We use Palo Alto Networks NG Firewalls to protect small businesses that work within the defense industrial base.
Compliance Analyst at a international affairs institute with 11-50 employees
The ability to provide secure access to people without having to carry an additional device around really benefits us
Pros and Cons
- "Prisma Access is the most valuable feature of Palo Alto Networks NG Firewalls."
- "In my opinion, the training provided is satisfactory, but there is certainly room for improvement. It would be great to have more comprehensive training at a lower cost, or even for free."
What is our primary use case?
How has it helped my organization?
By using Prisma Access, we can easily connect to our network from different locations around the world without having to deploy multiple firewalls. This not only makes it more convenient but also saves us a lot of expenses.
What is most valuable?
Prisma Access is the most valuable feature of Palo Alto Networks NG Firewalls.
The ability to provide secure access to people without having to carry an additional device around really benefits us in the defense industrial base.
What needs improvement?
The training provided is satisfactory, but there is certainly room for improvement. It would be great to have more comprehensive training at a lower cost, or even for free.
I would say that Palo Alto Networks NG Firewalls provide a unified platform for many, but not all.
Having everything in one pane of glass is important to me because I have a lot of responsibilities. It would be really nice to have everything in one place, so I don't have to switch around between different applications and can stay focused on one platform.
It's important to have machine learning embedded, but it's equally important to not solely rely on it. We still need human interaction to ensure proper security measures. Nonetheless, machine learning is a vital component of our security strategy.
Buyer's Guide
Palo Alto Networks NG Firewalls
June 2026
Learn what your peers think about Palo Alto Networks NG Firewalls. Get advice and tips from experienced pros sharing their opinions. Updated: June 2026.
904,680 professionals have used our research since 2012.
For how long have I used the solution?
I have been using Palo Alto Networks NG Firewalls for five years.
What do I think about the stability of the solution?
Palo Alto Networks NG Firewalls have been instrumental in reducing our downtime as we moved away from less robust devices. By implementing Palo Alto firewalls, we have significantly improved our network stability.
If I had to estimate, it has saved us 10 to 15 hours per year.
Palo Alto Networks NG Firewalls is a very stable solution.
What do I think about the scalability of the solution?
I haven't encountered the need to scale the solution yet. Our current setup meets our requirements and has been working well for us. Given that we are a small company, we have not felt the need to look into scaling it at this point.
How are customer service and support?
The technical support provided by Palo Alto Networks is excellent. Although I have only needed to contact them a few times, they have always been quick to respond, and their team is very knowledgeable.
I would rate the technical support a nine out of ten.
Which solution did I use previously and why did I switch?
Before, we used SonicWall, but we decided to switch to Palo Alto Networks NG Firewalls because they offer a much better solution and are leading the market.
How was the initial setup?
I was part of the deployment team, but since I was new to Palo Alto devices, the deployment process was more complex for me. That's where the training came into play.
I had to familiarize myself with their user interface and terminologies since I was used to using a different system. It took some time for me to learn and compare it with what I've used before.
What about the implementation team?
We purchased from a reseller.
It was a straightforward process. We made the purchase online and they shipped it to us. After that, it was a matter of getting it up and running.
What was our ROI?
It's difficult to determine. When looking at the ten to fifteen hours a year, it's unclear whether or not I would consider that as part of the return on investment. It's a bit challenging to assess from an IT perspective.
What's my experience with pricing, setup cost, and licensing?
Reducing costs is important, especially since Prisma can be expensive. It would be great if it were more affordable.
Although the hardware can be expensive, the quality of Palo Alto Networks NG Firewalls is excellent. While a lower cost would be desirable, we recognize the value of investing in a reliable and effective solution.
Which other solutions did I evaluate?
When we were moving away from SonicWall, we evaluated FortiGate and Meraki's solutions.
In my opinion, I was impressed with FortiGate's system on a chip. It was really fast compared to Palo Alto's, but I think Palo Alto has a better feature set and interface. As for SonicWall, we had several reasons for leaving. Regarding Meraki, I find their management interface not suitable for my needs, and they seem to be more of a consumer-grade or prosumer-grade product.
What other advice do I have?
I am not in a position to comment on the solution's ability to secure data centers consistently across all workplaces, from the smallest office to the largest data centers since I have only used their smaller solutions.
My advice to those who are seeking a firewall solution is not to prioritize the cheapest or the fastest options, as it could be risky. Instead, it is important to invest in the best quality firewall that is within your budget. This is something that I have experienced with Palo Alto Networks, which provides a high-quality solution that is worth the investment.
I would rate Palo Alto Networks NG Firewalls a nine out of ten.
The experience has been amazing, with a few sessions resulting in new services that I can offer my company directly. The best part is that I can do it without having to invest in an expensive tool that costs hundreds of thousands of dollars.
It does impact the purchases we will make throughout the year.
If I can perform 95% of the work at a lower cost, we are unlikely to consider Mandiant and spend a significant amount of money.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Cloud and Data Center Ops at a financial services firm with 201-500 employees
Provide a unified platform that natively integrates all security capabilities
Pros and Cons
- "The most valuable aspect of this solution is pre-sales and post-sales because of the support and relationship building."
- "The solution could be more cost-effective."
What is our primary use case?
We chose Palo Alto Networks NG Firewalls to replace our outdated firewalls.
How has it helped my organization?
The overall security of the organization has been improved.
What is most valuable?
The most valuable aspect of this solution is pre-sales and post-sales because of the support and relationship building.
Palo Alto Networks NG Firewalls provide a unified platform that natively integrates all security capabilities.
The integration of all security capabilities in Palo Alto NG Firewalls provides a unified platform, which is crucial as it reduces complexity.
Having machine learning embedded in the core of the solution for in-line, real-time attack prevention is of great importance to us, it is a top priority.
This is significant because it enables automation, reducing the number of man-hours needed.
When evaluating the ability of Palo Alto Networks NG Firewalls to secure data centers consistently across all workplaces, I would give it a rating of eight out of ten.
By using Palo Alto Networks NG Firewalls, we have been able to decrease our downtime by several hours per month.
What needs improvement?
The solution could be more cost-effective.
For how long have I used the solution?
I have been using Palo Alto Networks NG Firewalls for two years.
What do I think about the stability of the solution?
Palo Alto Networks NG Firewalls is a very stable solution.
What do I think about the scalability of the solution?
Palo Alto Networks NG Firewalls are easily scalable.
Which solution did I use previously and why did I switch?
We previously used Barracuda Networks.
We switched to Palo Alto Networks NG Firewalls after having a bad experience with our previous vendor for firewall solutions.
Palo Alto is more forward-thinking when compared to Barracuda.
How was the initial setup?
I was involved in the initial setup. It was complex in multiple ways.
The solution itself is not a simple solution.
What about the implementation team?
An integrator assisted us with the deployment.
They were helpful and knowledgeable.
What was our ROI?
I have experienced a return on investment with Palo Alto Networks NG Firewalls. One benefit is that there are fewer man-hours required for deployment and maintenance.
What's my experience with pricing, setup cost, and licensing?
That solution's pricing and/or licensing are very convoluted.
What other advice do I have?
Based on my experience with Palo Alto Networks NG Firewalls, if a colleague at another company said they were only looking for the cheapest and fastest firewall, I would not recommend Palo Alto.
I would rate Palo Alto Networks NG Firewalls a nine out of ten.
Attending an RSA conference provides high value and helps us to see the impact of our organization's cybersecurity purchases annually.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Buyer's Guide
Palo Alto Networks NG Firewalls
June 2026
Learn what your peers think about Palo Alto Networks NG Firewalls. Get advice and tips from experienced pros sharing their opinions. Updated: June 2026.
904,680 professionals have used our research since 2012.
Engineering Manager at a security firm with 11-50 employees
Seamless ecosystem integration, user-friendly, with helpful and knowledgeable technical support
Pros and Cons
- "Some of Palo Alto Networks NG Firewalls' valuable features are their powerful capabilities and user-friendliness."
- "The level of control and granularity in terms of rule customization could be enhanced. However, compared to our previous solution, Palo Alto provides much better drill-down capabilities."
What is our primary use case?
Palo Alto Networks NG Firewalls are being used for cloud security in our organization. Along with that, we have implemented SD-WAN, secure access, and XDR. These are the primary firewalls that we have in place.
Essentially, we have almost all of their products across their three suites.
How has it helped my organization?
The previous brand we used had a steeper learning curve for our engineers and analysts compared to Palo Alto, which is easier to use.
We also have an excellent partner in Costa Rica who works with Palo Alto's team there, providing valuable support. Overall, our experience with Palo Alto has been very positive.
What is most valuable?
Some of Palo Alto Networks NG Firewalls' valuable features are their powerful capabilities and user-friendliness.
Our security team has found it easy to learn and obtain the necessary certifications and training from Palo Alto.
Overall, we have had a very positive experience with this suite of solutions, including the training they have provided us.
We like the Palo Alto ecosystem and how its different suites of products integrate seamlessly.
The sharing of information has enhanced our security posture as a company. Overall, our experience with Palo Alto has been very positive.
I believe that It is important that the firewall integrates machine learning to take advantage of all the information that is available, all the data that is available.
You have to integrate machine learning AI and things like that to be able to be a step ahead of the hackers.
Using Palo Alto Networks NG Firewalls, we have experienced zero downtime.
The solution is user-friendly, which is important as it allows us to concentrate on other essential aspects of the company rather than spending time and effort maintaining the solution.
What needs improvement?
The level of control and granularity in terms of rule customization could be enhanced. However, compared to our previous solution, Palo Alto provides much better drill-down capabilities.
It is a solid solution.
For how long have I used the solution?
We have been using Palo Alto Networks NG Firewalls for six years.
What do I think about the stability of the solution?
It is a very solid, stable solution. We haven't had any issues with it, you know when we have to do updates there are no problems whatsoever. it's a very good solution.
What do I think about the scalability of the solution?
Scalability is an important issue. It is very scalable.
We are currently protecting around 11,000 endpoints.
How are customer service and support?
In my experience, I would rate the technical support a ten out of ten.
They are excellent.
How would you rate customer service and support?
Positive
How was the initial setup?
Initially, I was involved in the setup, but then other team members took over and completed the work. In the end, we reviewed and went over the setup together.
What about the implementation team?
We had a lot of support from their local partner So it was very straightforward at the time.
I didn't come across any significant issues, but as engineers, we are always prepared to face challenges.
Nowadays, nothing works as simple as plug-and-play like it used to be. However, we try to reduce the likelihood of issues as much as possible by working closely with project managers and performing thorough preparations beforehand.
Before doing the implementation. It was okay.
What was our ROI?
I believe we have seen a return on investment.
The time we used to spend on various tasks previously has significantly reduced with the implementation of Palo Alto Networks.
The system is very reliable with no downtime, providing us with a sense of security that is important in cybersecurity.
What's my experience with pricing, setup cost, and licensing?
The price of Palo Alto Networks NG Firewalls is high, but it is worth it if you have the budget for it.
Budget is always an important factor in decision-making, but it was within our budget, and we were impressed by what we heard, tested, and experienced with Palo Alto.
It is difficult to know and assume the thought process of others. If they have budget constraints, there may be other manufacturers with a lower price point that would be a good fit. We try to evaluate from different angles, not just the budget, but also the technology and how it will fit with our needs. We look for strong capabilities where necessary, such as with Sophos and WatchGuard for smaller companies.
It can be difficult to know the thought process behind a company's decision when it comes to choosing a firewall solution. Budget constraints may play a role, and there are other manufacturers that offer lower price points, which can be a good option. However, it's important to consider technology and how it fits with the company's needs, as well as the strength of the solution.
Smaller companies like Sophos and WatchGuard also offer solid platforms, and they may be a good fit for those looking for a lower price point. Ultimately, it's important to assess what's important for the company and find a solution that fits those needs, both in terms of functionality and price.
Which other solutions did I evaluate?
Our process for evaluating firewall solutions usually involves consulting Gartner for their feedback, having sessions with our analysts, and focusing on the leading firewall manufacturers.
We evaluated several firewall manufacturers, including Check Point and Fortinet, but ultimately, we as a group decided that Palo Alto was the best fit for us.
The decision was not solely mine but rather made by our managers based on the evaluations and presentations given by each vendor.
We were particularly impressed with Palo Alto's presentation and even visited their headquarters located south of San Francisco. And we just felt comfortable, and it was a good decision.
What other advice do I have?
The RSA sessions have been very informative and enjoyable. Today is actually my last day at the expo, and I've been visiting some of the manufacturers that we already work with as well as some that I want to learn more about. Overall, I think it's been a great experience.
From an engineering standpoint, the expo is a great opportunity to connect with knowledgeable people beyond the marketing façade. It's worth investing time to engage with them, learn about their products and solutions, and find out what they're working on and what's upcoming.
Attending RSA has had a significant impact on our company's cybersecurity purchases for the next year. In fact, I am here with two other colleagues who are actively researching and taking notes on various companies and their offerings. They are gathering valuable information to inform our future purchasing decisions.
We've been coming here for many years now, and we'll not come back. It's a good place to get up to date on what's happening.
I would rate Palo Alto Networks NG Firewalls a ten out of ten.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Cloud Infrastructure Engineer at a energy/utilities company with 10,001+ employees
Allowed for more flexibility in defining rules, as it was based on applications rather than strict port and protocol definitions
Pros and Cons
- "The key aspect of this solution that provides the most value is its next-gen capabilities, which represented a significant change for us."
- "It's too expensive."
What is our primary use case?
We deployed Palo Alto Networks NG Firewalls for inbound and outbound protection, as well as DMC protection, in our data center.
What is most valuable?
The key aspect of this solution that provides the most value is its next-gen capabilities, which represented a significant change for us. Previously, we had been using Check Point.
We switched to this solution due to its advanced next-gen capabilities, which allowed us to create rules based on applications rather than ports or protocols. As a result, the solution became much more relevant to our needs compared to our previous solution.
Palo Alto Networks NG Firewalls allowed for more flexibility in defining rules, as it was based on applications rather than strict port and protocol definitions. This made it easier to adapt to changing needs and configurations.
We were able to automate things using the API. Savings are minimal, but we save a significant amount of time when we deploy rules that we learn when we deploy the policy. Is the process still the same? Perhaps the implementation will take only a few hours or minutes.
We have been exclusively using it for the Next-Gen firewall, MDPN, and remote access for a while.
It integrates the core capabilities into one.
To make it more affordable, we had to separate the integrated features into individual components. The integrated solution was more expensive than when we broke it down into separate components.
For how long have I used the solution?
I have been using Palo Alto Networks NG Firewalls for over five years, and perhaps even as long as ten years.
What do I think about the stability of the solution?
The stability of Palo Alto Networks NG Firewalls is very good.
We have upgraded it several times for additional features, and we have never experienced any crashes or performance issues. Overall, it has been quite stable.
What do I think about the scalability of the solution?
In terms of scalability, the cost is a limiting factor. We can buy a large number of them, but it would not make financial sense for us to do so due to the high cost.
In contrast to the cloud environment where you can scale incrementally and horizontally, in our case, we have to purchase the entire unit. As a result, scaling our responsibilities becomes challenging.
We have around 2,000 compute resources that need protection, so getting a large firewall is necessary to safeguard our environment.
How are customer service and support?
Technical support is very good.
I would rate the technical support an eight out of ten.
F5 and Cloudflare are types of support that were really good. There is no escalation whatsoever. The first person you get to already is the top-notch technical person.
With Palo Alto, you have to escalate, but eventually, you get to a good one.
How would you rate customer service and support?
Positive
How was the initial setup?
The deployment process was easy.
We used a migration tool to transfer from our previous firewall to Palo Alto, and it proved to be quick.
What about the implementation team?
We received support from a Palo Alto sales engineer.
What was our ROI?
While Palo Alto is expensive, it's still the better option compared to the other two vendors that were evaluated since they didn't provide the necessary performance and benefits.
Overall, the expenses for Palo Alto are manageable, and it's worth the investment.
What's my experience with pricing, setup cost, and licensing?
It's too expensive.
Although Palo Alto is a good and fast product, it is not the most affordable option out there, and it may not be the easiest to use.
Which other solutions did I evaluate?
We evaluated Cisco and Fortinet.
During our evaluation process for selecting a firewall vendor, we prioritize performance as the number one factor.
Price range is ranked second in importance.
Other important factors include ease of use, API support, and next-gen features, all of which are used as evaluation criteria. We have previously used Magic Quadrant, but it is important for us to carefully choose our firewall vendor.
What other advice do I have?
Integrating machine learning at the core of Palo Alto Networks NG Firewalls would be highly beneficial. The ability to automatically detect threats without the need to create rule sets manually would be a game changer.
Attending events like RSA is valuable to me because it allows me to explore different vendors and products. Sometimes, I come across new vendors that I haven't heard of before, which is good.
Attending events like RSA can have a significant impact on our company's cybersecurity purchases throughout the year. If we come across a new vendor with a fresh approach to protecting the company or identifying threats, we are definitely interested in exploring their offerings.
I would rate Palo Alto Networks NG Firewalls an eight out of ten.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Manager, Global Security Operations at a non-tech company with 10,001+ employees
Is updated often with the latest threat signatures and secures data centers consistently across all workplaces
Pros and Cons
- "I like that Palo Alto does a good job of keeping the firewall updated with the latest threat signatures."
- "The performance of the Panorama interface needs to be improved. It tends to be very sluggish at times."
What is our primary use case?
As a Security Engineer, I use this solution for protection. I put in additional rules and also use the solution for forensic investigations and to look at traffic logs.
What is most valuable?
I like that Palo Alto Networks does a good job of keeping the firewall updated with the latest threat signatures.
We use Panorama, so we're able to manage an entire array of firewalls in one console. It's really useful because we can make one change and deploy it to all of our firewalls.
Palo Alto Networks NG Firewalls do a great job at providing a unified platform that natively integrates all security capabilities. For example, we can easily export our firewall logs into our SIEM. We have so many tools to manage that having a unified platform makes our job easier.
This firewall is great at securing data centers consistently across all workplaces.
We have high availability, and Palo Alto Networks NG Firewalls helped reduce downtime.
What needs improvement?
The performance of the Panorama interface needs to be improved. It tends to be very sluggish at times.
For how long have I used the solution?
I've been using Palo Alto Networks NG Firewalls for five years.
What do I think about the stability of the solution?
I have not heard of any complaints or issues regarding the stability of the firewalls.
What do I think about the scalability of the solution?
We can easily add nodes into Panorama with no problem. As such, scalability is not an issue. We have an enterprise environment with approximately 15,000 users in multiple countries.
How are customer service and support?
I haven't had to call technical support, but my colleagues have. They've always spoken positively about the experience and would probably rate the technical support an eight out of ten.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
My organization used Cisco Secure Firewall ASA and switched to Palo Alto Networks NG Firewalls because Cisco was lagging behind in many features. For example, the management interface on the ASAs was awful compared to that in the NG Firewalls.
What was our ROI?
We have absolutely seen an ROI in the fact that we haven't ended up in the news. We can look at any time and see all the threats that have been stopped by Palo Alto Networks NG Firewalls.
What other advice do I have?
If you are looking for the cheapest and fastest firewall, I would say that it's a risky angle to take. Security costs money, and you'll get what you pay for.
The benefits I receive from attending an RSA conference are networking, meeting people and having conversations face-to-face, making contacts in the industry, getting suggestions about products, and attending briefings about specific products.
Also, attending RSAC can have an impact on your organization’s cybersecurity purchases because you may find out about products that you hadn't heard of before.
Overall, I would rate Palo Alto Networks NG Firewalls an eight on a scale from one to ten.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
CISO at a comms service provider with 51-200 employees
It offers better Layer 7 protection than competing solutions and it's easier to deploy
Pros and Cons
- "Palo Alto offers better Layer 7 protection than competing solutions by Cisco and Fortinet. I also like the VPN client more. The interface is simple, so administrators can deploy and configure it much faster than other firewalls"
- "The first level of support will usually do nothing for you. If you're an IT company, you're not looking for level one support. You need to escalate. Other vendors have a direct support line for enterprise clients, but not Palo Alto."
What is our primary use case?
I use NG Firewalls for perimeter defense.
How has it helped my organization?
We've seen better throughput compared to our previous firewall. End-users are happier with their connections through Palo Alto.
What is most valuable?
Palo Alto offers better Layer 7 protection than competing solutions by Cisco and Fortinet. I also like the VPN client more. The interface is simple, so administrators can deploy and configure it much faster than other firewalls. The interoperability with other vendors is excellent. We can connect Palo Alto firewalls to all our other solutions.
What needs improvement?
I would like to see more artificial intelligence. However, that is going beyond firewalls to products like Prisma. Palo Alto has those features in an entirely different ecosystem. It isn't a problem. Machine learning is valuable, but I rely more on threat intel.
For how long have I used the solution?
I have been using Palo Alto's solutions since 2014.
What do I think about the stability of the solution?
I rate Palo Alto NG Firewalls a nine out of ten for stability. We have had zero downtime except for scheduled maintenance. The firewalls are in a cluster that never goes down.
What do I think about the scalability of the solution?
The scalability is excellent because you can always purchase a bigger firewall as you grow.
How are customer service and support?
I rate Palo Alto's support a seven out of ten. It is good overall but worse in some regions. The first level of support will usually do nothing for you. If you're an IT company, you're not looking for level-one support. You need to escalate. Other vendors have a direct support line for enterprise clients, but not Palo Alto.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
Palo Alto has a better interface and integration with other solutions than competing vendors. The only drawback is the price. Go with FortiGate if you're looking for a firewall that is cheap and decent. If you can't afford Palo Alto, FortiGate is the next cheapest.
How was the initial setup?
We can deploy Palo Alto firewalls faster and easier than most other solutions. We assess the traffic, buy the appropriate size, and implement it.
What was our ROI?
Palo Alto firewalls are expensive, but they're worth what we pay.
What other advice do I have?
I rate Palo Alto NG Firewalls a nine out of ten. Technical support has some room for improvement, and there are several minor issues that aren't worth mentioning.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Network administrator at a educational organization with 201-500 employees
A comfortable and easy to use solution with a helpful URL filtering feature
Pros and Cons
- "There are many valuable features within the solution. This includes security, a user-friendly firewall, antivirus, and global protection."
- "The VPN has room for improvement."
What is our primary use case?
We use the solution to protect our network environment. We use three versions: 230, 440, and 820.
How has it helped my organization?
Palo Alto Networks NG Firewalls embed machine learning into the core of the firewall to provide real-time attack prevention, which is wonderful.
We check the machine learning logs to secure our networks against threats that are able to evolve more rapidly.
I find the solution to be comfortable and easy to use. While I cannot completely authenticate my devices, I am able to distinguish between private devices and use them for authentication in some way, which is very helpful. The URL filtering feature is also helpful and I am very satisfied with the firewall delivery.
Palo Alto Networks NG Firewalls provide a unified platform that natively integrates all our security capabilities through Cortex XDR.
I give the solution's single-pass architecture for performance and security an eight out of ten.
What is most valuable?
There are many valuable features within the solution. This includes security, a user-friendly firewall, antivirus, and global protection.
Palo Alto Networks NG Firewalls' documentation, features, and user-friendliness are excellent.
What needs improvement?
The VPN has room for improvement.
For how long have I used the solution?
I have been using the solution for two and a half years.
What do I think about the stability of the solution?
For the most part, the stability is good but we sometimes face problems with the VPN connections.
What do I think about the scalability of the solution?
The solution is scalable. We have 150 people that use the solution.
How are customer service and support?
We often don't have to open a ticket as the documentation provided is usually comprehensive, and we can usually resolve most issues on our own. The one time I submitted a ticket, the technical support was not able to resolve the issue.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I previously used Forcepoint Next-Generation Firewall which is cheaper than Palo Alto Networks NG Firewalls but I prefer Palo Alto because it is user-friendly and supports more devices and features.
How was the initial setup?
I was not involved in the initial setup but I did migrate the 820 to the 440 and it was straightforward. The migration took a few hours.
What's my experience with pricing, setup cost, and licensing?
Palo Alto Networks NG Firewalls are expensive.
There is an additional cost for support.
What other advice do I have?
I give the solution nine out of ten.
The maintenance consists of regular updates only.
Currently, we do not use Palo Alto Networks NG Firewalls across our entire network but we have plans to extend them in the future.
I recommend Palo Alto Networks NG Firewalls to others.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Consultant at PT. Mitra Integrasi Informatika
Provides a layer 7 firewall and allows us to make rules to filter the application layer of traffic
Pros and Cons
- "The most important feature is the firewall. We can make rules to filter the application layer of traffic. It's a very helpful feature."
- "I would like to see more integration."
What is our primary use case?
We are resellers. We're testing this solution in our network and learning about the scalability, how to set up the firewall, and the rules. It's a layer 7 firewall, so we want to know about the capabilities and detection.
The solution is deployed on-premises.
What is most valuable?
The most important feature is the firewall. We can make rules to filter the application layer of traffic. It's a very helpful feature.
The interface is user-friendly. It minimizes clicks and the need to type comments. With the GUI, we just have to drag and drop. It's quite helpful. For those who don't have a lot of experience with Palo Alto, there's a lot of good documentation.
The machine learning is very good. From our tests, the detection is quite good. I would rate the machine learning a nine out of ten.
What needs improvement?
I would like to see more integration.
For how long have I used the solution?
I have used this solution for about eight months.
I'm a consultant and appliance tester. My job is to test the network and know how it works.
What do I think about the stability of the solution?
The stability is good.
What do I think about the scalability of the solution?
I don't know about the scalability because we only have one appliance, which we haven't upgraded.
How are customer service and support?
I haven't contacted technical support, but all of the answers to my questions are available in the documentation.
Which solution did I use previously and why did I switch?
We previously used Fortinet.
How was the initial setup?
The installation is straightforward. It's just a simple button. The deployment took less than two hours.
We used four people for testing the capabilities and for the deployment. There were also three or four people outside my team who were involved.
What other advice do I have?
I would rate this solution a nine out of ten.
To those who are interested in using this solution, what I would first say is that Palo Alto is a leader in Gartner. I would give them recommendations about the technical side, what we have done in our testing, the protection rate, the benefits, and how quickly and accurately the firewall can detect threats.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer. Reseller
Chief Data Center Operations at a government with 10,001+ employees
Video Review
Makes it easier for tier-two staff to get involved in deeper root cause analysis
Pros and Cons
- "Security is the biggest thing nowadays, including threat response, incident response, and root cause. We found that a lot of the logging and dashboard capabilities offered by Palo Alto fill the missing skill gap that you run up against. It makes it easier for our tier-two staff to get involved in some of the deeper root cause analysis. The dashboards, logs, and reports make it easier for our staff to dive right in and not get lost in what tools they should use. It's easy because they're all right there."
- "As part of our internet filtering, we integrate heavily with Active Directory, and we use security groups to separate staff into two groups: those who should have full access to the internet and those who should have limited access. It may be just the way the topology is for our domain controllers and that infrastructure, but at peak usage, there seems to be a delay in reading back against the security group to find out what group the user is in."
How has it helped my organization?
This solution helps us standardize. We have a presence in the Americas, the Pacific, and Europe and have to manage three firewalls. The previous solution made it difficult to standardize, but with Palo Alto Networks NG Firewalls, it's a little simpler. It just makes it a pleasant experience overall.
What is most valuable?
Security is the biggest thing nowadays, including threat response, incident response, and root cause. We found that a lot of the logging and dashboard capabilities offered by Palo Alto fill the missing skill gap that you run up against. It makes it easier for our tier-two staff to get involved in some of the deeper root cause analysis. The dashboards, logs, and reports make it easier for our staff to dive right in and not get lost in what tools they should use. It's easy because they're all right there.
Our firewall engineers like the automations that are involved with the firewall rules. For example, we integrate with Azure, and Azure constantly updates the IP addresses for their whitelists. There are hundreds. With the previous solution that we had, our firewall administrators had to hand-jam a lot of their IP addresses, so it became more of a deterrent to manage the firewall because of the overhead involved. Now that it's automated with Palo Alto Networks NG Firewalls, they've been more apt to use the tool than they did previously.
It allows our firewall administrators to speak more confidently when we have an incident response. When they detail their root cause analysis and possibly what the problem is, the leadership receives that information with a little more confidence, and it's a little more palatable. This makes our lives easier when dealing with an incident response.
From a leadership perspective, the reports are genuine, palatable, and easy to understand. They allow me to make logical leaps.
There are servers that go along with Palo Alto, at least for the identity management part. We chose to use a Windows platform, so the only maintenance involved is the patching of the servers and then the occasional agent upgrade for the servers. Palo Alto versions would need to be upgraded as well, along with security patches.
For the most part, we don't see it as a lot of overhead in terms of maintenance. We try to have a maintenance weekend each month for our network team, in addition to a patch maintenance weekend for our system administrators. Overall, we really haven't had to patch.
What needs improvement?
As part of our internet filtering, we integrate heavily with Active Directory, and we use security groups to separate staff into two groups: those who should have full access to the internet and those who should have limited access. It may be just the way the topology is for our domain controllers and that infrastructure, but at peak usage, there seems to be a delay in reading back against the security group to find out what group the user is in.
For how long have I used the solution?
We've been using it for roughly five years.
It's deployed on-premises, but we are presently moving into Azure, so we are looking at the Palo Alto appliances for that environment as well.
What do I think about the stability of the solution?
Stability-wise, we have three regions in which we use Palo Alto, and we are not pegging the resources for these boxes at all. They're meeting and exceeding our expectations in terms of stability, but we're definitely not pushing them to the limit.
What do I think about the scalability of the solution?
In terms of the scalability of the appliance itself, there are some licenses that you can upgrade where you don't have to bolt on any hardware. You may have to upgrade a module. The supporting appliances are VMs that we stand up in the data center, and those handle more of the identity management pieces of the Palo Alto solution.
How are customer service and support?
Palo Alto's technical support has been great. We recently had an issue with DNS where we were having difficulties tracking where an endpoint was making DNS requests. We got a little lost in some of the admin consoles for Palo Alto. We opened a service request, the call was returned within two hours, and an administrator from Palo Alto stayed on the phone with our engineers for about three hours and really helped us by generating some unique queries.
I would rate technical support an eight out of ten with respect to the engineers. They've been very responsive and quick. They have always followed up within the timeframe that Palo Alto said that they would.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We switched because of the end of life in a hardware's life cycle. With us moving into the cloud and having a much larger endpoint presence, we wanted something that was a little more robust. We also had fewer head counts for our firewall or network administrator staff. So, we wanted a tool that we could access easily and not have such a large training curve. We went with Palo Alto Networks NG Firewalls because it made a little more sense for us.
What was our ROI?
In terms of ROI, protecting our customers is obviously number one. The implementation of our previous solution required agents to be installed on all our endpoints. That was a little more difficult because we have a large number of endpoints globally. The administrative overhead to manage the updates for those agents was not favorable.
Palo Alto Networks NG Firewalls allowed us to rely more on the existing infrastructure, Active Directory, to help us with identity management and security groups. It has made it simpler to manage.
Which other solutions did I evaluate?
We evaluated two other options.
The sales team that assisted us with refining our requirements and explaining some of the new feature sets that are coming out helped us see that some of our requirements were no longer needed. It really helped us to learn more about the service that we were looking for, and Palo Alto just made it an easier discussion for us.
What other advice do I have?
I recommend fully engaging Palo Alto's sales team. They're very knowledgeable and very friendly. We have three regions, PAC, Europe, and the Americas, and time zones and the quality of support always come into question when you're spread out. We haven't seen any gaps no matter what time zone we had a problem with in terms of sales and post-support. It has been great all the way around.
Overall, I would give Palo Alto Networks NG Firewalls a rating of eight on a scale of one to ten.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Specialized Engineering Services at Netcontroll
Provides good protection, integrates with Active Directory, and allows us to manage VPNs inside the firewall
Pros and Cons
- "The trackability is most valuable. When a port is open for a protocol, such as port 443 for HTTPS, it can look inside the traffic and identify or verify the applications that are using the port, which was previously not possible with traditional firewalls."
- "Palo Alto NGFW provides a unified platform that natively integrates all security capabilities."
- "We use ACC which is a tool for verifying the activity or traffic within your network. Currently, in ACC, the time of the samples that they offer is about five minutes. When you try to go down to a shorter duration, you can't. You only have five minutes. They can provide samples for shorter durations, such as one minute."
What is our primary use case?
Generally, it is used for the main function of the firewall. It protects the applications and the servers of clients from attacks. We use it as a perimeter firewall for the traffic from the internet, and it is also being used because one of the customers needed a solution for PCI compliance. We have put the firewall between servers inside the network to do segmentation. So, with the firewalls, specific communication is open between the clients and the servers, between the servers, and between the servers, applications, and the database.
We have PA-5000 and PA-850 series firewalls. In terms of the version, we are using version 9.1, which is not the most recent version. It is the previous one. We manage all firewalls from Panorama.
How has it helped my organization?
The most important benefit is that we can manage VPNs inside this firewall. We have integrated it with Active Directory. We provide a certificate to a user, and the user of the certificate can connect with the GlobalProtect VPN, which is a Palo Alto solution. With this solution, we can easily manage about 1,000 VPNs daily. It supports integration with Active Directory, and it is very easy for us to manage the VPNs. Before using Palo Alto Next-Generation firewalls, there was another solution, and we had a lot of issues with that.
Palo Alto NGFW provides a unified platform that natively integrates all security capabilities. Our main customer is going for PCI certification, and a part of the certification requires the use of these kinds of firewalls to protect all the information that they have.
Palo Alto NGFW’s unified platform helped to eliminate security holes and protect from various threats.
We have firewalls that automatically update the signatures every 15 minutes. It is very important for us because if something happens, we know that the threat will be eliminated because the firewall is updated to the latest signatures.
What is most valuable?
The trackability is most valuable. When a port is open for a protocol, such as port 443 for HTTPS, it can look inside the traffic and identify or verify the applications that are using the port, which was previously not possible with traditional firewalls.
It is very important that Palo Alto NGFW embeds machine learning in the core of the firewall to provide inline, real-time attack prevention. If something is different, the firewall identifies that based on the behavior of the traffic and alerts us. It can also block that so that nothing more happens.
We use Panorama to manage all firewalls. There is a dashboard, and there is a tab that shows you the real-time traffic that is passing through the firewall. We are able to get all the insights about the traffic.
What needs improvement?
We use ACC which is a tool for verifying the activity or traffic within your network. Currently, in ACC, the time of the samples that they offer is about five minutes. When you try to go down to a shorter duration, you can't. You only have five minutes. They can provide samples for shorter durations, such as one minute.
For how long have I used the solution?
I have been using this solution for eight years.
What do I think about the scalability of the solution?
In terms of usage, all the traffic is passing from these firewalls. In general, there are about 3,000 users and 1,000 servers. All the traffic travels through these firewalls. At this moment, there are no plans to increase its usage.
When we were migrating from one model to another, Palo Alto gave us a chance to replace the hardware because the previous model was old, and there was no support. We were able to acquire a new box at the same price that we would have had to pay to repair and maintain it.
How are customer service and support?
There is another person that is in charge of that. Their support is only in English, which has been challenging, but now, we have engineers who can talk in English.
How was the initial setup?
It wasn't easy because we were migrating from Check Point to Palo Alto. It was difficult at the beginning, but after that it was easy. Overall, the implementation took us three months because we could only do it in certain time windows. It was implemented in phases.
There were some applications that didn't work fine in the beginning. We had to see what was happening and identified the issue.
What about the implementation team?
In the beginning, we used Palo Alto, but after that, we did everything in-house. The support from Palo Alto was fine. Their support person helped us. We are in Mexico, and he helped in translating the support information from English to Spanish in the beginning. We had a few big issues, but in the end, we solved all of them. Now, I can operate these firewalls.
What's my experience with pricing, setup cost, and licensing?
Its price is comparable to other companies. The license is on a one-year or three-year basis. It depends on the customers what they want to go for. There are some features that require an additional license, and there is also the cost of the support.
What other advice do I have?
I would recommend this solution. It is a good solution. I would rate it a nine out of ten.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partner
Buyer's Guide
Download our free Palo Alto Networks NG Firewalls Report and get advice and tips from experienced pros
sharing their opinions.
Updated: June 2026
Product Categories
FirewallsPopular Comparisons
Fortinet FortiGate
Netgate pfSense
Sophos Firewall
Cisco Secure Firewall
WatchGuard Firebox
Check Point Harmony SASE (formerly Perimeter 81)
Check Point Quantum Force (NGFW)
Cisco Meraki MX
Check Point Cloud Firewall (formerly CloudGuard Network Security)
Azure Firewall
Palo Alto Networks VM-Series
Fortinet FortiGate-VM
SonicWall TZ
Juniper SRX Series Firewall
Buyer's Guide
Download our free Palo Alto Networks NG Firewalls Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Is Palo Alto the best firewall for an on-premise/cloud hybrid IT network?
- What are the main differences between Palo Alto and Cisco firewalls ?
- Expert Opinion on Palo-Alto Required.
- Which is the best IPS - Cisco Firepower or Palo Alto?
- Features comparison between Palo Alto and Fortinet firewalls
- Is Palo Alto Networks NG Firewalls better than Check Point NGFW?
- What are the main differences between Palo Alto firewalls and Cisco Secure Firepower?
- Which is better - Palo Alto Networks NG Firewalls or Sophos XG?
- What is a better choice, Azure Firewall or Palo Alto Networks NG Firewalls?
- Which Palo Alto Networks NG Firewalls model is recommended for 1200 users?













