremely important for me that Palo Alto Networks NG Firewalls embeds machine learning in the core of the firewall to provide inline, real-time attack prevention. The way that they handle the traffic is very useful for us. The firewall creates a benchmark of known traffic patterns that every endpoint would have using machine learning. Machine learning creates a baseline of how the traffic goes in and out. When there is a deviation in the normal behavior, it gives me a threat indication via a reporting feature that shows us how the current traffic has deviated from the usual traffic. This is a very good feature, which is important for my organization to have on a daily basis.

It gives me a better experience when handling security holes. 

Our upgrades brought some rule reviewing features by default, without having to depend on third-party tools to perform the rule reviewing. That has been a good feature.

I would like them to bring in some features that would encourage traffic shaping or bandwidth routing, like other UTM firewalls, because the solution should be capable of limiting the bandwidth for rules.

If Palo Alto Networks could bring in session tracking, like FortiGate, then we can remove another cybersecurity tool. If they could say "This is user-based, not IP-based," using user attribute-based rules, then that would be helpful for a small- or medium-scale company because they could use a single device instead of two or three devices.

I have been using it for four years.

The stability is very good. After the upgrade, every other process was smoother. We haven't often seen bugs or operational hazards in terms of the device. 

Scalability is always available. If you are ready to invest the money, then you can add another box. Every device has its limitations though. NGFW has its own limitations, where it cannot scale beyond a certain point. Those limitations have already been published and users need to be aware of them when they are planning to buy a firewall.

The size of my environment is 3,000 to 4,000 users. We are a larger organization with 60 to 80 VLANs. There are approximately 3,600 endpoints accessing them. Day in, day out, we have a lot of network access change requests coming in that need to be performed. 

In terms of maintaining the firewalls for our space and cost, there are about 15 team members. It is a huge environment with 10 different clusters of Palo Altos. From our operational perspective, we need 15 team members.

On a practical scale, it depends on the size of your organization. If it is a small organization, I think two to three members should be sufficient enough to handle the solution. When you have a smaller organization with a maximum of 20 different VLANs, where there is a size limit of 50 to 100 users/employees, then two or three members would be sufficient enough to handle it. However, it all depends upon the number of endpoints that are the nodes and how many nodes the firewall is protecting.

The technical support is good. I would rate them as 10 out of 10. 

They are able to support me and the issues that have arisen, which have been very minimal. For cases where we break something in the configuration or any bug that is out of control, they are good in understanding and analyzing our issues as well as providing a solution for them. That is why I rated them as 10.

Positive

The initial setup was straightforward, not complex. We migrated from a different vendor to this platform. We had our goals and objectives in front of us. So, we had a good project plan before migrating everything.

I have multiple clusters. For the largest cluster, the migration took three to four weeks.

We used an integrator for the deployment.

We are monitoring the metrics. We have certain metrics to find ROI, e.g., it could be zero-days, the number of inclusions that this solution has blocked successfully, or the amount of malware that it has stopped. We identify this information via the sandboxing feature, which determines what other normal firewalls would have let in. We consider the amount of data that we process and the regulatory fines that would have arisen, if not for this solution. That is how our return of investment is calculated.

If the cost is your main priority, Palo Alto would be a bit high. However, if you are ready to hear about return of investment, then I would convince you to go for Palo Alto.

I am using three or four firewalls from different vendors. I know their capabilities as well as the strengths and weaknesses of each vendor. 

We have evaluated different firewalls and found Palo Alto best suited for boundary networks. Fortinet handles our user-facing firewalls. Between FortiGate and Palo Alto, there is Cisco.

We did a SWOT analysis on all the firewalls. We determined the best firewalls based on their throughput and protection suites. For example, a user-facing firewall doesn't need to be jam-packed with security features. However, a perimeter firewall is between the trusted and untrusted networks, so more security features are needed.

We are using a different DNS Security solution, so we haven't used Palo Alto NGFW’s DNS Security.

Explore the features that the solution offers. There are a lot. If you can use the features to their fullest potential, that would be best. 

If you are just doing an L3 and L4 inspection, then Palo Alto Networks might not be best suited for that environment. If you are going to use the features of an NGFW, then I would tell you about the solution's features and return of investment based on what you are protecting. 

Our primary use case is protecting our clients from remote threats on the internet. These firewalls are very powerful and important for our business.

With single-pass architecture, there isn't a trade-off between security and network performance. The device functions well in terms of both security and network performance together.

One of the most valuable features of Palo Alto Networks NG Firewalls is application symmetries. I like this feature.

Also, the embedded machine learning in the core of the firewall means the device learns about threat types. The machine learning also enables the solution to secure networks against threats that evolve rapidly.

The solution also provides a unified platform that integrates all security capabilities, which helps prevent external attacks, and eliminates the need for multiple network security tools and the effort needed to make them work together.

I have been using Palo Alto Networks NG Firewalls for about six years.

The stability is good. It's a very stable device. That is the biggest lesson I have learned from using them.

The scalability is very good. If our customer has distributed networks, Palo Alto is a good solution.

In general, the solution is good for midsize companies, between 100 and 2,000 users.

We plan to increase our usage of Palo Alto Networks NG Firewalls in the future.

I rate the technical support highly. Palo Alto's technical team is very helpful and provides fast solutions.

We previously used Palo Alto Cortex. We switched because the NG Firewalls are very stable, flexible, and more powerful.

The initial setup is easy. The initial config takes one or two hours. After that, the time needed depends on the customer's requirements.

For mid-sized networks, the solution requires two to three people for deployment and maintenance. But in our company, we manage with one person for everything.

My responsibilities are on the technical side, but the price is expensive, especially in Turkey, where I am located. The exchange rate of the dollar against the Turkish lira is very high, making Palo Alto very expensive in our country.

Palo Alto is very expensive compared to other vendors, like Fortinet.

In addition to the standard fees, there is an extra cost for a GlobalProtect License, and that is something we generally need.

If a colleague were to say they are just looking for the cheapest and fastest firewall, I don't know what I would say if they don't have the budget. But if they have a budget, I would recommend Palo Alto because, while another solution may be cheaper, it could be more expensive in total if you consider the potential loss of business continuity and reputation.

And while I don't use the PA-400 series, I know it sells well because the higher series are very expensive, and the 200 series is very slow and less powerful. The PA-400 series is good.