We changed our name from IT Central Station: Here's why

Palo Alto Networks NG Firewalls Valuable Features

Solutions Architect at a comms service provider with 501-1,000 employees

The product stability and level of security are second to none in the industry. We value the security of our client's infrastructure so these features are valuable to us. 

An example of a very valuable feature behind Palo Alto is the application-aware identifiers that help the firewall know what its users are trying to do. It can block specific activities instead of just blocking categories. For example, you can block an application, or all unknown applications. On one occasion, I was alerted by Palo Alto that something unusual was happening through a particular port at a client location. I blocked the port access because I didn't know what exactly was going on and alerted the client. Then the client called me up and said, "Hey, I need the port that was blocked because [of this]." We could then test what was going on in a secure environment where it couldn't affect anything else to be sure the behavior was not something to be concerned about. In this case, Palo Alto kept the client totally safe. That is a fantastic capability.

View full review »
CyberSecurity Network Engineer at a university with 5,001-10,000 employees

Wildfire has been a very good feature. It allowed us to get rid of our honeypot machines, as well as our IDS/IPS solution. When we put it on the border, it was blocking everything that we were getting ahead of time, and we weren't getting any hits. This includes URL filtering, spam prevention, and anti-virus.

We are using a data lake for our log storage. Because our Splunk license is only so large, we couldn't do a lot of logging. Palo Alto does not create small logs, like a Cisco box. In fact, with Palo Alto, you can't capture all of your logs.

From a layer three network perspective, Palo Alto is a workhorse that gives us the best value.

This solution provides a unified platform that natively integrates all security capabilities, which is 100% important to us. This is a great feature.

The user interface is beautiful. They've done their homework on UI design. There are small little tweaks but that's really a preference more than functionality.

View full review »
Network Analyst at a recreational facilities/services company with 1,001-5,000 employees

It is fairly intuitive. 

The central management of Panorama actually works. It is what FortiManager aspires to be, but Panorama is usable. You can push config down, do backups, and use templates from other sites, copying them over. The reliability and throughput, plus Panorama's control features, are its main selling features.

It is a combined platform that has different features, like Internet security and the site-to-site VPN. Previously, there were different components that did this. If it was a remote access VPN client, then you would have to go onto one platform and troubleshoot. If it was a site-to-site, it was on a different platform so you would have to go onto that one. It would be different command sets and troubleshooting steps. From that perspective, having that combined and all visible through Panorama's centralized management is probably one of the better benefits.

We had a presentation on Palo Alto Networks NG Firewalls a few years ago. I know the number of CPU cores that they have inside the firewall is crazy, but it is because they have to pack all the performance and analysis in real-time. It is fast. I am always amazed at the small PA-220s and how much performance they have with their full antivirus on it. They can pass 300-megabits per second, and they are just about the size of a paperback book. As far as how that single-pass processing impacts it, I am always amazed at how fast and how much throughput it has.

View full review »
Learn what your peers think about Palo Alto Networks NG Firewalls. Get advice and tips from experienced pros sharing their opinions. Updated: January 2022.
566,121 professionals have used our research since 2012.
Chief Architect at a recruiting/HR firm with 1,001-5,000 employees

The firewall feature is great because we didn't have specific firewall capabilities beforehand. The anti-malware features and the ability to plug into our mail scanning are valuable as well, so we can share data between our email antivirus scanning solutions. That integration has been quite useful.

Palo Alto NGFW embeds machine learning in the core of the firewall to provide inline, real-time attack prevention, which is another string to the bow of our layered security approach. So, it is important. It is not the big reason we bought it, but it is a useful component to our layered security approach. Security best practices push for a layered approach because there are so many different factors that you need to cover: 

  • Email threats
  • Malware
  • Viruses
  • Accidental human mistakes made internally to your network.
  • Malicious humans in your network and outside your network. 

Therefore, a multi-layered approach really is a security best practice way of attacking security. You can't just worry about the parameter; you need to worry about what's inside your network and how things come in.

The key thing is that we don't have to try and play Whac-A-Mole. The machine learning-powered firewalls do that for us. As a recruitment company, we can never have the necessary technologies available to us to try and do this ourselves, so leveraging the machine learning power from Palo Alto reduces the risk for us.

Palo Alto NGFW provides a unified platform that natively integrates all security capabilities, which is very useful. This prevents us from having to go to a lot of different systems, and in some cases, many different systems in many different regions, because we are a global company with 60 remote offices around the world in 30 different countries. Its centralized platform is really what we look for in all services, whether it be security or otherwise.

View full review »
Network Administrator at a real estate/law firm with 201-500 employees

The machine learning in the core of the firewalls, for inline, real-time attack prevention, is very important to us. With the malware and ransomware threats that are out there, to keep abreast of and ahead of those types of attacks, it's important for our devices to be able to use AI to distinguish when there is malicious traffic or abnormal traffic within our environment, and then notify us.

The fact that in the NSS Labs Test Report from July 2019 about Palo Alto NG Firewalls, 100 percent of the evasions were blocked, is very important to us. 

View full review »
Network Solutions Architect at Ecobank Transnational Incorporated

Setting up a VPN is quite easy. 

It gives you a lot of information when you are monitoring traffic. 

In terms of user experience, Palo Alto has very good user administration.

Machine learning is important. Although we have not exhausted the full capabilities of the firewall using machine learning, the few things that we are able to do are already very good because we have an integration with a third-party. We are leveraging that third-party to get threat intelligence for some destinations that are dangerous, as an example. Any traffic that tries to go to those destinations is blocked automatically. There is a script that was written, then embedded, that we worked on with the third-party. So, machine learning is actually critical for our business.

View full review »
Security Team Technical Manager at ECCOM Network System Co., Ltd.
  • Application identification
  • Antivirus
  • Vulnerability protection
  • URL filtering
  • IPsec VPN

Palo Alto NGFW provides a unified platform that natively integrates all security capabilities. Most of our customers are busy. They cannot afford the time to learn very complicated user interfaces and configuration procedures. With Palo Alto Networks, they offered a unified user interface for all its NG Firewall products and Panorama. I think it reduces some of our customers' maintenance time. 

Palo Alto NGFW’s unified platform has helped our customers eliminate security holes. With a unified platform, customers can deploy the NG Firewall both in the data center edge, inside the data center, and in the product/public cloud environments. They have the same user interfaces and platform, so they can be maintained by a single unified platform called Panorama. Customers can use Palo Alto Network NG Firewalls in all the places where they need to protect their environments. This helps to decrease security holes.

View full review »
Director Of Technology at La Jolla Country Day School

It is pretty important to have embedded machine learning in the core of the firewall to provide inline, real-time attack prevention, because all these different attacks and threats are constantly evolving. So, you want to have something beyond just hard pass rules. You want it to learn as it is going along. Its machine learning seems pretty good. It seems like it is catching quite a few things.

View full review »
Presales Specialist at a tech services company with 1-10 employees

We had a small project with the PA-800 Series appliance where we implemented DNS Security. DNS Security is a good feature because, in the real world with web threats, you can block all web threats and bad sites. DNS Security helps to prevent those threats. It's also very helpful with Zero-day attacks because DNS Security blocks all DNS requests before any antivirus would know that such requests contain a virus or a threat to your PC or your network.

In general, Palo Alto NG Firewalls are 

  • easy to manage
  • good, reliable appliances
  • easy to configure.

They also have a good balance between security and traffic. They have good hardware and, for management, they have their own data plane. If traffic is really overloading the data plane, you still have the ability to get into the management tools to see what's going on. You can reset or block some traffic. Not all firewalls have that feature.

They have really good clients, such as a VPN client. You can also enforce security standards on workers in the field. It's a really good product. And now, for endpoint security, they have Cortex XDR. You use the same client, but with additional licenses that enable more features.

View full review »
Senior Network Engineer at a tech services company with 201-500 employees

The most valuable features include the different security zones and the ability to identify applications not only by port numbers but by the applications themselves.

The DNS Security with predictive analytics and machine learning for instantly blocking DNS-related attacks works fine. We are happy with it.

And with the single-pass architecture, it provides a good trade-off between security and network performance. It provides good security and good network throughput.

View full review »
Security Consultant at a tech services company with 501-1,000 employees

From my experience, comparing it to other products, the granularity you can have in the application is very good. The application detection is excellent. It's certainly one of the best. 

The engine detector application is usually one of the best compared to any other firewall on the market, in my opinion.  With it, I can do a lot of rules based on the application. If you have multiple internet links, you can have an application export from one link, and an application wire from another link. You can have security on the application. The security, for example, can have different functionalities. Basically, the granularity of rules is amazing in Palo Alto.

They have a good reputation for their antivirus capabilities.

The solution offers a strong URL based system or detection for malicious URL or malicious files. 

They even have a machine learning algorithm. They do a lot of very advanced detection for files and URLs. 

Once you deploy the product, you can basically forget about it. It has high customer satisfaction because it's always just working.

View full review »
President at MT-Data

The solution allows us to set parameters on where our users can go. We can block certain sites or ads if we want to.

The firewall capabilities are very good.

View full review »
Sr. Engineer at a comms service provider with 51-200 employees

The solution offers many different capabilities.

It's one of the best products I've worked with. It's typically a market leader on Gartner. It's a very respected brand.

The solution offers very good security, especially in relation to antivirus activities.

The initial setup is pretty straightforward.

The product is extremely reliable.

View full review »
Manager IT Security & Infrastructure at a consumer goods company with 1,001-5,000 employees

There are a lot of helpful features

  • monitoring
  • reporting
  • WiFi.

You can easily integrate it with Active Directory, and you can use the GlobalProtect VPN for internal and external purposes. The URL Filtering is also clear and the application filtering is a plus. The application filtering is much better when you compare it to FortiGate or other firewall vendors.

Also, the fact that Next-Gen Firewalls from Palo Alto embed machine learning in the core of the firewall to provide inline and real-time attack prevention is very important. Nowadays, all the modern attacks, hackers, and bad people are becoming more intelligent and automating attacks. Embedding AI is a good idea.

We have complete visibility through the logs and the alerting. It depends on how you configure the firewall. You can configure it to get alerts whenever there's an attack or whenever something is happening. That's how we can assess if the firewall is doing the job correctly or not. We are happy with the way the firewall does its job.

View full review »
Team Lead Network Infrastructure at a tech services company with 1-10 employees

It's a next-generation firewall and it's pretty stable. You don't have to worry about if you restart it for some maintenance. It will just come back. Basically, it would come back in a straightforward manner. There are no stability issues.

The one thing that I like about Palo Alto is it's throughput is pretty straightforward. It supports bandwidth and offers throughput for the firewall.  The throughput basically decreases.

Palo Alto actually provides two throughput values. One is for firewall throughput and other is with all features. Whether you use one or all features, its throughput will be the same.

It's performance is better than other firewalls. That is due to the fact that it is based on SPD architecture, not FX. It basically provides you with the SB3 technology, a single path parallel processing. What other brands do is they have multiple engines, like an application engine and IPS engine and other even outside management engines. This isn't like that.

With other solutions, the traffic basically passes from those firewalls one after the other engine. In Palo Alto networks, the traffic basically passes simultaneously on all the engines. It basically improves the throughput and performance of the firewall. There's no reconfiguration required.

View full review »
Solutions Architect at a comms service provider with 51-200 employees

I love the Policy Optimizer feature. I am also completely happy with its stability.

View full review »
Network Security Engineer at a tech services company with 11-50 employees

Initially, there were no application controls offered in the legacy firewall. Now you can log each and every application. It provides valuable control and is the main feature in addition to the security features they're currently offering. All the firewalls - Fortinet, Cisco, Palo Alto -  provide complete visibility and control over your network which you didn't previously have. Now you have user ID and you can implement URL filtering as well, there is control over your network. End user logging is far better with Palo Alto than Fortinet or Cisco, and it helps you to troubleshoot. I'd rate Palo Alto on top. It's comfortable and that's my experience. Cisco and Fortinet provide good services, but Palo Alto offers a very good product.

View full review »
Technology Manager at a comms service provider with 1,001-5,000 employees

The feature that I have found most valuable is the connection. It's very easy for the clients to connect to their information. They use an SSL connection by BPM.

View full review »
Security Engineer at Hitachi Systems, Ltd.

Apart from the security, Palo Alto NG Firewalls have nice features like App-ID and User-ID. These are the two most useful features.

With App-ID, we can identify exact traffic. Even if someone tries to fool the firewall with a different port number, or with the correct port number, Palo Alto is able to identify what kind of traffic it is.

With User-ID, we can configure single sign-on, which makes things easy for users. There is no need for additional authentication for a user. And for documentation and reporting purposes, we can fetch user-based details, based on User-ID, and can generate new reports.

Another good feature is the DNS Security. With the help of DNS security, we can block the initial level of an attack, and we can block malicious things from a DNS perspective.

The GlobalProtect VPN is also very useful.

View full review »
Network Administrator at a healthcare company with 201-500 employees

The value of this solution for me is the protection from a single packet and ease of making security rules. It also doesn't require a special dedicated network team, I'm able to do it myself. It's a time saver for me and now in this pandemic period, users have access from home.  

View full review »
Information Security Specialist at UAEU

I like the training material they provide and the reporting is very good. The solution is very easy to configure, and very easy to understand and explain. Compared to firewalls offered by their competitors, I find it easier to use and more thorough. The most important thing the solution provides is, of course, the firewalling up to the application level.

View full review »
Technical Manager at a tech services company with 201-500 employees

The sandboxing is valuable and they are frequently updating their signature database. We get new updates every five minutes. That makes it easy to detect new and unknown attacks.

View full review »
Security Expert at a aerospace/defense firm with 10,001+ employees

The strengths of Palo Alto Networks NG Firewalls are application visibility and application awareness. Their strong point is identifying applications for traffic. So all of the policies that are configured are related to the application and not to a port.

For example, let's say you want to allow HTTP traffic and the server is not listening on the standard http port which port 80 but listens on port 25 which Is the standard port for SMTP, this is not an obstacle has the firewall is focusing on the application, it identify the HTTP application and allow the HTTP application and block any other application on port 25. So we don't care on which port the app traverses.

It is easy to install and is stable too.

View full review »
Software Engineer at a comms service provider with 51-200 employees

The solution has a lot more features than other firewall solutions, including Cisco, which we also use. It's very rich. There's so much there and we don't use a lot of it, although it is nice to have the option.

The solution itself is very user-friendly and quite easy to use.

You just need a web browser to manage it, unlike Cisco, which requires another management system.

The solution is quite stable.

The initial setup is pretty straightforward.

View full review »
System Administrator at a mining and metals company with 51-200 employees

Everything is easy in Palo Alto Networks NG Firewall. It is very stable, easy to configure, and easy to upgrade. It is also very easy to create custom policies and applications. Everything can be done with the click of a button. 

It is also good for the protection of web services. Nowadays, they have a rather new DNS security feature, which is pretty good and functional. We did a one-month trial, and it is the best product for the firewall network.

View full review »
Server Administrator and Operation Manager at a computer software company with 501-1,000 employees

The solution is very helpful in controlling spam.

The product offers very good web content control and various aspects of security.

The stability of the product has been good over the years.

The initial setup is very easy. Compared to Cisco or other solutions, Palo Alto is very easy to implement and administer. They are both very easy.

View full review »
Senior Network & Security Administrator at a consultancy with 1,001-5,000 employees

The feature that I like the most is its IPS model, the WildFire model. I really like how the whole threat protection model functions, including the vulnerability and anti-spyware aspects. That is really awesome.

View full review »
Security Presales Solutions Architect at a tech services company with 201-500 employees

In general, its performance and ease of use are the most valuable. Its performance is good, stable, and reliable. The user interface is friendly and easy to use. Customers find it easy to work with and easy to learn.

View full review »
Technology consultant at a tech services company with 501-1,000 employees

The GUI is very simple in Palo Alto and I like that. We rarely have any issues but when we do, the stability of the solution is very good. All the options they offer; creating objects, configuring VPN, it's all pretty simple and straightforward. The solution is continuously in use in our company. 

View full review »
Network Engineer at a tech services company with 201-500 employees

I like the architecture because it separates the management plan process and the data plan process. When I perform something CPU-intensive on management configurations, it doesn't disturb the data plan.

On the data plan, it uses parallel processing. This makes the security process and network process is more efficient.

View full review »
Chief of IT security department at a financial services firm with 1,001-5,000 employees

We have found the DPI ability to understand web applications and build access rules on web application categories first to be a great feature. The firewalls have good integration and good log journals' integration with Qradar. This is how the system produces user logs, how they build, how they structure the logs is stable to integrate with SIEM. For example, Check Point is not so good in this category.

View full review »
Sr. Solution Architect at a tech vendor with 501-1,000 employees

The solution has many great features. I don't know if there's one single one that stands above and beyond everything, however.

The application visibility is excellent. There is no other solution that does it quite as well. Palo Alto definitely has an edge in that sense.

The ability of the security features to adapt is also very good. They offer great DNS protection.

They include everything from a network point of view and a security perspective. For the most part, the endpoints are great.

The interface and dashboards are good.

View full review »
Partner Alliance Director at a comms service provider with 1,001-5,000 employees

The active features on the solution are excellent.

The dashboard and management console are both very user-friendly. Everything is easy to navigate.

The interface is very nice. We generally like the UI the product offers.

View full review »
Vice President and Head - IT Telecom, Software License Management and Collaboration at a tech services company with 10,001+ employees

The most valuable feature is the security provided by the ATP. It is definitely better than the security provided by other firewalls.

The API is available for integration with tools for automation and AI, which is very good.

View full review »
Network Security Engineer at a tech services company with 1,001-5,000 employees

I like all the functions and features.

View full review »
System Engineer at IRIS

The most valuable features are web filtering and application filtering.

The IPS functionality is very good.

The performance is good.

View full review »
Director, Middle East, East India & SAARC at a tech company with 51-200 employees

It worked fine normally.

View full review »
Vice President of Digital Transformation at Sysnet Global Technologies

The most valuable features of this solution are all of the services it provides. 

The application layer to the hardware Layer is good, as are all layers it offers.

It's a very comprehensive solution.

View full review »
Security Consultant at a computer software company with 201-500 employees

The application control portion of the solution is its most valuable aspect.

The malware protection on offer is excellent.

The initial setup is very easy.

We found the scalability to be quite good.

The stability is excellent.

Technical support is great.

The interface is very user-friendly.

View full review »
Network Engineer & Security Specialist at a tech services company with 51-200 employees

Application control, IPS, and sandboxing towards the cloud are the most valuable features. It is a very user-friendly product with a very easy-to-use interface.

View full review »
Cyber Security Solutions Architect at a tech services company with 10,001+ employees

Innovative, advanced threat protection is the most valuable feature. 

View full review »
Service Delivery Engineer - Network Security Lead at a tech services company with 51-200 employees

It's a flexible solution and integrates well with apps and other security tools like SIEM, web applications. They can share their data orchestration. It's robust and fast in terms of architecture and data processing, there aren't any bottlenecks.  

View full review »
Sr. Product Management Specialist at a comms service provider with 10,001+ employees

The Unified Threat Management (UTM) module, which consists of the basic firewall and IPS services, is what the majority of our customers use in Palo Alto Firewall.

View full review »
Technical Manager El Salvador at a tech services company with 51-200 employees

Overall, it is a good solution. It is stable. We use URL filtering, which is useful for blocking undesired URLs.

View full review »
Senior Network Engineer at a tech services company with 201-500 employees

The best feature of this solution is the GlobalProtect, followed by the App-ID feature which is very good. I also like the VMS feature. 

View full review »
Director IT Security at a healthcare company with 501-1,000 employees

Mechanically, all firewalls work in a similar fashion, but what makes Palo Alto different is that it also has some of the threat hunt capabilities. It is a little bit better than other vendors.

View full review »
Network Manager at a financial services firm with 1,001-5,000 employees

The ease of use and the ease of configuration of our policies are the most valuable features.

View full review »
Network Security Head at a government with 51-200 employees

We chose Palo Alto for its security features. It's quite nice. It's very user-friendly, powerful, and there are barely any bugs. 

View full review »
Senior Staff Security Engineer at a renewables & environment company with 1,001-5,000 employees

The App-ID feature is the coolest feature because you don't need to open a new port. Apps are directly linked to the port. It provides one of the best ways to lock down the additional port switch.

View full review »
IT Architect at a computer software company with 501-1,000 employees

The technology's very good. We have had a lot of good experience with this solution. We have done a lot of implementation for our clients and we have not had a lot of problems with this solution.

View full review »
Lead Consultant at a tech services company with 1-10 employees

This firewall will scan the network for vulnerabilities and malware.

It can prevent unauthorized access to the network.

This solution has a DLP function.

They are regularly releasing new versions that include more integration with third-party services. Examples of services that have already been integrated are Splunk and two-factor authentication.

View full review »
System Engineer at a non-profit with 10,001+ employees

The most valuable features are the content ID, IPs, and the URL filtering service to enable protection. 

The structure is much faster and more sophisticated than Cisco.

Their cloud support is smart.

View full review »
Director of Information Technology at a hospitality company with 10,001+ employees

I like that they are more stable than the previous ones, and they allow a lot of other features.

View full review »
Technology Engineer at a computer software company with 51-200 employees

I have found it to be reliable and very easy to use. I haven't really encountered many problems with it because its documentation is clear and readily available on their website.

View full review »
Network Security Engineer at Next Step

IoT security is most valuable in the current version. Content IDs, DDoS protection, zone protection, and DLP are the most prominent features in Palo Alto Networks NG Firewall. It is easier to configure than other solutions.

View full review »
Senior solution architect at a comms service provider with 51-200 employees

The management options are good.

View full review »
CIO/CTO at a manufacturing company with 501-1,000 employees

The most valuable feature is the application firewall.

The GUI is user-friendly.

View full review »
Head of IT Infrastructure at a financial services firm with 1,001-5,000 employees

Identifying applications is very easy with this solution.

View full review »
Cyber Security Trainee at Macroview Telecom Limited

The most valuable feature is WildFire, which blocks sophisticated attacks and distinguishes it from other traditional firewall functions.

View full review »
Marine Consultant/Captain/Senior DPO at Jan Arild Hammer

Its flexibility is the most valuable.

View full review »
Network Security Engineer

The best features of this solution are URL filtering and traffic visibility.

View full review »
Team Leader at a tech services company with 501-1,000 employees

There are plenty of features available in this solution, such as attack blocker and spam blocker. Additionally, it is very robust and in-depth.

View full review »
ITSM Engineer at a comms service provider with 11-50 employees

The App-ID, Content-ID, User-ID, and encryption and decryption are valuable features.

View full review »
Senior Network Security Engineer at Locuz Enterprise Solutions Ltd

The most valuable features are the IPS/IDS subscriptions.

The user interface is fine.

View full review »
Assistant Manager at Net One Systems

I like that it has high security. 

View full review »
Vice President, Security Engineering at a financial services firm with 1,001-5,000 employees

The most valuable feature is the ease of use of the central Panorama to control all firewalls as one unit for baseline rules and then treat each firewall separately when needed.

View full review »
Regulatory Specialist at a healthcare company with 501-1,000 employees

Operationally, it is easier, and the manageability and their security features are good. Vendor support is also good.

View full review »
Cloud Security Engineer at a tech services company with 1,001-5,000 employees

URL filtering and WildFire features are most valuable. It is very user-friendly. 

It is a very solid product, and it definitely works.

View full review »
System Engineer at a tech services company with 11-50 employees

Some of the valuable features in this solution are traffic monitoring, GUI functionality, and it very easy to troubleshoot if there is any problem that happens.

View full review »
Information Technology Project Manager at JSC "Penkiu kontinentu komunikaciju centras"

The configuration is very simple. 

View full review »
Sr. Security and Enterprise Architect at a security firm with 11-50 employees

The graphical interface is easy to troubleshoot because it has a drill-down sequence. It is easy to monitor traffic. 

View full review »
Learn what your peers think about Palo Alto Networks NG Firewalls. Get advice and tips from experienced pros sharing their opinions. Updated: January 2022.
566,121 professionals have used our research since 2012.