IT Central Station is now PeerSpot: Here's why

Palo Alto Networks NG Firewalls OverviewUNIXBusinessApplication

Palo Alto Networks NG Firewalls is #7 ranked solution in best firewalls. PeerSpot users give Palo Alto Networks NG Firewalls an average rating of 8.6 out of 10. Palo Alto Networks NG Firewalls is most commonly compared to Azure Firewall: Palo Alto Networks NG Firewalls vs Azure Firewall. Palo Alto Networks NG Firewalls is popular among the large enterprise segment, accounting for 56% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 23% of all views.
Palo Alto Networks NG Firewalls Buyer's Guide

Download the Palo Alto Networks NG Firewalls Buyer's Guide including reviews and more. Updated: July 2022

What is Palo Alto Networks NG Firewalls?

Palo Alto Networks NG Firewalls is a firewall solution designed for security teams that provides them with full visibility and control over all networks via powerful traffic identification, malware prevention, and threat intelligence technologies. In order to determine which applications, users, and content traversing the network are safe, the solution offers companies a variety of advanced security tools and strategies.

Palo Alto Networks NG Firewalls Features

Palo Alto Networks NG Firewalls has many valuable key features. Some of the most useful ones include:

  • Secure Application Enablement (App-ID, User-ID, Content-ID)
  • Malware Detection and Prevention (threat prevention service, buffer overflows and port scans, anti-malware capabilities, command-and-control protection, and WildFire)
  • DNS Security (URL filtering, predict and block malicious domains, signature-based protection, extensible cloud-based architecture)
  • Panorama Security Management (including graphical views and analytics, manage rules and dynamic updates, customizable application command center (ACC), log collection mode, physical or virtual appliance)
  • Threat Intelligence (high-fidelity threat intelligence, priority alerts, automatic extraction and sharing of prevention indicators, native integration with Palo Alto Networks products)

Palo Alto Networks NG Firewalls Benefits

There are several benefits to implementing Palo Alto Networks NG Firewalls. Some of the biggest advantages the solution offers include:

  • Dedicated management interface for managing and initial configuration of the device
  • Regular threat signatures and updates
  • Import addresses and URL objects from the external server
  • Configure and manage with REST API integration
  • Great throughput and connection speed is fair even in high traffic load
  • Deep visibility into the network activity through Application and Command Control
  • Easy to manage and very user friendly

Reviews from Real Users

Below are some reviews and helpful feedback written by Palo Alto Networks NG Firewalls users.

A Solutions Architect at a communications service provider says, “The product stability and level of security are second to none in the industry. We value the security of our client's infrastructure so these features are valuable to us. An example of a very valuable feature behind Palo Alto is the application-aware identifiers that help the firewall know what its users are trying to do. It can block specific activities instead of just blocking categories. For example, you can block an application, or all unknown applications.”

PeerSpot user Gerry H., CyberSecurity Network Engineer at a university, mentions that the solution has a “Nice user interface, good support, is stable, and has extensive logging capabilities.” He also adds, “Wildfire has been a very good feature. This solution provides a unified platform that natively integrates all security capabilities, which is 100% important to us. This is a great feature.”

Eric S., Network Analyst at a recreational facilities/services company, states, "With its single pane of glass, it makes monitoring and troubleshooting a bit more homogeneous. We are not looking at multiple platforms and monitoring management tools. It is more efficient from that perspective. It is more of a common monitoring and control system for multiple aspects of what used to be different systems. It provides efficiency and time savings."

Palo Alto Networks NG Firewalls was previously known as Palo Alto NGFW, Palo Alto Networks Next-Generation Firewall, Palo Alto Networks PA-Series.

Palo Alto Networks NG Firewalls Customers

SkiStar AB, Ada County, Global IT Services PSF, Southern Cross Hospitals, Verge Health, University of Portsmouth, Austrian Airlines, The Heinz Endowments

Palo Alto Networks NG Firewalls Video

Archived Palo Alto Networks NG Firewalls Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Humbert Choi - PeerSpot reviewer
Cyber Security Trainee at Macroview Telecom Limited
Reseller
Top 20
Stable, straightforward to set up, and guards against sophisticated attacks

What is our primary use case?

We are a solution provider and this is one of the firewall solutions that we implement for our customers. We present this product to customers and also handle the onsite installation.

Our clients use it to secure their network infrastructure.

What is most valuable?

The most valuable feature is WildFire, which blocks sophisticated attacks and distinguishes it from other traditional firewall functions.

What needs improvement?

I would like to see better third-party orchestration so that it is easier for the team to work with different products. 

Improvements should be made in the Cortex module.

For how long have I used the solution?

I worked with this next-generation firewall for about four months as I rotated between departments.

Buyer's Guide
Palo Alto Networks NG Firewalls
July 2022
Learn what your peers think about Palo Alto Networks NG Firewalls. Get advice and tips from experienced pros sharing their opinions. Updated: July 2022.
622,358 professionals have used our research since 2012.

What do I think about the stability of the solution?

We have had no complaints about stability.

What do I think about the scalability of the solution?

Scalability has not been a problem. Our customers for this firewall are large companies in industries such as banking.

How are customer service and support?

I have not been in contact with technical support.

How was the initial setup?

The initial setup is quite straightforward compared to other brands of firewalls. The deployment takes about one month.

What about the implementation team?

Our in-house team handles the deployment and maintenance for our customers.

What other advice do I have?

My advice for anybody who is considering this product is that it is a useful firewall and high-ranking compared to others.

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
PeerSpot user
Antonio El Khoury - PeerSpot reviewer
System Engineer at IRIS
Reseller
Good web and application filtering, but the traps needs to be improved
Pros and Cons
  • "The most valuable features are web filtering and application filtering."
  • "I would like to see better integration with IoT technologies."

What is our primary use case?

We resell products by Palo Alto and Cisco, and this next-generation firewall by Palo Alto is one of the products that we are familiar with.

What is most valuable?

The most valuable features are web filtering and application filtering.

The IPS functionality is very good.

The performance is good.

What needs improvement?

The price is expensive and should be reduced to make it more competitive.

Information about Palo Alto products is more restricted than some other vendors, such as Cisco, which means that getting training is important.

The traps should be improved.

I would like to see better integration with IoT technologies. Having a unified firewall for OT and IT would be very good.

For how long have I used the solution?

We have been working with Palo Alto for about one year.

What do I think about the stability of the solution?

This is a stable firewall and you don't have a lot of surprises. The performance, throughput, and decryption are all good. It is important to remember that at the end of the day, it depends on the configuration.

For special functionality, you are going to have some exceptions. However, for the well-known functionality, it is stable.

What do I think about the scalability of the solution?

It is scalable in that the performance is good and you don't need a large cluster to operate it.

How are customer service and technical support?

The technical support is good. The team is responsive and they gave us the right information at the right time to solve the difficulties and complexities that we were experiencing.

Which solution did I use previously and why did I switch?

We also sell products by Cisco and there are some differences between them. Palo Alto is more expensive and the performance is better. With Cisco, the documentation is better and it is easier to install. There is a lot more information available for Cisco products.

What's my experience with pricing, setup cost, and licensing?

This is an expensive product, which is why some of our customers don't adopt it.

What other advice do I have?

My advice for anyone who is implementing the Palo Alto Next-Generation firewall is to take the training that is available. This will allow them to better work with the technology.

This is an ambitious company with a good security roadmap. The product is being continuously developed and they are professionals who are focused in this area of technology. It is the firewall that I personally recommend.

I would rate this solution a seven out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: partner
PeerSpot user
Buyer's Guide
Palo Alto Networks NG Firewalls
July 2022
Learn what your peers think about Palo Alto Networks NG Firewalls. Get advice and tips from experienced pros sharing their opinions. Updated: July 2022.
622,358 professionals have used our research since 2012.
Cyber Security Solutions Architect at a tech services company with 10,001+ employees
Real User
Offers innovative, advanced threat protection
Pros and Cons
  • "Innovative, advanced threat protection is the most valuable feature."
  • "The user interface is probably not as slick as it could be."

What is our primary use case?

Our primary use case was for perimeter protection.

What is most valuable?

Innovative, advanced threat protection is the most valuable feature. 

What needs improvement?

I don't see any specific room for improvement.

The user interface is probably not as slick as it could be.

For how long have I used the solution?

I have been using Palo Alto for three years. 

We're on-premises primarily at the moment, but also a cloud product. 

What do I think about the stability of the solution?

The stability is generally pretty good. I haven't heard any complaints from our customers around Palo Alto's stability. It's one of the reasons why they're the leaders in this space.

We've got our own team for maintenance. My company is a large multinational with 20,000 employees.

How are customer service and technical support?

I have contacted their support once. It's very good support. They help me to fix our problem quickly.

How was the initial setup?

The initial setup was complex. It's not very intuitive. You need to know what you're doing for the initial setup, you need to be a Palo Alto expert.

If you compare it to their competitor Fortinet, Fortinet's FortiGate product is a lot easier to install, if you're not an expert.

The time it takes to deploy depends on how complex the deployment needs to be for the client. If it's a basic deployment, is going to take around two days. 

What other advice do I have?

My advice would be to make sure the firewall is configured properly.

I would rate it an eight out of ten. Not a ten because you have to be really excellent before you get a ten out of me.

In the next release, I would like to have the ability to auto-generate rule and policy, based on known traffic, based on the baseline. That is a feature that I think Palo Alto should be able to have in some form or fashion to auto-generate and propose a policy and rules set, after putting the file into a learning mode for some period.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Assistant Manager at Net One Systems
Real User
Security is a lot easier than its competitors and it has well-integrated software

What is our primary use case?

Our primary use case was to configure our PSAs for our customized configuration. 

What is most valuable?

I like that it has high security. 

What needs improvement?

The whole performance takes a long time. It takes a long time to configure. 

For how long have I used the solution?

I have been using Palo Alto for six years. 

How are customer service and technical support?

I contact Palo Alto by email or by phone. Their support is good. 

Which solution did I use previously and why did I switch?

I have previously worked with Cisco ASA. Palo Alto is a lot easier especially in regards to security. It is a well-integrated software.

How was the initial setup?

The difficulty of the deployment depends on our clients' environment and their requests.

We require a two-member team for support. 

In terms of how long it takes to deploy, again, it depends on the customers' environment. If the request is easy, it can take around two weeks.

What other advice do I have?

I would rate Palo Alto a nine out of ten. 

In the next release, they should simplify the deployment process. 

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Integrator
PeerSpot user
VinodPol - PeerSpot reviewer
Vice President and Head - IT Telecom, Software License Management and Collaboration at a tech services company with 10,001+ employees
Consultant
ATP provides superior security, it integrates well using the API, and the support is good
Pros and Cons
  • "The most valuable feature is the security provided by the ATP."
  • "I would like the option to be able to block the traffic from a specific country in a few clicks."

What is our primary use case?

We use this firewall as part of our overall security solution. It is used to protect our perimeter on the internet side. We have the on-premises version installed for our offices and the cloud-based version for our cloud offerings. For our cloud setup, we use both Azure and AWS.

What is most valuable?

The most valuable feature is the security provided by the ATP. It is definitely better than the security provided by other firewalls.

The API is available for integration with tools for automation and AI, which is very good.

What needs improvement?

The interface contains some decentralized tools, so simplifying it would be an improvement.

I would like the option to be able to block the traffic from a specific country in a few clicks.

Some of the implements under artificial intelligence should provide better visibility in terms of my traffic, such as where it originates and where it is going.

Better integration with industry tools would allow me to do quicker automation and reduce my operational costs.

For how long have I used the solution?

We have been using the Palo Alto Next-Generation firewall for almost five years.

What do I think about the scalability of the solution?

This solution is definitely not scalable. Although it is a next-generation firewall, it has its limitations in terms of policies. At one point in time, it becomes the bottleneck, which is something that we have to optimize.

We are using this firewall at between 10 and 15 locations.

How are customer service and technical support?

We have been in contact with technical support and we are satisfied with the service.

Which solution did I use previously and why did I switch?

We also use FortiGate VDOM, although this is for internal protection. The FortiGate interface is simpler in design than Palo Alto.

Prior to Palo Alto, we were using the Cisco ASA platform. When it was through with its lifecycle, we switched. Seeing the next-generation firewall competition in the market, Cisco definitely has a larger portfolio, but it is not as competitive in the security domain. Solutions from Palo Alto and Fortinet are better in this space.

How was the initial setup?

It is easy to install and we did not find the initial setup complex at all. The basic firewall can be set up, and then it takes a little time for the hardening. In total, the deployment can usually be completed within two or three hours.

What's my experience with pricing, setup cost, and licensing?

The pricing is competitive in the market.

What other advice do I have?

Palo Alto NG is definitely a firewall that I recommend for the right size of deployment.

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Kamlesh Ridhorkar - PeerSpot reviewer
Sr. Solution Architect at a tech vendor with 501-1,000 employees
Reseller
Top 20
Good interface and dashboards with excellent application visibility
Pros and Cons
  • "The interface and dashboards are good."
  • "The pricing could be improved upon."

What is most valuable?

The solution has many great features. I don't know if there's one single one that stands above and beyond everything, however.

The application visibility is excellent. There is no other solution that does it quite as well. Palo Alto definitely has an edge in that sense.

The ability of the security features to adapt is also very good. They offer great DNS protection.

They include everything from a network point of view and a security perspective. For the most part, the endpoints are great.

The interface and dashboards are good.

What needs improvement?

The GSW needs some improvements right now.

The endpoints could use improvement. The solution is mostly a cloud solution now, and there are a lot of competing solutions that are playing in the space and may be doing things a bit better.

The pricing could be improved upon.

For how long have I used the solution?

We've been dealing with the solution for the last four or five years at least.

What do I think about the stability of the solution?

The stability of the solution is good. It's quite reliable. I haven't experienced bugs or glitches that affect its performance. It doesn't crash.

What do I think about the scalability of the solution?

If you size everything appropriately, you shouldn't have any issues with scaling. It's quite good. Users can scale it up if they need to.

How are customer service and technical support?

I'd say that technical support is excellent. They are very helpful. We've quite satisfied with the level of support we got from the company.

Which solution did I use previously and why did I switch?

I've never dealt with Huawei, however, our company has worked with Cisco, Dell, and HP among other solutions.

What's my experience with pricing, setup cost, and licensing?

The pricing of the solution is quite high. It's too expensive, considering there's so much competition in the space.

There aren't extra costs on top of the standard licensing policy. Still, Palo Alto seems to be adding some premium costs that competitors just don't have.

What other advice do I have?

While we mainly deal with on-premises deployment models, occasionally we also do hybrid deployments.

We're not a customer. We're a systems integrator. We're a reseller. We sell solutions to our clients.

Palo Alto is very good at policymaking. It's like they have a single policy that you can use. Other solutions don't have single policy use, which means you have to configure everything. There may be many consoles or many tasks that you'll have to worry about other solutions. Multiple task configuration should not be there, and yet, for many companies, it is. This isn't the case with Palo Alto. Palo Alto is easy compared to Fortinet. 

It's overall a very solid solution. I would rate it nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: reseller
PeerSpot user
President at MT-Data
Real User
Awesome stability, great firewall capabilities, and a rather straightforward initial setup
Pros and Cons
  • "The solution allows us to set parameters on where our users can go. We can block certain sites or ads if we want to."
  • "We're working with the entry-level appliances, so I don't know what the higher-end ones are like, however, on the entry-level models I would say commit speeds need to be improved."

What is our primary use case?

We primarily use the solution for the firewalls. We're also using the next-gen features to shape what's going on. For example, to figure out what is allowed out and what isn't allowed out on a layer-7 application-aware firewall. We can block based on the application, as opposed to port access.

How has it helped my organization?

The solution helped us stop being policemen to our users. We don't have to run around telling people they can't do certain things. We can just not allow it and walk away from it. We're not out there seeing who is doing what, we just don't allow the what.

What is most valuable?

The solution allows us to set parameters on where our users can go. We can block certain sites or ads if we want to.

The firewall capabilities are very good.

What needs improvement?

We're working with the entry-level appliances, so I don't know what the higher-end ones are like, however, on the entry-level models I would say commit speeds need to be improved. 

The appliances I'm working on are relatively old now. We're talking five-year old hardware. That slow commit speed might be addressed with just the newer hardware. However, even though it is slow, the speed at which they do their job is very acceptable. The throughput even from a five-year-old appliance shocks me sometimes.

Currently, if I make changes on the firewall and I want to commit changes, that can take two or three minutes to commit those changes. It doesn't happen instantly.

The solution doesn't offer spam filtering. I don't know whether it's part of their plan to add something of that aspect in or not. I can always get spam filtering someplace else. It's not a deal-breaker for me. A lot of appliances do that, and there are just appliances that handle nothing but spam. 

For how long have I used the solution?

I've been using the solution for five years.

What do I think about the stability of the solution?

The stability is awesome. I haven't had any issues with the solution stability-wise. I've got the same firewalls that have been out there for five years and they work great.

What do I think about the scalability of the solution?

I don't work with enterprise-class products. I'm not in that environment. However, so as far as I know, Palo Alto has products that will go that large. Panorama may be able to scale quite well. You can manage all your appliances out of it. They are a very popular license.

Their GlobalProtect license is very much like Cisco's AnyConnect. It does the endpoint security checks. It makes sure they've got the latest patches on and the antivirus running and they've got the latest antivirus definitions and whatnot installed before they allow the VPN connection to happen. It's quite nice.

How are customer service and technical support?

Their support is very good. I've never had any issues with their support. I would say that we've been satisfied with their level of service. 

Occasionally there may be a bit of a language issue based on where their support is located.

How was the initial setup?

The initial setup is pretty typical. It's like any firewall. As long as you've worked with next-gen firewalls, it's just a matter of getting your head around the interface. It's the same sort of thing from one firewall to the other. It's just a matter of learning how Palo Alto does stuff. Palo Alto as a system, for me, makes a whole lot of sense in the way that they treat things. It makes sense and is easy to figure out. That's unlike, for example, the Cisco firewalls that seem to do everything backwards and in a complicated way to me. 

I haven't worked with enough Cisco due to the fact I don't really like the way they work. That isn't to say that Cisco firewalls are bad or anything. It's just that they don't operate the way I think. That might have changed since they acquired FireEye which they bought a couple of years back.

What's my experience with pricing, setup cost, and licensing?

I know the solution is not inexpensive. It depends on what you ultimately sign up for or whether you just want the warranty on the hardware. 

What other advice do I have?

I'm not really a customer. I'm like a consultant. I'm an introduction expert. If I think a client needs a certain technology I point them in the direction of whoever sells it. I do go in and configure it, so I do have experience actually using the product.

When I'm looking for something, I just find someone that sells Palo Alto and I redirect the client towards them. I'm not interested in being in a hardware vendor. There's no money in it. There's so much competition out there with people selling hardware. It doesn't matter where the client gets it from.

We tend to use the 200-series models of the solution.

I'd rate the solution eight out of ten. They do a very good job. The product works well.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Information Security Specialist at UAEU
Real User
Great firewalling protection up to the application level; easily configured with good reporting
Pros and Cons
  • "Provision of quality training material and the reporting is very good."
  • "Need improvement with their logs, especially the command line interface."

What is our primary use case?

We are basically using a double protection layer in which we take care of all our DMV, VPN, tunnels, and internal network. We are basically using it for application based configuration  controlling our traffic on applications with layers four to seven. We are customers of Palo Alto and I'm an information security specialist. 

What is most valuable?

I like the training material they provide and the reporting is very good. The solution is very easy to configure, and very easy to understand and explain. Compared to firewalls offered by their competitors, I find it easier to use and more thorough. The most important thing the solution provides is, of course, the firewalling up to the application level.

What needs improvement?

There could be improvement with their logs, especially their CLI. When you go to the command line to understand the command line interface it's tricky and requires a deep understanding of the product. We recently faced one issue where the server side configuration changed and it wasn't replicated at the firewall. It required us to tweak things and now it is working fine. Finally, the HIPS and audio call features could be improved. 

For how long have I used the solution?

I've been using this solution for two years. 

What do I think about the stability of the solution?

In the past two years I haven't had any issues with the stability. That applies to the hardware, software, upgrades, updates, new feeds. I haven't faced any big issue, you can say that. 

What do I think about the scalability of the solution?

We are using their big boxes, like the 7,000 series. So it's already at that level. We're already using 120 GB, like three 40 gigs and it's working fine for us. You can scale as you wish.
We have over 10,000 people using the service through this firewall. It's working 24/7 and it's been that way for the past two and a half years. 

How was the initial setup?

The initial setup is not complex. It took us 15 to 20 days because we were migrating from the other firewall. The strategy was to take the backup and simultaneously create a leg and transfer to that. The first time we deployed, we used the integrator recommended by the vendor. That worked very well. Our team worked with the integrator. We planned everything and they supervised us. 

We currently have four people helping with maintenance. They are security admins and their job is with the firewalls, like configuring and maintaining and upgrading all those things. 

Which other solutions did I evaluate?

Yes, we evaluated other options. Cisco was there, as was FortiGate. We were using Juniper at that time, and then Palo Alto came into picture. We carried out a comparison of pricing, support, features, etc. and then we made our choice. It was really the next generation features and application level security that were key to our decision. 

What other advice do I have?

The advice I can give is that this is a good solution: Easy to deploy, easy to manage, easy to understand, reporting is very good, and it will give you the full picture up to the layer seven. Their VPN service is very good. 

The good thing is that whenever you need to train anyone on these devices, it's very easy to explain. Previous firewalls I've used, required a lot more work before you could configure. This isn't like that, it takes maybe 30 minutes and it's done. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Shrihari Taluri - PeerSpot reviewer
Senior Network Security Engineer at Locuz Enterprise Solutions Ltd
Real User
Good IPS/IDS capability and good technical support, but more OTP features are needed

What is our primary use case?

We are using this firewall for security purposes.

What is most valuable?

The most valuable features are the IPS/IDS subscriptions.

The user interface is fine.

What needs improvement?

In the future, I would like to see more OTP features.

The price of this product should be reduced.

For how long have I used the solution?

We have been using the Palo Alto Next-Generation Firewall for more than two years.

What do I think about the stability of the solution?

In terms of stability, we have had a very good experience with this product. I would say that it is excellent.

What do I think about the scalability of the solution?

Scalability has not been an issue. It's good.

How are customer service and technical support?

The technical support from Palo Alto is good.

How was the initial setup?

I was not present for the initial setup and deployment. Prior to that, I was not part of the planning.

What other advice do I have?

My experience with Palo Alto is good and I definitely recommend this product. That said, there is always room for improvement.

I would rate this solution a seven out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Mike Hancock - PeerSpot reviewer
Vice President, Security Engineering at a financial services firm with 1,001-5,000 employees
Real User
Provides us with Zero Trust segmentation and an easy-to-use centralized control

What is our primary use case?

We use this solution for Zero Trust Data Center Segmentation with layer 2 Palo Alto firewalls. Segmentation has allowed us to put servers into Zones based off VLAN tags applied at the Nutanix level and can change "personalities" with the change of a VLAN tag. Palo Alto calls the "Layer 2 rewrite". By default, all traffic runs through a pair of 5000 series PAs and nothing is trusted. All North and South, East and West traffic is untrusted. No traffic is passed unless it matched a rule in the firewalls. There is a lot of upfront work to get this solution to work but once implemented adds/moves/changes are easy.

How has it helped my organization?

This solution not only provides better security than flat VLAN segments but allows easy movement throughout the lifecycle of the server.

What is most valuable?

The most valuable feature is the ease of use of the central Panorama to control all firewalls as one unit for baseline rules and then treat each firewall separately when needed.

What needs improvement?

I wish that the Palos had better system logging for the hardware itself.

For how long have I used the solution?

We have been using this solution for four years.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Mahmoud Salaheldin - PeerSpot reviewer
Security Unit Manager at EEMC
Real User
Protects your network against attacks and threats and enables you to know what's going on in your network from security perspective
Pros and Cons
  • "The initial setup was very easy."
  • "The advanced manual protection needs to be improved a little bit because they used to make a cloud manual analysis for the cloud."

What is our primary use case?

Upstream and data center NGFW.

How has it helped my organization?

Security, visibility and control, you can secure your environment from many types of attacks such as virus, malware, DoS attacks, intrusions, bad URLs, bad domains with basic DNS security which it an awesome feature.Visibility, that you will be aware of the is going on inside your network, such as malicious activities, decrypt the encrypted packets, as well as policy audit review.

This solution has really helped the technical engineers to deliver the implementation faster than the before.

What is most valuable?

All of the features are good. The new release of the new basic platform provides you with a huge number of features, such as policy review, DNS security, Machine learning, Network traffic profiling, Bare metal analysis

What needs improvement?

(Malware) On-prime scanning should be considered.

Endpoint management (traps) better to be on-prime than cloud.

QoS, It should be more sophisticated than it is now.

TAC support should cover meddle east area by Arabic support, such as in France, Germany, Italy and Japanese.



For how long have I used the solution?

I have been using the solution for more than nine years.

What do I think about the stability of the solution?

I like the stability of the solution. From a stability perspective, all of them are stable. Sometimes Cisco's older versions, maybe from two years ago, were not as stable. Now, Cisco has improved its firewall and security products.

What do I think about the scalability of the solution?

In terms of scalability, no security products are scalable to upgrade. Not ever. While assuming you are dealing with scalability, you have room to increase or to have room to expand, but actually, you don't because there is limited support. Even if you bring in the highest model, it's still limited.

How are customer service and technical support?

Their support is very limited. It's limited compared to the competitors. They need multi-language support. Now, they provide support in English only. 

If anyone in the Middle East opens a ticket, they have to do it in Arabic but they get support in English, not in Arabic. The communication between the technical people or the campus sites to the vendors now is in English.

How was the initial setup?

The initial setup was very easy. All the initial setups have become very easy. Before, the setup used to take a week to implement a firewall. Now it's a couple of minutes or one day maximum for fine-tuning. To fine-tune the firewall it can take one day, two days if you are junior. In terms of how many people you will need to deploy the solution, it depends because the firewall is not a straightforward technology like any security program. 

What about the implementation team?

We used on-site security advisors.

What was our ROI?

7 years

What's my experience with pricing, setup cost, and licensing?

In terms of pricing, every model has a license. For example a small model, the license around 1,000 USD. The next one around 2,000 USD. The next range is 11,000 USD to 13,000 USD. It's expensive compared to PaloAlto competitors.

Which other solutions did I evaluate?

Yes, was fortinet

What other advice do I have?

Palo Alto's firewall protects your network against attacks, threats, and many other things. Networking can be more advanced. You can upgrade the edition of Palo Alto. There's competition between Palo Alto and Fortinet firewalls. Most IT security people don't know which to pick. For a basic firewall, I recommend Fortinet because it has two or three basic firewalls. I personally need a data center firewall. Datacenter firewalls I would recommend FortiGate because of the support. It provides a high level of support.

The latest Palo Alto release has many new features. It can provide you with audits, and policy auditing for a policy review. This allows you to know what's going on inside the network from a quality perspective because sometimes you can create new policies - up to one million policies. You can choose policies, and sometimes you get something by mistake. It provides you with an ability to view or do a policy review or policy audit. This is a major feature. It's a very important feature because before it was impossible to bring the visibility to the policy audits to let me know what's going on inside my policies. Now Palo Alto has provided this feature. 

In terms of advice I'd give to someone considering this solution, I'd say they should read more before going to the implementation phase. They have to read the administrative guides, and product guides before going to implementation. They have to check the platform because different versions of the platform have some new features. The technical people have to review before going to implement it because sometimes they don't need to upgrade this platform or this version. It is not a stable version. You have to read more before going to do the implementation. Ask an advisor, the vendors or call Palo Alto. You can call them, they have great coverage in any country in the world. You can ask the technical engineers what is the best design, their recommended design.

I would rate this solution an eight out of 10. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Jonny Su - PeerSpot reviewer
IS&S Europe and Global Infrastructure Manager at a manufacturing company with 10,001+ employees
Real User
Great at threat prevention and has good policy-based routing features
Pros and Cons
  • "The most valuable features are the threat prevention and policy-based routing features."
  • "I think they need to have a proper hardware version for a smaller enterprise. We had to go to a very high-end version which is very expensive. If we chose the lower-end version, it would not meet our goals. A middle-end is missing in its portfolio."

What is our primary use case?

We use this solution as a firewall. We use it for VPN setup, threat protection, and for internet breakout also. We actually deploy several different versions. We have a TA200, a PA820, and a PA3200 series.

What is most valuable?

The most valuable features are the threat prevention and policy-based routing features. 

What needs improvement?

I think they need to have a proper hardware version for a smaller enterprise. We had to go to a very high-end version which is very expensive. If we chose the lower-end version, it would not meet our goals. A middle-end is missing in its portfolio.

For example, there's the PA820 and the PA220, but there's nothing between. So they are really missing some kind of small-size or medium-size usage. Right now, you have to choose either a big one or you have a very small one, which is not really good.

In the next release, it would be helpful if there was some kind of a visualized feature that showed the traffic flow, or something like that, to be able to simulate. When we define something if we could see a simulation of how the flow will be treated that would be great. Because today everything is done by experts by checking logs, but it's very time-consuming. If there's also a simulator to use when you apply some configuration, you can also apply on the simulator, to copy the configuration. So, you can see maybe to generate some traffic and to see how it will be treated. That will be very good.

For how long have I used the solution?

I have been using this solution for five years.

What do I think about the stability of the solution?

The solution is pretty stable. Once you have it configured, normally it shouldn't have any issues. It does sometimes impact the metric flow, but that's natural because it filters everything going through, so it slows down the speed.

What do I think about the scalability of the solution?

I don't think that product is really scalable. You have to either replace it with a higher version or use what you have. I think that's the only way. You cannot add something to increase its capacity, so you have to replace the current equipment to a new version or a new, higher version.

How are customer service and technical support?

For technical support, we have a contract with some local suppliers. It depends on our partner, so it's probably different from location to location, but as long as they are certified with Palo Alto, normally they should have a one or two experts in their organization. So you just need to find a good person to work with.

Which solution did I use previously and why did I switch?

We did previously have a different kind of a firewall. We used Check Point before. We also used NetScreen and Cisco. But in the end, we defined our standard and now use Palo Alto.

How was the initial setup?

Firewalls are never easy. You have to have very good network expertise to set it up, so it's not about the product being easy to use or not. It's because of the nature of the firewall. You have to understand how it works, how it should be set up, and to understand your data flows and things like that. 

I'm not really the person who does the hands-on setup and integration. I'm the guy who monitors the global deployment. I'm in charge of defining the standard, to deploy the standard to the site, but there's an operational team to do the final installation, configuration, and those types of things.

On the one side, it will take maybe two or three days to enable the firewall, but if you are talking about the global deployment, that depends on the budget, and the resources that will take different time periods to deploy worldwide, so we are still not finished for all the locations. So we are still doing it.

Globally we have around 100 locations. We have two major network engineers who manage the firewall, but to deploy it you also need a local IT because they have to physically be on site. And the two experts remotely control the equipment, configuration, and upgrades, etc. So it's very hard to say how many people you need. It depends on your company size and where your locations are based. For us, we have two dedicated people, but we also have the local IT when we need them to physically help in the integration. 

What about the implementation team?

We do use external partners for the setup. We use also our internal teams as well.

What's my experience with pricing, setup cost, and licensing?

It's a bit pricey.

What other advice do I have?

Once you install it, you use it every day. You can't stop because it's a security feature and a precaution. Also, we are using it to do some local breakouts, so we use utilize the local internet to carry some business traffic, to ensure there's no interruption. You have to let it run 24/7.

I would suggest you be careful when choosing your model. Consider your bandwidth as well as how you want to run the local area network because the throughput of the firewall has to be well designed.

I would rate this solution a nine out of10.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Head of Information Network Security at FRA
Real User
Enables us to differentiate between Oracle and SQL traffic but it could use more reporting tools
Pros and Cons
  • "We have found the application control to be the most valuable feature. Also, Layer 7, because all other products are working up to the maximum capacity. But Palo Alto is benefiting us, especially in application control management. We are able to differentiate between Oracle traffic and SQL traffic."
  • "The solution needs some management tool enhancements. It could also use more reporting tools."

What is our primary use case?

We use the firewall for securing the data center. We have designed it to be a two-stage firewall. We have a perimeter firewall which is not Palo Alto, and then the Palo Alto firewall which is acting as a data center firewall. We are securing our internal network, so we have created different security zones. And we assign each zone a particular task.

What is most valuable?

We have found the application control to be the most valuable feature. Also, Layer 7, because all other products are working up to the maximum capacity. But Palo Alto is benefiting us, especially in application control management. We are able to differentiate between Oracle traffic and SQL traffic.

What needs improvement?

The solution needs some management tool enhancements. It could also use more reporting tools. And if the solution could enhance the VPN capabilities, that would be good.

For how long have I used the solution?

I have been working with this solution for four to five years now.

What do I think about the stability of the solution?

The solution is very stable, but I think the local providers have no sufficient products. We are looking for more support. 

What do I think about the scalability of the solution?

The solution is very scalable. We are trying to increase usage. We are planning already to increase our internet center. We are planning to extend our users to around 1,500. Currently, we have about 700 users.

How are customer service and technical support?

The local consultant support needs some improvement. External support is sufficient for us.

How was the initial setup?

The initial setup was easy for us to implement.

What about the implementation team?

We used a consultant for the deployment portion.

What other advice do I have?

I would rate this solution 7 out of 10.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Kumar_Rajesh - PeerSpot reviewer
Vice President & Head Technology Transition at a tech services company with 10,001+ employees
Consultant
The solution is generally stable, and easily scalable
Pros and Cons
  • "The solution is scalable"
  • "The support could be improved."

What is our primary use case?

We have multiple IPS applications, and other multiple use cases.

What is most valuable?

We are using pretty much all of the features. This is deployed in our parameter and pretty much provides for different functionalities, for all incoming traffic and outgoing traffic.

What needs improvement?

The support could be improved.

The next release could use more configuration monitoring on this one, and additional features on auditing.

For how long have I used the solution?

I've been using the solution for three years.

What do I think about the stability of the solution?

The solution is generally stable. There are no issues. We have forty-thousand users.

What do I think about the scalability of the solution?

The solution is scalable, yes. We don't plan on increasing usage.

How are customer service and technical support?

We are being provided with decent support but some of the RCS, some of the issues can be resolved much faster.

Which solution did I use previously and why did I switch?

We were using Check Point. We switched because of certain features: entire equity, ideas, application visibility, single interfacing, etc.

How was the initial setup?

The initial setup was complex. We're in the process of replacing it in seventy or so locations, and setup is still ongoing, but going well. It was complex because of the multiple zones that we had to create. We had multiple interfaces so there are multiple complexities that we had to address. We don't require extra staff to maintain the solution.

What about the implementation team?

We implemented through a system integrator.

What was our ROI?

We have seen a return on investment. 

I don't have data points, but some of the use cases that we have already delivered to the organization have shown that a lot of threats have been identified and has been blocked. I don't know how you can quantify that. At the same time, the effort was significantly reduced on the deployment of new routes based on this.

What's my experience with pricing, setup cost, and licensing?

I think, if you compare, they're a little costly next to Cisco of Check Point, but they offer a lot of other additional features to look at. The licensing is annual, and there aren't any additional fees on top of that.

Which other solutions did I evaluate?

We actually did not but we were using two or three other products already, so we had a good idea of what to expect.

What other advice do I have?

I'd say the blueprint of the implementation needs to be ready before you start the implementation of the product. The product is generally stable and the team provides a good presence on it, but at the end, if you're putting it in the mission-critical data center, the planning needs to be extensive.

I would rate this solution an eight and a half out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
IT Manager at a tech services company with 51-200 employees
Real User
I found it more intuitive compared to other products. Scalability is a big problem if you don't plan in advance for network traffic usage
Pros and Cons
  • "I found Palo Alto NG firewalls more intuitive compared to other products. I value the capability to identify a cloud solution."
  • "The scalability compared to other products is not good. You need to change the box whenever you want your number of connection sessions to increase."

What is our primary use case?

Our solution is now based on clustering and load balancing. We can add more nodes to our environment to accommodate the new load within our company.

We have about 2,000 to 2,300 users on Palo Alto NG firewall support.

Palo Alto has a line of products for different customers. If you do the sizing it from the beginning, considering that you are a growing company, it is fine.

You need to plan for the future, which means that you have to pay in advance through investment. With Palo Alto NG Firewalls, the cost will be higher.

How has it helped my organization?

We would like to have the processing power to be enhanced with every new CPU so that we are getting more cores. Palo Alto is incorporating this. 

We are requesting now a new firewall that will come in with higher power, i.e. the 5220.

What is most valuable?

I found Palo Alto NG firewalls more intuitive compared to other products. I value the capability to identify a cloud solution.

What needs improvement?

Palo Alto has a good product and end-user experience. It's great. They can maybe add more processing power to their hardware. That's it. 

Sometimes it's stuck and you need to restart it. They have been adding a lot of things, so we need to upgrade for the new features.

For how long have I used the solution?

I have been using Palo Alto firewalls for three years.

What do I think about the stability of the solution?

Palo Alto NG is a stable product as long as it's working. It does what it expected to do. But sometimes for some reason the hardware resources spike, so it stops responding. 

The only fix is to restart the firewall,i.e. a  hardware restart. This is one of the issues. It's not related to the software because of the troubleshooting that we did. 

It's about resource consumption. Some hardware and software issues Palo Alto needs to work on. They released their Palo Alto Operating System which enhanced their product suite.

What do I think about the scalability of the solution?

The scalability compared to other products is not good. You need to change the box whenever you want your number of connection sessions to increase. 

You can't just upgrade the parts with a software key or with adding additional hardware. You need to replace the entire box. It's not scalable. 

How are customer service and technical support?

The solution's technical support is responsive. They are good.

Which solution did I use previously and why did I switch?

We previously used a different solution that was Fortinet. I'm still using it. There's another area in the network where we use Fortinet.

How was the initial setup?

We shifted from Fortinet to Palo Alto. It's just mapping the network from the available firewall to another firewall. It wasn't complex. 

Between deployment and stabilization, the product was completed in two weeks, i.e. 10 working days.

What about the implementation team?

One of my team did the installation under my supervision.

What other advice do I have?

You have to do proper network design from the beginning. You have to look into future expansion. Otherwise, after a year, you have to replace the entire box.

On a scale from 1 to 10, I would rate this product a seven because the point of scalability within their product is a big issue. 

If you have to put a huge investment in front to accommodate future expansion, it is fine. 

It requires forecasting. If your forecast is not correct and you are not growing to that point, then all your investments will be a waste. 

If you're adding a block so that it can accommodate your user traffic demand, then that would be perfect. 

I buy one block at a time now. I can't buy two blocks at the same time. That's a waste of money with Palo Alto NG firewalls.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user1009449 - PeerSpot reviewer
CTO at a tech services company with 11-50 employees
Real User
Overall a good product

What is our primary use case?

I'm using many solutions. I'm working as a CTO for a big company here. I work with Palo Alto and Cisco.

How has it helped my organization?

I have to support many vendors. We are a system integrator.

What is most valuable?

Most features in Palo Alto are okay, but we have had some issues like publicity not working. Comments have some delay, but overall, it's a good product.

What needs improvement?

Palo Alto NG firewalls can be improved in support of finance and banking. We need better affiliations for profiling the user. 

The product has some delay in the maintenance. They have to find some solution to make updates quicker.

For how long have I used the solution?

I've been working with firewalls for 20 years. For next-generation firewalls, it's about four or five years.

What other advice do I have?

I would rate this product 8.5/10. It's very good.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Aleksandar Jovanovic - PeerSpot reviewer
System Engineer at E-smart systems
Real User
Top 20
Improved traffic visibility and management after replacing our open-source solution
Pros and Cons
  • "With our High availability pair, we have had no downtime for several years, since it was first put it in production."
  • "When you delete and add a new rule, because of the one hundred rule limit, if the new rule has an ID that is greater than one hundred, even though you have fewer than that, it will not work."

What is our primary use case?

We use this solution for WAN routing, NAT, VPN tunnels, granular security policies, URL filtering, antivirus, threat prevention, sandboxing, decryption, high availability, and reporting.

How has it helped my organization?

Palo Alto has improved traffic visibility, and the ability to manage it. With Palo Alto, we have more flexibility and our network is more secure. With our High availability pair, we have had no downtime for several years, since it was first put it in production. We have even changed boxes for new models during this time.

What is most valuable?

Palo Alto is easy to use, feature-rich, and it has good technical support. You can fetch users, so you have visibility by username, IP address, destination, application, and you can even define a custom application.

In the GUI, you can easily find blocked traffic and the reason for it.

What needs improvement?

The only thing that is a little strange is in Policy-Based Forwarding. When you delete and add a new rule, because of the one hundred rule limit, if the new rule has an ID that is greater than one hundred, even though you have fewer than that, it will not work. The same thing happens when you are renaming a rule. The new rule will have a new ID, so it is possible for it to be greater than one hundred. This can be easily fixed by using one command from CLI, but you have to be aware of it.

For how long have I used the solution?

Six years.

How are customer service and technical support?

The technical support for this solution is good.

Which solution did I use previously and why did I switch?

Our previous solution was open source, and not so easy to manage. We had a Linux Iptables firewall, Squid + DansGuardian proxy, and an OpenVPN server. We replaced all of these solutions with Palo Alto.

What's my experience with pricing, setup cost, and licensing?

If you have some network experience then you can set it up on your own, with no setup costs. Don't buy a device with more power than you really need, because licensing depends on the cost of the box you have.

Which other solutions did I evaluate?

We evaluated Sophos, SonicWall, and Fortinet.

What other advice do I have?

PA is a product that continuously improves, so, I have nothing to add in terms of features.

My advice is not to look for a cheaper solution, as the price/performance ratio on Palo Alto is great.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Jean Maurice  Prosper - PeerSpot reviewer
Chief Executive Officer at a tech services company with 11-50 employees
Real User
Provides a high level of security and the app ID is very good
Pros and Cons
  • "The solution is very stable."
  • "Generating reports is not so easy."

What is our primary use case?

I primarily use this solution for the core banking network. It's for core security. So it's to protect against intrusion, to protect against any kind of cyber attack that can happen to it. It protects our core infrastructure.

How has it helped my organization?

Mostly it's improved the security side. There was no security before, and we were looking for a solution that could give us the exact capacity to do all the configurations that we need, while also providing a high level of security. 

What is most valuable?

The app ID is very good.

What needs improvement?

The support needs improvement. Also, better reporting of errors would be good.

For how long have I used the solution?

I've been using the solutions for over 10 years.

What do I think about the stability of the solution?

The solution is very stable.

What do I think about the scalability of the solution?

The scalability is not so good. Because if you want to upgrade, you have to change the service completely. We have about 2000 users.

How are customer service and technical support?

It's a long wait time, although sometimes it's been quicker to get them. Occasionally, the type of answers provided are not so great.

Which solution did I use previously and why did I switch?

We used to use Check Point, but we switched. It's because we found Palo Alto is better. Check Point is much slower, more expensive.

How was the initial setup?

The initial setup was straightforward for us. We are technology oriented, so for us, it was straightforward. No complexities. For deployment, we needed about 5 people. Maintenance is only three people. Three engineers are looking after the books.

What about the implementation team?

We did the implementation ourselves.

What's my experience with pricing, setup cost, and licensing?

I would advise anyone to go ahead and understand exactly what they need. It's not because Palo Alto's cost is a little less. Depending on use, it's expensive. So they should understand the requirements first, before going with Palo Alto.

Which other solutions did I evaluate?

We previously had Check Point and eventually compared it with the Palo Alto screening, which proved that Palo Alto was the best. It was not a difficult choice.

What other advice do I have?

I would rate this solution 8 out of 10. Generating reports is not so easy. I think with support, for everyone, and for all the bank company workers, they can do that a bit better. Then maybe I would rate them higher.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
EmreBektas - PeerSpot reviewer
Senior Technical Consultant at Exclusive GRP
Real User
Valuable accessibility, antivirus, and stability features with a simple implementation
Pros and Cons
  • "The basic configuration will only take 15 minutes to set up"
  • "Customers don't want to buy extra things for extra capabilities"

What is our primary use case?

We're customer facing; each customer uses it for a different purpose. Some use NG Firewalls for IPS capability, some for application capabilities, these kinds of things.

What is most valuable?

The accessibility, antivirus, and stability features are the most valuable. It's so stable, the customer can use the decryption features without impacting performance.

What needs improvement?

Most customers ask about the choice of features. It's limited. It's not arranged well for users. Also, customers don't want to buy extra things for extra capabilities. I would like to implement individual profiles for each user. Capability, in general, is limited.

For how long have I used the solution?

I've been using the solutions for 2 years.

What do I think about the stability of the solution?

It's a very stable solution.

How are customer service and technical support?

I am the customer's technical support. If a customer has issues, they would call me.

How was the initial setup?

The initial setup was basic. It was very simple. The basic configuration will only take 15 minutes. Anyone can set it up. If a person has worked with a firewall before, they can do it themselves. You only need one person for deployment.

What's my experience with pricing, setup cost, and licensing?

Licensing is on a three year basis. Customers prefer one to three years. Licencing is pretty expensive. Check Point is cheaper than Palo Alto. There's also an international license. If a customer wants to control different things, they will need an extra license. 

What other advice do I have?

I've helped customers using Fortinet and Check Point. They are compromised. Their firewall is not stable. But for some features, for example, encryption, they want to use this feature, but the firewall feature isn't great. With Palo Alto, there isn't any problem, you can open any feature - IPS feature, data encryption feature - there isn't an issue.

Implementation is simple, the product is stable, but I advise if people get the firewall I strongly recommend the use of the API features. They may not be accustomed to using a next-generation firewall. If they want to use NG Firewalls, they need to use and implement the API features. They need to create uses based on the application.

My understanding is Version 9 will introduce some logic features.

I would rate this solution 9 out of 10.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Sales Engineer at a wholesaler/distributor with 51-200 employees
Real User
Good configuration capabilities, easy scaling abilities, and good functionality
Pros and Cons
  • "Good functionality and features."
  • "Could also use better customer support."

What is our primary use case?

I use the solution for firewalls.

What is most valuable?

I find the configuration the most valuable.

What needs improvement?

The support in our country can be slow sometimes. It's a slow website. It could also use better customer support.

For how long have I used the solution?

I have been using this solution for 1.5 years.

What do I think about the stability of the solution?

The solution's stability is normal.

What do I think about the scalability of the solution?

My impression of the scalability is that it is easy.

How are customer service and technical support?

I contacted technical support a lot of times. Most of the time, they were pretty good, but sometimes technical support couldn't resolve the issue, and they don't know what to do.

How was the initial setup?

The setup of the firewalls has medium difficulty. On one configuration it was easy, and on another one it was hard. Sometimes it's normal to configure sometimes it's more complex. You only need one person, maybe two, for deployment at a company.

What about the implementation team?

I did the implementation myself.

What's my experience with pricing, setup cost, and licensing?

At our company, we sell the solution for another vendor, and they sell to another vendor. So our pricing is more expensive than other vendors. 

Which other solutions did I evaluate?

I didn't look at any other vendors.

What other advice do I have?

The functionality is good and so are the features. In terms of implementing the solution, I wish it was better. I would rate the solution 8 out of 10, mostly due to the technical issues I've experienced.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
PeerSpot user
Denis L - PeerSpot reviewer
Sales Solutions Engineer at a tech services company with 201-500 employees
Reseller
Enables us to evaluate traffic in the customer environment by providing detailed reporting on the traffic and applications
Pros and Cons
  • "One of the best firewalls on the market."
  • "The user interface is a bit clumsy and not very user-friendly."

What is our primary use case?

The primary use for this product is for security as a firewall by a sales engineer for the guest environment.

How has it helped my organization?

It allowed us to evaluate traffic in the customer environment by providing detailed reporting on the traffic and applications.

What is most valuable?

The WildFire feature is one of the best features in this firewall. WildFire extends the capabilities of Palo Alto firewalls to block malware. The best feature for the reseller is Service Lifecycle Reviewer, SLR. You deploy Palo Alto Network Firewall to the customer environment and it collects data about customer environment, customer traffic. After a week, Palo Alto generates a report to review the traffic. The report tells what applications were touched and how users used these applications in the environment, as well as additional details. So for resellers, you just go to the customer, deploy the Palo Alto in the basic mode so the customer doesn't need to customize anything in their environment because Palo Alto works to meter traffic out of the box.

Of course, the reports register app ID, user ID, the space of the app IDs, the database of these app IDs and other common data. It is a great feature in the Palo Alto product.

What needs improvement?

The manufacturer can improve the product by improving the configuration. Some of the menus are difficult to navigate when trying to find particular features. It is not entirely intuitive or convenient. You might need to configure a feature in one menu and next you need to go to another tab and configure another part of the feature in another tab. It's not very user-friendly in that way. On the other hand, it's still more user-friendly than using the console. But this is certainly one feature they can improve.

What do I think about the stability of the solution?

It's a great firewall, really one of the best in the market. It is one of few firewalls that can claim to be better than Cisco. It functions well, is very stable, and its reputation is known in the market.

What do I think about the scalability of the solution?

I think that the product is very customizable. If you don't need to protect a lot of assets, you can buy a small firewall at a low price for small needs, but if you need you can buy a bigger solution with more features. Scalability is very easy with Palo Alto Networks.

Which solution did I use previously and why did I switch?

Actually, I have moved away from using this product because of changes in duties.

How was the initial setup?

Installation is really very straightforward. You just need to plug it in and connect to the environment and that's all. Deployment time depends on the size of the environment and customer needs. Some customers just need two or three policies and that's all. But some customers need more policies designed to cover the needs of specific departments. So deployment depends on the size of your environment. If it's a small company, it's not very hard to deploy the main features of Palo Alto, it may take an hour but not more than a day. It depends on the customer needs and size of the environment.

What about the implementation team?

I work as the system integrator, so I install instances of Palo Alto myself. It was the first security product that I learned to work with.

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
PeerSpot user
reviewer1132443 - PeerSpot reviewer
User at a computer software company with 201-500 employees
Real User
Country blocking, URL filtering, reporting, and visibility help to enforce our acceptable use policies
Pros and Cons
  • "One of the things I really like about it is that we have the same features and functions available on the entry-level device (PA-220), as do large corporations with much more costly appliances."
  • "The initial configuration is complicated to set up."

What is our primary use case?

I use the PA-220 to protect the LAN at my small-ish (about twenty people) office. We have several remote users who use the GlobalProtect VPN. As we move into a data center for hosting, I'll buy a second PA-220 to set up a site-to-site VPN. We also have a VM-50 for internal testing and lab use. 

How has it helped my organization?

I'm writing this review because it's a great product and I think it's ranked much too low on the review ratings. One of the things I really like about it is that we have the same features and functions available on the entry-level device (PA-220), as do large corporations with much more costly appliances.

With all the bells and whistles turned on, I can block access to websites based on their location (country), content, or other criteria. The reporting is really useful and shows me the most frequently used applications, and provides me with great visibility as to what my network users are doing on the internet. With this firewall in place, I can finally enforce the variety of acceptable use policies which have existed only on paper. 

What is most valuable?

The most valuable features are blocking traffic by country, and URL filtering to improve policy compliance and our overall cybersecurity posture. The ad blocker is also pretty handy. Moreover, the VPN client has turned out to be more useful than I initially thought, and the users love the 'one-click' connect. 

What needs improvement?

The initial configuration is complicated to set up. You really have to know what you're doing. I attribute that to all of the features and functions that are built into the product. Luckily, Palo Alto has a great support site and you can find contractors who are knowledgeable in the technology.

For how long have I used the solution?

One year.

How are customer service and technical support?

Technical support for this solution is great.

Which solution did I use previously and why did I switch?

Previously we used a pfSense firewall. I was very unhappy with it, as it had a limited feature set and was not intuitive to configure. 

How was the initial setup?

The initial setup is complex, due to all the features offered. You really have to know what you're doing.

What about the implementation team?

Implemented through a vendor who was knowledgeable with the product. It took at least a few months of tweaking before we got the firewall to the point it's currently at. 

What's my experience with pricing, setup cost, and licensing?

It will be worth your time to hire a contractor to set it up and configure it for you, especially if you are not very knowledgeable with PA firewalls. 

Which other solutions did I evaluate?

We looked at Cisco Meraki, but I wasn't really all that happy with it. 

What other advice do I have?

I've used it and I'm very happy. Frankly, I think this site under-rates the technology, as it should be in at least the top three.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Rakesh Rawat - PeerSpot reviewer
Network Engineer at Acliv Technologies Pvt Ltd
Real User
Secures and deeply analyzes connections
Pros and Cons
  • "The most valuable feature is the ability to deeply analyze the connection or connection type."
  • "Overall it is good. It is reliable and easy to understand. However, the monitoring feature could be improved."

What is our primary use case?

We use this solution to block malicious or suspicious activity by creating policies that define which action should be blocked or allowed.

How has it helped my organization?

The firewall is a security device. We use this solution to create policies like ISPs for a specific purpose. We only allow the policies for a particular application, so this is a way for the firewall to secure an unwanted connection.

What is most valuable?

The most valuable feature is the ability to deeply analyze the connection or connection type.

What needs improvement?

Overall it is good. It is reliable and easy to understand. However, the monitoring feature could be improved.

They have many solutions already. I don't think I have seen any missing features. Every device has different functions, but as a firewall, this solution has a lot.

For how long have I used the solution?

I have been using this for three years.

What do I think about the stability of the solution?

Stability is good.

What do I think about the scalability of the solution?

There are no scalability issues to date.

We have about 2,500 users behind the firewall using this solution. I think we don't have any requirement to increase usage. Currently, we have around 2,500 users, but if this increases, we may need a new requirement.

We hired one or two people to maintain the solution.

How are customer service and technical support?

Technical support is good. Once you call up with your issue, it takes around one or two hours for them to contact and give you a solution accordingly.

Which solution did I use previously and why did I switch?

We were using Cisco ASA. We switched because of legal reasons and difficulty to understand. That's why they had decided to change to Firewall.

How was the initial setup?

It is very easy to use. It's straightforward, easy to understand, and easy to configure.

What about the implementation team?

Deployment time depends on your requirements. If you talk about the system requirements, it hardly takes up to 15 or 20 minutes for the configuration.

That said, it totally depends on your requirements: What kind of policy you require that supports what kind of block, etc.

The deployment time would change based on these requirements, but the system configuration: accessing the internet and creating policies hardly takes 20 minutes.

Deployment is configured by administrators, so if we have any kind of issue in policies or any confusion, we get tech support.

What's my experience with pricing, setup cost, and licensing?

Pricing is yearly, but it depends. You could pay on a yearly basis or every three years.

If you want to add a device or two, there would be an additional cost. Also, if you want to do an assessment or another similar add-on you have to pay accordingly for the additional service.

Which other solutions did I evaluate?

We also evaluated Check Point and Fortinet solutions.

What other advice do I have?

This solution is easy to understand, reliable, and user-friendly.

I would rate this solution as eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Partner & vCISO at a tech services company with 51-200 employees
Real User
It has better manageability and overall features than its competitors
Pros and Cons
  • "We standardized on the product and got rid of several other types of firewalls from different vendors."
  • "It is very scalable."
  • "I would like integration with Evident.io and RedLock."
  • "The data loss prevention (DLP) capabilities need to be beefed up."

What is our primary use case?

Firewall.

How has it helped my organization?

We standardized on the product and got rid of several other types of firewalls from different vendors.

What is most valuable?

The firewall has a lot of sub-capabilities underneath it.

What needs improvement?

I would like integration with Evident.io and RedLock.

The data loss prevention (DLP) capabilities need to be beefed up.

What do I think about the stability of the solution?

The stability is good.

What do I think about the scalability of the solution?

It is very scalable.

How are customer service and technical support?

We have had that many problems, so we haven't had to engage with their tech support.

Which solution did I use previously and why did I switch?

I was not pleased with my previous solutions.

We switched to Palo Alto for better manageability and overall features.

How was the initial setup?

The initial setup was pretty straightforward.

What about the implementation team?

We deployed in-house.

What's my experience with pricing, setup cost, and licensing?

Annually, the licensing costs are too much.

What other advice do I have?

I would certainly encourage someone to look into this solution.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer961413 - PeerSpot reviewer
IT Technician / Support
User
I like GlobalProtect, the URL filtering and the threat prevention, but the boot time should be improved on

What is our primary use case?

Finding a solution for easy management, where the company is protected in a matter where an unwanted software is blocked.

How has it helped my organization?

Functional and very futureproof but a bit hard to manage, and the worst thing is that it takes almost 20 mins to boot up, and to commit a config takes half that time.

What is most valuable?

  • GlobalProtect
  • URL filtering
  • Threat prevention. 

These features are great, but they have drawbacks and could be a bit better, flexible, and easy to manage since it takes the admin time to get them right. 

What needs improvement?

  • Boot time
  • Easy UI for the non-network specialists
  • Commit time
  • Virtualization
  • Credit to Palo Alto knowledgebase. 

For how long have I used the solution?

One to three years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Bachir Elsitt - PeerSpot reviewer
Network Security Engineer at Data Consult
Real User
Gives us visibility and protection for the entire network
Pros and Cons
  • "I like to install Palo Alto mainly on the data center side to have visibility into all VLANs. That gives full visibility into the core."
  • "I'm thinking about a new feature. They have decryption. It's a good idea to use decryption on Palo Alto. It would be good if they had offloading of the traffic, and if they could decrypt the traffic and offload it. Like, for example, ASM on our site. We have an SSL decryption to offload the traffic. We could use that on Palo Alto."

What is our primary use case?

I used Palo Alto firewalls for plenty of projects and have many use cases.

When working with App-ID, it is important to understand that each App-ID signature may have dependencies that are required to fully control an application. For example, with Facebook applications, the App‑ID Facebook‑base is required to access the Facebook website and to control other Facebook applications. For example, to configure the firewall to control Facebook email, you would have to allow the App-IDs Facebook-base and Facebook-mail.

How has it helped my organization?

I like to install Palo Alto mainly on the data center side to have visibility and protection into the network because we can configure the SVI (layer 3) on Palo Alto instead of the core switch.

It gives us full visibility and protection for the core of the network.

What is most valuable?

Visibility and Protection

It gives us good visibility into the network, and this is very important because it's the core of the network. All the packets go through the firewall.

MFA is a new feature in Palo Alto and it's good to use it.

What needs improvement?

I'm thinking about a new feature. They have decryption. It's a good idea to use decryption on Palo Alto. It would be good if they can offload the traffic.
Like, for example, SSL Offloading on F5. They have an SSL decryption to offload the traffic. 

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

Palo Alto is very stable. I worked on Cisco products like FTD and Firepower, and they are not as stable as Palo Alto. Also, some Fortigates are not stable. Palo Alto, as far as I know, is the most stable firewall compared to these others.

What do I think about the scalability of the solution?

The solution is scalable because they are now using the next generation security network. They are integrating with endpoint protection. Palo Alto now has traps, so they integrate their traps and the next generation with the cloud. So it is scalable.

How are customer service and technical support?

Technical support in Cisco is better than Palo Alto. In Cisco, you can directly talk to the top engineers.

Which solution did I use previously and why did I switch?

We were using Cisco ASA. When Cisco moved to the next generation firewall or tried to move to the next generation firewall when they acquired Sourcefire, and they announced Firepower on ASA, it was not a good option.
They had tool management so you could configure ASA from the CLI and you could configure it on the Firepower. You need to redirect the traffic from ASA to Firepower. It was not a good idea. The packets were processed but there was latency in the packets. 
Nowdays, FTD has many problems and bugs.

When selecting a vendor, the important criteria is how much the appliance is powerful and if it gives me the feature that I want, not an appliance that does everything and it will affect the throughput. Also, the value of the product, the price. 

There has to be a match between the price and the features.

Which other solutions did I evaluate?

Palo Alto, Cisco.

What other advice do I have?

Buy Palo Alto and try its features. In Palo Alto, you have select prevention, scan over AV, anti-spyware, vulnerability protection. and file blocking. you have good feature like WildFire to protect against unknown malware.

I rate Palo Alto at eight out of 10 because it gives me visibility and protection. This visibility and protection are very important nowadays to protect you from hackers.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
InfTech4985 - PeerSpot reviewer
Head, Information Technology at a construction company with 501-1,000 employees
Real User
Meets our expectations, providing application control, antivirus, and content filtering
Pros and Cons
  • "It has the typical features of a next-generation firewall. It can do application control, antivirus, content filtering, etc."
  • "I would like to see more in terms of reporting tools and the threat analysis capabilities."

What is our primary use case?

It is our main firewall. It has performed well. It meets our expectations.

What is most valuable?

It has the typical features of a next-generation firewall. It can do application control, antivirus, content filtering, etc. And in terms of performance, the value for money of the model that we bought is sufficient for our size.

What needs improvement?

I would like to see more in terms of reporting tools and the threat analysis capabilities.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

It's very stable.

What do I think about the scalability of the solution?

For our current size and our projected growth, it is sufficient. We are expecting to grow to about 1000 users. This is the type of bandwidth we need, based on our typical usage. The specific model we bought can scale up to that number. We built in that room for growth.

In addition, we can expand the scope not just as a firewall but also by doing some sandboxing and through integration with endpoint security solutions.

How are customer service and technical support?

I don't believe we have used any support directly from Palo Alto itself because we bought it through a local reseller. We engaged them to help us configure it and to put up some of the firewall rules that we need. So we work with a local vendor.

Which solution did I use previously and why did I switch?

We had another box before and it wasn't a next-generation firewall. We needed to change to a next-generation firewall so we compared a few of the top players in the market and Palo Alto was the right one, in terms of the features that we need.

We were using an outdated firewall and, because of the growing threats, things were getting through. We were not able to filter some of the traffic the way we wanted. It was high time that we went with a next-generation firewall.

In terms of a vendor, in my case, I was referred to the local vendor, the one that we would be deploying and working with on the implementation. We definitely look for the competency, their knowledge of the subject matter, in this case, firewall technology, networks, etc., and their knowledge of the product. And, of course, the other factor is their commitment and their value-added solutions because sometimes we need them to go beyond to address a certain problem that we may have.

How was the initial setup?

I don't think setup is that complicated. There was just a bit of a learning curve because none of us had any experience with Palo Alto. But we know firewalls and it worked. It wasn't that difficult.

Which other solutions did I evaluate?

We called in proposals for different products, bigger players, like Check Point, Fortinet, Cisco. We set the criteria we need and had them make proposals. We found, based on the submissions, that Palo Alto seemed to be the one that had the most complete solution. We did a proof of concept to prove that whatever they said they can do, they can do. Once we passed that stage we proceeded with the purchase of the Palo Alto unit.

It came down to the technical evaluation we did. They did well in terms of performance. In addition, we liked the support terms that were proposed by the reseller. We also looked at certifications and reviews, at the NSS Labs reports, and other industry ratings. Palo Alto seemed to be up there. Also, looking toward the future, we can actually subscribe to sandboxing services in the cloud. There are also options for us to integrate with endpoint security solutions.

What other advice do I have?

List your requirements, give them the proper weighting, and look at what future options are available if you stick with the solution. Then do your evaluation. And don't forget the vendor, the local support, their competency and their commitment. You can have the best product in the world but if you don't get the right person to support you, it's a waste. You would probably better off with a second- or a third-tier product if you have an excellent, competent, and committed vendor to support you.

I would rate Palo Alto at eight out of 10 because of the performance, the security features, and policy management, the reporting capabilities, and the optional upgrades or extensions that we can do, like sandboxing. It also offers an option for our integration with our endpoint security.

We are going to revamp our endpoint security architecture. One of the options we're looking at is how we can integrate that with solutions from Palo Alto, because then we can have a more consolidated view, instead of using a third-party solution as the endpoint security. Finally, the local support is important.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Palo Alto Networks NG Firewalls Report and get advice and tips from experienced pros sharing their opinions.
Updated: July 2022
Product Categories
Firewalls
Buyer's Guide
Download our free Palo Alto Networks NG Firewalls Report and get advice and tips from experienced pros sharing their opinions.