Palo Alto Networks NG Firewalls Reviews

We have had use cases for defending our resources against external access or authenticating particular traffic or appropriate traffic for access.

The key factor here is reliability. In my previous company, we had a different vendor's firewall before switching to Palo Alto network devices. 

Unfortunately, during that time, our security team was on vacation and had to be called back urgently due to a severe incident. This experience led us to switch to a more dependable, reliable, and robust system, which turned out to be the Palo Alto network device. 

Fortunately, the transition from our old system to the new one was relatively seamless, and we now have a reliable and robust security infrastructure.

In my opinion, Palo Alto has consistently been one of the best firewalls for enterprise security. 

We have encountered numerous instances where we have observed threats and attacks targeting our systems, and Palo Alto has proven to be highly reliable in blocking any malicious activity.

I would like to see some Machine Learning because I have observed new types of attacks that are able to bypass existing security rules. It is possible that implementing some form of continuous learning or education could be beneficial in addressing this issue.

Some way to learn what is normal it isn't, you know, something like that, I think that would be probably the most beneficial thing to me.

To say it's a set-and-forget system wouldn't be entirely accurate, but it is an incredibly stable and reliable system. Once it's set up and configured properly, you really just need to keep an eye on it for any necessary updates or new rules. In my experience, it's one of the most reliable systems available.

The original installation we were considering was for a small organization, and we had to take into account the fact that we were going to expand the endpoints to our entire user base, not just a select few like marketing.

We were assured that the system would have no issues handling the additional workload as we added more devices or upgraded the device.

The firewall solution that I have referred to the most during this conversation is one that I have implemented for small to medium-sized organizations.

I found the initial setup very straightforward.

I recall that the setup process for the device was straightforward and could be completed quickly. However, while the device did come out of the box, it wasn't as secure as it could have been, and I had to go in and tighten up the security settings. Despite that, compared to other firewalls with complex and cryptic interfaces, Palo Alto's firewall interface was relatively easy to use and comprehend.

There were certainly benefits in terms of time-saving and ease of learning for the user. The straightforward setup process and user-friendly interface of the Palo Alto network devices made it easier and quicker to implement, thus saving time. Additionally, the easy-to-use interface also helped in reducing the learning curve for users, enabling them to become proficient in using the device more rapidly.

Using Palo Alto has reduced the amount of downtime considerably.

Determining the impact of blocking threats is not straightforward because it depends on the severity of the threat. For example, if a threat only affected one server, the downtime would be minimal. However, if it caused an outage in the entire environment, the impact would be much greater. It is challenging to quantify the amount of downtime prevented by blocking threats.

Usually, when setting up a new firewall, it's common to get around 80% of the work done within a few days. However, with the Palo Alto network device, I recall that we were able to achieve 95% to 99% completion within just a couple of days. The device's user-friendly interface and straightforward configuration process made it easier to accomplish more in less time.

Technical support was helpful during the deployment process.

During the deployment process, I thought they were great. I had no complaints they were very knowledgeable, and we were able to resolve everything very quickly.

The organization has seen a return on investment with Palo Alto firewalls as we haven't experienced any significant breaches.

When when we first looked at Palo Alto, it came in as the top recommendation from a source that we trusted. We didn't actually look at other vendors at that time. 

At the time, we had the full support of our CEO and team, who recognized the urgency of the situation as our entire system was down. This rare backing from everyone helped us to quickly implement a solution.

We frequently recommend Palo Alto to others as we believe it is a highly effective solution for network security. It is one of those things where if someone does not have a Palo Alto, we advise them to consider it as a worthwhile investment.

For those seeking the cheapest or quickest solution, I would advise that while it may seem like a good idea in the short term, you will likely encounter issues that will require you to replace the solution soon after. Investing in a reliable and reputable solution like Palo Alto Networks may require a larger investment upfront, but will ultimately save you time and money in the long run.

The biggest value that I gain from being here is networking and finding out what other products are out there without having to go to, like, a search engine and wait or rely on the results of the search engine. I can literally wander around. And if something catches my eye, I can be like, well, that's really cool. Let me go get some more information about that.

It's really easy to just look at all the different vendors, looks at the various talks, looks at everything that's here, and get information tailored to what I wanna learn about.

I definitely can make recommendations on various products they get based on my experience, but I don't have a say in it directly.

I would rate Palo Alto Networks NG Firewalls a nine out of ten.

We deployed Palo Alto Networks NG Firewalls for inbound and outbound protection, as well as DMC protection, in our data center.

The key aspect of this solution that provides the most value is its next-gen capabilities, which represented a significant change for us. Previously, we had been using Check Point.

We switched to this solution due to its advanced next-gen capabilities, which allowed us to create rules based on applications rather than ports or protocols. As a result, the solution became much more relevant to our needs compared to our previous solution.

Palo Alto Networks NG Firewalls allowed for more flexibility in defining rules, as it was based on applications rather than strict port and protocol definitions. This made it easier to adapt to changing needs and configurations.

We were able to automate things using the API. Savings are minimal, but we save a significant amount of time when we deploy rules that we learn when we deploy the policy. Is the process still the same? Perhaps the implementation will take only a few hours or minutes.

We have been exclusively using it for the Next-Gen firewall, MDPN, and remote access for a while.

It integrates the core capabilities into one.

To make it more affordable, we had to separate the integrated features into individual components. The integrated solution was more expensive than when we broke it down into separate components.

I have been using Palo Alto Networks NG Firewalls for over five years, and perhaps even as long as ten years.

The stability of Palo Alto Networks NG Firewalls is very good.

We have upgraded it several times for additional features, and we have never experienced any crashes or performance issues. Overall, it has been quite stable.

In terms of scalability, the cost is a limiting factor. We can buy a large number of them, but it would not make financial sense for us to do so due to the high cost.

In contrast to the cloud environment where you can scale incrementally and horizontally, in our case, we have to purchase the entire unit. As a result, scaling our responsibilities becomes challenging.

We have around 2,000 compute resources that need protection, so getting a large firewall is necessary to safeguard our environment.

Technical support is very good.

I would rate the technical support an eight out of ten.

F5 and Cloudflare are types of support that were really good. There is no escalation whatsoever. The first person you get to already is the top-notch technical person.

With Palo Alto, you have to escalate, but eventually, you get to a good one.

Positive

The deployment process was easy.

We used a migration tool to transfer from our previous firewall to Palo Alto, and it proved to be quick.

We received support from a Palo Alto sales engineer.

While Palo Alto is expensive, it's still the better option compared to the other two vendors that were evaluated since they didn't provide the necessary performance and benefits.

Overall, the expenses for Palo Alto are manageable, and it's worth the investment.

It's too expensive.

Although Palo Alto is a good and fast product, it is not the most affordable option out there, and it may not be the easiest to use.

We evaluated Cisco and Fortinet.

During our evaluation process for selecting a firewall vendor, we prioritize performance as the number one factor. 

Price range is ranked second in importance. 

Other important factors include ease of use, API support, and next-gen features, all of which are used as evaluation criteria. We have previously used Magic Quadrant, but it is important for us to carefully choose our firewall vendor.

Integrating machine learning at the core of Palo Alto Networks NG Firewalls would be highly beneficial. The ability to automatically detect threats without the need to create rule sets manually would be a game changer.

Attending events like RSA is valuable to me because it allows me to explore different vendors and products. Sometimes, I come across new vendors that I haven't heard of before, which is good.

Attending events like RSA can have a significant impact on our company's cybersecurity purchases throughout the year. If we come across a new vendor with a fresh approach to protecting the company or identifying threats, we are definitely interested in exploring their offerings.

I would rate Palo Alto Networks NG Firewalls an eight out of ten.

For security purposes, we use Palo Alto Networks NG Firewalls for both the edge and data center.

The IT operations side provides us with more freedom as we don't have to worry about it as much due to the automated alerts and detection.

The DNS sync code in your filtering is the most valuable feature of the Palo Alto Networks NG Firewalls.

It helps us stay informed about the activities of our end users.

As I learn more about the unified platform, I see that Palo Alto is integrating well with other standards and are innovating, so the solution works effectively.

Maintaining a good security posture is important for our organization, particularly when it comes to threats like ransomware. ITM Security plays a vital role in this, and Palo Alto Networks equipped us well to be proactive in our approach. As a result, we prioritize the importance of ITM Security within our group.

Incorporating machine learning into the firewall's core to provide real-time attack prevention is highly beneficial, particularly with features like WildFire. We have had instances where it effectively stopped zero-day attacks on the first day, and we were one of the first to encounter the issue. Within a couple of hours, they notified us that it was a security issue, allowing us to take action promptly.

I am not aware of anything that could be improved.

I think that they have been doing a good job at this point in time.

Technical support is an area that could be improved.

I have been working with Palo Alto Networks NG Firewalls for six years.

Our downtime has not been reduced by Palo Alto Networks NG Firewalls. We experienced a DSL firewall incident that resulted in a five-hour downtime while we discovered the bug, and although I cannot entirely blame the firewall, it was still a part of the issue. However, we have learned to deal with this inconvenience.

It's quite stable. We had one issue because of a bug. Aside from that, everything has been fine.

The scalability is excellent. We were able to enlarge the network and install additional firewalls. There haven't been many problems with that.

Technical support has fallen off. It was much better up front. The first four years were spectacular.

In the last couple of years, we're getting a lot of overseas support that seems to have little training. In the beginning, it was high, but now I would rate it a five out of ten.

Neutral

Previously, we used Cisco.

Compared to Cisco, Palo Alto Networks NG Firewalls are much better in terms of being more elegant and thorough, especially when it comes to navigating log files and similar tasks.

By the nature of coming from Cisco Firewall to Palo Alto Networks NG Firewall, there was complexity involved. But with the help of third-party resources, we were able to get it done pretty quickly.

We had assistance from a consultant. They were very helpful.

The pricing is competitive.

If someone is looking for the cheapest or the fastest option, I am not quite sure what other vendors are offering in terms of pricing. However, my recommendation would be to go with Palo Alto so that they don't have to worry about the security of their job.

After evaluating Cisco Firepower and Palo Alto, we decided to go with these two options. However, after trying out Firepower, we realized that it was not a good fit for us and we knew we didn't want to proceed with it.

Our current design is efficient as all our sites are routed to the Palo Alto firewall, allowing us to segregate VLANs and maintain communication between users. It's a great setup that simplifies a lot of our work.

I would rate Palo Alto Networks NG Firewalls a nine out of ten.

In my overall assessment, I would give the conference a seven out of ten. It seems like many presentations focus on industry trends, and there is some repetition across different companies covering the same three or four topics. However, I found that Palo Alto Networks NG Firewalls had some valuable insights into what the industry is doing.

It helps, as we are the ones making decisions.

We use the solution to protect our network environment. We use three versions: 230, 440, and 820. 

Palo Alto Networks NG Firewalls embed machine learning into the core of the firewall to provide real-time attack prevention, which is wonderful.

We check the machine learning logs to secure our networks against threats that are able to evolve more rapidly. 

I find the solution to be comfortable and easy to use. While I cannot completely authenticate my devices, I am able to distinguish between private devices and use them for authentication in some way, which is very helpful. The URL filtering feature is also helpful and I am very satisfied with the firewall delivery.

Palo Alto Networks NG Firewalls provide a unified platform that natively integrates all our security capabilities through Cortex XDR.

I give the solution's single-pass architecture for performance and security an eight out of ten.

There are many valuable features within the solution. This includes security, a user-friendly firewall, antivirus, and global protection.

Palo Alto Networks NG Firewalls' documentation, features, and user-friendliness are excellent.

The VPN has room for improvement.

I have been using the solution for two and a half years.

For the most part, the stability is good but we sometimes face problems with the VPN connections.

The solution is scalable. We have 150 people that use the solution.

We often don't have to open a ticket as the documentation provided is usually comprehensive, and we can usually resolve most issues on our own. The one time I submitted a ticket, the technical support was not able to resolve the issue.

Positive

I previously used Forcepoint Next-Generation Firewall which is cheaper than Palo Alto Networks NG Firewalls but I prefer Palo Alto because it is user-friendly and supports more devices and features. 

I was not involved in the initial setup but I did migrate the 820 to the 440 and it was straightforward. The migration took a few hours.

Palo Alto Networks NG Firewalls are expensive.

There is an additional cost for support.

I give the solution nine out of ten.

The maintenance consists of regular updates only.

Currently, we do not use Palo Alto Networks NG Firewalls across our entire network but we have plans to extend them in the future.

I recommend Palo Alto Networks NG Firewalls to others.

I use Palo Alto Networks NG Firewalls to handle my perimeter security, which is the most critical point of my network.

Layer 3 and Layer 4 are part of the core functionality of any firewall, but this firewall brings more information into the inspection via Layer 7. Thus, the entire threat landscape has changed for us as a company.

We can integrate all the Palo Alto firewalls to have a single insight experience across all firewalls.

On a major scale, Palo Alto NGFW can be helpful in eliminating some security tools. It doesn't eliminate all of our other security tools, but it does bring down the dependency on some tools.

Security and network performance are of equal importance to us. This solution doesn't compromise your network's performance for security, which is a good trade-off.

The most valuable features are application inspection and sandboxing. Application inspection decides where traffic is transmitted. If I have a perimeter report for a particular service, then other services or malicious services cannot use an open port. In this way, application inspection is doing a fantastic job. We also have a very good sandbox with almost no rate limit. It will inspect any file that comes in and goes out in a dedicated patch to identify malware. Therefore, these two things help me to protect our organization from any bad actors.

It is extremely important for me that Palo Alto Networks NG Firewalls embeds machine learning in the core of the firewall to provide inline, real-time attack prevention. The way that they handle the traffic is very useful for us. The firewall creates a benchmark of known traffic patterns that every endpoint would have using machine learning. Machine learning creates a baseline of how the traffic goes in and out. When there is a deviation in the normal behavior, it gives me a threat indication via a reporting feature that shows us how the current traffic has deviated from the usual traffic. This is a very good feature, which is important for my organization to have on a daily basis.

It gives me a better experience when handling security holes. 

Our upgrades brought some rule reviewing features by default, without having to depend on third-party tools to perform the rule reviewing. That has been a good feature.

I would like them to bring in some features that would encourage traffic shaping or bandwidth routing, like other UTM firewalls, because the solution should be capable of limiting the bandwidth for rules.

If Palo Alto Networks could bring in session tracking, like FortiGate, then we can remove another cybersecurity tool. If they could say "This is user-based, not IP-based," using user attribute-based rules, then that would be helpful for a small- or medium-scale company because they could use a single device instead of two or three devices.

I have been using it for four years.

The stability is very good. After the upgrade, every other process was smoother. We haven't often seen bugs or operational hazards in terms of the device. 

Scalability is always available. If you are ready to invest the money, then you can add another box. Every device has its limitations though. NGFW has its own limitations, where it cannot scale beyond a certain point. Those limitations have already been published and users need to be aware of them when they are planning to buy a firewall.

The size of my environment is 3,000 to 4,000 users. We are a larger organization with 60 to 80 VLANs. There are approximately 3,600 endpoints accessing them. Day in, day out, we have a lot of network access change requests coming in that need to be performed. 

In terms of maintaining the firewalls for our space and cost, there are about 15 team members. It is a huge environment with 10 different clusters of Palo Altos. From our operational perspective, we need 15 team members.

On a practical scale, it depends on the size of your organization. If it is a small organization, I think two to three members should be sufficient enough to handle the solution. When you have a smaller organization with a maximum of 20 different VLANs, where there is a size limit of 50 to 100 users/employees, then two or three members would be sufficient enough to handle it. However, it all depends upon the number of endpoints that are the nodes and how many nodes the firewall is protecting.

The technical support is good. I would rate them as 10 out of 10. 

They are able to support me and the issues that have arisen, which have been very minimal. For cases where we break something in the configuration or any bug that is out of control, they are good in understanding and analyzing our issues as well as providing a solution for them. That is why I rated them as 10.

Positive

The initial setup was straightforward, not complex. We migrated from a different vendor to this platform. We had our goals and objectives in front of us. So, we had a good project plan before migrating everything.

I have multiple clusters. For the largest cluster, the migration took three to four weeks.

We used an integrator for the deployment.

We are monitoring the metrics. We have certain metrics to find ROI, e.g., it could be zero-days, the number of inclusions that this solution has blocked successfully, or the amount of malware that it has stopped. We identify this information via the sandboxing feature, which determines what other normal firewalls would have let in. We consider the amount of data that we process and the regulatory fines that would have arisen, if not for this solution. That is how our return of investment is calculated.

If the cost is your main priority, Palo Alto would be a bit high. However, if you are ready to hear about return of investment, then I would convince you to go for Palo Alto.

I am using three or four firewalls from different vendors. I know their capabilities as well as the strengths and weaknesses of each vendor. 

We have evaluated different firewalls and found Palo Alto best suited for boundary networks. Fortinet handles our user-facing firewalls. Between FortiGate and Palo Alto, there is Cisco.

We did a SWOT analysis on all the firewalls. We determined the best firewalls based on their throughput and protection suites. For example, a user-facing firewall doesn't need to be jam-packed with security features. However, a perimeter firewall is between the trusted and untrusted networks, so more security features are needed.

We are using a different DNS Security solution, so we haven't used Palo Alto NGFW’s DNS Security.

Explore the features that the solution offers. There are a lot. If you can use the features to their fullest potential, that would be best. 

If you are just doing an L3 and L4 inspection, then Palo Alto Networks might not be best suited for that environment. If you are going to use the features of an NGFW, then I would tell you about the solution's features and return of investment based on what you are protecting. 

We use Palo Alto Networks Next-Generation Firewalls daily to create firewall rules that permit network traffic for specific applications and end users.

We use various models, including the 800, 400, and 3200 series. The specific model required depends on the size of the remote site where it will be deployed.

Embedded machine learning is crucial because hackers increasingly leverage AI to develop innovative methods of infiltrating networks. AI enables them to create more sophisticated malware and threats, intensifying the arms race between defenders and attackers. To counter this evolving threat landscape, next-generation firewalls must incorporate AI and machine learning capabilities to analyze and mitigate threats effectively.

AI and machine learning are valuable aspects.

UTM solutions like those offered by CheckPoint and Fortinet all offer a single pane of glass for managing security. Palo Alto is the same, but as a newcomer to Palo Alto, I've found its management, particularly with Panorama overseeing our hundred firewalls, challenging. Pushing changes, especially to individual firewalls, often results in failures, requiring full system updates. This inconsistency creates significant hurdles. While I suspect similar complexities exist in Cisco Firepower and potentially Fortinet, Palo Alto's implementation seems unnecessarily convoluted.

Palo Alto claims their NG Firewalls are highly customizable, but this isn't always true. We've encountered an issue where changes to a firewall cannot be reverted. Unlike Cisco Firepower or ASA, where changes are only committed after saving, Palo Alto commits changes immediately and places them in a queue. This prevents reverting changes, even accidentally made ones. For instance, today I was testing firewall rules without intending to push them, but the changes were already committed to the locally managed Panorama server. This lack of control is a significant drawback compared to vendors like Cisco or Checkpoint, where uncommitted changes are not saved.

Executives often praise Palo Alto firewalls, but these same executives rarely have hands-on experience managing them. Unlike them, I deal with the daily complexities of firewall operations. While every firewall has its shortcomings, Palo Alto is no exception. Cisco's ASA, for instance, was frustrating to manage through its ASDM interface, but the CLI configuration was reliable. Unfortunately, other vendors like Checkpoint and Fortinet heavily rely on management servers, limiting CLI options. Pushing changes can be a nightmare with any firewall, often involving unnecessary whole pushes due to errors or version mismatches. Palo Alto is no different; it's prone to bugs and challenges like any other product. Contrary to popular belief, executives who lack firsthand experience with firewall management often exaggerate Palo Alto's strengths.

Palo Alto Networks NG Firewalls have been problematic. Due to failed configuration pushes, I've encountered issues requiring Palo Alto Technical Assistance Center involvement. Based on DNS hostnames, objects are supposed to be automatically resolved by Palo Alto, but this functionality proved unreliable, necessitating a firewall upgrade and patch to correct a bug. Contrary to claims, Palo Alto has not exceeded expectations; managing as other firewall brands has been as frustrating. Each firewall platform has complexities, but I don't believe Palo Alto surpasses Check Point, Fortinet, or Cisco Firepower. While it might have advantages over Cisco Firepower, when compared to Check Point or Fortinet, Palo Alto does not offer greater performance.

I have been using Palo Alto Networks NG Firewalls for nine months.

When installing a Palo Alto Networks NG Firewall, we connect it to the network via a management interface and configure basic settings. Next, we register the firewall with Panorama, its management server, and then plan the network transition.

Palo Alto Networks NG Firewalls are overpriced. While Fortinet offers a more affordable option, Palo Alto commands premium prices due to its strong brand reputation among CISOs and security executives. Despite this, I believe Palo Alto firewalls are overhyped and underperform expectations. Many of these executives, who lack hands-on firewall management experience, base their decisions on marketing claims rather than practical knowledge. In contrast, Check Point pioneered next-generation firewalls, offering advanced features before competitors. However, its reliance on a centralized management system limited flexibility. Cisco, while improving, has also moved towards centralized management, restricting CLI access. Ultimately, I prefer the balance of features and flexibility Check Point offers.

I would rate Palo Alto Networks NG Firewalls eight out of ten.

We use Palo Alto Networks NG Firewalls as a gateway for our data center and server files because they are a reliable and robust device, and the best in the security field. We also use their threat intelligence and threat protection services, which are like brass fittings.

Palo Alto enables telemetry and enriches their systems to protect our network against threats, which is why machine learning helps us secure our network.

Palo Alto Networks NG Firewalls have enhanced our security by around 20 percent.

The solution provides a unified platform that natively integrates all of our security capabilities.

Palo Alto Networks NG Firewalls help eliminate security holes by stopping all the known and unknown vulnerabilities that we are seeing in our network.

The single-path architecture has improved performance and latency.

The application awareness feature that recognizes application IDs and vulnerability protection are Palo Alto Networks NG Firewalls' most valuable features.

The price is high and has room for improvement.

We have Elite Plus partner support, which means we always have to speak to a partner to open a case. However, not all of the partners are knowledgeable or helpful.

I have been using Palo Alto Networks NG Firewalls for two years.

Palo Alto Networks NG Firewalls are stable.

When it comes to virtual machine editions or the cloud, I think they are more scalable than hardware. 

We have three administrators, 1,000 end users, and up to 400 servers that use Palo Alto Networks NG Firewalls.

We previously used Fortinet FortiGate firewalls but switched to Palo Alto Networks NG Firewalls for their superior performance. We also chose Palo Alto Networks because Gartner's reviews of their firewalls have consistently been better than those of Fortinet.

The initial setup is straightforward. However, enabling the security features and starting traffic inspection can be complex. The physical installation is easy.

The deployment for one device takes one day.

We have seen a return on investment in the two years that we have been using the solution.

Palo Alto Networks NG Firewalls' price is expensive.

I give Palo Alto Networks NG Firewalls a nine out of ten.

I recommend Palo Alto Networks NG Firewalls. 

We use this solution to protect the perimeter and use it as a proxy for the servers.

We have the firewalls installed in our data center at present and are planning to put them in the corporate and branch offices as well.

A couple of years ago, we removed the explicit proxy for the servers and made the proxy transparent for the servers. We were able to make it softer for the servers' web filtering.

Palo Alto Networks NG Firewalls provide a unified platform that natively integrates all security capabilities. They have a couple of solutions in the cloud that we are trying to add to our ecosystem.

Because Palo Alto Networks NG Firewalls are installed in our data center, it is very important that Palo Alto embeds machine learning in the core of the firewall to provide inline, real-time attack prevention. We need to protect our servers.

The cloud could be improved. I would like to have more visibility of the network vulnerabilities as well.

I've been using Palo Alto Networks NG Firewalls for more than five years.

The stability is good.

Palo Alto Networks NG Firewalls have good scalability.

Palo Alto's technical support is good, and I would rate them an eight out of ten.

Positive

Overall, I would rate Palo Alto Networks NG Firewalls a nine on a scale from one to ten.