What is our primary use case?
In my role as a tech, I provided support for various firewalls, including the PA, PM, and virtual series. It wasn't limited to a specific product like the PA-800 series, PA-1000 series, PA-9000 series, PA-7000 series, or PA-5000 series. We received training for all firewall types.
How has it helped my organization?
Palo Alto gives proper training for the product, not cutting corners over that. They don't assume you have previous knowledge and experience and start working directly, which happens in most companies.
So, they provide product training very thoroughly. This helps the support system to have the necessary knowledge, not just before starting to work or troubleshoot.
In the 11 months, we were initially trained on various OS versions and given tools like vSphere because we didn't have access to the Palo Alto environment.
Later, when we got access, we were given a tool to design our own networks, study them, and, if needed, raise concerns about issues.
The engineers or senior engineers would then study and guide us. They trained us for new upgraded versions of the OS regularly. Even as a third party, we had complete access to the Palo Alto Networks domain, tools, database, knowledge base, and everything.
This gave us the opportunity to build our skills and understand what Palo Alto requires us to do. We could troubleshoot it properly with customers.
What is most valuable?
What needs improvement?
There are constant updates for the operating system. It is a nice thing also, but it has its own disadvantages. Continuous updates are there. The users face issues like, how often do I need to update that?
Within a period of five months, I'm updating it two or three times. It gives them a feeling that they are not confident about their product and have to update it so frequently.
Plus, there are certain bugs, like in the 10.1 version, it's had some bugs. Then, they are upgrading it to the 10.2 version. They are updating that for the bugs. But the time duration between the two is less than the others.
If we go for Cisco, they don't have their OS upgrades frequently as parallel to us. So that's the disadvantage.
For how long have I used the solution?
I was working on a project outsourced from Palo Alto to a company. I was employed in that company for 11 months. During that time, I received guidance and training directly from Palo Alto Networks. I served as a tech engineer for the entire duration. It was quite recent, about three or four months ago.
What do I think about the stability of the solution?
It is stable. It's just the thing about the frequent updates. So that's the only issue there. So if they somehow reduce that frequency, all these will be easy.
What do I think about the scalability of the solution?
It is scalable. But that depends on what model you are using.
However, other PA-Series models, such as the device on the APAC, are highly scalable and support other vendors.
Moreover, within the network, the device is scalable.
How are customer service and support?
The customer service and support are really good. And they continuously ask the support team to go through some training updates. So, continuously, we have these updates on the KPIs on a knowledge basis. And the last time, we had this training on the latest version upgradation. So they continuously give the training.
Which solution did I use previously and why did I switch?
How was the initial setup?
I was physically present during the setup processes because many times, customers come saying, "I have purchased this new product, but I don't know how to install it."
There were two teams: the sales team was there, and they had their own engineers. They used to provide the customers.
But at times, we also had to get involved in case there were any technical glitches or issues because the sales engineers did not do troubleshooting.
So for that, some of our engineers got involved. At that time, we used to give the setup, whether it was a VM, a cloud, or a physical device.
At times, customers lack the knowledge of installing and deploying it into the system. So, we used the knowledge base to supply them with articles on the basic level. But even if the customer couldn't understand that, then we used to set it up ourselves directly.
The setup and everything was pretty much given in the KB articles in the knowledge base. So that was pretty much good. And if the customer is not able to understand, then I used to do that.
What about the implementation team?
I supported both the cloud version, which is a VM version and the physical device.
For the cloud deployment of this product, you don't need to buy physical hardware, a modular device from Palo Alto, which is cost-effective and cost-efficient. It can be deployed in AWS or Azure, any cloud provider.
However, the disadvantage or the downside, I can say, is that it is on another network and it is software-based. It is not 100% under your control because it is mostly connected to the AWS or Azure environments. Some controls are not 100% with the user.
If I deploy a VM on the Azure network, then I have to define something compatible with the Azure network. That is the con for cloud deployment. But if the user needs cost-effective solutions, they can go for the cloud.
With the physical device or hardware, it is under your control. You can manage it properly and get excellent tech support directly from Palo Alto, unlike the cloud, where support has to be from both ends.
Sometimes, this creates confusion or complexity, but not always, but it may create complex support. In the case of the physical device, it does not because it is provided by one single vendor.
The disadvantage is that Palo Alto devices are costlier than other devices in the market, like Fortinet or CheckPoint. However, Palo Alto has an advantage in continuously striving to provide better support and upgrading their software or operating system.
On average, the time taken to deploy the solution actually depends on what the environment is and what other vendors are connected to it. So, if it is a Cisco router, where is it connected with what else is in the environment? It actually depends on that.
And it also depends on how much the customer has, like network knowledge. So, if they need to have some policies to block or allow, IP addresses, and more, if they have all that handy, then it is like two hours or something, not more than that. So it's pretty well done. It is a faster thing. But if the customer is not that handy, then it makes it difficult for us.
Maitaince is not required unless there is some issue, like a manufacturing defect once or twice. It wasn't, of course, too many times.
But sometimes, it occurs because the device gets old or there is a manufacturing defect. It was a hardware replacement directly. So, it was pretty much good. That process was a piece of cake.
Palo Alto Networks has a program that allows customers to transfer their device licenses to another company. This means that if you have purchased a Palo Alto Networks firewall and you no longer need it, you can sell it to another company, and they will be able to transfer the license to their name. But for that, I need to go to Palo Alto and first discuss it with them. So they have this other team. So they check and verify everything.
This is something that I have never encountered with any other vendor.
What's my experience with pricing, setup cost, and licensing?
The pricing is a bit on the higher side but it is reasonable because they give that kind of level of support and everything else.
What other advice do I have?
Overall, I would rate the solution an eight out of ten. The one con is that it's a little more expensive than others. But the pros here are that it has good support.
Overall, it is a good product, and you can definitely have it with other vendors. So it doesn't have any issue. If you only have Palo Alto, you cannot have others in the environment. You can definitely have others connected there. There is no issue.
And the technical support team is also there to guide you. It's a very good team. So you can always go ahead and purchase Palo Alto. It's a little bit pricier than others. But it is worth it because you'll get other support and everything is very good.