Palo Alto Networks NG Firewalls Reviews

We primarily use Palo Alto Networks NG Firewalls for a DMZ firewall. Its primary function is to separate our network into four layers: a DMZ zone for all publishing services, an internal zone for internal user access to publishing services, a zone for terminating connections between VPN consultants and internal services, and a zone for Internet access.

We implemented Palo Alto Networks NG Firewalls to secure our network and control access using filtering and application control. We also use Palo Alto WildFire for vulnerability scanning.

We have Palo Alto Networks NG Firewalls deployed on the cloud and on-prem.

Palo Alto helps us secure our network against suspicious activity from both internal and external sources. Its integration with our SIEM aids our SOC team in blocking malicious activity.

Palo Alto Networks NG Firewalls do a good job securing our environment. To access any solution, the first step is to calculate the required throughput. Because we are working with a small network or environment, we need a specific amount of throughput from a Firewall model. I chose this particular model based on my throughput requirements. The second consideration is the level of security achievable by the solution. We are using additional methods, such as performing a gap analysis and assessing the solution, to determine this. This involves simulating attacks passing through the Firewalls to observe how the solution detects or blocks them.

The most valuable feature of Palo Alto Networks NG Firewalls is its application visibility, which allows us to see all users and their accessed resources. Additionally, its user-friendliness and customization options contribute to its overall value.

The reporting feature needs significant improvement. Generating reports in Palo Alto is challenging because it relies on specific attributes and source IDs. We want to create reports to view the number of users and consumption, but customization is difficult. The interface for generating reports is user-unfriendly, making it difficult to find information. Overall, the reporting capabilities are weak compared to other firewall solutions.

The SD-WAN feature needs improvement. It currently relies on the physical interface instead of the sub-interface, requiring Panorama rather than a local firewall. Furthermore, the configuration customization for SD-WAN application source and subnetting is significantly limited compared to other firewalls.

The technical support is slow and needs improvement.

I have been using Palo Alto Networks NG Firewalls for five years.

I would rate the stability of Palo Alto Networks NG Firewalls ten out of ten.

I would rate the scalability of Palo Alto Networks NG Firewalls ten out of ten.

Palo Alto does not provide direct support to customers. Each region has support partners, so to get direct support from Palo Alto, you need to be a very large customer. This is why resolving issues with Palo Alto takes a long time. We go through our partner, and they take some time to investigate and try to solve the problem. If they can't, they escalate the case to Palo Alto, which takes additional time to investigate and try solutions. This is why our cases may take days or weeks to resolve.

Negative

I work with numerous firewall solutions, including FortiGate, Cisco Firepower, Cisco Sourcefire, and Forcepoint Firewalls. I've found that each firewall excels in specific areas. For instance, I recommend Cisco Firepower for central firewall management. However, for DMZ and application control, I suggest Palo Alto. Finally, I recommend FortiGate for perimeter firewall deployment based on its extensive features and overall stability.

The initial deployment is straightforward and can be completed in a few hours for small environments. However, larger environments with multiple policies will require additional deployment time.

We have seen a return on investment of 30 percent from Palo Alto Networks NG Firewalls. 

Palo Alto is a more expensive firewall solution than others. However, it is the top choice for a DMZ and a valuable investment overall. We still need to invest in an additional firewall with more advanced features to enhance perimeter security.

I would rate Palo Alto Networks NG Firewalls seven out of ten.

Those looking for the cheapest and fastest firewall won't find that combination. They must invest money to get a fast firewall suitable for their environment. Gather their requirements before choosing a firewall that fits their budget and features. They can opt for the quickest or cheapest option or select a device compatible with their needs.

We have Palo Alto Networks NG Firewalls deployed in multiple locations, serving both on-premises and cloud departments. There are three people in our organization that work with the NG Firewalls. Our clients are enterprises.

Palo Alto Networks NG Firewalls require maintenance for software upgrades, and after several years, the hardware will also need upgrades.

I recommend Palo Alto Networks NG Firewalls for their stability and high level of security. If the security of your infrastructure is critical, Palo Alto is a strong choice, though it comes with a higher price tag. If budget is a concern or security isn't a top priority, then Palo Alto may not be the best fit.

For security purposes, we use Palo Alto Networks NG Firewalls for both the edge and data center.

The IT operations side provides us with more freedom as we don't have to worry about it as much due to the automated alerts and detection.

The DNS sync code in your filtering is the most valuable feature of the Palo Alto Networks NG Firewalls.

It helps us stay informed about the activities of our end users.

As I learn more about the unified platform, I see that Palo Alto is integrating well with other standards and are innovating, so the solution works effectively.

Maintaining a good security posture is important for our organization, particularly when it comes to threats like ransomware. ITM Security plays a vital role in this, and Palo Alto Networks equipped us well to be proactive in our approach. As a result, we prioritize the importance of ITM Security within our group.

Incorporating machine learning into the firewall's core to provide real-time attack prevention is highly beneficial, particularly with features like WildFire. We have had instances where it effectively stopped zero-day attacks on the first day, and we were one of the first to encounter the issue. Within a couple of hours, they notified us that it was a security issue, allowing us to take action promptly.

I am not aware of anything that could be improved.

I think that they have been doing a good job at this point in time.

Technical support is an area that could be improved.

I have been working with Palo Alto Networks NG Firewalls for six years.

Our downtime has not been reduced by Palo Alto Networks NG Firewalls. We experienced a DSL firewall incident that resulted in a five-hour downtime while we discovered the bug, and although I cannot entirely blame the firewall, it was still a part of the issue. However, we have learned to deal with this inconvenience.

It's quite stable. We had one issue because of a bug. Aside from that, everything has been fine.

The scalability is excellent. We were able to enlarge the network and install additional firewalls. There haven't been many problems with that.

Technical support has fallen off. It was much better up front. The first four years were spectacular.

In the last couple of years, we're getting a lot of overseas support that seems to have little training. In the beginning, it was high, but now I would rate it a five out of ten.

Neutral

Previously, we used Cisco.

Compared to Cisco, Palo Alto Networks NG Firewalls are much better in terms of being more elegant and thorough, especially when it comes to navigating log files and similar tasks.

By the nature of coming from Cisco Firewall to Palo Alto Networks NG Firewall, there was complexity involved. But with the help of third-party resources, we were able to get it done pretty quickly.

We had assistance from a consultant. They were very helpful.

The pricing is competitive.

If someone is looking for the cheapest or the fastest option, I am not quite sure what other vendors are offering in terms of pricing. However, my recommendation would be to go with Palo Alto so that they don't have to worry about the security of their job.

After evaluating Cisco Firepower and Palo Alto, we decided to go with these two options. However, after trying out Firepower, we realized that it was not a good fit for us and we knew we didn't want to proceed with it.

Our current design is efficient as all our sites are routed to the Palo Alto firewall, allowing us to segregate VLANs and maintain communication between users. It's a great setup that simplifies a lot of our work.

I would rate Palo Alto Networks NG Firewalls a nine out of ten.

In my overall assessment, I would give the conference a seven out of ten. It seems like many presentations focus on industry trends, and there is some repetition across different companies covering the same three or four topics. However, I found that Palo Alto Networks NG Firewalls had some valuable insights into what the industry is doing.

It helps, as we are the ones making decisions.

We are using it for network layer protection. And we have added all the Layer 7 protection there is, such as sinkhole protection and spyware and adware detection.

When you have the advanced URL protection enabled on a Palo Alto NG Firewall, the load on the application layer is reduced. The web application firewall features are already enabled in Palo Alto and those features give you an extra layer of protection, even if you have another technology above the Palo Alto firewall. That extra layer of protection is an opportunity that we have with Palo Alto.

The most important thing is that it's really user-friendly. I have almost stopped using the CLI because I like the graphical interface. You can do whatever you want on a single screen, including all the configuration and implementation, using Panorama. You don't have to switch from one place to another. And the best part is that you can manage multiple Palo Alto devices. We do have other companies' devices and for them we need to go to the CLI. But with Panorama, you almost get everything you need. It is very important for managing all the technology and features on the device, and for adding multiple devices, on one page.

Palo Alto also gives you a lot more options to troubleshoot and fix problems. That really helps our operations team.

Another valuable feature is the sinkhole option. If a malicious packet travels across the firewall, the firewall detects it as malicious traffic but it doesn't stop the traffic then and there. That way the attacker assumes that they have been successful but they have not. It's a type of honeytrap. It allows us to keep on responding to those packets.

Also, when the firewall does network discovery it can detect a malfunction or bugs or a configuration issue. That is very important. If your endpoint system is not functioning properly, it gives you an extra layer of protection in the network discovery field. It shows you all the options and all the data if your system is not compliant.

The Single Pass architecture is a nine out 10. A single pass is always good.

Palo Alto keeps coming out with antivirus and malware updates. When we have to integrate those updates we face some problems with the cloud platform, not the on-prem setup. The device works fine, but sometimes the sync doesn't happen on time.

It's not an issue that happens all the time, just sometimes. It's not a major issue. The device doesn't go down. It is not a priority-ticket situation.

Also, while Palo Alto is doing really well, they should bring out some small devices. As of now, we have the PA-800 Series firewall and the 440 Series firewall. A small Palo Alto firewall would be helpful for low-budget companies.

For the last six to seven months I've been using Palo Alto Networks NG Firewalls for architectural purposes. My job is to build infrastructure for our clients to support their functions. I also used Palo Alto for other clients in my previous organization for almost two years.

Scalability is something that I assume is feasible when you have Palo Alto in the cloud. In that case it's feasible to scale it very well, and you don't have to manage it. You just need to order it and it can be scaled per your request.

But with an on-prem setup it can be difficult if you want to scale anything. Then you need to order the physical device and do all kinds of configuration. I haven't really worked on scaling physical devices.

Support is really nice, but they keep on adding features, so regular training is really required for Palo Alto technical support. Every other day, every week, every month, they come up with something new. Sometimes, even technical support doesn't know about an update when it is still in the transition phase. They should have short-term training to be aware of when they are launching a particular new feature.

With more and better training, they will end up saving a lot of time, because they won't have to search for information or ask their colleagues or their engineering team about new features that have been added. That way, customers will be happy.

Positive

The initial deployment is absolutely straightforward. It's a very easy configuration. You just need to follow the instructions.

And the best part is that you get a lot of training material over the internet. I used to think that Cisco gave the best training materials over the internet but I was wrong. If you have any problem, you can Google it. There will be a lot of answers for Palo Alto NG Firewalls on the internet itself.

If everything goes well and if you don't have a major configuration to implement, you just want to set it up, the maximum it would take is one to two hours, because the image deployment is very easy. Once the device is racked up properly and all the cables are connected, you just need to boot up with the latest image and start the to-the-box and through-the-box configurations. Both configurations can be done within two to three hours.

The pricing is fair enough. 

This year, the pricing has increased. They played it really smart by increasing the support license costs and decreasing the platform costs. If you don't want to go for that particular license, you can opt out. The pricing model is very helpful, especially for small companies. If they don't want URL Filtering because they don't have any URL options, they can opt out of the URL Filtering.

I haven't seen Panorama go down in my entire tenure. I've worked with different companies. For example, I worked in Cisco TAC. Cisco users used to say that Firepower, the unified platform, was down and that they could not manage anything. Even though all the other components were running, they could not do any configuration because the unified configuration page itself was down. And, unfortunately, you don't have the ability to configure anything using the Cisco CLI anymore.

But I would give a slight edge to Cicso's technical support over Palo Alto's. I would rate Cisco's support at nine out of 10, and Palo Alto's at eight. Cisco gives priority to its customers.

Before you go ahead and invest in Palo Alto, look at as many reviews as you can. Do proper research before you deploy any firewall.

If someone says they are just looking for the cheapest and the fastest firewall, I would tell them to go for the PA-800 Series and their problem will be solved. Also, for small office requirements, you could go with the PA-440. The PA-450 and 460 will be a little expensive. If your requirements are to set something up for less than 100 users, the 440 will do it.

Our company, in particular, always wants an extra layer of protection. They don't remove any extra layers of security. But an advantage of Palo Alto NG Firewalls is they are sufficient to tackle complications

Palo Alto's firewall is stable, helpful, and user-friendly.

As a reseller, our primary customers utilizing Palo Alto Networks NG Firewalls are in the financial services, government, and manufacturing sectors. They select Palo Alto Networks NG Firewalls due to their superior performance and security capabilities compared to alternative firewall solutions.

Palo Alto Networks NG Firewalls provides a unified platform that natively integrates all security capabilities for our customers.

Palo Alto Firewalls integrate machine learning into their core functionality to offer real-time, inline attack prevention that our customers rely on.

Palo Alto Networks NG Firewalls offer a variety of models designed to protect data centers in all work environments. These models share standard features.

Palo Alto Networks NG Firewalls can significantly reduce downtime, and replacing a firewall typically takes only one to two minutes.

Palo Alto Networks NG Firewalls' single-path architecture offers a valuable feature, ensuring stable performance for our customers.

Palo Alto Networks NG Firewalls pricing has room for improvement.

I would like Palo Alto Networks to provide a free virtual firewall.

I have been using Palo Alto Networks NG Firewalls for three years.

I have not encountered any stability issues using Palo Alto Networks NG Firewalls.

The scalability of Palo Alto Networks NG Firewalls is limited because of the lack of a virtual firewall.

The local support is better than the corporate support.

Neutral

Palo Alto Networks NG Firewalls are expensive compared to other solutions.

I would rate the price eight out of ten, with ten being the most costly.

I would rate Palo Alto Networks NG Firewalls eight out of ten.

Although Palo Alto Networks NG Firewalls are more expensive than other firewalls, they provide better protection and are a better value for your money.

The unified platform provided is very important to us as it allows us to manage all traffic and ensure security without using separate tools. It has AI and ML capabilities, which work well for real-time attack prevention.

Since implementing Palo Alto, we've seen an 80-90 percent reduction in issues. It handles ISP links, ensuring minimal downtime. Recently, we upgraded our secondary ISP to 3 Gbps, and when the primary link goes down, it automatically switches to the secondary. As a result, end users do not experience bandwidth shortages or interruptions in internet access.

One area for improvement with Palo Alto Networks NG Firewall would be customer support. Currently, in regions like India, customer support is handled by third-party partners. Unfortunately, the support provided by these partners has not been satisfactory. It would be beneficial if the tool handled customer support directly, similar to how Cisco maintains high-quality customer care. This would ensure that customers receive the level of support they expect.

Getting reliable service is important when you're a customer, especially with critical devices like firewalls. Firewalls are key parts of a network; if they fail, the whole network can become unstable. So, the support you get needs to be just as reliable as the device itself.

I have been working with the product for a year. 

I haven't experienced any downtime. 

We used Cisco ASA before. At that time, Cisco didn’t have a unified next-generation (NG) firewall, and I’m unsure if they offer one now. The main reason we decided to switch was that we needed a unified NG firewall. Besides the unified features that NG firewalls provide, there were other differences between Cisco and Palo Alto Networks NG Firewalls, particularly in terms of features and price. However, the features are mostly similar across different firewalls; it depends on how they’re implemented, how effective they are for end users, and how well they handle security. This varies from company to company and firewall to firewall because each has its architecture, data plan, processing, control, and so on. So, it depends on the original equipment manufacturer.

The tool's deployment is complex and takes seven to eight days to complete. 

The tool's pricing is similar to that of Cisco. It's a security appliance; the cost depends on your network topology and specific requirements. The suitability of NG firewalls should be chosen based on your network and what you need. If a colleague from a different company asked for the cheapest and fastest firewall, I suggest they consider options like Sophos. Sophos took over Cyberoam, which was previously a leader in NG firewalls

I work with the product, and we purchased our box after a demo. We also have IoT security, but I don't personally handle that. I rate the overall product a nine out of ten. 

We protect certain applications in the data center with Palo Alto Networks NG Firewalls.

Application layer security and integration with other components that we have in our networks are valuable features.

Compared to other firewalls from Check Point, Fortinet, and Cisco, for example, Palo Alto Networks NG Firewalls use the most advanced techniques. They have sandbox integration and others in the orchestrator. Palo Alto's security features are at a higher level than those of the competitors at the moment.

It's very important that we be able to integrate all security capabilities within the firewall. This is one of the key reasons why we chose to go with Palo Alto Networks NG Firewalls.

We are heavily investing in technology that uses machine learning. Thus, it is important for us that Palo Alto Networks NG Firewalls embed machine learning in the core of the firewall to provide inline, real-time attack prevention.

Palo Alto needs to provide more support during the design phase and with proposals. They need to be more proactive, try to anticipate issues, and then help us to implement the transformation quickly.

I have been using Palo Alto Networks NG Firewalls for five years now.

We have not had any issues with stability. I have not heard from our SOC about issues with devices either.

The scalability has been good. We are the biggest bank in Italy with 100,000 employees.

Palo Alto's technical support is extremely good and responsive. The ticketing system, however, is a little bureaucratic especially when you are in a hurry or are dealing with an emergency. On a scale from one to ten, overall, I would rate technical support a nine.

Positive

The deployment was quite easy.

We have seen a return on investment in general. Our company is moving to the cloud and toward digital transformation in the financial sector. Palo Alto plays a key role in this return on investment.

My advice to you, if you're looking for the cheapest and fastest firewall, is that the cheapest firewall is not the best for security.

We use firewall solutions from multiple vendors, and from a security point of view, Palo Alto Networks NG Firewalls are one of the best in comparison. Also, you get the best value from Palo Alto with application layer security, machine learning, and integration.

Overall, I would rate Palo Alto Networks NG Firewalls a nine out of ten.

I find it valuable to attend an RSA Conference because I get the opportunity to participate in several seminars, share, and learn from other people as well.

Attending RSAC also impacts our purchasing decisions because what I see at the conference will end up in the budget the following year or the year after that.

We use the solution to protect our internal network from external threats.

Up until recently we were not using multilayer firewalls and were using several solutions that are combined in Palo Alto Networks NG Firewalls.

We are required to provide our network test results to our central bank, and Palo Alto Networks NG Firewalls offer a robust report for this purpose that would otherwise be a cumbersome human task.

The performance of Palo Alto Networks NG Firewalls is the most valuable feature.

The analytics could be improved. I would like to have a unified analysis tool within Palo Alto, as we currently use Perimeter 81 and Fortinet FortiGate, which makes the analysis process take a long time.

I have been using the solution for almost four years.

The solution is stable.

The solution is scalable. We have three people that monitor the solution and maintain it.

The initial setup is straightforward. We had to secure our parameter network. We required two engineers from a reseller and two from our organization.

The implementation was completed with the help of a partner.

The solution is worth the price, as it can be utilized without the need for high-processing CPUs and resources, thus saving us overall.

I evaluated Check Point and decided to use Palo Alto because of its performance. Palo Alto can be used with fewer CPUs. 

I give the solution a nine out of ten.

Before using Palo Alto Networks NG Firewalls you must first know what our requirements are.

We have had use cases for defending our resources against external access or authenticating particular traffic or appropriate traffic for access.

The key factor here is reliability. In my previous company, we had a different vendor's firewall before switching to Palo Alto network devices. 

Unfortunately, during that time, our security team was on vacation and had to be called back urgently due to a severe incident. This experience led us to switch to a more dependable, reliable, and robust system, which turned out to be the Palo Alto network device. 

Fortunately, the transition from our old system to the new one was relatively seamless, and we now have a reliable and robust security infrastructure.

In my opinion, Palo Alto has consistently been one of the best firewalls for enterprise security. 

We have encountered numerous instances where we have observed threats and attacks targeting our systems, and Palo Alto has proven to be highly reliable in blocking any malicious activity.

I would like to see some Machine Learning because I have observed new types of attacks that are able to bypass existing security rules. It is possible that implementing some form of continuous learning or education could be beneficial in addressing this issue.

Some way to learn what is normal it isn't, you know, something like that, I think that would be probably the most beneficial thing to me.

To say it's a set-and-forget system wouldn't be entirely accurate, but it is an incredibly stable and reliable system. Once it's set up and configured properly, you really just need to keep an eye on it for any necessary updates or new rules. In my experience, it's one of the most reliable systems available.

The original installation we were considering was for a small organization, and we had to take into account the fact that we were going to expand the endpoints to our entire user base, not just a select few like marketing.

We were assured that the system would have no issues handling the additional workload as we added more devices or upgraded the device.

The firewall solution that I have referred to the most during this conversation is one that I have implemented for small to medium-sized organizations.

I found the initial setup very straightforward.

I recall that the setup process for the device was straightforward and could be completed quickly. However, while the device did come out of the box, it wasn't as secure as it could have been, and I had to go in and tighten up the security settings. Despite that, compared to other firewalls with complex and cryptic interfaces, Palo Alto's firewall interface was relatively easy to use and comprehend.

There were certainly benefits in terms of time-saving and ease of learning for the user. The straightforward setup process and user-friendly interface of the Palo Alto network devices made it easier and quicker to implement, thus saving time. Additionally, the easy-to-use interface also helped in reducing the learning curve for users, enabling them to become proficient in using the device more rapidly.

Using Palo Alto has reduced the amount of downtime considerably.

Determining the impact of blocking threats is not straightforward because it depends on the severity of the threat. For example, if a threat only affected one server, the downtime would be minimal. However, if it caused an outage in the entire environment, the impact would be much greater. It is challenging to quantify the amount of downtime prevented by blocking threats.

Usually, when setting up a new firewall, it's common to get around 80% of the work done within a few days. However, with the Palo Alto network device, I recall that we were able to achieve 95% to 99% completion within just a couple of days. The device's user-friendly interface and straightforward configuration process made it easier to accomplish more in less time.

Technical support was helpful during the deployment process.

During the deployment process, I thought they were great. I had no complaints they were very knowledgeable, and we were able to resolve everything very quickly.

The organization has seen a return on investment with Palo Alto firewalls as we haven't experienced any significant breaches.

When when we first looked at Palo Alto, it came in as the top recommendation from a source that we trusted. We didn't actually look at other vendors at that time. 

At the time, we had the full support of our CEO and team, who recognized the urgency of the situation as our entire system was down. This rare backing from everyone helped us to quickly implement a solution.

We frequently recommend Palo Alto to others as we believe it is a highly effective solution for network security. It is one of those things where if someone does not have a Palo Alto, we advise them to consider it as a worthwhile investment.

For those seeking the cheapest or quickest solution, I would advise that while it may seem like a good idea in the short term, you will likely encounter issues that will require you to replace the solution soon after. Investing in a reliable and reputable solution like Palo Alto Networks may require a larger investment upfront, but will ultimately save you time and money in the long run.

The biggest value that I gain from being here is networking and finding out what other products are out there without having to go to, like, a search engine and wait or rely on the results of the search engine. I can literally wander around. And if something catches my eye, I can be like, well, that's really cool. Let me go get some more information about that.

It's really easy to just look at all the different vendors, looks at the various talks, looks at everything that's here, and get information tailored to what I wanna learn about.

I definitely can make recommendations on various products they get based on my experience, but I don't have a say in it directly.

I would rate Palo Alto Networks NG Firewalls a nine out of ten.