Palo Alto Networks Panorama Reviews

We use it for centralized management of all their firewalls.

We're using it on-prem.

The most valuable feature is WildFire.

There is room for improvement in the integration within endpoint detection. They need to do some integration between endpoints and the firewalls.

They also need to add a mobile version for product so we can access the interface easily.

The solution is very stable.

It's scalable because it's running on VMs.

Between users and admins, we have up to 5,000 people on this product.

Technical support is very good.

We use different solutions but the interface from Panorama is much easier for management.

The initial setup was straightforward.

I would recommend this solution.

Our primary use case of this solution is jack monitoring and file management. 

The solution improves my management abilities by simplifying the implementation of policies for all my branches. 

What I like most about this solution is that it allows me to push multiple policies on multiple followers at the same time. For instance, I can work on a policy and it gets submitted on more than one file. It is a good feature for me to have, because I have many branches, so it gives me the ability to implement more than one policy, or to implement one policy on multiple files. I like the ease of management for the policies in the all files.

I have had some leakage issues before, but it was solved. I would, however like to see better integration with other products.

To be honest, the stability is really good, but perhaps it is from the Amazon Web Services (AWS). I haven't tried it on VMware yet, because I use Tekfy as a platform. The implementation on AWS made my life very easy. There was a template for this program on AWS, so I only needed to install my license and then it implemented Panorama.

The minimum license is for 25 users, so up until now, I didn't need to scale. We currently have five or six users who work on the program daily, and most of them are in the security division. One person is using Panorama to check for the logs from the files, and then we have a security consultant. We have one or two staff responsible for maintenance. 

We used three people for deployment, as we were already using some of them for the branches, creating a VPN between AWS and to create firewalls to ensure that everything was working fast. 

The technical support is good, but it can be better. I will rate the customer service eight out of ten.

The initial setup was straightforward because we used a consultant of the company to do the installment. They did a good job with it.

My implementation strategy was to install Palo Alto Networks Panorama first, and then implement and integrate it with all my other files. It took us about two weeks to deploy the program.

We looked at FireMon, but FireMon was more expensive, and the main requirement for FireMon is to manage more than one file from different vendors. We didn't need it.

I will recommend this solution to others because it is a good solution, but only if you are using multiple files and not only two or three files. You should have at least five files for this solution to be right for you. I rate this product an eight out of ten. Easier implementation with other solutions will increase my rating.

In the future, I would like to see additional features being able to install firewalls using remote sites and the ability to do initial configuration using Panorama. I would like this initial configuration to be copied on USP and have the firewalls configured to connect to the Panorama. 

I would, therefore, like to see easier configuration and implementation in the next version. 

The solution is primarily used as a firewall reporting feature.

The dashboards are very good on Palo Alto. They offer a centralized dashboard for managers as well.

The solution needs to improve its pricing model.

Panorama needs to work on its configuration issues.

They should also focus on firewall management. Many clients have multiple firewalls, so Palo Alto should offer better management of them. They could model themselves off of AlgoSec, or maybe FireMon which are other very good firewall management tools.

The solution is stable. Palo Alto, in general, is pretty good. 

The solution is very scalable. We manage about 12 firewalls. The maximum might be 100.

Support from Palo Alto is very good. You can get it from the distributor or from Palo Alto directly.

The setup is generally straightforward. Deployment times vary, according to the client's environment and if they have multiple branches, etc. It can take anywhere from one to three days. After that, you have to fine-tune a few items, and that can take another two or three weeks. So the entire deployment process, depending on the organization, can take anywhere from three days to three weeks. Maintenence only takes one person, once again, depending on the setup of the company itself.

Most of our clients deal with the on-premises deployment solution, as cloud solutions in Egypt can occasionally be insecure.

I would advise anyone looking to implement the solution really focus on sizing before beginning the implementation.

I would rate the solution nine out of ten.

We are using the solution primarily for monitoring the firewalls that we have. We have multiple firewalls, including a DC firewall, a perimeter firewall, etc. We are using Panorama to control all of our firewalls.

Whenever we have an issue, we can just monitor the traffic. We can pinpoint problems and know from which firewall they are originating. We also have the ability to analyze the issue to see if it's coming from from the setup side or somewhere else. The solution makes it very easy to monitor traffic.

It's helpful that the solution allows us to control all the firewalls from one device. You can check and monitor all the devices also, from one website. It's also got easy troubleshooting capabilities.

The interface of Panorama is very user-friendly. It's easy to find and get information and create reports.

It can take a few minutes to test to see if any changes are successful or not. This needs to be improved. A change commit should take a second, not a minute or more.

Panorama does suffer from performance issues, which they need to resolve.

Also, technical support isn't very responsive and could use some improvement.

The solution is very stable.

The solution is pretty scalable.

Technical support is okay. I'd give it a 60% rating in terms of its effectiveness. Sometimes they are too slow to respond.

We previously used Cisco SPD. We switched because Cisco security is very complicated and is very difficult to establish.

The initial setup is straightforward. It's not complex at all. Deployment was only two to three hours in total. For implementation, we only needed three people, including someone from Security and someone from the Network team.

We implemented the perimeter firewall with the help of Palo Alto. The DC firewall we did by ourselves.

Before choosing this solution, we also looked at Fortinet.

We are using the private cloud deployment model.

I would recommend the solution. It has a user-friendly interface. It's stable. You can easily troubleshoot any issue. You will also get clear information, and, in general, it's a very good product that allows you to manage more than one device from a central interface.

Of course, before you do any change, I would recommend that you back up everything first.

I would rate the solution seven out of ten.

It is our end all, be all, for all of our firewalls throughout the regions that we support.

It allows us to do our day-to-day administration of all the files, because we're doing it from one central place. It stops us from jumping into each firewall, so we can make our changes.

It has made our ROIs easier, but consolidating the correlation of data into one single point, which is pretty great.

The management console: It provides a single pane of glass for all the firewalls to feed information into. 

We haven't had any issues with it. The vendors been great.

The scalability has been great.

The technical support has been awesome.

Our agency is very immature from a security perspective. So, we needed something that could provide more data.

We had some challenges with the initial setup, but it was more on a learning curve basis. The support and team for the setup have been pretty seamless with minor tweaks here and there.

We used an integrator for the deployment: Advanced Cyber Technologies LLC.

The solution has increased staff productivity. The amount depends on usage, whether it is a heavy or slow week. It has freed up staff time, which is where we are seeing ROI.

Ensure you get professional services with the tool.

We are very satisfied with everything that they provides us. This product has significantly helped with implementing new leadership strategy, getting metrics, and being able to actually assign a risk floor.

The primary use case is the centralized management of our firewalls.

It provides a quicker response time to vulnerabilities and more visibility into traffic flows.

I think it increases staff productivity.

Its automatability: You need it to automate things. We have used it for URL blocking. For example, if there is a threat out there, and we needed to immediately block a new malicious URL across a global enterprise, this is pretty difficult. With Panorama, we can automate this easily with their API. 

My pain point is the automation process is not well-documented. There are some things that they could improve on there.

If you go in the system to search for something, it is not intuitive. They could really improve that.

There is a concept of device groups and a concept of templates. The templates can allow for inheritance, but the device groups do not.

It is fairly stable. We do pretty heavy bug testing. We have a rigorous code review process that we go through for each version. Therefore, stability is on the top of our list of things that we look at. So, I haven't ran into any issues where it's flaking out altogether. 

It's fairly scalable. We probably have 12 to 16 of them spread across the globe to help with regional redundancy, because we don't want our firewall talking to Panorama across a slow land link. So, we've split them out globally, but it seems pretty scalable.

The technical support is pretty good. We do have a resident engineer from Palo Alto who sits right next to me. 

The initial setup is easy, but I have done it like a thousand times before with a bunch of other products. The product is not much different than anything else.

We outsource a lot of our boots on the ground, which is actually a lot by design. With every company, when you have two different organizations working together, there is always a little bit of tension. They don't have the same reporting structure, but everything went out smoothly. 

Typically, I'll design the solution, then I'll have somebody else implement it. This is sort of how it works for everything.

With the URL filtering, we probably went down from around four hours in response time to about five minutes.

The licensing is not cheap. There are always hidden costs. You have support costs, or maybe you need to buy more optics on how the solution fits into the rest of your environment. It is possible some of the rest of your environment will need to change too.

I think we're getting AlgoSac, which is another firewall automation tool. However, I wasn't involved with the decision for that one so I'm not too sure on the specifics, but I know we are going with them.

If you are looking at getting a Palo Alto firewall, then you should probably at least look into Panorama. Because if you start out just putting in firewalls and you don't have this, you will be kicking yourself that you didn't have this from day one. 

If you have just one firewall out there, maybe you don't need it. However, if you have two or three, then you should probably get it to be in front of a lot of the features which you will want eventually.

It is pretty solid product. Our security program is fairly immature compared to other enterprises, and this product has definitely helped us lock down things.

We have a rigorous code review process. Therefore, we are always back a bunch of versions. If the latest version came out today with new features on it, we probably wouldn't get to that for quite a while.

There are only certain things that you can do within the Panorama solution.

Panorama: Provides a central management capability for all of the firewalls. It has the ability to manage the devices in groups based on their use. We use the firewalls in two primary functions and the ability to provide management of the different groups of firewalls is very useful.

Firewalls: The application ID capabilities have been very useful for things like Active Directory, and not having to identify every port that Microsoft has decided to use.

I can’t say that it has significantly improved the functions of the organization over the firewalls that we were previously using. The addition of a good central management capability has helped improve the management of the firewalls, but the functions for the service that is provided to the users has not significantly changed.

Panorama: The ability to add scheduled jobs would be a significant improvement. Panorama has the ability to push out OS updates, but it would be nice to be able to schedule those updates so not to affect the site during normal business hours.

Firewalls:

• (1) App-ID is good, but could be better. We use off ports for some common services and App-ID does identify the application correctly, but the rule allowing the traffic does not allow the traffic without adding the ports to the rule. This negates the need for App-ID in the rule. If App-ID worked as I think it should, we would use it and then block the common port.
• (2) Integration with Microsoft Active Directory incurs significant additional traffic across the WAN circuits. We have a number of GCs across our environment and the configuration of Active Directory in the firewalls requires significant communications to all of the GCs across our environment. We were seeing the firewalls generate around 500kb of WAN traffic communicating with all of the GCs. After reviewing the configuration with Palo Alto support, the config was correct. While we do want to be able to use the User-ID functionality of the firewalls, that kind of overhead is not acceptable.

We have been using Panorama and the PAN FWs for just over one year.

So far we have not seen any issues with stability.

We have not run into any issues with scalability.

Technical support with Palo Alto has been very good and responsive.

We previously were using Cisco ASA devices. The switch was made based on central management and the NGFW functions. The timing was in the middle of Cisco delivering their NGFW functionality. The other issue that led to the move was when Cisco presented their recommended replacement for the existing devices, they recommended their Meraki line with Internet management, which was not in line with our requirements for many of our more sensitive firewalls.

Initial setup is very easy. After working with a few new installations we were able to put together a script to apply the new firewalls to setup the management access, Panorama location, high availability (HA) configuration and the initial IP stack. This makes it easy to start the OS updates and initial rules from Panorama. By having the HA setup scripted, it also makes the OS updates a single download instead of a download for each device. The HA connection allows the firewalls to copy the OS over to the other firewall with the single download. That is important because there are several large downloads necessary to update the OS to the current OS levels.

Pricing is high compared to other vendors in the same space. Licensing is also fairly high for different functions to be added on, like Intrusion detection/prevention, user VPN, URL filtering. Some firewall vendors offer the “additional” licensing/functions as part of their license for the device and then others offer it like Palo Alto.

The original decision was made by a different group within the company. The re-evaluation included Cisco ASA, Cisco Meraki, Fortinet and Palo Alto.

Talk to other customers. Start with the ones recommended by the vendor, but also in forums as well. Everyone understands that recommended customers are handpicked and forums can be contain spurned customers. But if you look for information regarding specific functions that you need, you can find more useful information. Make sure if you hear something glowing from a vendor recommended customer about a function, check on that function online.

We use the solution for centralized monitoring. 

Clients need to have an alarm and alert system from which they can forward the trigger. The product needs to improve its integration as well. 

I have been working with the tool for seven years. 

I would rate the product's stability a seven out of ten. 

The product is scalable. 

The product's support needs to improve. 

The product's deployment was simple. 

The product's pricing is high but flexible. It now follows the pay-per-use pricing model. I would rate the tool's pricing a five out of ten. 

I would rate the product a seven out of ten.