Palo Alto Networks NG Firewalls Reviews

We are using it for network layer protection. And we have added all the Layer 7 protection there is, such as sinkhole protection and spyware and adware detection.

When you have the advanced URL protection enabled on a Palo Alto NG Firewall, the load on the application layer is reduced. The web application firewall features are already enabled in Palo Alto and those features give you an extra layer of protection, even if you have another technology above the Palo Alto firewall. That extra layer of protection is an opportunity that we have with Palo Alto.

The most important thing is that it's really user-friendly. I have almost stopped using the CLI because I like the graphical interface. You can do whatever you want on a single screen, including all the configuration and implementation, using Panorama. You don't have to switch from one place to another. And the best part is that you can manage multiple Palo Alto devices. We do have other companies' devices and for them we need to go to the CLI. But with Panorama, you almost get everything you need. It is very important for managing all the technology and features on the device, and for adding multiple devices, on one page.

Palo Alto also gives you a lot more options to troubleshoot and fix problems. That really helps our operations team.

Another valuable feature is the sinkhole option. If a malicious packet travels across the firewall, the firewall detects it as malicious traffic but it doesn't stop the traffic then and there. That way the attacker assumes that they have been successful but they have not. It's a type of honeytrap. It allows us to keep on responding to those packets.

Also, when the firewall does network discovery it can detect a malfunction or bugs or a configuration issue. That is very important. If your endpoint system is not functioning properly, it gives you an extra layer of protection in the network discovery field. It shows you all the options and all the data if your system is not compliant.

The Single Pass architecture is a nine out 10. A single pass is always good.

Palo Alto keeps coming out with antivirus and malware updates. When we have to integrate those updates we face some problems with the cloud platform, not the on-prem setup. The device works fine, but sometimes the sync doesn't happen on time.

It's not an issue that happens all the time, just sometimes. It's not a major issue. The device doesn't go down. It is not a priority-ticket situation.

Also, while Palo Alto is doing really well, they should bring out some small devices. As of now, we have the PA-800 Series firewall and the 440 Series firewall. A small Palo Alto firewall would be helpful for low-budget companies.

For the last six to seven months I've been using Palo Alto Networks NG Firewalls for architectural purposes. My job is to build infrastructure for our clients to support their functions. I also used Palo Alto for other clients in my previous organization for almost two years.

Scalability is something that I assume is feasible when you have Palo Alto in the cloud. In that case it's feasible to scale it very well, and you don't have to manage it. You just need to order it and it can be scaled per your request.

But with an on-prem setup it can be difficult if you want to scale anything. Then you need to order the physical device and do all kinds of configuration. I haven't really worked on scaling physical devices.

Support is really nice, but they keep on adding features, so regular training is really required for Palo Alto technical support. Every other day, every week, every month, they come up with something new. Sometimes, even technical support doesn't know about an update when it is still in the transition phase. They should have short-term training to be aware of when they are launching a particular new feature.

With more and better training, they will end up saving a lot of time, because they won't have to search for information or ask their colleagues or their engineering team about new features that have been added. That way, customers will be happy.

The initial deployment is absolutely straightforward. It's a very easy configuration. You just need to follow the instructions.

And the best part is that you get a lot of training material over the internet. I used to think that Cisco gave the best training materials over the internet but I was wrong. If you have any problem, you can Google it. There will be a lot of answers for Palo Alto NG Firewalls on the internet itself.

If everything goes well and if you don't have a major configuration to implement, you just want to set it up, the maximum it would take is one to two hours, because the image deployment is very easy. Once the device is racked up properly and all the cables are connected, you just need to boot up with the latest image and start the to-the-box and through-the-box configurations. Both configurations can be done within two to three hours.

The pricing is fair enough. 

This year, the pricing has increased. They played it really smart by increasing the support license costs and decreasing the platform costs. If you don't want to go for that particular license, you can opt out. The pricing model is very helpful, especially for small companies. If they don't want URL Filtering because they don't have any URL options, they can opt out of the URL Filtering.

I haven't seen Panorama go down in my entire tenure. I've worked with different companies. For example, I worked in Cisco TAC. Cisco users used to say that Firepower, the unified platform, was down and that they could not manage anything. Even though all the other components were running, they could not do any configuration because the unified configuration page itself was down. And, unfortunately, you don't have the ability to configure anything using the Cisco CLI anymore.

But I would give a slight edge to Cicso's technical support over Palo Alto's. I would rate Cisco's support at nine out of 10, and Palo Alto's at eight. Cisco gives priority to its customers.

Before you go ahead and invest in Palo Alto, look at as many reviews as you can. Do proper research before you deploy any firewall.

If someone says they are just looking for the cheapest and the fastest firewall, I would tell them to go for the PA-800 Series and their problem will be solved. Also, for small office requirements, you could go with the PA-440. The PA-450 and 460 will be a little expensive. If your requirements are to set something up for less than 100 users, the 440 will do it.

Our company, in particular, always wants an extra layer of protection. They don't remove any extra layers of security. But an advantage of Palo Alto NG Firewalls is they are sufficient to tackle complications

Palo Alto's firewall is stable, helpful, and user-friendly.

These are gateway firewalls to the Internet for every site. At a majority of the sites, we use the firewall as our gateway for the network below.

Previously, we used them just for the Internet firewall and Internet security side. However, in the last year or two, we have started to migrate them as the gateway routers, e.g., as gateways for the networks below. They are doing Internet firewalling as well as firewalling for the networks below.

We are using the PA-220s, PA-440s, PA-820s, PA-3250s, and PA-5250s. We are using all of those hardware models. Then, we are running the PAN-OS 10.1.3 on those.

We have around 40 locations worldwide. At minimum, we have one Palo Alto Networks NG Firewall at each location. At some of the larger sites, we have two Palo Alto Networks NG Firewalls in HA configuration. Then, at our headquarters and disaster recovery site, we have two at each site.

The WildFire feature that they offer is very nice to have. The URL filtering that they offer has been a great help to us as well. We have found with the URL filtering that they offer that we are able to categorize what traffic can go outbound to the Internet from our internal network. By doing the URL filtering, we are able to say that we are not allowing gambling, adult content, or certain URL categories that we just don't want to allow. Then, with WildFire, that helps detect any viruses coming inbound or on east-west traffic inside of our network.

Palo Alto Networks NG Firewalls embeds machine learning in the core of the firewall to provide inline, real-time attack prevention, which is very important. I got an email saying that there was going to be a new 400 series firewall, and it was talking about the ML and AI features that it is offering. That is very exciting to see coming for all our firewalls.

We have the Palo Alto Next-Gen firewalls as well as Cortex XDR for the antivirus side. We are making use of Cortex XDR and Data Lake to correlate the data. We definitely see the benefits of having all that in one unified platform. Some of my colleagues are able to see how certain malware security incidents can correlate to how the virus or malware came into the network, then how it traversed our network based on the XDR information.

I can manage 1,000 firewalls from a single pane of glass.

I am looking to have the machine learning see how a virus or malware will morph, then prevent that from happening. That seems invaluable at this point.

We have a lot of the older firewall models, i.e., the PA-220. It seems that with newer operating systems the PA-220 is becoming slower than when I first bought it. It is not really an issue for users who are passing traffic through the firewall, but more from the management access of it.

We have had them for about three years.

I have had some issues here recently, but it has been more operating system issues. As far as the hardware goes, they have been very solid. Out of the last three or four years that we have utilized Palo Alto Network NG Firewalls. I have only had one time where I had a hardware failure on it that had to get a replacement.

It is very scalable. The Panorama management tool makes it very easy to add a new firewall. You can add one, 10, or 100 firewalls, deploying them quickly and keeping the same security posture that you had in place previously with other devices.

I have not noticed any trade-offs from security versus network performance at all. I think they are both running very well. We haven't lost network performance with an increase in security or vice versa.

The entire company is using the solution. We are a manufacturing company who manufactures electronic interconnects. We have our own marketing department, engineering, learning development, HR, accounting, and IT. Thus, we have a broad spectrum of users who are using the solution.

We actually have a very small staff. There are only five of us who are actively administering the Palo Alto environment. We have around 40 locations worldwide with just over 8,000 users globally.

We are using it at every facility. We are using it as a gateway router as well as our next-gen firewall. We have no plans to change all that. We are pretty happy with how we are configured. So, I think we will keep that trajectory.

The technical support is very good. I am very happy with the tech engineers. They have always been quick to respond and very knowledgeable about the issues that I have had. They help me get those issues resolved quickly. I would give them 10 out of 10.                                

Positive

It gives us added security compared to our previous firewalls. They were very cumbersome to manage, and they had no central management. By switching to Palo Alto Networks NG Firewalls, we made use of the Panorama management tool to manage all our firewalls. The management side is much easier. Also, it provides visibility from their monitoring to be able to see the traffic. Whereas, I was not able to see that before with our previous firewall manufacturer.

With our previous firewall vendor, the maintenance was running to the end of its contracts. Therefore, we were looking to switch anyway because we just weren't happy with that hardware. Our implementation strategy was basically to replace all the old firewall hardware with something new. At the time, we were pretty happy with what Palo Alto Networks was offering.

The setup is very straightforward. I am familiar with other firewalls and the configurations for them. Switching to the Palo Alto Networks NG Firewalls was pretty seamless.

The initial deployment of the first site, switching from the old firewalls to the Palo Alto Network NG Firewalls, took about two to three days configuration-wise. Actually switching over from the old firewall to the new firewall was pretty seamless because we can preconfigure the firewall and then replace the old firewall with it. There were no issues.

Our VAR helped us do some research on what firewalls would be the best for us. We did our own testing, and we liked this solution. That is why we ended up going with it.

We do have other tools that we are phasing into the Palo Alto unified platform environment, bringing in Cortex XDR as well as looking at SIEM products. So, we definitely see the benefit of the unified platform. We have been able to cut down on some of our other hardware. So, it is definitely saving us costs as far as combining different hardware into one hardware device.

We have not had to replace hardware routers nor purchase additional hardware. So, that has provided a little bit of an ROI.

The Palo Alto solution is actually not expensive. It was comparable to the old firewall manufacturers that we were using. From the benefits that we have gotten out of the Palo Alto products, it is well worth the difference in cost, even though the difference in cost is not much at all. I would highly recommend Palo Alto products to anyone.

I just started getting in some of the PA-400 series a couple weeks ago. As far as pricing goes, it was not that much more than the existing hardware platform or the existing firewall that we had in there, i.e., the PA-220. It was not much more expensive and the performance was way better, as far as the management of the firewall itself. The management of those firewalls has greatly been increased.

When we were looking to switch, we narrowed it down to two or three. Then, we obviously decided to go with the Palo Alto product. Palo Alto had better specifications for their hardware.

I would highly recommend the solution as well as looking at the new PA-400 series product line with the machine learning and AI. That is a very good feature that is now available.

The biggest lesson for me was to not skimp out on hardware based on pricing.

I would give this solution 10 out of 10. I am very happy with the product.

We use the solution to access clients.

I like the configuration of the product. The configuration is quite simple to understand. The product is easy to manage.

The solution has a lot of features. However, there are no deep configurations available. The functionalities are limited. Other products offer more customization.

I have been using the solution for the last five years.

The product is stable.

The product is currently being used by three of our customers. We provide them with dedicated VMs.

The local support is good. The response is slow when I try to reach out to technical support on the customer portal. It might be because the tickets I raised were P3 or P4 tickets. However, I do not get proper responses for P2 tickets either. I get a good response when I call support directly.

We also use FortiGate, Check Point, Forcepoint, and SonicWall. We use the tools based on our clients’ requirements.

The initial installation was easy. It was not difficult for me because I am familiar with many products.

The solution is worth the money. However, there are other tools that provide features similar to Palo Alto but are less expensive.

The solution’s cost is a little high compared to other products.

I will recommend the tool to others. It is a fine product. If someone is looking for DLP and other features, the product might not suit them. The product has good URL filtering features. Overall, I rate the solution a seven or eight out of ten.

Our primary use case is protecting our clients from remote threats on the internet. These firewalls are very powerful and important for our business.

With single-pass architecture, there isn't a trade-off between security and network performance. The device functions well in terms of both security and network performance together.

One of the most valuable features of Palo Alto Networks NG Firewalls is application symmetries. I like this feature.

Also, the embedded machine learning in the core of the firewall means the device learns about threat types. The machine learning also enables the solution to secure networks against threats that evolve rapidly.

The solution also provides a unified platform that integrates all security capabilities, which helps prevent external attacks, and eliminates the need for multiple network security tools and the effort needed to make them work together.

I have been using Palo Alto Networks NG Firewalls for about six years.

The stability is good. It's a very stable device. That is the biggest lesson I have learned from using them.

The scalability is very good. If our customer has distributed networks, Palo Alto is a good solution.

In general, the solution is good for midsize companies, between 100 and 2,000 users.

We plan to increase our usage of Palo Alto Networks NG Firewalls in the future.

I rate the technical support highly. Palo Alto's technical team is very helpful and provides fast solutions.

We previously used Palo Alto Cortex. We switched because the NG Firewalls are very stable, flexible, and more powerful.

The initial setup is easy. The initial config takes one or two hours. After that, the time needed depends on the customer's requirements.

For mid-sized networks, the solution requires two to three people for deployment and maintenance. But in our company, we manage with one person for everything.

My responsibilities are on the technical side, but the price is expensive, especially in Turkey, where I am located. The exchange rate of the dollar against the Turkish lira is very high, making Palo Alto very expensive in our country.

Palo Alto is very expensive compared to other vendors, like Fortinet.

In addition to the standard fees, there is an extra cost for a GlobalProtect License, and that is something we generally need.

If a colleague were to say they are just looking for the cheapest and fastest firewall, I don't know what I would say if they don't have the budget. But if they have a budget, I would recommend Palo Alto because, while another solution may be cheaper, it could be more expensive in total if you consider the potential loss of business continuity and reputation.

And while I don't use the PA-400 series, I know it sells well because the higher series are very expensive, and the 200 series is very slow and less powerful. The PA-400 series is good.

Our primary use case is to provide our clients with an internet gateway. 

The best feature is the packet inspection; compared to solutions like Cisco and FortiGate, Palo Alto's packet inspection is much less CPU intensive, allowing it to detect threats embedded within packages more quickly and efficiently. 

Palo Alto Networks NGFW provides a unified platform that natively integrates all security capabilities; it's easy to integrate with other platforms, and we never faced any issues doing so.  

Using Palo Alto Networks NGFW's unified platform, our clients have eliminated multiple network security tools and the effort needed to get them to work together.

The solution doesn't support routing in virtual firewall creation, and we want that to be enabled. 

We've been involved with Palo Alto Networks since 2008 and are a reseller, so we implement the solutions for our clients.

The solution is very stable; we don't have any problems with the stability. 

The product is very scalable. Most of our customers are enterprise-sized financial institutions with over 3,000 branches. 

Palo Alto Networks doesn't directly support Pakistan but rather through distributors. Out tickets go to the distributors, which are then forwarded to Palo Alto.

Neutral

The initial setup is very straightforward; we can complete it three to four hours after activating the licenses.

The product is expensive. With one being the cheapest and ten being the most expensive, I give it an eight.

I rate the solution nine out of ten. 

Palo Alto Networks NGFW is an excellent solution; 90% of the financial institutions in Pakistan use it as their ultimate gateway. 

People are just starting to get into machine learning in Pakistan, so we're not 100% sure of its capabilities and potential. I believe machine learning becomes more efficient in a cloud environment than a hybrid one, though I have yet to research this thoroughly.

To a colleague at another company who says they want the cheapest and fastest firewall, Palo Alto Networks provides an expensive solution, but you can't compromise on security. You can buy the most inexpensive firewall, but you'll have to purchase add-ons and subscriptions to enable a complete security infrastructure in your organization. One solution for every situation that doesn't require any additional services is a better choice. 

I advise those considering the solution to understand where they want to deploy it in the organization, as a broad installation is best for internet gateways. Next, the sensitivity of the data is important; for a financial institution like a bank, I recommend Palo Alto NGFWs because of the quality of the security and machine learning.

We protect certain applications in the data center with Palo Alto Networks NG Firewalls.

Application layer security and integration with other components that we have in our networks are valuable features.

Compared to other firewalls from Check Point, Fortinet, and Cisco, for example, Palo Alto Networks NG Firewalls use the most advanced techniques. They have sandbox integration and others in the orchestrator. Palo Alto's security features are at a higher level than those of the competitors at the moment.

It's very important that we be able to integrate all security capabilities within the firewall. This is one of the key reasons why we chose to go with Palo Alto Networks NG Firewalls.

We are heavily investing in technology that uses machine learning. Thus, it is important for us that Palo Alto Networks NG Firewalls embed machine learning in the core of the firewall to provide inline, real-time attack prevention.

Palo Alto needs to provide more support during the design phase and with proposals. They need to be more proactive, try to anticipate issues, and then help us to implement the transformation quickly.

I have been using Palo Alto Networks NG Firewalls for five years now.

We have not had any issues with stability. I have not heard from our SOC about issues with devices either.

The scalability has been good. We are the biggest bank in Italy with 100,000 employees.

Palo Alto's technical support is extremely good and responsive. The ticketing system, however, is a little bureaucratic especially when you are in a hurry or are dealing with an emergency. On a scale from one to ten, overall, I would rate technical support a nine.

Positive

The deployment was quite easy.

We have seen a return on investment in general. Our company is moving to the cloud and toward digital transformation in the financial sector. Palo Alto plays a key role in this return on investment.

My advice to you, if you're looking for the cheapest and fastest firewall, is that the cheapest firewall is not the best for security.

We use firewall solutions from multiple vendors, and from a security point of view, Palo Alto Networks NG Firewalls are one of the best in comparison. Also, you get the best value from Palo Alto with application layer security, machine learning, and integration.

Overall, I would rate Palo Alto Networks NG Firewalls a nine out of ten.

I find it valuable to attend an RSA Conference because I get the opportunity to participate in several seminars, share, and learn from other people as well.

Attending RSAC also impacts our purchasing decisions because what I see at the conference will end up in the budget the following year or the year after that.

We use this solution as our external firewall and VPN.

The fact that I can perform several security functions in one device at wire speed is a valuable feature. I don't have to slow down my business transactions, and I don't have to inconvenience my users with 16 different solutions. I can have it all in one box, and it protects my organization at wire speed.

Palo Alto Networks NG Firewalls catch a lot of things that other firewalls may not catch and support more current security practices. We get updates several times a day from WildFire, and the firewalls do a great job of keeping us protected.

Within their domain, Palo Alto Networks NG Firewalls provide a unified platform that natively integrates all security capabilities. This is critical because I don't want to deal with multiple devices. I want to do it all with as few devices as possible and have it all work successfully.

It's very important that these firewalls embed machine learning into their core because the only way to keep up with the changing threat environment is to keep learning about it.

Palo Alto Networks NG Firewalls are the gold standard right now for securing data centers consistently across all workplaces, and I'm using them across all of my locations. They provide a consistent experience for the management team as well as the end user.

Surfacing actionable intelligence right away could be better. You have to dig far to get some of the information. If the solution could surface the two or three things out of the 10,000 a day that we really need to deal with, it would be helpful.

I've been working with Palo Alto Networks NG Firewalls for about 20 years.

It is a rock-solid solution in terms of stability. You very rarely have to worry about it. If there's a problem, it's usually because a rule got configured incorrectly.

Across the product line, the NG firewalls scale very well. Within the individual units, however, there are some limitations. It's not always clear to resellers as to what those limitations are. Therefore, as your organization grows you may start to bump into those limitations unexpectedly.

Palo Alto's technical support is pretty good and is among the best. We have called them several times, and they've been on it. Sometimes, it can take a bit longer for them to understand an issue, but overall, I would rate technical support at eight.

Positive

We have used several firewalls including Cisco, Fortinet, and Check Point. We chose Palo Alto because it's the only one that brings it all together in one platform and lets me manage it. It also removes the complexity of what I have to manage and deal with.

The initial setup is fairly straightforward. You put the firewall in with whatever might be there right now in learning mode, and then you can figure out where the holes are.

Palo Alto Networks NG Firewalls have prevented a number of things from happening. We would not have been able to prevent those things from happening had we had other firewalls.

Palo Alto Networks NG Firewalls are the Cadillac standard, and you do pay Cadillac pricing. However, the protection is worth the steep price. 

If you're looking for the fastest firewall, Palo Alto needs to be on your list. They seem to be the only ones that perform at wire speed right now. If you want the cheapest firewall, you will be able to find cheaper options, but you won't find better options than Palo Alto Networks NG Firewalls.

Overall, I would rate Palo Alto Networks NG Firewalls a nine on a scale from one to ten.

The biggest value of RSAC is being able to see everything I don't know anything about. It helps me keep up with where the industry is going.

Also, attending RSAC impacts our organization’s cybersecurity purchases made throughout the year. I chat with my existing vendors when I attend and have conversations with those my team recommends. We then make purchasing decisions based on what I see at RSAC.

We use these firewalls to manage wastewater systems for over a hundred municipalities across the country. As a result, we exclusively use them in the operational technology (OT) space.

One of the key benefits is that it enables us to secure environments that may pose more significant security challenges.

The centralization capability is the most valuable feature of this solution as it enables us to monitor our systems efficiently. Additionally, the firewalls are excellent, with straightforward configuration and comprehensible interfaces that our engineers can set up with ease.

The cloud firewall solution offers a unified platform that integrates social security capabilities, but it comes at an additional cost.

I think having the ability to see the big picture is important for us, and that's not always easy to achieve. 

As for how important it is for us to have Palo Alto NG Firewalls and defense machine learning at the core of the firewall for real-time attack prevention, I think it's a bit premature to say. There are many players in that field currently, and I would prefer to see them get it right before jumping in just for the sake of being there.

A major concern is making the licensing more accessible to enable small municipalities to afford and manage their own systems independently.

I have had experience working with Palo Alto Networks NG Firewalls for a minimum of three to four years.

I would rate the stability of Palo Alto Networks NG Firewalls a nine or ten out of ten.

Palo Alto Networks NG Firewalls are very scalable.

As far as I know, the technical support for this solution is excellent. 

My team has used it a few times and has always been satisfied with the service. I have never received any negative feedback regarding the support lines.

I would rate the technical support an eight or nine out of ten.

Positive

A lot of the municipality's systems rely on Palo Alto Networks NG Firewalls to stay online, and we've found that they provide better uptime compared to most other solutions.

Our downtime has been reduced by 80 to 90% with the implementation of Palo Alto Networks NG Firewalls.

I was not involved in the deployment process.

We have seen a return on investment. By centralizing our monitoring of systems, we have been able to make our lives easier.

The licensing leaves a lot to be desired. 

We buy the license and then we can't transfer the license without paying an exorbitant fee to our client if they leave us, and that just seems to be a bit of a pain point for us, and there's really no way to partner effectively to make that more reasonable.

We continuously review firewalls, whether it's Check Point or Fortinet, or Cisco. But Palo Alto has been the best for us.

As most of our environments are in the cloud, we don't have a lot of experience in securing data centers.

If a colleague at another company is only looking for the cheapest and fastest firewall, I would advise them that Palo Alto Networks is not the right solution for them. 

While it may not be the most affordable or the quickest to set up, the investment in Palo Alto Networks NG Firewalls is well worth it in terms of reliability and security. 

Choosing a firewall based solely on cost and speed may result in a false sense of security and leave the organization vulnerable to breaches and downtime.

I would rate Palo Alto Networks NG Firewalls an eight out of ten.