Try our new research platform with insights from 80,000+ expert users
Director Of Technology at La Jolla Country Day School
Real User
Protects our network from various malicious activities by filtering and inspecting traffic
Pros and Cons
  • "It is pretty important to have embedded machine learning in the core of the firewall to provide inline, real-time attack prevention, because all these different attacks and threats are constantly evolving. So, you want to have something beyond just hard pass rules. You want it to learn as it is going along. Its machine learning seems pretty good. It seems like it is catching quite a few things."
  • "There is a web-based GUI to do management, but you need to know how the machine or firewall operates. There are hundreds of different menus and options. I have used other firewalls before. Just implementing or designing a policy with Palo Alto, if you want a certain port to be open to different IP addresses, then that could take 20 to 25 clicks. That is just testing it out. It is quite complex to do. Whereas, with other places, you tell it, "Okay, I want this specific port open and this IP address to have access to it." That was it. However, not with Palo Alto, which is definitely more complex."

What is our primary use case?

We basically use it to protect our network from various malicious activities out there. We have two subscriptions. We have the WildFire subscription, which is similar to DNS filtering. We also have Threat Protection, which allows the firewall to inspect traffic up to Layer 7. It inspects applications as well as unknown applications, quarantining and stopping things. So, you are not always chasing, "What applications should I be running on this device?" It does a good job of all of that. The management of it is a little tricky, but that is how it goes.

We are running the PA-3250s. We have two of them. They operate in Active/Passive mode. Therefore, if one fails, then the other one takes over. 

What is most valuable?

It is pretty important to have embedded machine learning in the core of the firewall to provide inline, real-time attack prevention, because all these different attacks and threats are constantly evolving. So, you want to have something beyond just hard pass rules. You want it to learn as it is going along. Its machine learning seems pretty good. It seems like it is catching quite a few things.

What needs improvement?

There is a web-based GUI to do management, but you need to know how the machine or firewall operates. There are hundreds of different menus and options. I have used other firewalls before. Just implementing or designing a policy with Palo Alto, if you want a certain port to be open to different IP addresses, then that could take 20 to 25 clicks. That is just testing it out. It is quite complex to do. Whereas, with other places, you tell it, "Okay, I want this specific port open and this IP address to have access to it." That was it. However, not with Palo Alto, which is definitely more complex.

The VPN is only available for Windows and Mac iOS environments. We have a variety of iPads, iPhones, and Android stuff that wouldn't be able to utilize the built-in VPN services.

I would like easier management and logging. They can set up some profiles instead of having you create these reports yourself. However, you should be able to set it up to give you alerts on important things faster.

For how long have I used the solution?

We have had this in place for four years. I have been at the school for almost a year and a half. So, this is my second year here at the school, so my experience with it has probably been a year and change. I use other firewall solutions, but I have gotten pretty comfortable with the Palo Alto solution.

Buyer's Guide
Palo Alto Networks NG Firewalls
September 2025
Learn what your peers think about Palo Alto Networks NG Firewalls. Get advice and tips from experienced pros sharing their opinions. Updated: September 2025.
868,706 professionals have used our research since 2012.

What do I think about the stability of the solution?

It is very stable. We have never had any issues with any failures on it.

I haven't felt any performance lags on it. It has been handling everything just fine.

What do I think about the scalability of the solution?

We purchased it a few years ago. Since then, we have had a lot more clients on our network, and it has handled all that fine. You go into it and just have to scale it higher. Palo Alto doesn't give you too many choices. There is not a medium; it is either very small or very big. So, you don't have a choice in that.

How are customer service and support?

We have never had to call Palo Alto. Secure Works does all our support maintenance on it.

Which solution did I use previously and why did I switch?

I have been here for a year and a half. Before, the firewall that they were using (Barracuda) was barely adequate for what we were doing. We got new ones simply, not because we had a software/hardware-type attack, but because we had a social engineering attack where one of the folks who used to work for us went on to do some crazy things. As a result, the reaction was like, "Oh, let's get a new firewall. That should stop these things in the future."

How was the initial setup?

The initial setup was pretty complex because they did not do it themselves. They actually hired some folks who put it in. 

What about the implementation team?

We use Secureworks, which is a big security company. They actually send an alert when there are problems with the firewall or if there are security issues. They handled the deployment. 

We also use another company called Logically to monitor the firewall in addition to all our other devices.

What's my experience with pricing, setup cost, and licensing?

Active/Passive mode is very redundant, but they require you to buy all the associated licensing for both firewalls, which is kind of a waste of money because you are really only using the services on one firewall at a time.

I would suggest looking at your needs, because this solution's pricing is very closely tied to that. If you decide that you are going to need support for 1,000 connections, then make sure you have the budget for it. Plan for it, because everything will cost you.

If another school would call and ask me, I would say, "It's not the cheapest. It's very fast, but it's not the cheapest firewall out there."

Which other solutions did I evaluate?

I have been looking at different firewalls because our service and maintenance contracts are up on it. We have two different outsourced folks who look at the firewall and help us do any configurations. My staff and I lack the knowledge to operate it. For any change that we need to make, we have to call these other folks, and that is just not sustainable.

We are moving away from this solution because of the pricing and costs. Everything costs a lot. We are moving to Meraki MS250s because of their simplicity. They match the industry better. I have called the bigger companies, and Meraki matches the size, then the type of institution that we are.

If someone was looking for the cheapest and fastest firewall product, I would suggest looking at the Meraki products in the educational space. I think that is a better fit.

What other advice do I have?

Its predictive analytics and machine learning for instantly blocking DNS-related attacks is doing a good job. I can't be certain because we also have a content filter on a separate device. Together, they kind of work out how they do DNS filtering. I know that we haven't had any problems with ransomware or software getting installed by forging DNS.

DNS Security for protection against sneakier attack techniques, like DNS tunneling, is good. I haven't had a chance to read the logs on those, but it does pretty well. It speaks to the complexity of the firewall. It is hard to assess information on it because there is just a lot of data. You need to be really good at keeping up with the logs and turning on all the alerts. Then, you need to have the time to dig through those because it could be blocking something, which it will tell you.

I haven't read the NSS Labs Test Report from July 2019 about Palo Alto NGFW, but it sounds interesting. Though it is a little bit of snake oil, because the worst attacks that we had last year were purely done through social engineering and email. I feel like this is an attack vector that the firewall can't totally block. So, before you put something in, like Palo Alto Firewalls, you need to have your security policy in place first.

I would rate this solution as eight out of 10. Technically, it is a good solution, but for usability and practicality, I would take points off for that.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Security Team Technical Manager at ECCOM Network System Co., Ltd.
Reseller
Its unified platform effectively reduces the workload on networks and security tools
Pros and Cons
  • "Palo Alto NGFW’s unified platform has helped our customers eliminate security holes. With a unified platform, customers can deploy the NG Firewall both in the data center edge, inside the data center, and in the product/public cloud environments. They have the same user interfaces and platform, so they can be maintained by a single unified platform called Panorama. Customers can use Palo Alto Network NG Firewalls in all the places where they need to protect their environments. This helps to decrease security holes."
  • "Over the past one or two years, Palo Alto Networks has added a lot of features into the NG Firewall products. I think this is becoming more complicated for our customers. Therefore, we could use some best practices, best practice tools, and implementation guides for some of the complicated features."

What is our primary use case?

The solution is more towards the front of the security stack.

We use both AWS and Alibaba Cloud.

How has it helped my organization?

The single pass architecture has helped a lot in the implementation and maintenance of Palo Alto Networks. It changed the customer's opinion on UTM platforms. In the past, when customers used UTM platforms, they feared the security features would impact the performance and slow down the network, causing some instability. However, with the single pass architecture, Palo Alto has demonstrated that you can use a lot of the security features without having an impact on the security and network performance. Therefore, most of our customers will dare to use most of Palo Alto Networks' security features.

What is most valuable?

  • Application identification
  • Antivirus
  • Vulnerability protection
  • URL filtering
  • SSL VPN
  • IPsec VPN

Palo Alto NGFW provides a unified platform that natively integrates all security capabilities. Most of our customers are busy. They cannot afford the time to learn very complicated user interfaces and configuration procedures. With Palo Alto Networks, they offered a unified user interface for all its NG Firewall products and Panorama. I think it reduces some of our customers' maintenance time. 

Palo Alto NGFW’s unified platform has helped our customers eliminate security holes. With a unified platform, customers can deploy the NG Firewall both in the data center edge, inside the data center, and in the product/public cloud environments. They have the same user interfaces and platform, so they can be maintained by a single unified platform called Panorama. Customers can use Palo Alto Network NG Firewalls in all the places where they need to protect their environments. This helps to decrease security holes.

What needs improvement?

Over the past one or two years, Palo Alto Networks has added a lot of features into the NG Firewall products. I think this is becoming more complicated for our customers. Therefore, we could use some best practices, best practice tools, and implementation guides for some of the complicated features.

For how long have I used the solution?

I have been using it for eight years, though my company does not use it.

What do I think about the stability of the solution?

Compared to its competitors, the stability of NG Firewalls is very good. We have faced some strange problems with the hardware platform or operating system. Most of these customer cases come from complicated configs and bugs. However, stability is very good overall.

What do I think about the scalability of the solution?

Scalability is not that good. Palo Alto Networks NG Firewalls product is for middle-sized and small businesses. It has fixed parts and capacities for processing. Some of their higher-end products have the scalability to expand capacities, but only a few customers can afford their larger product.

How are customer service and technical support?

I would rate it as eight to nine out of 10. Most of the technical engineers, who provide support for our customers, are efficient. There are one or two Tier 1 tech support engineers who often don't have answers.

Which solution did I use previously and why did I switch?

Palo Alto NGFW’s unified platform has helped to eliminate multiple network security tools and the effort needed to get them to work together with each other. Before using Palo Alto Networks NG Firewalls, customers might need to implement Layer 4 firewalls, IPS and possibly an antivirus, gateways, and maybe web proxies for all their devices. With Palo Alto NGFW’s unified platform, if a customer can do all the config and security policies on one platform, then this will merge all their security things onto a single platform.

How was the initial setup?

The initial setup is not complex; it is straightforward. Our users only need a cable and some basic steps to configure the management interface. Then, it can set up the NG Firewall and ensure that the network and routing are working as expected in the environment. I think its steps are easier than most of its competitors. The initial setup takes one or two hours.

The full setup time depends on the features, then whether the environment or customer needs are complicated or not.

What about the implementation team?

For our implementation strategy, we talk to our customers and work out documents for all their configs, which includes basic information that we need to know for implementing the firewall. Then, we follow the documents and do the implementation. We also may modify some content of the documents as the project processes.

It needs one or two employees with enough skills to manage and maintain it. They may need to modify firewalls, firewalls security rules, and possibly inspect alerts that are generated from firewalls.

What was our ROI?

By having a customer operate on a unified platform, they can do the application control, traffic control, threat protection, and URL filtering on a single platform. This effectively reduces the workload on all their networks and security tools.

Cheap and faster are the opposite sides of security. Security inspections have some technical and money costs. If you just purchase some cheap, fast firewalls, then you will lose a lot of the security features and fraud protection capabilities.

Which other solutions did I evaluate?

My company uses Cisco Firepower NGFW Firewall, not Palo Alto Networks NG Firewalls. We started our cooperation with Cisco a lot longer than with Palo Alto Networks. We have been working with Cisco to expand their business in China for more than 20 years, which is why the leaders in our company might be choosing Cisco products.  

Most of our customers have been using Palo Alto Networks for a long time and do not want to change to another vendor. The unified user interface is a big benefit for them.

Palo Alto NGFW’s DNS Security is an effective way to detect and block DNS tunneling attacks, because most competitors do not have these techniques to detect the DNS tunneling on a single device. They require maybe a SIM or some analysts. So, this is something quite creative for Palo Alto Networks.

What other advice do I have?

For our customers, I would tell them that Palo Alto Networks NG Firewalls is easy to use, but probably difficult to master. It has a very easy to use interface and configuration utility, but it has a lot of advanced features that need some deep knowledge of the product.

No product can guarantee 100% evasions being blocked, but I think Palo Alto is among the top of the threat inspection vendors. From the NSS Labs Test Report, we can see that Palo Alto Networks always has a top score.

Machine learning in a single firewall is not that accurate or important for our customers. Since it will only see some network traffic, it cannot connect everything together, like endpoints and servers. Therefore, our customers do not value the machine learning techniques on a single firewall very much.

We may review the alerts generated by machine learning modules, then we can see if the alerts are real alerts, not false positives. This may tell us how efficient machine learning is.

Very few customers in China have used the Palo Alto NGFW’s DNS Security module. It is a new feature that was introduced only two years ago. Customers already know what the product can provide in terms of protection. Its DNS Security provides something that is not really easy to understand. Also, it increases the cost of the firewall because it requires another license to be implemented, and the cost is not low.

DNS Security is very impressive, and I think it will be an efficient way to block the rapidly changing threat landscape and maybe Zero-day attack methods.

Biggest lesson learnt: If you want to protect something, you need to gain visibility of the entire network. NG Firewalls provides a deep visibility into network traffic.

I would rate Palo Alto Networks NG Firewalls as nine out of 10.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: My company has a business relationship with this vendor other than being a customer. Reseller
PeerSpot user
Buyer's Guide
Palo Alto Networks NG Firewalls
September 2025
Learn what your peers think about Palo Alto Networks NG Firewalls. Get advice and tips from experienced pros sharing their opinions. Updated: September 2025.
868,706 professionals have used our research since 2012.
reviewer908871 - PeerSpot reviewer
Senior Solutions Architect at a tech services company with 51-200 employees
Real User
Top 20
Provides embedded AI and machine learning to stop threats
Pros and Cons
  • "AI and machine learning are valuable aspects."
  • "Palo Alto claims their NG Firewalls are highly customizable, but this isn't always true."

What is our primary use case?

We use Palo Alto Networks Next-Generation Firewalls daily to create firewall rules that permit network traffic for specific applications and end users.

We use various models, including the 800, 400, and 3200 series. The specific model required depends on the size of the remote site where it will be deployed.

How has it helped my organization?

Embedded machine learning is crucial because hackers increasingly leverage AI to develop innovative methods of infiltrating networks. AI enables them to create more sophisticated malware and threats, intensifying the arms race between defenders and attackers. To counter this evolving threat landscape, next-generation firewalls must incorporate AI and machine learning capabilities to analyze and mitigate threats effectively.

What is most valuable?

AI and machine learning are valuable aspects.

What needs improvement?

UTM solutions like those offered by CheckPoint and Fortinet all offer a single pane of glass for managing security. Palo Alto is the same, but as a newcomer to Palo Alto, I've found its management, particularly with Panorama overseeing our hundred firewalls, challenging. Pushing changes, especially to individual firewalls, often results in failures, requiring full system updates. This inconsistency creates significant hurdles. While I suspect similar complexities exist in Cisco Firepower and potentially Fortinet, Palo Alto's implementation seems unnecessarily convoluted.

Palo Alto claims their NG Firewalls are highly customizable, but this isn't always true. We've encountered an issue where changes to a firewall cannot be reverted. Unlike Cisco Firepower or ASA, where changes are only committed after saving, Palo Alto commits changes immediately and places them in a queue. This prevents reverting changes, even accidentally made ones. For instance, today I was testing firewall rules without intending to push them, but the changes were already committed to the locally managed Panorama server. This lack of control is a significant drawback compared to vendors like Cisco or Checkpoint, where uncommitted changes are not saved.

Executives often praise Palo Alto firewalls, but these same executives rarely have hands-on experience managing them. Unlike them, I deal with the daily complexities of firewall operations. While every firewall has its shortcomings, Palo Alto is no exception. Cisco's ASA, for instance, was frustrating to manage through its ASDM interface, but the CLI configuration was reliable. Unfortunately, other vendors like Checkpoint and Fortinet heavily rely on management servers, limiting CLI options. Pushing changes can be a nightmare with any firewall, often involving unnecessary whole pushes due to errors or version mismatches. Palo Alto is no different; it's prone to bugs and challenges like any other product. Contrary to popular belief, executives who lack firsthand experience with firewall management often exaggerate Palo Alto's strengths.

Palo Alto Networks NG Firewalls have been problematic. Due to failed configuration pushes, I've encountered issues requiring Palo Alto Technical Assistance Center involvement. Based on DNS hostnames, objects are supposed to be automatically resolved by Palo Alto, but this functionality proved unreliable, necessitating a firewall upgrade and patch to correct a bug. Contrary to claims, Palo Alto has not exceeded expectations; managing as other firewall brands has been as frustrating. Each firewall platform has complexities, but I don't believe Palo Alto surpasses Check Point, Fortinet, or Cisco Firepower. While it might have advantages over Cisco Firepower, when compared to Check Point or Fortinet, Palo Alto does not offer greater performance.

For how long have I used the solution?

I have been using Palo Alto Networks NG Firewalls for nine months.

How was the initial setup?

When installing a Palo Alto Networks NG Firewall, we connect it to the network via a management interface and configure basic settings. Next, we register the firewall with Panorama, its management server, and then plan the network transition.

What's my experience with pricing, setup cost, and licensing?

Palo Alto Networks NG Firewalls are overpriced. While Fortinet offers a more affordable option, Palo Alto commands premium prices due to its strong brand reputation among CISOs and security executives. Despite this, I believe Palo Alto firewalls are overhyped and underperform expectations. Many of these executives, who lack hands-on firewall management experience, base their decisions on marketing claims rather than practical knowledge. In contrast, Check Point pioneered next-generation firewalls, offering advanced features before competitors. However, its reliance on a centralized management system limited flexibility. Cisco, while improving, has also moved towards centralized management, restricting CLI access. Ultimately, I prefer the balance of features and flexibility Check Point offers.

What other advice do I have?

I would rate Palo Alto Networks NG Firewalls eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
IT engineer at a financial services firm with 201-500 employees
Real User
The solution provides a unified platform, enhances security, and is stable
Pros and Cons
  • "The application awareness feature that recognizes application IDs and vulnerability protection are Palo Alto Networks NG Firewalls' most valuable features."
  • "The price is high and has room for improvement."

What is our primary use case?

We use Palo Alto Networks NG Firewalls as a gateway for our data center and server files because they are a reliable and robust device, and the best in the security field. We also use their threat intelligence and threat protection services, which are like brass fittings.

How has it helped my organization?

Palo Alto enables telemetry and enriches their systems to protect our network against threats, which is why machine learning helps us secure our network.

Palo Alto Networks NG Firewalls have enhanced our security by around 20 percent.

The solution provides a unified platform that natively integrates all of our security capabilities.

Palo Alto Networks NG Firewalls help eliminate security holes by stopping all the known and unknown vulnerabilities that we are seeing in our network.

The single-path architecture has improved performance and latency.

What is most valuable?

The application awareness feature that recognizes application IDs and vulnerability protection are Palo Alto Networks NG Firewalls' most valuable features.

What needs improvement?

The price is high and has room for improvement.

We have Elite Plus partner support, which means we always have to speak to a partner to open a case. However, not all of the partners are knowledgeable or helpful.

For how long have I used the solution?

I have been using Palo Alto Networks NG Firewalls for two years.

What do I think about the stability of the solution?

Palo Alto Networks NG Firewalls are stable.

What do I think about the scalability of the solution?

When it comes to virtual machine editions or the cloud, I think they are more scalable than hardware. 

We have three administrators, 1,000 end users, and up to 400 servers that use Palo Alto Networks NG Firewalls.

Which solution did I use previously and why did I switch?

We previously used Fortinet FortiGate firewalls but switched to Palo Alto Networks NG Firewalls for their superior performance. We also chose Palo Alto Networks because Gartner's reviews of their firewalls have consistently been better than those of Fortinet.

How was the initial setup?

The initial setup is straightforward. However, enabling the security features and starting traffic inspection can be complex. The physical installation is easy.

The deployment for one device takes one day.

What was our ROI?

We have seen a return on investment in the two years that we have been using the solution.

What's my experience with pricing, setup cost, and licensing?

Palo Alto Networks NG Firewalls' price is expensive.

What other advice do I have?

I give Palo Alto Networks NG Firewalls a nine out of ten.

I recommend Palo Alto Networks NG Firewalls. 

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
reviewer2173245 - PeerSpot reviewer
Security Operations Manager at a retailer with 10,001+ employees
Real User
Protect our perimeter and servers and provide a unified platform
Pros and Cons
  • "Palo Alto Networks NG Firewalls provide a unified platform that natively integrates all security capabilities."
  • "The cloud could be improved. I would like to have more visibility of the vulnerabilities of the network as well."

What is our primary use case?

We use this solution to protect the perimeter and use it as a proxy for the servers.

We have the firewalls installed in our data center at present and are planning to put them in the corporate and branch offices as well.

How has it helped my organization?

A couple of years ago, we removed the explicit proxy for the servers and made the proxy transparent for the servers. We were able to make it softer for the servers' web filtering.

What is most valuable?

Palo Alto Networks NG Firewalls provide a unified platform that natively integrates all security capabilities. They have a couple of solutions in the cloud that we are trying to add to our ecosystem.

Because Palo Alto Networks NG Firewalls are installed in our data center, it is very important that Palo Alto embeds machine learning in the core of the firewall to provide inline, real-time attack prevention. We need to protect our servers.

What needs improvement?

The cloud could be improved. I would like to have more visibility of the network vulnerabilities as well.

For how long have I used the solution?

I've been using Palo Alto Networks NG Firewalls for more than five years.

What do I think about the stability of the solution?

The stability is good.

What do I think about the scalability of the solution?

Palo Alto Networks NG Firewalls have good scalability.

How are customer service and support?

Palo Alto's technical support is good, and I would rate them an eight out of ten.

How would you rate customer service and support?

Positive

What other advice do I have?

Overall, I would rate Palo Alto Networks NG Firewalls a nine on a scale from one to ten.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
reviewer2173290 - PeerSpot reviewer
Manager, Cyber Security Risk & Compliance at a financial services firm with 5,001-10,000 employees
Real User
Provides better visibility and is stable and scalable
Pros and Cons
  • "Palo Alto Networks NG Firewalls enabled us to have better visibility overall."
  • "Palo Alto Networks NG Firewalls do not provide a unified platform that natively integrates all security capabilities."

What is our primary use case?

We use Palo Alto Networks NG Firewalls for security purposes and to mitigate risk.

How has it helped my organization?

Palo Alto Networks NG Firewalls enabled us to have better visibility overall.

What is most valuable?

The inline, real-time attack prevention provided by embedded machine learning is not bad.

Also, the firewalls are moderate in terms of securing data centers consistently across all workplaces, i.e., from the smallest office to the largest data centers.

We have been able to reduce downtime because we have better visibility. We're faster and can act preemptively.

What needs improvement?

Palo Alto Networks NG Firewalls do not provide a unified platform that natively integrates all security capabilities.

Customer support could be improved.

For how long have I used the solution?

I've been using this solution for about one year.

What do I think about the stability of the solution?

Palo Alto Networks NG Firewalls are stable.

What do I think about the scalability of the solution?

The firewalls' scalability is good.

How are customer service and support?

I would rate Palo Alto's network support a six out of ten.

How would you rate customer service and support?

Neutral

What was our ROI?

We have seen a slight ROI, enough to justify the cost of the solution.

What's my experience with pricing, setup cost, and licensing?

The cost is steep, but most firewalls cost a lot.

What other advice do I have?

If you're looking for the cheapest and fastest firewall, I would not recommend Palo Alto NG Firewalls.

Overall, I would rate Palo Alto Networks NG Firewalls an eight out of ten.

I place a high value on attending the RSA Conference. I get a lot out of it because I'm able to learn about up-and-coming companies. I can see what options are available, whether someone's doing it better, and if I can get a cheaper option.

Attending RSAC does have an impact on my organization’s cybersecurity purchases made throughout the year.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
reviewer2169330 - PeerSpot reviewer
Sr Security Analyst at a mining and metals company with 5,001-10,000 employees
Real User
Has an organized, user-friendly interface and is relatively stable
Pros and Cons
  • "Palo Alto Networks NG Firewalls have a very nice interface for logging and monitoring. I find it easy to navigate and use, and the interface is organized as well. I can find answers within a couple of hours and have seen time savings."
  • "The customer-facing side needs to be improved in terms of the engagement and involvement of support staff."

What is our primary use case?

We use Palo Alto Networks NG Firewalls for segmentation and basic routing. They are the gatekeepers for the network.

What is most valuable?

I like being able to investigate anonymous VPNs and also like to use traffic-capturing features. We've had some anonymous VPNs coming to our network, and we're trying to make sure that internal users are not able to use those to get past our security.

Palo Alto Networks NG Firewalls have a very nice interface for logging and monitoring. I find it easy to navigate and use, and the interface is organized as well. I can find answers within a couple of hours and have seen time savings.

We have Azure firewalls that are licensed through Palo Alto. It's super important that Palo Alto Networks NG Firewalls provide a unified platform that natively integrates all security capabilities because we are moving almost entirely to Azure. Thus, the more Azure integration we have, the better it's going to be for us long term.

These firewalls have been efficient at securing data centers consistently across all workplaces.

We haven't had many downtime issues with Palo Alto.

What needs improvement?

The customer-facing side needs to be improved in terms of the engagement and involvement of support staff.

For how long have I used the solution?

My first exposure to this solution was about a year and a half ago.

What do I think about the stability of the solution?

The firewalls are relatively stable. We have a few that go up and down, but that has more to do with licensing issues than with the firewall itself.

How are customer service and support?

Technical support needs to be improved with regard to the time to respond and the response itself. We've been getting the same responses over and over again. It would help us out a lot if the technical support staff were more engaged or involved.

From what I've heard from our firewall engineer, I would rate technical support a four out of ten.

How would you rate customer service and support?

Neutral

What was our ROI?

We utilize GlobalProtect and have seen a better return on investment with regard to security and peace of mind.

What's my experience with pricing, setup cost, and licensing?

Licensing is a big issue for us because of the complexity and the lack of engagement from Palo Alto. It has been hard to talk with them as we don't get the best answers.

Which other solutions did I evaluate?

We are always evaluating other vendors and are currently looking at Cisco. Though both Palo Alto and Cisco firewalls are feature-rich and provide very good value, Cisco is better at customer engagement. They are easier to talk to as well.

What other advice do I have?

Palo Alto Networks NG Firewalls are not the cheapest and fastest, but they are one of the top ones in terms of the most effective firewalls.

Overall, I would rate NG Firewalls an eight out of ten. They're definitely a top competitor.

I love the opportunity to see technical demos and take hands-on tours with some of the products at RSA conferences. They are the best part because I get to learn and gain exposure to new technology. It is particularly helpful when we want to look at other avenues.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
reviewer2171631 - PeerSpot reviewer
Engineering Manager at a security firm with 11-50 employees
Real User
Seamless ecosystem integration, user-friendly, with helpful and knowledgeable technical support
Pros and Cons
  • "Some of Palo Alto Networks NG Firewalls' valuable features are their powerful capabilities and user-friendliness."
  • "The level of control and granularity in terms of rule customization could be enhanced. However, compared to our previous solution, Palo Alto provides much better drill-down capabilities."

What is our primary use case?

Palo Alto Networks NG Firewalls are being used for cloud security in our organization. Along with that, we have implemented SD-WAN, secure access, and XDR. These are the primary firewalls that we have in place.

Essentially, we have almost all of their products across their three suites.

How has it helped my organization?

The previous brand we used had a steeper learning curve for our engineers and analysts compared to Palo Alto, which is easier to use. 

We also have an excellent partner in Costa Rica who works with Palo Alto's team there, providing valuable support. Overall, our experience with Palo Alto has been very positive.

What is most valuable?

Some of Palo Alto Networks NG Firewalls' valuable features are their powerful capabilities and user-friendliness. 

Our security team has found it easy to learn and obtain the necessary certifications and training from Palo Alto.

Overall, we have had a very positive experience with this suite of solutions, including the training they have provided us.

We like the Palo Alto ecosystem and how its different suites of products integrate seamlessly. 

The sharing of information has enhanced our security posture as a company. Overall, our experience with Palo Alto has been very positive.

I believe that It is important that the firewall integrates machine learning to take advantage of all the information that is available, all the data that is available.

You have to integrate machine learning AI and things like that to be able to be a step ahead of the hackers.

Using Palo Alto Networks NG Firewalls, we have experienced zero downtime.

The solution is user-friendly, which is important as it allows us to concentrate on other essential aspects of the company rather than spending time and effort maintaining the solution.

What needs improvement?

The level of control and granularity in terms of rule customization could be enhanced. However, compared to our previous solution, Palo Alto provides much better drill-down capabilities.

It is a solid solution.

For how long have I used the solution?

We have been using Palo Alto Networks NG Firewalls for six years.

What do I think about the stability of the solution?

It is a very solid, stable solution. We haven't had any issues with it, you know when we have to do updates there are no problems whatsoever. it's a very good solution.

What do I think about the scalability of the solution?

Scalability is an important issue. It is very scalable.

We are currently protecting around 11,000 endpoints.

How are customer service and support?

In my experience, I would rate the technical support a ten out of ten.

They are excellent.

How would you rate customer service and support?

Positive

How was the initial setup?

Initially, I was involved in the setup, but then other team members took over and completed the work. In the end, we reviewed and went over the setup together.

What about the implementation team?

We had a lot of support from their local partner So it was very straightforward at the time.

I didn't come across any significant issues, but as engineers, we are always prepared to face challenges. 

Nowadays, nothing works as simple as plug-and-play like it used to be. However, we try to reduce the likelihood of issues as much as possible by working closely with project managers and performing thorough preparations beforehand.

Before doing the implementation. It was okay.

What was our ROI?

I believe we have seen a return on investment.

The time we used to spend on various tasks previously has significantly reduced with the implementation of Palo Alto Networks. 

The system is very reliable with no downtime, providing us with a sense of security that is important in cybersecurity.

What's my experience with pricing, setup cost, and licensing?

The price of Palo Alto Networks NG Firewalls is high, but it is worth it if you have the budget for it. 

Budget is always an important factor in decision-making, but it was within our budget, and we were impressed by what we heard, tested, and experienced with Palo Alto.

It is difficult to know and assume the thought process of others. If they have budget constraints, there may be other manufacturers with a lower price point that would be a good fit. We try to evaluate from different angles, not just the budget, but also the technology and how it will fit with our needs. We look for strong capabilities where necessary, such as with Sophos and WatchGuard for smaller companies.

It can be difficult to know the thought process behind a company's decision when it comes to choosing a firewall solution. Budget constraints may play a role, and there are other manufacturers that offer lower price points, which can be a good option. However, it's important to consider technology and how it fits with the company's needs, as well as the strength of the solution. 

Smaller companies like Sophos and WatchGuard also offer solid platforms, and they may be a good fit for those looking for a lower price point. Ultimately, it's important to assess what's important for the company and find a solution that fits those needs, both in terms of functionality and price.

Which other solutions did I evaluate?

Our process for evaluating firewall solutions usually involves consulting Gartner for their feedback, having sessions with our analysts, and focusing on the leading firewall manufacturers.

We evaluated several firewall manufacturers, including Check Point and Fortinet, but ultimately, we as a group decided that Palo Alto was the best fit for us. 

The decision was not solely mine but rather made by our managers based on the evaluations and presentations given by each vendor. 

We were particularly impressed with Palo Alto's presentation and even visited their headquarters located south of San Francisco. And we just felt comfortable, and it was a good decision.

What other advice do I have?

The RSA sessions have been very informative and enjoyable. Today is actually my last day at the expo, and I've been visiting some of the manufacturers that we already work with as well as some that I want to learn more about. Overall, I think it's been a great experience.

From an engineering standpoint, the expo is a great opportunity to connect with knowledgeable people beyond the marketing façade. It's worth investing time to engage with them, learn about their products and solutions, and find out what they're working on and what's upcoming.

Attending RSA has had a significant impact on our company's cybersecurity purchases for the next year. In fact, I am here with two other colleagues who are actively researching and taking notes on various companies and their offerings. They are gathering valuable information to inform our future purchasing decisions.

We've been coming here for many years now, and we'll not come back. It's a good place to get up to date on what's happening.

I would rate Palo Alto Networks NG Firewalls a ten out of ten.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Buyer's Guide
Download our free Palo Alto Networks NG Firewalls Report and get advice and tips from experienced pros sharing their opinions.
Updated: September 2025
Product Categories
Firewalls
Buyer's Guide
Download our free Palo Alto Networks NG Firewalls Report and get advice and tips from experienced pros sharing their opinions.