Palo Alto Networks NG Firewalls Reviews

We use Palo Alto Networks NG Firewalls for security purposes and to mitigate risk.

Palo Alto Networks NG Firewalls enabled us to have better visibility overall.

The inline, real-time attack prevention provided by embedded machine learning is not bad.

Also, the firewalls are moderate in terms of securing data centers consistently across all workplaces, i.e., from the smallest office to the largest data centers.

We have been able to reduce downtime because we have better visibility. We're faster and can act preemptively.

Palo Alto Networks NG Firewalls do not provide a unified platform that natively integrates all security capabilities.

Customer support could be improved.

I've been using this solution for about one year.

Palo Alto Networks NG Firewalls are stable.

The firewalls' scalability is good.

I would rate Palo Alto's network support a six out of ten.

Neutral

We have seen a slight ROI, enough to justify the cost of the solution.

The cost is steep, but most firewalls cost a lot.

If you're looking for the cheapest and fastest firewall, I would not recommend Palo Alto NG Firewalls.

Overall, I would rate Palo Alto Networks NG Firewalls an eight out of ten.

I place a high value on attending the RSA Conference. I get a lot out of it because I'm able to learn about up-and-coming companies. I can see what options are available, whether someone's doing it better, and if I can get a cheaper option.

Attending RSAC does have an impact on my organization’s cybersecurity purchases made throughout the year.

We use Palo Alto Networks NG Firewalls for segmentation and basic routing. They are the gatekeepers for the network.

I like being able to investigate anonymous VPNs and also like to use traffic-capturing features. We've had some anonymous VPNs coming to our network, and we're trying to make sure that internal users are not able to use those to get past our security.

Palo Alto Networks NG Firewalls have a very nice interface for logging and monitoring. I find it easy to navigate and use, and the interface is organized as well. I can find answers within a couple of hours and have seen time savings.

We have Azure firewalls that are licensed through Palo Alto. It's super important that Palo Alto Networks NG Firewalls provide a unified platform that natively integrates all security capabilities because we are moving almost entirely to Azure. Thus, the more Azure integration we have, the better it's going to be for us long term.

These firewalls have been efficient at securing data centers consistently across all workplaces.

We haven't had many downtime issues with Palo Alto.

The customer-facing side needs to be improved in terms of the engagement and involvement of support staff.

My first exposure to this solution was about a year and a half ago.

The firewalls are relatively stable. We have a few that go up and down, but that has more to do with licensing issues than with the firewall itself.

Technical support needs to be improved with regard to the time to respond and the response itself. We've been getting the same responses over and over again. It would help us out a lot if the technical support staff were more engaged or involved.

From what I've heard from our firewall engineer, I would rate technical support a four out of ten.

Neutral

We utilize GlobalProtect and have seen a better return on investment with regard to security and peace of mind.

Licensing is a big issue for us because of the complexity and the lack of engagement from Palo Alto. It has been hard to talk with them as we don't get the best answers.

We are always evaluating other vendors and are currently looking at Cisco. Though both Palo Alto and Cisco firewalls are feature-rich and provide very good value, Cisco is better at customer engagement. They are easier to talk to as well.

Palo Alto Networks NG Firewalls are not the cheapest and fastest, but they are one of the top ones in terms of the most effective firewalls.

Overall, I would rate NG Firewalls an eight out of ten. They're definitely a top competitor.

I love the opportunity to see technical demos and take hands-on tours with some of the products at RSA conferences. They are the best part because I get to learn and gain exposure to new technology. It is particularly helpful when we want to look at other avenues.

Palo Alto Networks NG Firewalls are being used for cloud security in our organization. Along with that, we have implemented SD-WAN, secure access, and XDR. These are the primary firewalls that we have in place.

Essentially, we have almost all of their products across their three suites.

The previous brand we used had a steeper learning curve for our engineers and analysts compared to Palo Alto, which is easier to use. 

We also have an excellent partner in Costa Rica who works with Palo Alto's team there, providing valuable support. Overall, our experience with Palo Alto has been very positive.

Some of Palo Alto Networks NG Firewalls' valuable features are their powerful capabilities and user-friendliness. 

Our security team has found it easy to learn and obtain the necessary certifications and training from Palo Alto.

Overall, we have had a very positive experience with this suite of solutions, including the training they have provided us.

We like the Palo Alto ecosystem and how its different suites of products integrate seamlessly. 

The sharing of information has enhanced our security posture as a company. Overall, our experience with Palo Alto has been very positive.

I believe that It is important that the firewall integrates machine learning to take advantage of all the information that is available, all the data that is available.

You have to integrate machine learning AI and things like that to be able to be a step ahead of the hackers.

Using Palo Alto Networks NG Firewalls, we have experienced zero downtime.

The solution is user-friendly, which is important as it allows us to concentrate on other essential aspects of the company rather than spending time and effort maintaining the solution.

The level of control and granularity in terms of rule customization could be enhanced. However, compared to our previous solution, Palo Alto provides much better drill-down capabilities.

It is a solid solution.

We have been using Palo Alto Networks NG Firewalls for six years.

It is a very solid, stable solution. We haven't had any issues with it, you know when we have to do updates there are no problems whatsoever. it's a very good solution.

Scalability is an important issue. It is very scalable.

We are currently protecting around 11,000 endpoints.

In my experience, I would rate the technical support a ten out of ten.

They are excellent.

Positive

Initially, I was involved in the setup, but then other team members took over and completed the work. In the end, we reviewed and went over the setup together.

We had a lot of support from their local partner So it was very straightforward at the time.

I didn't come across any significant issues, but as engineers, we are always prepared to face challenges. 

Nowadays, nothing works as simple as plug-and-play like it used to be. However, we try to reduce the likelihood of issues as much as possible by working closely with project managers and performing thorough preparations beforehand.

Before doing the implementation. It was okay.

I believe we have seen a return on investment.

The time we used to spend on various tasks previously has significantly reduced with the implementation of Palo Alto Networks. 

The system is very reliable with no downtime, providing us with a sense of security that is important in cybersecurity.

The price of Palo Alto Networks NG Firewalls is high, but it is worth it if you have the budget for it. 

Budget is always an important factor in decision-making, but it was within our budget, and we were impressed by what we heard, tested, and experienced with Palo Alto.

It is difficult to know and assume the thought process of others. If they have budget constraints, there may be other manufacturers with a lower price point that would be a good fit. We try to evaluate from different angles, not just the budget, but also the technology and how it will fit with our needs. We look for strong capabilities where necessary, such as with Sophos and WatchGuard for smaller companies.

It can be difficult to know the thought process behind a company's decision when it comes to choosing a firewall solution. Budget constraints may play a role, and there are other manufacturers that offer lower price points, which can be a good option. However, it's important to consider technology and how it fits with the company's needs, as well as the strength of the solution. 

Smaller companies like Sophos and WatchGuard also offer solid platforms, and they may be a good fit for those looking for a lower price point. Ultimately, it's important to assess what's important for the company and find a solution that fits those needs, both in terms of functionality and price.

Our process for evaluating firewall solutions usually involves consulting Gartner for their feedback, having sessions with our analysts, and focusing on the leading firewall manufacturers.

We evaluated several firewall manufacturers, including Check Point and Fortinet, but ultimately, we as a group decided that Palo Alto was the best fit for us. 

The decision was not solely mine but rather made by our managers based on the evaluations and presentations given by each vendor. 

We were particularly impressed with Palo Alto's presentation and even visited their headquarters located south of San Francisco. And we just felt comfortable, and it was a good decision.

The RSA sessions have been very informative and enjoyable. Today is actually my last day at the expo, and I've been visiting some of the manufacturers that we already work with as well as some that I want to learn more about. Overall, I think it's been a great experience.

From an engineering standpoint, the expo is a great opportunity to connect with knowledgeable people beyond the marketing façade. It's worth investing time to engage with them, learn about their products and solutions, and find out what they're working on and what's upcoming.

Attending RSA has had a significant impact on our company's cybersecurity purchases for the next year. In fact, I am here with two other colleagues who are actively researching and taking notes on various companies and their offerings. They are gathering valuable information to inform our future purchasing decisions.

We've been coming here for many years now, and we'll not come back. It's a good place to get up to date on what's happening.

I would rate Palo Alto Networks NG Firewalls a ten out of ten.

As a Security Engineer, I use this solution for protection. I put in additional rules and also use the solution for forensic investigations and to look at traffic logs.

I like that Palo Alto Networks does a good job of keeping the firewall updated with the latest threat signatures.

We use Panorama, so we're able to manage an entire array of firewalls in one console. It's really useful because we can make one change and deploy it to all of our firewalls.

Palo Alto Networks NG Firewalls do a great job at providing a unified platform that natively integrates all security capabilities. For example, we can easily export our firewall logs into our SIEM. We have so many tools to manage that having a unified platform makes our job easier.

This firewall is great at securing data centers consistently across all workplaces.

We have high availability, and Palo Alto Networks NG Firewalls helped reduce downtime.

The performance of the Panorama interface needs to be improved. It tends to be very sluggish at times.

I've been using Palo Alto Networks NG Firewalls for five years.

I have not heard of any complaints or issues regarding the stability of the firewalls.

We can easily add nodes into Panorama with no problem. As such, scalability is not an issue. We have an enterprise environment with approximately 15,000 users in multiple countries.

I haven't had to call technical support, but my colleagues have. They've always spoken positively about the experience and would probably rate the technical support an eight out of ten.

Positive

My organization used Cisco Secure Firewall ASA and switched to Palo Alto Networks NG Firewalls because Cisco was lagging behind in many features. For example, the management interface on the ASAs was awful compared to that in the NG Firewalls.

We have absolutely seen an ROI in the fact that we haven't ended up in the news. We can look at any time and see all the threats that have been stopped by Palo Alto Networks NG Firewalls.

If you are looking for the cheapest and fastest firewall, I would say that it's a risky angle to take. Security costs money, and you'll get what you pay for.

The benefits I receive from attending an RSA conference are networking, meeting people and having conversations face-to-face, making contacts in the industry, getting suggestions about products, and attending briefings about specific products.

Also, attending RSAC can have an impact on your organization’s cybersecurity purchases because you may find out about products that you hadn't heard of before.

Overall, I would rate Palo Alto Networks NG Firewalls an eight on a scale from one to ten.

We are resellers. We're testing this solution in our network and learning about the scalability, how to set up the firewall, and the rules. It's a layer 7 firewall, so we want to know about the capabilities and detection.

The solution is deployed on-premises.

The most important feature is the firewall. We can make rules to filter the application layer of traffic. It's a very helpful feature.

The interface is user-friendly. It minimizes clicks and the need to type comments. With the GUI, we just have to drag and drop. It's quite helpful. For those who don't have a lot of experience with Palo Alto, there's a lot of good documentation.

The machine learning is very good. From our tests, the detection is quite good. I would rate the machine learning a nine out of ten.

I would like to see more integration.

I have used this solution for about eight months.

I'm a consultant and appliance tester. My job is to test the network and know how it works.

The stability is good.

I don't know about the scalability because we only have one appliance, which we haven't upgraded.

I haven't contacted technical support, but all of the answers to my questions are available in the documentation.

We previously used Fortinet.

The installation is straightforward. It's just a simple button. The deployment took less than two hours.

We used four people for testing the capabilities and for the deployment. There were also three or four people outside my team who were involved.

I would rate this solution a nine out of ten. 

To those who are interested in using this solution, what I would first say is that Palo Alto is a leader in Gartner. I would give them recommendations about the technical side, what we have done in our testing, the protection rate, the benefits, and how quickly and accurately the firewall can detect threats.

It is on-prem. We wanted to implement a multiple architecture for our network security. That is why we looked at the Palo Alto product. It is famous for its multi-layer security architecture and firewall.

There are five users: two senior expert administrators and one junior administrator from our data center team and two security engineers from our security team.

It has a solid network security with some robust tools. We can block unexpected attacks, especially zero-day attacks. Since they use the Pan-OS engine, they can collect attacks from all over the world and analyze them. They can then protect against zero-day attacks and unexpected attacks.

There are regular signature updates. You are filtering your objects from external sources. It has also helped to prevent external attacks more quickly. We have the solution enabled to prevent SQL injection attacks.

Palo Alto blocks loopholes where we cannot fix all our vulnerabilities, providing protection.

With secure application enablement, we can protect against application ID. 

Another feature is its malware detection and prevention. DNS Security filters URLs, blocks malicious domains, and provides signature-based protection. They also have Panorama security. We prefer Palo Alto Networks for our parameter security because of these features.

It is not like a traditional firewall. It has sophisticated technology that uses machine learning against cyber attacks, preventing them.

The DNS Security feature is capable of proactively detecting and blocking malicious domains, which are a headache because you can never filter enough. Malicious domains increase in number everyday. That is why using machine learning is a perfect solution for preventing these types of malicious domain attacks.

We don't have to use other advanced technologies due to the solution's UTM capabilities, such as antivirus, anti-spam, and anti-spyware.

With its single-pass technology, the firewalls are capable of analyzing SSL traffic using less CPU and memory.

I would like them to improve their GUI interface, making it more user-friendly.

I would like the dashboard to have real-time analytics.

We have been using it for almost three years.

Compared to other solutions, it is very stable.

The technical support is perfect. I would rate them as nine out of 10.

Positive

Before 2008, we used only core firewall architecture for our network. Then, we needed to enhance our security as we moved toward the cloud. We needed to protect our network from external threats so we decided to go with multi-layer architecture. 

We use several products: Palo Alto, Checkpoint, and three products. Among those products, Palo Alto's performance and product security features are very good. 

We only used Juniper firewalls for our core Firewall. We switched because we wanted to move to a multi-layer architecture.

The initial setup was straightforward. The initial configuration took one to two hours. You need to configure the policies and features. Since we had to do performance tuning, it took us two to three weeks.

It is very easy to deploy. It needs two network engineers.

It is a good investment with the five-year extended support. You don't have to pay any additional costs for five years. You also save on costs because you don't need to purchase other products or technology to manage attacks. That can all be done from Palo Alto. We have seen a 20% to 30% return on investment.

Compared to other products, the pricing is flexible and reasonable. 

We did a PoC with several products, then we selected Palo Alto for its enhanced security features and multi-layer aspects. We also selected it for its speed and performance. Performance doesn't slow down when analyzing SSL traffic.

We are currently using a single firewall architecture. Next year, we will probably move to a dual firewall architecture.

I would recommend Palo Alto Networks NGFW, especially for parameter-level security.

I would rate the product as 10 out of 10.

We use the solution for IPS. Palo Alto's firewall is really good compared to firewalls like FortiGate, Cisco, or any other competitor.

We're able to monitor traffic based on the source destination and geolocation. The firewall allows us to restrict user access. For example, we have restricted user access to the chat feature on Facebook.

There are about 170 total users on the client side. On the administrative side, we have two or three people.

We're using version PA-200. The solution is deployed on-premises.

We reduced access to unwanted websites by 80%. It allows us to optimize user efficiency. For example, I have restricted the calling feature on LinkedIn, so people can still use LinkedIn, but they aren't able to dial out or receive calls.

We restricted social media sites so that only basic features can be used. The monitoring functionality allows us to see which users are using which websites,  the frequency, and the level of usage. It improves the network monitoring in our organization and gives us the required control level to restrict user access.

Palo Alto Next-Gen Firewall has Panorama, which is a unified platform that natively integrates all security capabilities, but I haven't worked with it yet.

The unified platform gives us more visibility and restricts unwanted guests and unwanted traffic. It gives us more insight into network traffic so that we can analyze it.

It helps eliminate multiple network security tools and the effort needed to get them to work together. Previously, I used other network monitoring tools for bandwidth monitoring. Now, the security features and wireless detection are in a single platform, so it definitely reduces the need for multiple platforms.

It has affected our network operations and network-related costs, but it's not the main benefit. The main benefit is the visibility and not having to maintain or manage multiple platforms. It's a bit costly because it has a lot of features, and each feature has a cost. It's important to do a cost-benefit analysis and know the requirements of your organization. We don't have to manage five to seven platforms and we're getting all the information in a single platform, so we can compromise a little bit on the cost side.

The packet level inspection is the most valuable feature. The traffic restriction features allow us to restrict the sub-features of any platform.

I really like the security aspects. That's why it's highly rated on Gartner. The antivirus definitions, updates, and malware detection are pretty good.

It embeds machine learning in the core of the firewall to provide inline real-time attack prevention, which is a very nice feature. It's part of the add-on services subscription. The autonomous behavior toward malware and potential risk is pretty good. 

Machine learning is really good to have. We received some false positives with machine learning, which was the main problem we had with it.

It's very important to me that the solution integrates natively with security solutions. Inside attacks are very rare. Most attacks are generated from the outside or from a public site, so having Palo Alto is really important on a public site.

Palo Alto is like Microsoft. It has varied features, but it's too technical. A lot of the features could be simplified. The procedure, process, features, and usability could be more simple.

It's too complex and sometimes the process to implement a single thing is hectic.

I have been using this solution for about eight months.

The solution is stable.

It's scalable. If you use the virtual solution, you may need to change the subscription.

I haven't directly worked with Palo Alto's technical support, but their community logs have been really helpful and we can find the answer to almost anything. The documentation is good.

We previously used Fortinet and Cisco.

We switched to Palo Alto because it's an all-in-one solution. We were attracted by its level of detection, level of monitoring, and level of packageable inspection.

The setup is straightforward. Deployment took a week. 

I haven't used it inline directly. First, I did a port mirror. Once I was fully satisfied with the level of detection, I put all of my traffic through it.

We use two or three administrative staff for maintenance. 

The price is high.

We evaluated other features, but we chose Palo Alto early on in the process because of the features and usability.

I would rate this solution an eight out of ten. 

In terms of a trade-off between security and network performance, I would rate it more toward network security. We have a lot of other alternatives for monitoring but not for the security side or antivirus detection.

I would highly recommend Palo Alto. If you want a cheap solution, I would recommend Sophos. But if someone is looking for real-time protection, I would suggest that they go with the virtual instance of Palo Alto, which is PA-200 VM, because it simply fulfills our requirements.

For personal use or SMEs, the price of PA-400 is high, but the security and performance are worth it.

I'm working in a company that focuses on giving support to different enterprise companies. We help customers with a virtual environment as well as on-prem firewalls.

Before the COVID situation, most of the firewalls were on-prem firewalls, and during the pandemic, there were a lot of problems trying to deliver the firewalls and put them in place. It was taking a lot of time. So, most of the customers have taken a virtual approach for that. A lot of customers with on-prem firewalls are going for a virtual approach.

We are using the most recent version of it.

Palo Alto NG Firewalls help you a lot to have a context of everything. With traditional firewalls or Layer 3 firewalls, we're more focused to determine the source and destination IPs on a specific port. It could be USB or something else, but with next-generation firewalls, you can have more information, such as the user who used it, as well as the application consumed by this user. That's a genuine value that these next-generation firewalls bring in understanding that a user on the network is consuming Port 443 but using Facebook. It is determined by the payload. It can examine the packet, check the payload, and identify the applications. The next-generation firewalls are also more focused on protection.

There are new features that are based on machine learning to protect your network and identify any vulnerabilities. They are pretty good too. With the normal firewalls that we have, the policies are based on ports and IP source and destination. For example, as a part of my policy, I have allowed UDP ports 145 or 345, and for authentication, I have allowed LDAP and other protocols. However, there is a possibility of a breach. Even if I have determined that the traffic is from my active directory servers to the users, when I internally open ports 145 and 345 for all the protocols and all the applications, it creates a vulnerability in my network. If I create the specific rule where I establish that my application is going to be LDAP, and these ports will only be open for LDAP, I am closing the gap. I'm making my network safer, and I'm being more specific and more granular. That's the detail we need nowadays to prevent different types of attacks. The idea is to be more specific and only give the permissions that are needed. We should try to avoid giving more privileges because that creates a vulnerability gap. The customers appreciate being specific and having very descriptive rules for their use cases and blocking other types of communications, which is not that good with normal firewalls.

Palo Alto NG Firewalls embed machine learning in the core of the firewall to provide inline, real-time attack prevention, which is very important. Attackers are innovating every moment, and the attacks are becoming more sophisticated and unpredictable. They are not as predictable as they were in the past. Therefore, it is important to have something at the back in the form of machine learning to help you to interpret and analyze any kind of attack in real-time and protect you from a breach. Technology is very important because you can lose a lot of money or information if you don't have a good security posture and the right tools to prevent a breach or attack.

The machine learning in Palo Alto NG Firewalls is helpful for securing your networks against threats that are able to evolve and morph rapidly. They have advanced threat prevention and advanced URL filtering. WildFire is also useful. It gives you an analysis of malicious files. It detects the files in the sandbox and lets you know in minutes if a new file could be malware, which is helpful for advanced threat prevention. It can quickly give you a lot of context and protection.

DNS security is something that is the focus and a part of the threat prevention profile, and you get different types of options. They collect a lot of information from the experience of other users to determine different problems, such as a malicious page or domain, and use advanced predictive analysis and machine learning to instantly block DNS-related attacks. Their Unit 42 Threat Intelligence team helps the security teams a lot to determine and prevent threats. I haven't had any issue with DNS security. Generally, we recommend the step-by-step approach during the implementation. We recommend starting with a couple of users, analyzing the traffic, and ensuring that the signatures are accurate and policies are established. You have an option to put exceptions for DNS signatures, but in my experience, I didn't have to make many exceptions. You can definitely do it, but it is generally very accurate.

DNS Security provides protection against sneakier attack techniques like DNS tunneling. For DNS tunneling, my approach is to use an SSH proxy. There is a feature in Palo Alto to decrypt SSH traffic and block the application. For example, you see it as SSH, but after you decrypt that traffic, you can see it as SSH tunneling and you can actually block it. You can put things like a sinkhole in order to prevent this traffic.

Palo Alto NG Firewalls provide a unified platform that natively integrates all security capabilities, which is very important. You get a lot of information. For example, in the monitor tab, you can review whether files are transmitted or not, received or not. You can also see the logs related to a threat or a URL that is malicious or is being blocked by your profiles. You have all that information in your hand, and you can review it in a very organized way, which has been very valuable for me. It helped me a lot to understand the problems that a customer can have in the field.

Palo Alto NG Firewalls allow you to enable all logical firewalling functions on a
single platform. You can segment your network into Zones. With Zones, you can separate and allow the traffic in a more specific way. For example, you can separate your visitors or guests into different zones. It is helpful in terms of the cost. This is something that could help you to reduce the cost because you don't have to put in a lot of tools for doing the same thing, but it is something that I'm not an expert in.

The first time I came across these firewalls, what surprised me the most was their web user interface. It is complete and gives you a lot of information. You can do 80% of the things related to your network and firewall through the web UI. In some of the other devices, the UI is not as complete. App-ID is also very valuable in customer networks. When you're seeing a lot of traffic in your network, you can see in your web UI which users have the applications that are consuming the most bandwidth. You have a broad context, which is very good.

Palo Alto can do a little bit better when it comes to the User-ID part. I've been facing problems related to double authentication. You have a computer user, but you also have a VPN user, and when you do a single sign-on to another page, these logs can sometimes generate a problem notification. It doesn't happen a lot, but in some networks, it could be a problem. It would be very helpful to have the ability to restrict the connections that you can have in your VPN. For example, if you have the credentials, you can connect with the same user account from different computers or devices. If you have the domain information, you can connect from different devices. That's a problem that they need to address and resolve. They should ensure that at any moment, only one person is connected through a specific user account.

I have been using this solution for almost five years.

There are no issues with stability. In most cases, they are very stable. 

We recommend our customers to have an HA configuration with active/passive, which is very good in Palo Alto. It takes seconds to change from one firewall to another, which provides reliability and prevents loss of service because of a hardware problem or a network problem on a device. Having an HA environment makes your network resilient.

It depends on the type. If you have a virtual firewall, it is easier to scale to meet your needs. It also depends on the work that you have done during the implementation. It depends on your design, which should be based on a customer's current needs and growth. There are Palo Alto firewalls with different throughput rates to support traffic and encryption. That's why you need to determine and talk about the expectation that a customer has for growth. We do a lot of that so that the customers can have a very robust tool that will help them to secure their network during the coming years without the need to change the device. We understand that it is a huge investment, and they want this product to be there for them for the maximum duration.

For the firewall part, there are complete and very good resources out there to help you. Most of the time, I go through them, and someone has had the same issue in the past. There is a lot of information about the issues that have been solved in the past and how to troubleshoot them. They're very accurate with that. They're very good.

Positive

It depends. If a customer has had another firewall, you need to go through an analysis of their network to understand the rules they have and then translate and introduce them to the Palo Alto methodology. Palo Alto helps us a lot with tools like Expedition, which is a migration tool. Expedition helps you to import the existing configuration from other brands. Overall, it is very straightforward if you have experience. Otherwise, there is a lot of documentation about how you can use the Expedition tool in order to have a successful migration. 

If it is a greenfield deployment where the customer is going to have it for the first time, the configuration is very straightforward. If you don't have any other firewalls, the implementation duration depends on the granularity that a consumer wants and the complexity of their network. The main job is going to be related to the authentication of the users and User-ID. In general, if you have just ten rules, you can do it in three to four days.

In terms of maintenance, they are continuously checking and reviewing if there are some breaches or there are any exploits or new applications. It is continuously updating itself on a weekly or daily basis. They are continuously developing new versions. They have a lot of documentation that we share with the customers for information about the best-recommended version or the version with fewer issues. Their documentation is complete in that aspect, and it gives you a lot of information. You have access to the known issues of released versions. Palo Alto is continuously working on new versions and fixing the glitches of previous versions. You might have to upgrade to a new version because a particular problem is resolved in it.

To someone who says that they are just looking for the cheapest and fastest firewall, I would say that I understand that businesses need to reduce the cost, but such a solution is an investment, and in the future, it's going to help you. If you go to the cheapest solution that could do most of the things, but not all, you could face problems. You could have a breach that would cost you a lot more money than having a good security posture. The number of attacks is going to increase more and more. We have to take them seriously and invest in new and powerful tools for protection. The investment that you do today can save your company tomorrow.

They are trying to come up with new things and innovate every year with new licenses. For example, a couple of years ago, they brought the IoT part, which is something that became popular. They try to innovate a lot and bring out new licenses, but you need to understand your needs to know which licenses are better for you. You should consult a good team and obtain a license that is good for you. That's because not all the licenses are important for your environment. For example, if you are not familiar, or you don't have any future plans for IoT, you don't require a license for that. You should focus on the licenses that you really need and are going to generate value for you. You should focus on your security needs and understand which firewall model can give you the protection and the ability to grow over time based on your projections. Your licensing should include good threat prevention, URL filtering, DNS security, and WildFire in order to have a very secure environment. 

It is a complete solution, and it provides a lot of protection to the users and the network, but it is not something for device protection. For that, you would need something like Cortex, which can help you determine abnormal behavior in an endpoint. 

Palo Alto is trying to combine different products to protect different areas. A next-gen firewall is very good for your network, but, for your endpoints, you can have Cortex. These two solutions can then work together. They speak the same language and have a full integration to protect all your environment. Nowadays, there are a lot of people working from their homes. They are exposed to different types of threats. They connect to your environment through a VPN, but when they disconnect, they do their daily tasks on the device, and while doing that, they may go through a bad page or execute a file that can corrupt the computer. You can determine this and stop attackers from connecting to and infiltrating your network. Palo Alto tries to separate the breaches or the attack areas, and they have a very good product in each area. You can make these products work together in order to have a very strong platform.

I would rate this solution a nine out of ten.