Palo Alto Networks Panorama Reviews

Our primary use case is to have a centralized console for gateways.

It has shared profiles for all gateways. If I do not have Panorama, I need to create a separate profile for each and every gateway by logging into that particular gateway, but with Panorama, I can create a shared profile and just push it down to each and every gateway connected to it.

In our version, there is no feature to transfer or upload a database of third-party vulnerabilities or signatures so that Panorama can convert them into its own database. This kind of feature might already have come in version 10.

I have been using this solution for around four years.

As of now, I am not seeing any limitation in terms of technicality, deployment, and functionality. In terms of licensing, depending on the number of gateways or serial numbers, I need to purchase the license, which is not really a limitation.

They are good. Whenever there are some issues or bugs and we are not able to trace them out, we reach out to them. They provide the required support.

It was straightforward. The gateway integration with Panorama was also a pretty straightforward configuration for us. 

We deployed it site-wise. For each HAPS, it took us around two hours to take an existing production gateway behind Panorama.

I would recommend this solution to others. It is a good solution. If any environment has multiple gateways, such as 50 or 100 gateways, it is good to have Panorama. If you have only one or two gateways of Palo Alto, you can easily manage them individually without having Panorama.

I would rate Palo Alto Networks Panorama a nine out of ten.

We used Panorama to control all the other modules from Palo Alto and to create the rules.

The threat prevention and layer seven security features were the most used and important for us. All operations are quite good in this solution.

We found a vulnerability where when we have a low flow, like 2.7K, it is not getting fired by the threat prevention. That's something important to improve on. They should have a proxy or some solution to solve the issue.

We also found some issues around decrypting the flow. When we have more flow than expected to decrypt, the performance goes down.

I have used this solution for one year. 

Its stability is fine. It supports the only point used here to decrypt the flows. When we have the right configuration, it has good stability.

We didn't scale up the solution because it requires a load balancer, which is not there. We have around 40,000 users.

They should have a local technical team. I would rate them a seven out of ten.

It wasn't easy, but it also wasn't very difficult. I would say it was medium. The deployment took around three months.

In order to have the right security level, you need to understand how decryption works or is used in Palo Alto. We had to clarify some points with them related to how decryption works.

I would rate Palo Alto Networks Panorama an eight out of ten.

Panorama is very easy, easy to administrate, and easy to control.

It's difficult to implement. 

I have been using Palo Alto Networks Panorama for approximately five years. 

Palo Alto is very stable and is a great global solution.

There are more than 5,000 users in my company.

I would rate their support a ten out of ten. 

I would recommend this solution. 

I would rate it a ten out of ten. 

Our firewall uses IPS and other features. We have some firewall rules using the IPS feature. For the VPN users using the MFA authentication protocol, we are using the SAML protocol.

The application ID or App-ID feature is a good feature for us. We are also using IPS and content inspection features. The firewall can inspect the packages that are passing through my network.

It should have more connection with Threat Intelligence Cloud. They can also include features related to SecOps and automation API.

I have been using Palo Alto Networks Panorama for two years. 

It is awesome in terms of stability.

In terms of scalability, it is complicated because you have to scale up. Its scalability could be better. It would be great if you could scale out by integrating another node, and you are good to go. 

Currently, you have to buy new hardware with more power in terms of CPU and memory. You cannot simply increase the nodes in a cluster. In the last five months, we had to acquire new hardware because we are facing some higher usage in the Palo Alto hardware. We have about 15,000 users.

They provide good support. I would rate them an eight out of ten. 

They can increase the SOA time. When dealing with your case, sometimes, they take time. In the queue, you need to pass through one analyst and then go to the next level, which takes some time.

It was quite straightforward. In terms of technology, it was okay. As our environment is quite complicated, we had to deal with several phases of the implementation because we don't have only one appliance installed. We have implemented four Palo Altos. That's why it took some time, but it was just because of the complexity of our environment, not because of the solution itself. The whole project took one year.

We did some POCs to understand this solution. We had a lot of discussions in terms of the best way to implement this solution in our environment. It took the effort that this kind of solution normally takes.

It is not a cheap solution.

I would advise studying and understanding the best factors for implementing Palo Alto Networks Panorama and creating a roadmap to use all the features because it is not a cheap solution. Understand the possible ways to implement Palo Alto Networks Panorama and create a roadmap that implements all the features.

Palo Alto is constantly improving its solutions. They have been doing a great job and putting a great effort into their products. I would rate Palo Alto Networks Panorama a nine out of ten. We are satisfied with the solution.

This product is part of our overall security solution.

The most valuable feature is the Threat Intelligence.

It is easy to use.

I would like to have better analytics.

The network traffic analysis (NTA) is something that you can add on to get more insight from the traffic passing through the firewall, and it should be included.

We have been working with Panorama for at least five to six years.

Palo Alto Panorama is a stable product.

We did not have any challenges with respect to scalability.

Our team has managed properly so we have not often needed to contact technical support. I would say that they are okay, as we have not had any problems with them.

We are currently using several different firewalls. There is Check Point, Fortinet, Juniper, and Palo Alto. Check Point was the first one that we used.

The initial setup is straightforward and it took a couple of weeks to deploy.

Our in-house team handled the deployment and is responsible for maintenance.

Palo Alto is expensive and there are many cheaper firewalls, but they do not work as well.

My advice to anybody who is looking at this solution is that it is easy and straightforward to use, although more difficult than some to deploy. It is expensive but if you can afford it, then it's worth it.

I would rate this solution an eight out of ten.

We primarily use the solution for automation purposes and for security.

The underlying technology is very good, considering that we are moving to a work-from-home environment.

Panorama is a straightforward tool. Palo Alto is comparative to other firewalls. Some firewall tools are more user friendly, and, from a technical perspective, it is very user friendly as well. It's not like Check Point. We use a setup for offshore development centers. For all those ODCs, we usually use a Palo Alto device. We have few perimeter firewalls which are Palo Alto but for the perimeter predominantly we use Check Point.

You don't need an overly experienced workforce to handle Palo Alto. It's very easy to use.

The solution if extremely flexible and scalable.

There are too many OS upgrades. We've had six new versions in the past six months. Even if they are updating it to fix bugs, it's hard to keep pace with the change when you have 800 or more Palo Alto devices that you now need to update and upgrade.

We try to follow version minus one or two for security reasons. To keep pace with the changes, it takes us nearly six months as we have to check with the business, arrange downtime, and count and cover all devices.

These upgrades aren't just little fixes either. Whenever there is a new release, it requires an OS upgrade. It would be nice if there was some automation on the upgrades of the devices.

They need to do less bug-related releases and create versions that are stable for at least six months at a time. I don't find this issue in other solutions like Cisco, Check Point, FortiGate, or others. Those just provide a patch if there is a bug and we don't have to worry about downtime.

We've been using the solution for close to seven years at this point. It's definitely been about six years.

The solution is very, very stable. There aren't too many issues on it once you get it up and running. We consider it reliable.

The solution is very scalable. If a company needs to expand its services, it can do so rather easily.

We have different businesses running inside the organization. We have close to 800 devices, so it means about 800 different projects are using those devices. Each project has a firewall, so most of these, 80%, are on Palo Alto.

We use Check Point as well, however, we don't really like it as much. It's not as user friendly.

Prior to this solution, we were using the ASA products and then Check Point. Check Point is a little complicated. I can use Check Point on my perimeter firewall, but not on my overseas businesses. That's what makes Palo Alto is more user friendly. I can use the GUI to do everything due to the fact that I don't need a skilled person to work on the Palo Alto. On Check Point, I have to go to CLA and do all the changes. 

 It's easy to upgrade or to do anything with the Palo Alto. Technically it's quite sound. It's dynamic, scalable, and there's a lot of things that can be done easily. Plus, I don't need an extremely experienced person to work on Palo Alto. Anybody with two or three years of experience can easily work on a Palo Alto device.

The initial setup is not complex. It's pretty straightforward.

The deployment is easy and uncomplicated. It takes about an hour or so, if not less than an hour. It's pretty quick.

However, we have 800 or more devices. It takes about six months to deploy everything, especially if I have to do everything manually.

We have eight to ten people who manage deployment and maintenance.

We haven't used an integrator or reseller. We handled the implementation ourselves in-house.

In terms of licensing for Panorama and Palo Alto products, we have only the DMC cost and we are billed every year.

It's not overly expensive. It is comparatively okay if you look at other devices. Compared to the top three devices, pricing is okay due to the fact that you have multiple vendors who are selling firewalls and competing with each other for the same clients. 

We're just a customer. We don't have a business relationship with the company.

We have multiple variants of the solution's model. Currently, we are using 8.1.15-H. We also have some virtual firewalls that are recently in Tokyo. We are using close to around 800+ Palo Alto firewalls. 

We're currently developing our virtual firewalls and have them in different locations. 

It is not just Palo Alto. We have other devices as well, so we have close to around 1300 plus firewall devices.

I would recommend the solution to others.

I'd rate the solution eight out of ten. If you need a perimeter type of device, Check Point may be a better option. However, for my businesses, I would choose Palo Alto due to its scalability and user-friendliness. It also has great security features. That said, if it didn't release so many new updates, I would rate it higher, simply due to the fact that so many upgrades requires a lot of work on our part.

We primarily use the solution for security.

The solution works on a single pane of glass, so we have a good overview of everything happening.

We can easily look at security alerts.

Our team has the option to make configuration changes at any given time.

There are excellent reporting capabilities within the product.

The setup is quite easy.

The pricing should be reconsidered. It's too high right now.

At times we have noticed that we get into issues where Panorama is going too slow or has other little problems. The performance can suffer occasionally.

I've worked with the solution for three to four years at this point. It's been a while now.

The solution is stable, aside from a few performance issues. We find it to be reliable. It doesn't crash or freeze. It's not really buggy. It's pretty good.

The solution isn't too scalable. Organizations should keep this in mind if they are considering installing it.

We have about ten or more people on the team that make use of the solution. They're admins and they monitor it.

Technical support has been good so far. I'd say that we are satisfied with the service. They seem to be knowledgable and responsive.

The initial setup isn't too complex. It's pretty straightforward.

The production instances take about an hour or so. Deployment is fast.

We have ten admins that make sure the solution is working properly at any given time.

The pricing is too high for us. We'd like it to be more affordable.

We're just a customer. We don't have a business relationship with Palo Alto.

I'm not sure of which version of the solution I'm using. I've worked with many versions, including both newer and older ones.

We use multiple deployment models. We use both cloud and on-premises deployments.

In general, I'd recommend the solution to other organizations. It's worked well for us and we don't believe there's anything feature-wise that is really missing. 

I'd rate the solution, on a scale from one to ten, at an eight. Of course, if it was less expensive and had a more stable performance, I'd mark it higher.

My obligations consist of overseeing cyber threat intelligence, threat defense operation, digital forensic incident response, and data loss prevention. So in the context of endpoint solutions, my position pertains mainly to the DLP (data loss prevention) function.  

Cisco AMP (Advanced Malware Protection) plays a significant role in our perimeter strategy for protecting the infrastructure. I work primarily with making sure that we have indicators of compromise in Cisco AMP. I am not on the network engineering or network operations side of things. I am mainly a consumer of services from those particular groups.  

We use Snort rules (open source network intrusion detection system [NIDS]). We use Yara rules (Yet Another Recursive/Ridiculous Acronym, rules for malware identification). We have Palo Alto IPSs (Intrusion Prevention Systems).  

Our use cases are primarily perimeter-based for runtime malware defense.  

The most valuable features are the management features like the ACL (Access Control List) management. These give us the capacity to make effective use of the capabilities of the product.   

Pricing is always something that consumers hope will be addressed in their favor. I think that some method of allowing for more customization and open integration with other controls within the enterprise is something that we want to have. We want to be able to have more orchestration of disparate parts.  

I think the features that most of the features that I would like to see are currently being implemented. Behavioral heuristic analysis of connections, for example. That is something that I know is being done now.  

We have been using Networks Panorama for a couple of years now.  

The stability is good. If you consider the size of our organization and the number of users that can verge on being impressive.  

I have good impressions of the scalability of this solution. We have not really had any issue scaling the usage.  

The tech support is actually pretty good. In general, they address issues in a timely manner with reasonable responses.  

My team has not previously used any different solutions in this company, but I have definitely, in the past, used other solutions. It is really necessary for the evaluation of product capabilities.  

The installation was straightforward in a complex environment. That means that we could have had far more issues were the product not well-designed from an installation standpoint. We are a big organization. Deployment can be a matter of weeks or it could be a matter of months depending on what jurisdiction the installation happens to be in.  

We have various partners and consultants that we work with in addition to having expensive competencies in-house. We do not often have a reason to go beyond the network of expertise that we have established.  

My advice to anyone considering Networks Panorama is to thoroughly research the competitive landscape. Do your Gartner research. Make sure you develop a set of requirements — a feature matrix that you can use to compare your requirements with the functionality offered by the various solutions under consideration. There are a lot of solutions out there and the goal would be to pick the one that best fits your situation rather than just one that someone recommends.  

On a scale of one to ten (where one is the worst and ten is the best), I would rate this product as an eight-of-ten considering the knowledge and insight I have into it now.