Coming October 25: PeerSpot Awards will be announced! Learn more

Palo Alto Networks Panorama Room for Improvement

JamesJiang - PeerSpot reviewer
IT Security Analyst at a energy/utilities company with 51-200 employees

While Palo Alto is the leading firewall worldwide, it's so pricey. Other products like Checkpoint still do the job, and yet it's way cheaper than Palo Alto. The solution is extremely expensive. You can integrate it with other Palo Alto products, however, it ends up being too much.

Palo Alto prefers the VM version. However, for the VM level, often we have a migration from one host, VM host, to another host, and then the network jobs. And they're not fully redundant. With VM, the purpose is easy migration from one host to another one. That's the purpose of VM in play, however, if you want to have high availability or redundancy, you have to purchase two licenses - one on one host, another one on another host - and it costs a lot of money to do that. 

Technical support could be better.

View full review »
Lead Program Manager at a computer software company with 10,001+ employees

There are too many OS upgrades. We've had six new versions in the past six months. Even if they are updating it to fix bugs, it's hard to keep pace with the change when you have 800 or more Palo Alto devices that you now need to update and upgrade.

We try to follow version minus one or two for security reasons. To keep pace with the changes, it takes us nearly six months as we have to check with the business, arrange downtime, and count and cover all devices.

These upgrades aren't just little fixes either. Whenever there is a new release, it requires an OS upgrade. It would be nice if there was some automation on the upgrades of the devices.

They need to do less bug-related releases and create versions that are stable for at least six months at a time. I don't find this issue in other solutions like Cisco, Check Point, FortiGate, or others. Those just provide a patch if there is a bug and we don't have to worry about downtime.

View full review »
Director at a tech services company with 1-10 employees

The ease of use of Palo Alto Networks Panorama is an area for improvement, because it's not very easy to use. The downside with the system is that you need a lot of comprehension to understand what it is. There are also risks associated with making a change, e.g. you can accidentally break your network which knocks off the firewall, and then you can't get back on again. If you know what you're doing, e.g. if you're a specialist, then there won't be any problems, in general.

It's important to gain an understanding of Palo Alto Networks Panorama, or the concept, before you start. It works like Palo Alto, but it doesn't at the same time, because you have templates, and the templates have to be applied before your variables, and then those variables directly affect your objects. It's important to understand how it works. I wish they could make it easier, and a bit more intuitive, but if you're doing the training, and you're properly in the system, then it will make sense the way it's explained to you, otherwise, it'll be hard to make sense of it.

It could be difficult to get to the stage you want to be on with this system. It's similar to a different language, and it's so hard to just do it on your own, but if you are in the culture and you're speaking to other people, then it becomes easier because you're doing it. That's the learning curve right there, e.g. if you've never done it before, you'll sit and look around saying: "What is this? I don't understand." If you're doing the training, and you're more involved in the product, or even if you speak to specialists, they will be able to help you, then you start to learning it and what it can do.

View full review »
Buyer's Guide
Palo Alto Networks Panorama
September 2022
Learn what your peers think about Palo Alto Networks Panorama. Get advice and tips from experienced pros sharing their opinions. Updated: September 2022.
632,539 professionals have used our research since 2012.
Sagar More - PeerSpot reviewer
Network Security Engineer at Ares Management Corporation

Before I joined this organization, they experienced some issues when trying to set up zone protection parameters. Last week I applied a zone protection profile; for each and every branch, I had to apply a zone protection profile or modify existing metrics — I needed to physically go to each branch. When we originally deployed Panorama, we were managing the firewalls individually. After implementing all those firewalls and changing all of the templates, it's really hard to modify them. 

You can't just modify them with a single click, you need to physically go to each individual branch and make the changes yourself — we can't directly seal all of the fireworks. This needs to be improved. 

With version 9.1, when configuring it, if something goes wrong, then it reverts back to your original settings automatically. This is a nice feature but it's not available on the standard firewalls. If we didn't have Panorama and I was setting up some remote Palo Alto firewalls, after implementing my configurations, if I were to lose the configurations then I would lose firewall access. This isn't the case with other firewalls like Cisco and Juniper SRX where you can just put in a reminder in the last 10 minutes. 

View full review »
Sales engineer at MUK

It is not a cheap product. Some kinds of Palo Alto devices can cost a few thousands of dollars, and Panorama will be even higher. For the big customers that have a lot of devices, it is crucial to get all the benefits from the Palo Alto Networks portfolio regarding network security.

For a highly secure environment, they sometimes need only hardware appliances, not a virtual machine. 

View full review »
Cyber Ambassador at a comms service provider with 11-50 employees

It tends to move along fairly quickly in terms of features because it is a part of PAN-OS. We are waiting on one feature that's on the beta at the moment, but that's because we use Okta as our authentication.

Reporting might be an area to improve. It can provide reporting or some sort of graphical representation of your environment.

View full review »
Associate IT Director at Siam Makro PCL

The initial setup was complex.

The licensing costs are quite high.

I would like there to already be a log centralized for the things, however, I don't see any soft security operation center or something that can make it a regular report. When we need some GDPR policy, we just have a one-pack we deploy and tune by ourselves a little bit to suit our organization. We'd like to have something more standardized for this purpose. It would be more of a value-add. 

We'd like more log monitoring in general.

View full review »
Security Solution Engineer at a computer software company with 501-1,000 employees

It is quite hard to understand the platform. It is not easy and user-friendly. You need some experience and the proper technincal training  to use Panorama without risks.
It is very complex, and you must know exactly what to do.
The bigger problem is that Panorama Dashboard Logic is quite different than PanOS firewall Dashboard.
The second problem is that you dont have wizards or template .You need to build your enviroment from zero on your own incurring in possibile configuration or logic errors.

I would like to have a more user-friendly and simple to use product .
For istance FortiManager is comparatively much more easier  to use and understand.
Palo Alto Firewall too are Really easier to manage than Panorama. 

Panorama Logging and reporting features are quite good ( like PaloAlto Firewall) but not the best on the market ( for istance Checkpoint SmartEvent is still far better) 

View full review »
Swapnil Talegaonkar - PeerSpot reviewer
Technology consultant at a tech services company with 501-1,000 employees

There is a need to improve the upgrade process. When we are upgrading the solution we are facing some issues with Elasticsearch services. Every time we upgrade it takes a long time to become stable.

In an upcoming release, I recommend having policy segmentation because that will help Panorama. There is no policy segmentation as you would find in Check Point. 

View full review »
Network Engineer at a tech vendor with 10,001+ employees

My company's getting whatever it needs from Palo Alto Networks Panorama, but in the cloud, there's an issue with CPU management, and that's an area for improvement. Though the normal data traffic doesn't go through the management interface, whenever there's an increase in the throughput, CPU management becomes high. If you increase the load, CPU management spikes, and it's what needs to be taken care of in Palo Alto Networks Panorama.

View full review »
Network Implementation Engineer at a comms service provider with 501-1,000 employees

The customer support needs to be better. Sometimes we need to wait for hours before getting someone from the product team or someone from the Palo Alto customer support to get on a call if we are facing some issue. They could reduce the wait times.

View full review »
Sr. Director, Security and Architecture at a pharma/biotech company with 11-50 employees

Its UI and usability could be improved. The way the UI looks could be improved to make it a little bit more intuitive. Other than that, it is a pretty simple product.

View full review »
Senior System Engineer at a financial services firm with 10,001+ employees

I haven't come across any issues with the product. Overall, it's been very positive.

I don't recall missing any features. It's a fairly complete solution.

The product could offer more integration with other solutions.

View full review »
Leandro Soares Costa - PeerSpot reviewer
Cloud Security Architect at a computer software company with 5,001-10,000 employees

It should have more connection with Threat Intelligence Cloud. They can also include features related to SecOps and automation API.

View full review »
Luke Wainwright - PeerSpot reviewer
Cybersecurity Engineer at Networks Unlimited Africa

Everyone, I suppose, would like the price to be improved. Price is always a good thing to change.

There is always room for improvement in anything. But I couldn't really comment on that off the top of my head.

In terms of updates, I believe everything is in order. That is not an issue for me.

View full review »
Cloud Security Engineer at a computer software company with 1,001-5,000 employees

It's not part of my role to connect other devices to Panorama, so I don't know how the integration works. I maybe need a better understanding of how the policies of the signature work. For example, what does it mean to exclude an IP, and what are the policy rules and priorities? I need more knowledge about the signature policy and priorities.

Instead of searching their knowledge base in their website, maybe they can interact with us in the user interface to explain things better. If they had pop-ups to help guide us, we might get fewer failures along the way. Small notifications would be quite helpful. 

View full review »
Network Security Engineer at a tech company with 201-500 employees

It could be easier to manage. In the future, it should be much easier because it's not very easy to manage. So in the next release, I think it should be much easier to manage, especially in the first configuration. It could also be more stable.

View full review »
Network Security Engineer at a tech vendor with 51-200 employees

The product does need a bit of configuration. It's not quite ready to go out of the box.

The solution could do a bit more with its security updates. Palo Alto in general could be a bit more secure.

Support is pretty good, however, they could always be a bit faster and more responsive.

View full review »
Senior Network Engineer at a tech services company with 201-500 employees

It communicates with remote devices, and sometimes, there is a little bit of delay during its communication with remote devices. There should be real-time communication or updates from the manager to devices.

In Panorama and Palo Alto firewalls, I would like to have a traffic simulator. They have packet capture for troubleshooting, but it would help if they can provide a traffic simulator so that we can simulate the traffic and see the route the traffic is taking and get feedback about whether it is blocked or it is able to pass.

View full review »
Chief Cloud Architect at a tech services company with 1,001-5,000 employees

I would like to see Networks Panorama more integrated into the firewall solutions rather than being a separate component. This would be helpful so that we can do rule-based change management for the firewall through it as well.  

View full review »
Darshil Sanghvi - PeerSpot reviewer
Consultant at a tech services company with 501-1,000 employees

Palo Alto must provide a cloud-based feature or solution.

The initial setup requires expertise and can be a bit complex.

I would like to see the management be a bit more simple than it is currently.

View full review »
SimonPerry - PeerSpot reviewer
Chief Technology Officer at DRS

Price is probably one of the biggest things that we struggle with, specifically with Palo, and that's across their whole portfolio. Also, the tech support could be better.

View full review »
Senior Network & Security Administrator at a consultancy with 1,001-5,000 employees

In our version, there is no feature to transfer or upload a database of third-party vulnerabilities or signatures so that Panorama can convert them into its own database. This kind of feature might already have come in version 10.

View full review »
Md. Soyaeb Hossain - PeerSpot reviewer
Senior Manager at Technometrics Limited

There are times when we are backing up a device centrally, we do not get a full backup. We are able to do a full backup of all the devices but when we attempt to backup a single device, it only does the backup of a few presets and not the full configuration.

In the future, they could improve by providing better management of the devices, such as bandwidth. 

View full review »
Mahomed  Moty - PeerSpot reviewer
IT-Support at Bytes & Pieces

As the cybersecurity threats have become more aggressive these days, Palo Alto Networks Panorama can still be improved, particularly on the security side, for example, more network management, and penetration test. Improving the security feature for internal endpoints is needed in the solution.

What I'd like to see in the next release of Palo Alto Networks Panorama is more training and more marketing.

View full review »
Lead Consultant at a tech services company with 10,001+ employees

We have experienced a few bugs which the team at Palo Alto don't have solutions for. 

In the next release, it would be good to have features which increase the processing power in clusters.

View full review »
Darshan Divekar - PeerSpot reviewer
Senior Technical Manager -Information Technology at a computer software company with 5,001-10,000 employees

Palo Alto Networks Panorama has some bugs that could be fixed.

View full review »
Security Manager at a transportation company with 1,001-5,000 employees

I would like to have better analytics.

The network traffic analysis (NTA) is something that you can add on to get more insight from the traffic passing through the firewall, and it should be included.

View full review »
Manager - Projects & Programs at BhaktiVedanta Hospital

The configuration could be a bit better. For us, it's a critical aspect. We've noticed Cisco may be better in this regard. 

View full review »
Founder at a tech services company with 51-200 employees

The solution could improve by having a true single pane of glass environment for unified management. At the present time, you still have to use three or four different solutions to bring everything together.

View full review »
Engineering infrastructure manager at a financial services firm with 10,001+ employees

We found a vulnerability where when we have a low flow, like 2.7K, it is not getting fired by the threat prevention. That's something important to improve on. They should have a proxy or some solution to solve the issue.

We also found some issues around decrypting the flow. When we have more flow than expected to decrypt, the performance goes down.

View full review »
Sumanth Myneni - PeerSpot reviewer
Architect at PepsiCo

Sometimes in Palo Alto Networks Panorama, we receive issues where it is overloaded and unresponsive. We have issues with accessing the devices due to a slow response from Panorama.

Palo Alto Networks Panorama should be more robust and resilient. 

View full review »
Director Of Technology at a tech services company with 1,001-5,000 employees

There could be more integrations with third parties.

View full review »
Network Engineer at a educational organization with 1,001-5,000 employees

There were a few bugs a couple of years into it. There was a big bug where it had trouble communicating with the two main boxes.

View full review »
Lead Consultant at a tech services company with 1-10 employees

Aside from pricing, I don't have any issues with Panorama.

View full review »
Sevo Nikolov - PeerSpot reviewer
Information Security Architect at Integrity360

Its scalability can be improved. It is too expensive to scale it in the way Palo Alto wants us to scale. Scalability is one of the main reasons why our customer is looking for alternatives. It is too expensive to scale.

Its redundancy also requires improvement, but it seems that in the latest version, redundancy is improved, and you can have more than two devices in an HA pair. So, they are heading in that direction.

It would be good if they combine their dynamic list functionality in a much better way with Panorama and include it as out-of-the-box functionality. Palo Alto supports the dynamic list functionality for some basic threats, but there is a lot of scope for improvement.

View full review »
Ahmet Top - PeerSpot reviewer
Regional Manager at Barikat

The price of Palo Alto Networks Panorama could be better.

View full review »
KUMAR-SAIN - PeerSpot reviewer
Senior Network Security Engineer at a tech services company with 10,001+ employees

The price could be lower. I would like to see remote VPN, like the Cisco client.

View full review »
Michael Andrews - PeerSpot reviewer
IT Engineer at a mining and metals company with 201-500 employees

I would like to see more real-world testing before updates and patches are released in the live environment. The last VPN update that was released caused a problem that kicked users out. I would also like to see better documentation. The current documentation is not detailed enough.

View full review »
Kyaw Bo Bo Htun - PeerSpot reviewer
Network Engineer at One Cloud

Palo Alto Networks Panorama could improve by making the solution less expensive.

View full review »
VP of IT at a tech services company with 51-200 employees

It could be more secure.

View full review »
Manager - Project at a computer software company with 10,001+ employees

An area for improvement would be the connectivity, which sometimes means logs can be slow to display.

View full review »
Project Specialist at integra software

The notification and alerting system could be improved.

View full review »
Network Architect at a consultancy with 10,001+ employees

They can improve its cloud integration. 

View full review »
CLAUDIO ARAOZ - PeerSpot reviewer
Senior Project Engineer at a outsourcing company with 1,001-5,000 employees

The solution's utilization of network ports makes things as complex as possible. 

The pricing could be better. 

View full review »
Cristian Jerez - PeerSpot reviewer
Asesor - Consultor de redes y seguridad TI en Agrosuper at Agrosuper

It's difficult to implement. 

View full review »
Buyer's Guide
Palo Alto Networks Panorama
September 2022
Learn what your peers think about Palo Alto Networks Panorama. Get advice and tips from experienced pros sharing their opinions. Updated: September 2022.
632,539 professionals have used our research since 2012.