Palo Alto Networks Panorama Room for Improvement
When creating remote access for users, it would be beneficial to be able to base the object on on-premises or the cloud. We should be able to push policies based on a segregation or as a whole.
View full review »JS
Jumras Saeyang
Associate IT Director at Siam Makro PCL
The initial setup was complex.
The licensing costs are quite high.
I would like there to already be a log centralized for the things, however, I don't see any soft security operation center or something that can make it a regular report. When we need some GDPR policy, we just have a one-pack we deploy and tune by ourselves a little bit to suit our organization. We'd like to have something more standardized for this purpose. It would be more of a value-add.
We'd like more log monitoring in general.
View full review »IT
IanThompson
Security Analyst at ARINSO Deutschland
The pricing of the solution could be considered an area of improvement, as it is a comprehensive and feature-rich product that may include features that are not needed by some companies. Therefore, the solution should have a more competitive pricing structure.
View full review »Buyer's Guide
Palo Alto Networks Panorama
April 2024
Learn what your peers think about Palo Alto Networks Panorama. Get advice and tips from experienced pros sharing their opinions. Updated: April 2024.
768,415 professionals have used our research since 2012.
JJ
JamesJiang
IT Security Analyst at a energy/utilities company with 51-200 employees
While Palo Alto is the leading firewall worldwide, it's so pricey. Other products like Checkpoint still do the job, and yet it's way cheaper than Palo Alto. The solution is extremely expensive. You can integrate it with other Palo Alto products, however, it ends up being too much.
Palo Alto prefers the VM version. However, for the VM level, often we have a migration from one host, VM host, to another host, and then the network jobs. And they're not fully redundant. With VM, the purpose is easy migration from one host to another one. That's the purpose of VM in play, however, if you want to have high availability or redundancy, you have to purchase two licenses - one on one host, another one on another host - and it costs a lot of money to do that.
Technical support could be better.
The inbuilt RAM is quite low. If you are increasing the number of firewalls and you want to get this managed via this management server, there are some performance issues. The cost of this product is more. However, the resources they have provided, the inbuilt resources, are less.
The pricing is quite high.
View full review »A potential improvement for Palo Alto Networks Panorama could be a more competitive pricing structure.
View full review »Sometimes in Palo Alto Networks Panorama, we receive issues where it is overloaded and unresponsive. We have issues with accessing the devices due to a slow response from Panorama.
Palo Alto Networks Panorama should be more robust and resilient.
View full review »TC
reviewer1608327
Cyber Ambassador at a comms service provider with 11-50 employees
It tends to move along fairly quickly in terms of features because it is a part of PAN-OS. We are waiting on one feature that's on the beta at the moment, but that's because we use Okta as our authentication.
Reporting might be an area to improve. It can provide reporting or some sort of graphical representation of your environment.
View full review »Before I joined this organization, they experienced some issues when trying to set up zone protection parameters. Last week I applied a zone protection profile; for each and every branch, I had to apply a zone protection profile or modify existing metrics — I needed to physically go to each branch. When we originally deployed Panorama, we were managing the firewalls individually. After implementing all those firewalls and changing all of the templates, it's really hard to modify them.
You can't just modify them with a single click, you need to physically go to each individual branch and make the changes yourself — we can't directly seal all of the fireworks. This needs to be improved.
With version 9.1, when configuring it, if something goes wrong, then it reverts back to your original settings automatically. This is a nice feature but it's not available on the standard firewalls. If we didn't have Panorama and I was setting up some remote Palo Alto firewalls, after implementing my configurations, if I were to lose the configurations then I would lose firewall access. This isn't the case with other firewalls like Cisco and Juniper SRX where you can just put in a reminder in the last 10 minutes.
Palo Alto Networks Panorama currently lacks the capability of integrating with other software, such as AlgoSec to simplify rule management and schedule management. However, this feature has been requested by the company and it is uncertain if Palo Alto will implement it in the future. Additionally, the UI needs improvement, it is too slow.
View full review »GA
GokulAnand
Manager at a financial services firm with 10,001+ employees
I don't have any real comments in terms of areas of improvement.
The scalability is limited.
It is an expensive product.
View full review »Price is probably one of the biggest things that we struggle with, specifically with Palo, and that's across their whole portfolio. Also, the tech support could be better.
View full review »There is room for improvement in response time for tech support.
View full review »Palo Alto Networks Panorama has some bugs that could be fixed.
View full review »NB
reviewer1278348
Network Engineer at a tech vendor with 10,001+ employees
My company's getting whatever it needs from Palo Alto Networks Panorama, but in the cloud, there's an issue with CPU management, and that's an area for improvement. Though the normal data traffic doesn't go through the management interface, whenever there's an increase in the throughput, CPU management becomes high. If you increase the load, CPU management spikes, and it's what needs to be taken care of in Palo Alto Networks Panorama.
View full review »We have faced some challenges with the solution. We had Panorama in the cloud, and then we used Panorama to manage the on-prem firewalls. Then we had some network-centric architecture to connect to on-prem, where we had two separate Palo Alto firewalls on the cloud. From there, we had a direct connect, external direct connect to the on-prem. In that case, the issue we faced was that whenever the traffic left AWS, it went with any one of the subnets, either from availabilities on one subnet or availabilities on two subnets. When we configured Panorama, it was actually behind a NAT device on two separate IP signals, and there were challenges around that.
When we were deploying Panorama in AWS, there were some issues with Panorama deployment in AWS. I was the first customer to deploy Panorama in AWS, and I raised a case with both AWS and Panorama. Then, in the next Panorama release, they enhanced some features, and both came up in the same version. I had to wait for two or three months to get to a resolution.
Sometimes technical support is slow to respond.
The solution is expensive.
Panorama can be a bit difficult compared to other Palo Alto solutions. It would be ideal if they could simplify it a bit.
View full review »In the future, it would be beneficial if Panorama could include a firewall assurance feature similar to Skybox. While each firewall has its policy optimizer, a consolidated policy optimizer in Panorama could further enhance firewall management and optimization.
View full review »The price could be lower. I would like to see remote VPN, like the Cisco client.
View full review »SN
Sakher Najdawi
Head of IT Department at a logistics company
The dual WAN functionality is missing in this solution.
View full review »SU
Suresh Ukkalkar
Manager - Projects & Programs at BhaktiVedanta Hospital
The configuration could be a bit better. For us, it's a critical aspect. We've noticed Cisco may be better in this regard.
View full review »There are times when we are backing up a device centrally, we do not get a full backup. We are able to do a full backup of all the devices but when we attempt to backup a single device, it only does the backup of a few presets and not the full configuration.
In the future, they could improve by providing better management of the devices, such as bandwidth.
View full review »This is a relatively expensive solution and I wouldn't recommend it for a stand-alone deployment.
View full review »NR
NoamRotter
Cloud Security Engineer at a computer software company with 1,001-5,000 employees
It's not part of my role to connect other devices to Panorama, so I don't know how the integration works. I maybe need a better understanding of how the policies of the signature work. For example, what does it mean to exclude an IP, and what are the policy rules and priorities? I need more knowledge about the signature policy and priorities.
Instead of searching their knowledge base in their website, maybe they can interact with us in the user interface to explain things better. If they had pop-ups to help guide us, we might get fewer failures along the way. Small notifications would be quite helpful.
View full review »It should have more connection with Threat Intelligence Cloud. They can also include features related to SecOps and automation API.
View full review »We have had some issues in the past because integrating a new device is not intuitive. If there is some room for improvement, that would be it.
I'm not an expert on the matter, but I would like to see more capabilities regarding automation and integration. We are seeing a trend where the clients are asking for integrations with European tools. I know the solution is quite integral with all kinds of tools, but there are some different tools here in the market in Europe, so this is important.
The menu is full of options, which is good in some ways, but for a newbie it can be a little bit overwhelming and you need to properly understand it before starting to work with it. I think the ramp up at the beginning is quite intense.
RD
reviewer1267500
Director, Compliance and Risk Management at a pharma/biotech company with 10,001+ employees
Pricing is always something that consumers hope will be addressed in their favor. I think that some method of allowing for more customization and open integration with other controls within the enterprise is something that we want to have. We want to be able to have more orchestration of disparate parts.
I think the features that most of the features that I would like to see are currently being implemented. Behavioral heuristic analysis of connections, for example. That is something that I know is being done now.
View full review »The price of Palo Alto Networks Panorama could be better.
View full review »TG
reviewer1227594
Senior Network Engineer at a tech services company with 201-500 employees
It communicates with remote devices, and sometimes, there is a little bit of delay during its communication with remote devices. There should be real-time communication or updates from the manager to devices.
In Panorama and Palo Alto firewalls, I would like to have a traffic simulator. They have packet capture for troubleshooting, but it would help if they can provide a traffic simulator so that we can simulate the traffic and see the route the traffic is taking and get feedback about whether it is blocked or it is able to pass.
View full review »The pricing should be reconsidered. It's too high right now.
At times we have noticed that we get into issues where Panorama is going too slow or has other little problems. The performance can suffer occasionally.
View full review »The alerts in Palo Alto Networks Panorama could improve by integration with other systems, such as a forwarding trigger system. For example, if a customer has their own system it would be helpful to have the alarms integrated.
In the future, when doing an update all solutions should be updated at once. For example, if many different solutions are being managed by Palo Alto Networks Panorama the updates can be done for all firewalls, such as EDR and XDR.
View full review »HA
reviewer1360608
Security Technical Lead at a tech services company with 11-50 employees
If a large company uses Panorama as a log collector, it may require setting up multiple local collector devices due to potential limitations in handling firewall logs. It would be beneficial to improve the capabilities of Panorama to handle logs more efficiently, potentially reducing the need for additional local collectors. Adding more predefined dashboards as features would enhance the monitoring and reporting capabilities. The iOPS tools, which are currently offered separately, could be integrated into Panorama to eliminate the need for an additional dashboard or GUI.
View full review »Storage in Palo Alto Networks Panorama needs improvement.
My company also experienced deployment issues when the product was first installed, particularly when binding with the firewall. It's not as user-friendly because not everyone can deploy it without some knowledge.
Updating Palo Alto Networks Panorama was also a bit challenging when upgrading your firewall, so that's another area for improvement.
View full review »MM
MohamedMansour
Security Unit Manager at Digital Hub Egypt
The solution needs to improve its pricing model.
Panorama needs to work on its configuration issues.
They should also focus on firewall management. Many clients have multiple firewalls, so Palo Alto should offer better management of them. They could model themselves off of AlgoSec, or maybe FireMon which are other very good firewall management tools.
The central firewall management could be better.
View full review »As the cybersecurity threats have become more aggressive these days, Palo Alto Networks Panorama can still be improved, particularly on the security side, for example, more network management, and penetration test. Improving the security feature for internal endpoints is needed in the solution.
What I'd like to see in the next release of Palo Alto Networks Panorama is more training and more marketing.
View full review »BB
Bruce Bennett
Sr. Systems Analyst at a manufacturing company with 5,001-10,000 employees
Panorama: The ability to add scheduled jobs would be a significant improvement. Panorama has the ability to push out OS updates, but it would be nice to be able to schedule those updates so not to affect the site during normal business hours.
Firewalls:
- (1) App-ID is good, but could be better. We use off ports for some common services and App-ID does identify the application correctly, but the rule allowing the traffic does not allow the traffic without adding the ports to the rule. This negates the need for App-ID in the rule. If App-ID worked as I think it should, we would use it and then block the common port.
- (2) Integration with Microsoft Active Directory incurs significant additional traffic across the WAN circuits. We have a number of GCs across our environment and the configuration of Active Directory in the firewalls requires significant communications to all of the GCs across our environment. We were seeing the firewalls generate around 500kb of WAN traffic communicating with all of the GCs. After reviewing the configuration with Palo Alto support, the config was correct. While we do want to be able to use the User-ID functionality of the firewalls, that kind of overhead is not acceptable.
A bottleneck in Palo Alto Networks Panorama is the licensing. The pricing and licensing model for the product is expensive and can be complicated, or it could be because I'm more familiar with Cisco licensing, which I find brilliant and easy, compared to Panorama licensing, which could be hell.
Another area for improvement in Palo Alto Networks Panorama is report generation.
It is expensive and suitable only in an enterprise environment.
View full review »DL
DenysLahutin
Sales engineer at MUK
It is not a cheap product. Some kinds of Palo Alto devices can cost a few thousands of dollars, and Panorama will be even higher. For the big customers that have a lot of devices, it is crucial to get all the benefits from the Palo Alto Networks portfolio regarding network security.
For a highly secure environment, they sometimes need only hardware appliances, not a virtual machine.
Everyone, I suppose, would like the price to be improved. Price is always a good thing to change.
There is always room for improvement in anything. But I couldn't really comment on that off the top of my head.
In terms of updates, I believe everything is in order. That is not an issue for me.
View full review »EL
reviewer1660839
Security Solution Engineer at a computer software company with 501-1,000 employees
It is quite hard to understand the platform. It is not easy and user-friendly. You need some experience and the proper technincal training to use Panorama without risks.
It is very complex, and you must know exactly what to do.
The bigger problem is that Panorama Dashboard Logic is quite different than PanOS firewall Dashboard.
The second problem is that you dont have wizards or template .You need to build your enviroment from zero on your own incurring in possibile configuration or logic errors.
I would like to have a more user-friendly and simple to use product .
For istance FortiManager is comparatively much more easier to use and understand.
Palo Alto Firewall too are Really easier to manage than Panorama.
Panorama Logging and reporting features are quite good ( like PaloAlto Firewall) but not the best on the market ( for istance Checkpoint SmartEvent is still far better)
I would improve the management. I need to view charts and traffic statistics, but the management console doesn't share that information with me.
I would also improve the integration with other solutions.
View full review »AS
reviewer1656144
Network Implementation Engineer at a comms service provider with 501-1,000 employees
The customer support needs to be better. Sometimes we need to wait for hours before getting someone from the product team or someone from the Palo Alto customer support to get on a call if we are facing some issue. They could reduce the wait times.
ST
Swapnil Talegaonkar
Technology consultant at a tech services company with 501-1,000 employees
There is a need to improve the upgrade process. When we are upgrading the solution we are facing some issues with Elasticsearch services. Every time we upgrade it takes a long time to become stable.
In an upcoming release, I recommend having policy segmentation because that will help Panorama. There is no policy segmentation as you would find in Check Point.
View full review »TM
reviewer1338396
Engineering infrastructure manager at a financial services firm with 10,001+ employees
We found a vulnerability where when we have a low flow, like 2.7K, it is not getting fired by the threat prevention. That's something important to improve on. They should have a proxy or some solution to solve the issue.
We also found some issues around decrypting the flow. When we have more flow than expected to decrypt, the performance goes down.
It's difficult to implement.
View full review »SK
reviewer1420032
Lead Program Manager at a computer software company with 10,001+ employees
There are too many OS upgrades. We've had six new versions in the past six months. Even if they are updating it to fix bugs, it's hard to keep pace with the change when you have 800 or more Palo Alto devices that you now need to update and upgrade.
We try to follow version minus one or two for security reasons. To keep pace with the changes, it takes us nearly six months as we have to check with the business, arrange downtime, and count and cover all devices.
These upgrades aren't just little fixes either. Whenever there is a new release, it requires an OS upgrade. It would be nice if there was some automation on the upgrades of the devices.
They need to do less bug-related releases and create versions that are stable for at least six months at a time. I don't find this issue in other solutions like Cisco, Check Point, FortiGate, or others. Those just provide a patch if there is a bug and we don't have to worry about downtime.
View full review »BR
reviewer1324731
Manager - Project at a consultancy with 10,001+ employees
An area for improvement would be the connectivity, which sometimes means logs can be slow to display.
View full review »CA
CLAUDIO ARAOZ
Senior Project Engineer at a outsourcing company with 1,001-5,000 employees
The solution's utilization of network ports makes things as complex as possible.
The pricing could be better.
View full review »LR
reviewer1542609
Senior System Engineer at a financial services firm with 10,001+ employees
I haven't come across any issues with the product. Overall, it's been very positive.
I don't recall missing any features. It's a fairly complete solution.
The product could offer more integration with other solutions.
View full review »I would like to see more real-world testing before updates and patches are released in the live environment. The last VPN update that was released caused a problem that kicked users out. I would also like to see better documentation. The current documentation is not detailed enough.
View full review »RM
Rajiv Mukherjee
Lead Consultant at a tech services company with 10,001+ employees
We have experienced a few bugs which the team at Palo Alto don't have solutions for.
In the next release, it would be good to have features which increase the processing power in clusters.
View full review »LT
Leo Tse
Security Manager at a transportation company with 1,001-5,000 employees
I would like to have better analytics.
The network traffic analysis (NTA) is something that you can add on to get more insight from the traffic passing through the firewall, and it should be included.
View full review »MS
Mohamed Sharaf
Security Consultant
I have had some leakage issues before, but it was solved. I would, however like to see better integration with other products.
View full review »I am observing that whenever pushing our configurations sometimes the configuration will not push properly and then we have to go to the individual firewall and save it again.
TS
reviewer978189
Sr. Director, Security and Architecture at a pharma/biotech company with 11-50 employees
Its UI and usability could be improved. The way the UI looks could be improved to make it a little bit more intuitive. Other than that, it is a pretty simple product.
View full review »JM
reviewer1274937
Network Engineer at a educational organization with 1,001-5,000 employees
There were a few bugs a couple of years into it. There was a big bug where it had trouble communicating with the two main boxes.
View full review »MS
reviewer1469877
Senior Network & Security Administrator at a consultancy with 1,001-5,000 employees
In our version, there is no feature to transfer or upload a database of third-party vulnerabilities or signatures so that Panorama can convert them into its own database. This kind of feature might already have come in version 10.
View full review »The general customer feedback is when saving the configuration, it takes a long time. That needs to be fixed. The troubleshooting, the debugging part is also a little bit of a pain. It's not user-friendly on the interface to do our debugging when comparing it with other firewalls, like Forcepoint.
It would be nice to have a real-time traffic monitoring console similar to Forcepoint firewalls where you can see in real-time instead of having to keep on refreshing, or maybe a command on the console where you are able to see the traffic.
The solution needs to work on speeding up the committing time.
View full review »Clients need to have an alarm and alert system from which they can forward the trigger. The product needs to improve its integration as well.
View full review »DG
reviewer1405314
Director at a tech services company with 1-10 employees
The ease of use of Palo Alto Networks Panorama is an area for improvement, because it's not very easy to use. The downside with the system is that you need a lot of comprehension to understand what it is. There are also risks associated with making a change, e.g. you can accidentally break your network which knocks off the firewall, and then you can't get back on again. If you know what you're doing, e.g. if you're a specialist, then there won't be any problems, in general.
It's important to gain an understanding of Palo Alto Networks Panorama, or the concept, before you start. It works like Palo Alto, but it doesn't at the same time, because you have templates, and the templates have to be applied before your variables, and then those variables directly affect your objects. It's important to understand how it works. I wish they could make it easier, and a bit more intuitive, but if you're doing the training, and you're properly in the system, then it will make sense the way it's explained to you, otherwise, it'll be hard to make sense of it.
It could be difficult to get to the stage you want to be on with this system. It's similar to a different language, and it's so hard to just do it on your own, but if you are in the culture and you're speaking to other people, then it becomes easier because you're doing it. That's the learning curve right there, e.g. if you've never done it before, you'll sit and look around saying: "What is this? I don't understand." If you're doing the training, and you're more involved in the product, or even if you speak to specialists, they will be able to help you, then you start to learning it and what it can do.
View full review »SE
reviewer1602627
Network Security Engineer at a tech company with 201-500 employees
It could be easier to manage. In the future, it should be much easier because it's not very easy to manage. So in the next release, I think it should be much easier to manage, especially in the first configuration. It could also be more stable.
View full review »DS
Engineerinfosec67
Senior Information Security Engineer at Westcon
I think the multitenancy of this solution can be improved. I would also like to see better management task automation for the trial environment. That is missing in this solution.
In the next version, I would like to have more integration with the cloud and with the services delivered by Palo Alto. It isn't very task integrated at this stage. I would also like more dashboard management.
View full review »MZ
reviewer2093418
PDE at a non-tech company with 10,001+ employees
The solution can improve by providing unique reports in relation to the function of which you choose the firewall to do.
Palo Alto Networks Panorama could improve by making the solution less expensive.
View full review »HK
reviewer1470609
Network Architect at a consultancy with 10,001+ employees
They can improve its cloud integration.
View full review »CB
cto543714
CTO at a tech services company with 1-10 employees
I don't see many places to improve the solution. For us, it's working quite well.
The solution should improve the speed at which they make changes on the system. Historically, they've been a bit slow in that respect. They should apply changes to the box quicker and more often.
SK
SathishKumar
Project Specialist at integra software
The notification and alerting system could be improved.
View full review »It can take a few minutes to test to see if any changes are successful or not. This needs to be improved. A change commit should take a second, not a minute or more.
Panorama does suffer from performance issues, which they need to resolve.
Also, technical support isn't very responsive and could use some improvement.
View full review »PB
reviewer1651302
Director Of Technology at a tech services company with 1,001-5,000 employees
There could be more integrations with third parties.
View full review »DS
Darshil Sanghvi
Consultant at a tech services company with 501-1,000 employees
Palo Alto must provide a cloud-based feature or solution.
The initial setup requires expertise and can be a bit complex.
I would like to see the management be a bit more simple than it is currently.
View full review »PS
NetworkAa5e9
Network Architect at a media company with 10,001+ employees
My pain point is the automation process is not well-documented. There are some things that they could improve on there.
If you go in the system to search for something, it is not intuitive. They could really improve that.
There is a concept of device groups and a concept of templates. The templates can allow for inheritance, but the device groups do not.
View full review »RR
reviewer1656078
Founder at a tech services company with 51-200 employees
The solution could improve by having a true single pane of glass environment for unified management. At the present time, you still have to use three or four different solutions to bring everything together.
View full review »RS
reviewer1303821
Network Security Engineer at a tech vendor with 51-200 employees
The product does need a bit of configuration. It's not quite ready to go out of the box.
The solution could do a bit more with its security updates. Palo Alto in general could be a bit more secure.
Support is pretty good, however, they could always be a bit faster and more responsive.
View full review »ML
reviewer1336062
Chief Cloud Architect at a tech services company with 1,001-5,000 employees
I would like to see Networks Panorama more integrated into the firewall solutions rather than being a separate component. This would be helpful so that we can do rule-based change management for the firewall through it as well.
View full review »JE
reviewer1417920
Regional Manager, Management Information Systems at a wellness & fitness company with 501-1,000 employees
I'd like to see improvement in the speed and reliability of the solution. They're the two things most important to me right now.
SN
Sevo Nikolov
Information Security Architect at Integrity360
Its scalability can be improved. It is too expensive to scale it in the way Palo Alto wants us to scale. Scalability is one of the main reasons why our customer is looking for alternatives. It is too expensive to scale.
Its redundancy also requires improvement, but it seems that in the latest version, redundancy is improved, and you can have more than two devices in an HA pair. So, they are heading in that direction.
It would be good if they combine their dynamic list functionality in a much better way with Panorama and include it as out-of-the-box functionality. Palo Alto supports the dynamic list functionality for some basic threats, but there is a lot of scope for improvement.
View full review »SF
Execmgr567
Executive Manager at a financial services firm with 1,001-5,000 employees
There is room for improvement in the integration within endpoint detection. They need to do some integration between endpoints and the firewalls.
They also need to add a mobile version for product so we can access the interface easily.
View full review »AR
reviewer1454613
VP of IT at a tech services company with 51-200 employees
It could be more secure.
View full review »RN
reviewer1460898
Lead Consultant at a tech services company with 1-10 employees
Aside from pricing, I don't have any issues with Panorama.
View full review »Buyer's Guide
Palo Alto Networks Panorama
April 2024
Learn what your peers think about Palo Alto Networks Panorama. Get advice and tips from experienced pros sharing their opinions. Updated: April 2024.
768,415 professionals have used our research since 2012.