Coming October 25: PeerSpot Awards will be announced! Learn more

Palo Alto Networks Panorama OverviewUNIXBusinessApplication

Palo Alto Networks Panorama is #4 ranked solution in top Firewall Security Management tools. PeerSpot users give Palo Alto Networks Panorama an average rating of 8.6 out of 10. Palo Alto Networks Panorama is most commonly compared to AWS Firewall Manager: Palo Alto Networks Panorama vs AWS Firewall Manager. Palo Alto Networks Panorama is popular among the large enterprise segment, accounting for 67% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 19% of all views.
Palo Alto Networks Panorama Buyer's Guide

Download the Palo Alto Networks Panorama Buyer's Guide including reviews and more. Updated: September 2022

What is Palo Alto Networks Panorama?

Panorama network security management provides static rules and dynamic security updates in an ever-changing threat landscape. Reduce administrator workload and improve your overall security posture with a single rule base for firewall, threat prevention, URL filtering, application awareness, user identification, file blocking and data filtering.

Palo Alto Networks Panorama Customers

University of Arkansas, JBG SMITH, Temple University, Telkom Indonesia

Palo Alto Networks Panorama Video

Archived Palo Alto Networks Panorama Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
PeerSpot user
Lead Program Manager at a computer software company with 10,001+ employees
Real User
Top 5Leaderboard
Flexible, scalable and very user friendly
Pros and Cons
  • "You don't need an overly experienced workforce to handle Palo Alto. It's very easy to use."
  • "They need to do less bug-related releases and create versions that are stable for at least six months at a time. I don't find this issue in other solutions like Cisco, Check Point, FortiGate, or others. Those just provide a patch if there is a bug and we don't have to worry about downtime."

What is our primary use case?

We primarily use the solution for automation purposes and for security.

What is most valuable?

The underlying technology is very good, considering that we are moving to a work-from-home environment.

Panorama is a straightforward tool. Palo Alto is comparative to other firewalls. Some firewall tools are more user friendly, and, from a technical perspective, it is very user friendly as well. It's not like Check Point. We use a setup for offshore development centers. For all those ODCs, we usually use a Palo Alto device. We have few perimeter firewalls which are Palo Alto but for the perimeter predominantly we use Check Point.

You don't need an overly experienced workforce to handle Palo Alto. It's very easy to use.

The solution if extremely flexible and scalable.

What needs improvement?

There are too many OS upgrades. We've had six new versions in the past six months. Even if they are updating it to fix bugs, it's hard to keep pace with the change when you have 800 or more Palo Alto devices that you now need to update and upgrade.

We try to follow version minus one or two for security reasons. To keep pace with the changes, it takes us nearly six months as we have to check with the business, arrange downtime, and count and cover all devices.

These upgrades aren't just little fixes either. Whenever there is a new release, it requires an OS upgrade. It would be nice if there was some automation on the upgrades of the devices.

They need to do less bug-related releases and create versions that are stable for at least six months at a time. I don't find this issue in other solutions like Cisco, Check Point, FortiGate, or others. Those just provide a patch if there is a bug and we don't have to worry about downtime.

For how long have I used the solution?

We've been using the solution for close to seven years at this point. It's definitely been about six years.

Buyer's Guide
Palo Alto Networks Panorama
September 2022
Learn what your peers think about Palo Alto Networks Panorama. Get advice and tips from experienced pros sharing their opinions. Updated: September 2022.
634,775 professionals have used our research since 2012.

What do I think about the stability of the solution?

The solution is very, very stable. There aren't too many issues on it once you get it up and running. We consider it reliable.

What do I think about the scalability of the solution?

The solution is very scalable. If a company needs to expand its services, it can do so rather easily.

We have different businesses running inside the organization. We have close to 800 devices, so it means about 800 different projects are using those devices. Each project has a firewall, so most of these, 80%, are on Palo Alto.

Which solution did I use previously and why did I switch?

We use Check Point as well, however, we don't really like it as much. It's not as user friendly.

Prior to this solution, we were using the ASA products and then Check Point. Check Point is a little complicated. I can use Check Point on my perimeter firewall, but not on my overseas businesses. That's what makes Palo Alto is more user friendly. I can use the GUI to do everything due to the fact that I don't need a skilled person to work on the Palo Alto. On Check Point, I have to go to CLA and do all the changes. 

 It's easy to upgrade or to do anything with the Palo Alto. Technically it's quite sound. It's dynamic, scalable, and there's a lot of things that can be done easily. Plus, I don't need an extremely experienced person to work on Palo Alto. Anybody with two or three years of experience can easily work on a Palo Alto device.

How was the initial setup?

The initial setup is not complex. It's pretty straightforward.

The deployment is easy and uncomplicated. It takes about an hour or so, if not less than an hour. It's pretty quick.

However, we have 800 or more devices. It takes about six months to deploy everything, especially if I have to do everything manually.

We have eight to ten people who manage deployment and maintenance.

What about the implementation team?

We haven't used an integrator or reseller. We handled the implementation ourselves in-house.

What's my experience with pricing, setup cost, and licensing?

In terms of licensing for Panorama and Palo Alto products, we have only the DMC cost and we are billed every year.

It's not overly expensive. It is comparatively okay if you look at other devices. Compared to the top three devices, pricing is okay due to the fact that you have multiple vendors who are selling firewalls and competing with each other for the same clients. 

What other advice do I have?

We're just a customer. We don't have a business relationship with the company.

We have multiple variants of the solution's model. Currently, we are using 8.1.15-H. We also have some virtual firewalls that are recently in Tokyo. We are using close to around 800+ Palo Alto firewalls. 

We're currently developing our virtual firewalls and have them in different locations. 

It is not just Palo Alto. We have other devices as well, so we have close to around 1300 plus firewall devices.

I would recommend the solution to others.

I'd rate the solution eight out of ten. If you need a perimeter type of device, Check Point may be a better option. However, for my businesses, I would choose Palo Alto due to its scalability and user-friendliness. It also has great security features. That said, if it didn't release so many new updates, I would rate it higher, simply due to the fact that so many upgrades requires a lot of work on our part.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Chief Cloud Architect at a tech services company with 1,001-5,000 employees
Real User
Operate more efficiently with fewer errors in security measures
Pros and Cons
  • "Palo Alto technical support is excellent."
  • "The compliance features are very effective at identifying things that need to be properly hardened."
  • "Networks Panorama has improved our organizational security"
  • "This would be a better solution if it were more tightly integrated with the firewalls."

What is our primary use case?

We are using it to manage the configuration of the firewall to validate that the environment is properly hardened (i.e., vulnerabilities are minimized).  

How has it helped my organization?

Networks Panorama has improved our organization by allowing us to operate more efficiently and make sure that fewer errors are made in our security setup and choices.  

What is most valuable?

The most valuable feature in my opinion is the compliance capabilities that help us meet defined requirements. These features are very effective at identifying things that need to be properly hardened.  

What needs improvement?

I would like to see Networks Panorama more integrated into the firewall solutions rather than being a separate component. This would be helpful so that we can do rule-based change management for the firewall through it as well.  

For how long have I used the solution?

I have been using Palo Alto Networks Panorama for about nine months.  

What do I think about the stability of the solution?

I think that Networks Panorama has been a very stable solution.  

What do I think about the scalability of the solution?

I have not had any issues in working with the scalability of the product. We have about five users who are primarily IP security that work directly with the product. The number of users is not a problem. The scalability obviously has to do with applying the product to the architecture.  

How are customer service and technical support?

My experience with Palo Alto technical support has been excellent.  

How was the initial setup?

The installation and setup are very straightforward.  

What's my experience with pricing, setup cost, and licensing?

The pricing model is reasonable for this class of solutions.  

What other advice do I have?

Implementing Palo Alto Panorama is something I would strongly recommend for people who are considering it that have a need for this kind of security solution. It makes your life a lot easier in building a robust security response.  

On a scale from one to ten (where one is the worst and ten is the best), I would rate this product overall as a nine-out-of-ten. If they fix the integration, that would bring it up pretty much right to a ten-of-ten at least for now.  

Which deployment model are you using for this solution?

Hybrid Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Palo Alto Networks Panorama
September 2022
Learn what your peers think about Palo Alto Networks Panorama. Get advice and tips from experienced pros sharing their opinions. Updated: September 2022.
634,775 professionals have used our research since 2012.
Sumanth Myneni - PeerSpot reviewer
Architect at PepsiCo
Real User
Top 5
An easy setup with good security alerts and a nice dashboard
Pros and Cons
  • "Our team has the option to make configuration changes at any given time."
  • "At times we have noticed that we get into issues where Panorama is going too slow or has other little problems. The performance can suffer occasionally."

What is our primary use case?

We primarily use the solution for security.

What is most valuable?

The solution works on a single pane of glass, so we have a good overview of everything happening.

We can easily look at security alerts.

Our team has the option to make configuration changes at any given time.

There are excellent reporting capabilities within the product.

The setup is quite easy.

What needs improvement?

The pricing should be reconsidered. It's too high right now.

At times we have noticed that we get into issues where Panorama is going too slow or has other little problems. The performance can suffer occasionally.

For how long have I used the solution?

I've worked with the solution for three to four years at this point. It's been a while now.

What do I think about the stability of the solution?

The solution is stable, aside from a few performance issues. We find it to be reliable. It doesn't crash or freeze. It's not really buggy. It's pretty good.

What do I think about the scalability of the solution?

The solution isn't too scalable. Organizations should keep this in mind if they are considering installing it.

We have about ten or more people on the team that make use of the solution. They're admins and they monitor it.

How are customer service and technical support?

Technical support has been good so far. I'd say that we are satisfied with the service. They seem to be knowledgable and responsive.

How was the initial setup?

The initial setup isn't too complex. It's pretty straightforward.

The production instances take about an hour or so. Deployment is fast.

We have ten admins that make sure the solution is working properly at any given time.

What's my experience with pricing, setup cost, and licensing?

The pricing is too high for us. We'd like it to be more affordable.

What other advice do I have?

We're just a customer. We don't have a business relationship with Palo Alto.

I'm not sure of which version of the solution I'm using. I've worked with many versions, including both newer and older ones.

We use multiple deployment models. We use both cloud and on-premises deployments.

In general, I'd recommend the solution to other organizations. It's worked well for us and we don't believe there's anything feature-wise that is really missing. 

I'd rate the solution, on a scale from one to ten, at an eight. Of course, if it was less expensive and had a more stable performance, I'd mark it higher.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Regional Manager, Management Information Systems at a wellness & fitness company with 501-1,000 employees
Real User
Provides great centralized management which saves us time

What is our primary use case?

We use the solution to manage the several Palo Alto firewalls we have. We are customers of Palo Alto and I'm an information systems and security manager.

What is most valuable?

I think the centralized management is a valuable feature because you can set corporate wide policies and push it out to all the firewalls without touching each one. 

What needs improvement?

I'd like to see improvement in the speed and reliability of the solution. They're the two things most important to me right now. 

For how long have I used the solution?

I've been using the solution for the past 18 months. 

What do I think about the stability of the solution?

The solution always runs but the problems we have occur when we make changes. Sometimes the results are not what we expected. Sometimes you make changes in the software and then you push it to the firewalls. Theoretically, you should be able to make the changes and push at the same time but we have found that we have to save them first and then push. After that it usually works. That process could be simplified. We have two people using the solution.

What do I think about the scalability of the solution?

I can't speak to the scalability of the solution. 

How was the initial setup?

We hired a consultant for the initial setup. None of our staff are firewall engineers. We're more like firewall administrators and our environment is quite complex. 

What other advice do I have?

I would rate this solution an eight out of 10. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Director, Compliance and Risk Management at a pharma/biotech company with 10,001+ employees
Real User
Sophisticated and robust prevention that is relatively easy to setup even in complex environments
Pros and Cons
  • "The product features allow the capacity to take effective, advanced security measures."
  • "The product could use some method of allowing for more customization and open integration with other controls."

What is our primary use case?

My obligations consist of overseeing cyber threat intelligence, threat defense operation, digital forensic incident response, and data loss prevention. So in the context of endpoint solutions, my position pertains mainly to the DLP (data loss prevention) function.  

Cisco AMP (Advanced Malware Protection) plays a significant role in our perimeter strategy for protecting the infrastructure. I work primarily with making sure that we have indicators of compromise in Cisco AMP. I am not on the network engineering or network operations side of things. I am mainly a consumer of services from those particular groups.  

We use Snort rules (open source network intrusion detection system [NIDS]). We use Yara rules (Yet Another Recursive/Ridiculous Acronym, rules for malware identification). We have Palo Alto IPSs (Intrusion Prevention Systems).  

Our use cases are primarily perimeter-based for runtime malware defense.  

What is most valuable?

The most valuable features are the management features like the ACL (Access Control List) management. These give us the capacity to make effective use of the capabilities of the product.   

What needs improvement?

Pricing is always something that consumers hope will be addressed in their favor. I think that some method of allowing for more customization and open integration with other controls within the enterprise is something that we want to have. We want to be able to have more orchestration of disparate parts.  

I think the features that most of the features that I would like to see are currently being implemented. Behavioral heuristic analysis of connections, for example. That is something that I know is being done now.  

For how long have I used the solution?

We have been using Networks Panorama for a couple of years now.  

What do I think about the stability of the solution?

The stability is good. If you consider the size of our organization and the number of users that can verge on being impressive.  

What do I think about the scalability of the solution?

I have good impressions of the scalability of this solution. We have not really had any issue scaling the usage.  

How are customer service and technical support?

The tech support is actually pretty good. In general, they address issues in a timely manner with reasonable responses.  

Which solution did I use previously and why did I switch?

My team has not previously used any different solutions in this company, but I have definitely, in the past, used other solutions. It is really necessary for the evaluation of product capabilities.  

How was the initial setup?

The installation was straightforward in a complex environment. That means that we could have had far more issues were the product not well-designed from an installation standpoint. We are a big organization. Deployment can be a matter of weeks or it could be a matter of months depending on what jurisdiction the installation happens to be in.  

What about the implementation team?

We have various partners and consultants that we work with in addition to having expensive competencies in-house. We do not often have a reason to go beyond the network of expertise that we have established.  

What other advice do I have?

My advice to anyone considering Networks Panorama is to thoroughly research the competitive landscape. Do your Gartner research. Make sure you develop a set of requirements — a feature matrix that you can use to compare your requirements with the functionality offered by the various solutions under consideration. There are a lot of solutions out there and the goal would be to pick the one that best fits your situation rather than just one that someone recommends.  

On a scale of one to ten (where one is the worst and ten is the best), I would rate this product as an eight-of-ten considering the knowledge and insight I have into it now.  

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
PeerSpot user
CTO at a tech services company with 1-10 employees
Reseller
Top 5Leaderboard
Good scheduling and reporting with very reliable stability
Pros and Cons
  • "The solution is very stable. It's reliable. We don't experience bugs or glitches. It doesn't crash. It works as expected."
  • "The solution should improve the speed at which they make changes on the system. Historically, they've been a bit slow in that respect. They should apply changes to the box quicker and more often."

What is our primary use case?

We primarily use the solution to centrally manage multiple firewalls that we have in our infrastructure and to be able to consistently push policies to them. It's really just a management platform.

What is most valuable?

The most valuable aspects of the solution are the backup to recovery, pushing out the patches, and scheduling. 

It also has good reporting capabilities in it as well.

What needs improvement?

I don't see many places to improve the solution. For us, it's working quite well.

The solution should improve the speed at which they make changes on the system. Historically, they've been a bit slow in that respect. They should apply changes to the box quicker and more often.

For how long have I used the solution?

I've probably used the solution a few years now. I would say that it's been at least three to four years.

What do I think about the stability of the solution?

The solution is very stable. It's reliable. We don't experience bugs or glitches. It doesn't crash. It works as expected.

What do I think about the scalability of the solution?

Right now, the solution appears to be very scalable. I should note that, with a company of our size, we're not pushing it to its functional limits or anything by any stretch of the imagination. That said, it scales very well for us.

How are customer service and technical support?

I personally have never required much help from them, but I have found that they're very responsive. Our company has been satisfied with the level of support they have provided us over the years.

How was the initial setup?

The initial setup was not complex. It was actually quite straightforward.

What about the implementation team?

My engineer did most of the installation for the organization. We didn't need outside resources or any kind.

What's my experience with pricing, setup cost, and licensing?

We pay approximately $3,000 a year in order to use the product.

What other advice do I have?

We're a reseller of Palo Alto.

We're currently using the most up to date version of the solution at our organization.

I would advise companies considering using the solution to go through the training before setting out on implementing anything. New users should maybe be somewhat familiar with it before they do the installation, just so that they can familiarize themselves with how it works. It's not difficult, however, you just don't want to go at it without having some understanding of where things are located. It will make the setup much easier.

I would rate the solution nine out of ten overall. It's a very solid product from a management perspective. Often companies will try to oversell how great their product is, however, in this case, it's true. It's very good.

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
PeerSpot user
Senior Information Security Engineer at Westcon
Real User
Easy integration of the firewalls and extremely stable and scalable, with no additional costs
Pros and Cons
  • "The solution is absolutely stable."
  • "I would like more dashboard management."

What is our primary use case?

We mainly use this solution to centralize our management.

What is most valuable?

What I really like about this program, is the easy integration of the firewalls and the core management interface, which is almost exactly the same as the single firewall.

What needs improvement?

I think the multitenancy of this solution can be improved. I would also like to see better management task automation for the trial environment. That is missing in this solution.

In the next version, I would like to have more integration with the cloud and with the services delivered by Palo Alto. It isn't very task integrated at this stage. I would also like more dashboard management. 

For how long have I used the solution?

I've been using the solution for about three years.

What do I think about the stability of the solution?

The solution is absolutely stable.

What do I think about the scalability of the solution?

I believe the solution is scalable, because it is able to manage more than 3000 devices for our company without any issues.

How are customer service and technical support?

I am impressed by the customer service. The Palo Alto software is a good, fast and it is easy and quick to find a solution.

How was the initial setup?

The initial setup was very easy and deployment took about four hours.

What's my experience with pricing, setup cost, and licensing?

If you compare the price of this solution to other management solutions, it is relatively low. You only pay for the license and there are no additional costs.

What other advice do I have?

My advice to others who are looking into implementing it, I would say that the solution is practically completely perfect. It gets a ten out of ten rating from me. 

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
PeerSpot user
it_user972015 - PeerSpot reviewer
Information Security Consultant at a tech services company with 51-200 employees
Consultant
A straightforward setup with a user-friendly interface
Pros and Cons
  • "The interface is very easy to use. You can do most jobs from one single console."
  • "The general customer feedback is when saving the configuration, it takes a long time. That needs to be fixed. The troubleshooting, the debugging part is also a little bit of a pain. It's not user-friendly on the interface to do our debugging when comparing it with other firewalls, like Forcepoint."

What is our primary use case?

Our primary use case of this solution is to have as a management tool for firewalls.

What is most valuable?

The interface is very easy to use. You can do most jobs from one single console.

What needs improvement?

The general customer feedback is when saving the configuration, it takes a long time. That needs to be fixed. The troubleshooting, the debugging part is also a little bit of a pain. It's not user-friendly on the interface to do our debugging when comparing it with other firewalls, like Forcepoint.

It would be nice to have a real-time traffic monitoring console similar to Forcepoint firewalls where you can see in real-time instead of having to keep on refreshing, or maybe a command on the console where you are able to see the traffic. 

The solution needs to work on speeding up the committing time. 

For how long have I used the solution?

I have been installing the solution for eight years.

What do I think about the stability of the solution?

The solution is stable.

What do I think about the scalability of the solution?

The solution is very scalable. If you have a large enterprise network, where you have 30 or 40 firewalls, you can see everything and you're able to administer all the firewalls on one single console. We typically install the solution for medium-sized to enterprise-level businesses.

How are customer service and technical support?

We're not fully satisfied with technical support. Sometimes it's hard to get in touch with them. In regards to the first level of support engineers, it could be nice to know that they had more expert experience on the device so they can immediately resolve issues. 

How was the initial setup?

The initial setup is straightforward.

What other advice do I have?

I would recommend the solution. I find Palo Alto is the easiest product to deploy.

I would rate the solution eight out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
PeerSpot user
Executive Manager at a financial services firm with 1,001-5,000 employees
Real User
Makes centralized management of their firewalls much easier

What is our primary use case?

We use it for centralized management of all their firewalls.

We're using it on-prem.

What is most valuable?

The most valuable feature is WildFire.

What needs improvement?

There is room for improvement in the integration within endpoint detection. They need to do some integration between endpoints and the firewalls.

They also need to add a mobile version for product so we can access the interface easily.

For how long have I used the solution?

We have been using Palo Alto for two years.

What do I think about the stability of the solution?

The solution is very stable.

What do I think about the scalability of the solution?

It's scalable because it's running on VMs.

Between users and admins, we have up to 5,000 people on this product.

How are customer service and technical support?

Technical support is very good.

Which solution did I use previously and why did I switch?

We use different solutions but the interface from Panorama is much easier for management.

How was the initial setup?

The initial setup was straightforward.

What other advice do I have?

I would recommend this solution.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Security Consultant
Real User
Improves management abilities by simplifying the implementation of policies for all branches
Pros and Cons
  • "What I like most about this solution is that it allows me to push multiple policies on multiple followers at the same time."
  • "Customer support can improve."

What is our primary use case?

Our primary use case of this solution is jack monitoring and file management. 

How has it helped my organization?

The solution improves my management abilities by simplifying the implementation of policies for all my branches. 

What is most valuable?

What I like most about this solution is that it allows me to push multiple policies on multiple followers at the same time. For instance, I can work on a policy and it gets submitted on more than one file. It is a good feature for me to have, because I have many branches, so it gives me the ability to implement more than one policy, or to implement one policy on multiple files. I like the ease of management for the policies in the all files.

What needs improvement?

I have had some leakage issues before, but it was solved. I would, however like to see better integration with other products.

For how long have I used the solution?

I have been using Palo Alto Networks Panorama for three to four years now.

What do I think about the stability of the solution?

To be honest, the stability is really good, but perhaps it is from the Amazon Web Services (AWS). I haven't tried it on VMware yet, because I use Tekfy as a platform. The implementation on AWS made my life very easy. There was a template for this program on AWS, so I only needed to install my license and then it implemented Panorama.

What do I think about the scalability of the solution?

The minimum license is for 25 users, so up until now, I didn't need to scale. We currently have five or six users who work on the program daily, and most of them are in the security division. One person is using Panorama to check for the logs from the files, and then we have a security consultant. We have one or two staff responsible for maintenance. 

We used three people for deployment, as we were already using some of them for the branches, creating a VPN between AWS and to create firewalls to ensure that everything was working fast. 

How are customer service and technical support?

The technical support is good, but it can be better. I will rate the customer service eight out of ten.

How was the initial setup?

The initial setup was straightforward because we used a consultant of the company to do the installment. They did a good job with it.

My implementation strategy was to install Palo Alto Networks Panorama first, and then implement and integrate it with all my other files. It took us about two weeks to deploy the program.

Which other solutions did I evaluate?

We looked at FireMon, but FireMon was more expensive, and the main requirement for FireMon is to manage more than one file from different vendors. We didn't need it.

What other advice do I have?

I will recommend this solution to others because it is a good solution, but only if you are using multiple files and not only two or three files. You should have at least five files for this solution to be right for you. I rate this product an eight out of ten. Easier implementation with other solutions will increase my rating.

In the future, I would like to see additional features being able to install firewalls using remote sites and the ability to do initial configuration using Panorama. I would like this initial configuration to be copied on USP and have the firewalls configured to connect to the Panorama. 

I would, therefore, like to see easier configuration and implementation in the next version. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Head of IT Department at a logistics company
Real User
Offers a lot of advanced functionality that is easy to deploy and the GUI is easy to use
Pros and Cons
  • "Using this solution means that you can store logs for longer periods, up to perhaps two years, depending on your attached storage."
  • "The dual WAN functionality is missing in this solution."

What is our primary use case?

This is a solution that we implement for our customers.

It allows our customers to manage several firewalls from a central location. Some examples are securing the internet edge, data centers, micro-segmentation within the data centers, and securing their campuses.

The majority of the deployments are on-premises, however, we have more and more customers that are moving to the cloud. This solution is helping them to secure their cloud, as well.

How has it helped my organization?

Using this solution means that you can store logs for longer periods, up to perhaps two years, depending on your attached storage.

What is most valuable?

The most valuable feature is the ease of use that comes from the GUI. I have found that you can do almost everything from the GUI. You rarely have to log into the CLI, at perhaps once in six months or a year.

This solution offers a lot of advanced functionality that is easy to deploy and not available from other vendors. An example of this is credential theft. Credentials are sometimes collected through phishing emails or websites, and this solution helps to reduce that type of attack. Every five minutes, Palo Alto updates the list of phishing websites. You can set up a profile to ensure that if anybody tries to access such a website, whether it be Http or https, then the attempt will be blocked.

Palo Alto will automatically monitor the contents of POST messages and check to see if they contain credentials such as a username and password. If they do then it may indicate an attempt to steal credentials by an external site. The traffic will be blocked, the incident will be reported, and the admin will be notified.

This solution makes the lives of security admins very easy in cases, as an example, for configuring IPS. If you want to secure traffic between any two zones, we need to make sure that the applications are identified, the users are identified, and all of the security profiles are applied. These including antivirus, anti-spyware, and IPS. This solution makes the configuration very easy.

Each firewall is treated as a security sensor where the firewall talks to the cloud and a machine running artificial intelligence helps to detect malware or other threats. This is an important step in the protection that this solution offers.

What needs improvement?

The dual WAN functionality is missing in this solution.

For how long have I used the solution?

We have been using this solution for almost two years.

What do I think about the stability of the solution?

This solution is very stable. It is a mature solution with a mature operating system. I have one firewall that has been running since 2010, and it is still upgrading to the latest software and still working.

What do I think about the scalability of the solution?

This solution scales well.

We have many more than forty customers who are using this solution. One is a university with twenty thousand students, and we have deployments in large banks, different branches of government, etc. There are many thousands and thousands of users who are being secured.

The demand is very high and the standards are improving. Data centers are booming, and customers are looking for more enhancement in their platforms.

How are customer service and technical support?

Technical support for this solution is awesome. However, I rarely open a case because their platform is very stable. Most of the cases are related to basic support, such as an RMA. I have seen other vendors like Fortinet or Cisco, where the enabling of a function means that you have to deal with support, and there are issues that come from that.

How was the initial setup?

The initial setup of this solution is very easy. The length of time for deployment depends on how many policies you have, but the basic configuration should not take more than one hour.

For policy tuning, you need to review and tune the devices. Palo Alto has several tools to help with migration from the legacy approach of port-based policies to application-based policies.

What's my experience with pricing, setup cost, and licensing?

Initially, Palo Alto looks expensive, but if you dig deeper then you will find that it is very comparable, or even cheaper than other solutions. For example, if you are looking for a one-gig next-generation firewall then you will start looking at the Palo Alto 850. If you compare the price of this to Fortinet, Worksense, Forcepoint, or Sophos, then you will see that they offer three or four gig performance at half the price. However, it is not true.

The reason for this is that not all of the security features are enabled. When you enable them, the performance degrades by more than ninety percent, and I have seen this happen in many different scenarios. This means that for the Palo Alto 1GB, it actually means 1GB with all of the functionality enabled. For the other vendors, you will never see their datasheet with all of the functionality enabled for a real environment with real traffic. It is based on lab traffic. Because the reality is that the performance of Palo Alto is better, it means that the price is better. When you compare models using real performance, and you do the calculation, you will see that Palo Alto is very comparable.

Which other solutions did I evaluate?

We have worked with many, many vendors, and this is the most mature next-generation firewall in the market. The performance of Palo Alto is very predictable, unlike other vendors who are faking their datasheet in terms of high-performance numbers that are unrelated to a real network, or real traffic.

Palo Alto provides numbers that reflect what is happening when all of the security functions are enabled, whereas other vendors do not show their performance will all of the functionality enabled. In reality, they are better than others. At the end of the day you are buying a security device, and you don't want to turn off any of the functionality to enhance your performance. Palo Alto is designed from day zero for performance and security.

What other advice do I have?

This is the most mature next-generation firewall in the market and a solution that I strongly recommend.

The biggest lesson that I have learned from this solution is not to trust internet users. Whether it is regular users or employees, they do not like to be detected. They keep trying to work around the policies using different applications and peer-to-peer functionality. I have learned this because Palo Alto has full visibility to all types of traffic, and we're able to catch these scenarios and put security policies int place.

Palo Alto has done a lot towards closing gaps in security. Cloud security is not their only focus. It is concerned with the flows between VMs, storage, and containers. They are concerned with PCI requirements and compliance. They have also launched Cortex Analytics to help close gaps further. They are in a very good position to lead the future.

At the end of the day, everything is relative, and I would rate this solution a ten out of ten compared to other products. However, there is room for improvement.

Overall, I would rate this solution a nine out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
PeerSpot user
Security Unit Manager at Digital Hub Egypt
Real User
A straightforward setup with good firewall reporting dashboards
Pros and Cons
  • "The dashboards are very good on Palo Alto. They offer a centralized dashboard for managers as well."
  • "Panorama needs to work on its configuration issues."

What is our primary use case?

The solution is primarily used as a firewall reporting feature.

What is most valuable?

The dashboards are very good on Palo Alto. They offer a centralized dashboard for managers as well.

What needs improvement?

The solution needs to improve its pricing model.

Panorama needs to work on its configuration issues.

They should also focus on firewall management. Many clients have multiple firewalls, so Palo Alto should offer better management of them. They could model themselves off of AlgoSec, or maybe FireMon which are other very good firewall management tools.

For how long have I used the solution?

I've been using the solution for two or three years.

What do I think about the stability of the solution?

The solution is stable. Palo Alto, in general, is pretty good. 

What do I think about the scalability of the solution?

The solution is very scalable. We manage about 12 firewalls. The maximum might be 100.

How are customer service and technical support?

Support from Palo Alto is very good. You can get it from the distributor or from Palo Alto directly.

How was the initial setup?

The setup is generally straightforward. Deployment times vary, according to the client's environment and if they have multiple branches, etc. It can take anywhere from one to three days. After that, you have to fine-tune a few items, and that can take another two or three weeks. So the entire deployment process, depending on the organization, can take anywhere from three days to three weeks. Maintenence only takes one person, once again, depending on the setup of the company itself.

What other advice do I have?

Most of our clients deal with the on-premises deployment solution, as cloud solutions in Egypt can occasionally be insecure.

I would advise anyone looking to implement the solution really focus on sizing before beginning the implementation.

I would rate the solution nine out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
PeerSpot user
it_user798045 - PeerSpot reviewer
Senior Security Engineer at a government with 1,001-5,000 employees
Real User
A good firewall monitoring solution with a user-friendly interface in need of better technical support
Pros and Cons
  • "It's helpful that the solution allows us to control all the firewalls from one device."
  • "It can take a few minutes to test to see if any changes are successful or not. This needs to be improved. A commit change should take a second, not a minute or more."

What is our primary use case?

We are using the solution primarily for monitoring the firewalls that we have. We have multiple firewalls, including a DC firewall, a perimeter firewall, etc. We are using Panorama to control all of our firewalls.

How has it helped my organization?

Whenever we have an issue, we can just monitor the traffic. We can pinpoint problems and know from which firewall they are originating. We also have the ability to analyze the issue to see if it's coming from from the setup side or somewhere else. The solution makes it very easy to monitor traffic.

What is most valuable?

It's helpful that the solution allows us to control all the firewalls from one device. You can check and monitor all the devices also, from one website. It's also got easy troubleshooting capabilities.

The interface of Panorama is very user-friendly. It's easy to find and get information and create reports.

What needs improvement?

It can take a few minutes to test to see if any changes are successful or not. This needs to be improved. A change commit should take a second, not a minute or more.

Panorama does suffer from performance issues, which they need to resolve.

Also, technical support isn't very responsive and could use some improvement.

For how long have I used the solution?

I've been using the solution for two years.

What do I think about the stability of the solution?

The solution is very stable.

What do I think about the scalability of the solution?

The solution is pretty scalable.

How are customer service and technical support?

Technical support is okay. I'd give it a 60% rating in terms of its effectiveness. Sometimes they are too slow to respond.

Which solution did I use previously and why did I switch?

We previously used Cisco SPD. We switched because Cisco security is very complicated and is very difficult to establish.

How was the initial setup?

The initial setup is straightforward. It's not complex at all. Deployment was only two to three hours in total. For implementation, we only needed three people, including someone from Security and someone from the Network team.

What about the implementation team?

We implemented the perimeter firewall with the help of Palo Alto. The DC firewall we did by ourselves.

Which other solutions did I evaluate?

Before choosing this solution, we also looked at Fortinet.

What other advice do I have?

We are using the private cloud deployment model.

I would recommend the solution. It has a user-friendly interface. It's stable. You can easily troubleshoot any issue. You will also get clear information, and, in general, it's a very good product that allows you to manage more than one device from a central interface.

Of course, before you do any change, I would recommend that you back up everything first.

I would rate the solution seven out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Senior Consultant at a financial services firm with 501-1,000 employees
Consultant
It has freed up staff time, which is where we are seeing ROI
Pros and Cons
  • "It has made our ROIs easier, but consolidating the correlation of data into one single point, which is pretty great."
  • "We had some challenges with the initial setup, but it was more on a learning curve basis."

What is our primary use case?

It is our end all, be all, for all of our firewalls throughout the regions that we support.

How has it helped my organization?

It allows us to do our day-to-day administration of all the files, because we're doing it from one central place. It stops us from jumping into each firewall, so we can make our changes.

It has made our ROIs easier, but consolidating the correlation of data into one single point, which is pretty great.

What is most valuable?

The management console: It provides a single pane of glass for all the firewalls to feed information into. 

What do I think about the stability of the solution?

We haven't had any issues with it. The vendors been great.

What do I think about the scalability of the solution?

The scalability has been great.

How are customer service and technical support?

The technical support has been awesome.

Which solution did I use previously and why did I switch?

Our agency is very immature from a security perspective. So, we needed something that could provide more data.

How was the initial setup?

We had some challenges with the initial setup, but it was more on a learning curve basis. The support and team for the setup have been pretty seamless with minor tweaks here and there.

What about the implementation team?

We used an integrator for the deployment: Advanced Cyber Technologies LLC.

What was our ROI?

The solution has increased staff productivity. The amount depends on usage, whether it is a heavy or slow week. It has freed up staff time, which is where we are seeing ROI.

What other advice do I have?

Ensure you get professional services with the tool.

We are very satisfied with everything that they provides us. This product has significantly helped with implementing new leadership strategy, getting metrics, and being able to actually assign a risk floor.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Network Architect at a media company with 10,001+ employees
Real User
Provides a quicker response time to vulnerabilities and more visibility into traffic flows
Pros and Cons
  • "It provides a quicker response time to vulnerabilities and more visibility into traffic flows."
  • "My pain point is the automation process is not well-documented. There are some things that they could improve on there."

What is our primary use case?

The primary use case is the centralized management of our firewalls.

How has it helped my organization?

It provides a quicker response time to vulnerabilities and more visibility into traffic flows.

I think it increases staff productivity.

What is most valuable?

Its automatability: You need it to automate things. We have used it for URL blocking. For example, if there is a threat out there, and we needed to immediately block a new malicious URL across a global enterprise, this is pretty difficult. With Panorama, we can automate this easily with their API. 

What needs improvement?

My pain point is the automation process is not well-documented. There are some things that they could improve on there.

If you go in the system to search for something, it is not intuitive. They could really improve that.

There is a concept of device groups and a concept of templates. The templates can allow for inheritance, but the device groups do not.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

It is fairly stable. We do pretty heavy bug testing. We have a rigorous code review process that we go through for each version. Therefore, stability is on the top of our list of things that we look at. So, I haven't ran into any issues where it's flaking out altogether. 

What do I think about the scalability of the solution?

It's fairly scalable. We probably have 12 to 16 of them spread across the globe to help with regional redundancy, because we don't want our firewall talking to Panorama across a slow land link. So, we've split them out globally, but it seems pretty scalable.

How are customer service and technical support?

The technical support is pretty good. We do have a resident engineer from Palo Alto who sits right next to me. 

How was the initial setup?

The initial setup is easy, but I have done it like a thousand times before with a bunch of other products. The product is not much different than anything else.

What about the implementation team?

We outsource a lot of our boots on the ground, which is actually a lot by design. With every company, when you have two different organizations working together, there is always a little bit of tension. They don't have the same reporting structure, but everything went out smoothly. 

Typically, I'll design the solution, then I'll have somebody else implement it. This is sort of how it works for everything.

What was our ROI?

With the URL filtering, we probably went down from around four hours in response time to about five minutes.

What's my experience with pricing, setup cost, and licensing?

The licensing is not cheap. There are always hidden costs. You have support costs, or maybe you need to buy more optics on how the solution fits into the rest of your environment. It is possible some of the rest of your environment will need to change too.

Which other solutions did I evaluate?

I think we're getting AlgoSac, which is another firewall automation tool. However, I wasn't involved with the decision for that one so I'm not too sure on the specifics, but I know we are going with them.

What other advice do I have?

If you are looking at getting a Palo Alto firewall, then you should probably at least look into Panorama. Because if you start out just putting in firewalls and you don't have this, you will be kicking yourself that you didn't have this from day one. 

If you have just one firewall out there, maybe you don't need it. However, if you have two or three, then you should probably get it to be in front of a lot of the features which you will want eventually.

It is pretty solid product. Our security program is fairly immature compared to other enterprises, and this product has definitely helped us lock down things.

We have a rigorous code review process. Therefore, we are always back a bunch of versions. If the latest version came out today with new features on it, we probably wouldn't get to that for quite a while.

There are only certain things that you can do within the Panorama solution.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Bruce Bennett - PeerSpot reviewer
Sr. Systems Analyst at a manufacturing company with 5,001-10,000 employees
Real User
It can manage devices in groups based on their use. The application ID capabilities have been useful for things like Active Directory.
Pros and Cons
  • "Firewalls: The application ID capabilities have been very useful for things like Active Directory, and not having to identify every port that Microsoft has decided to use."
  • "The ability to add scheduled jobs would be a significant improvement. Panorama has the ability to push out OS updates, but it would be nice to be able to schedule those updates so not to affect the site during normal business hours."

What is most valuable?

Panorama: Provides a central management capability for all of the firewalls. It has the ability to manage the devices in groups based on their use. We use the firewalls in two primary functions and the ability to provide management of the different groups of firewalls is very useful.

Firewalls: The application ID capabilities have been very useful for things like Active Directory, and not having to identify every port that Microsoft has decided to use.

How has it helped my organization?

I can’t say that it has significantly improved the functions of the organization over the firewalls that we were previously using. The addition of a good central management capability has helped improve the management of the firewalls, but the functions for the service that is provided to the users has not significantly changed.

What needs improvement?

Panorama: The ability to add scheduled jobs would be a significant improvement. Panorama has the ability to push out OS updates, but it would be nice to be able to schedule those updates so not to affect the site during normal business hours.

Firewalls:

  • (1) App-ID is good, but could be better. We use off ports for some common services and App-ID does identify the application correctly, but the rule allowing the traffic does not allow the traffic without adding the ports to the rule. This negates the need for App-ID in the rule. If App-ID worked as I think it should, we would use it and then block the common port.
  • (2) Integration with Microsoft Active Directory incurs significant additional traffic across the WAN circuits. We have a number of GCs across our environment and the configuration of Active Directory in the firewalls requires significant communications to all of the GCs across our environment. We were seeing the firewalls generate around 500kb of WAN traffic communicating with all of the GCs. After reviewing the configuration with Palo Alto support, the config was correct. While we do want to be able to use the User-ID functionality of the firewalls, that kind of overhead is not acceptable.

For how long have I used the solution?

We have been using Panorama and the PAN FWs for just over one year.

What do I think about the stability of the solution?

So far we have not seen any issues with stability.

What do I think about the scalability of the solution?

We have not run into any issues with scalability.

How are customer service and technical support?

Technical support with Palo Alto has been very good and responsive.

Which solution did I use previously and why did I switch?

We previously were using Cisco ASA devices. The switch was made based on central management and the NGFW functions. The timing was in the middle of Cisco delivering their NGFW functionality. The other issue that led to the move was when Cisco presented their recommended replacement for the existing devices, they recommended their Meraki line with Internet management, which was not in line with our requirements for many of our more sensitive firewalls.

How was the initial setup?

Initial setup is very easy. After working with a few new installations we were able to put together a script to apply the new firewalls to setup the management access, Panorama location, high availability (HA) configuration and the initial IP stack. This makes it easy to start the OS updates and initial rules from Panorama. By having the HA setup scripted, it also makes the OS updates a single download instead of a download for each device. The HA connection allows the firewalls to copy the OS over to the other firewall with the single download. That is important because there are several large downloads necessary to update the OS to the current OS levels.

What's my experience with pricing, setup cost, and licensing?

Pricing is high compared to other vendors in the same space. Licensing is also fairly high for different functions to be added on, like Intrusion detection/prevention, user VPN, URL filtering. Some firewall vendors offer the “additional” licensing/functions as part of their license for the device and then others offer it like Palo Alto.

Which other solutions did I evaluate?

The original decision was made by a different group within the company. The re-evaluation included Cisco ASA, Cisco Meraki, Fortinet and Palo Alto.

What other advice do I have?

Talk to other customers. Start with the ones recommended by the vendor, but also in forums as well. Everyone understands that recommended customers are handpicked and forums can be contain spurned customers. But if you look for information regarding specific functions that you need, you can find more useful information. Make sure if you hear something glowing from a vendor recommended customer about a function, check on that function online.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Palo Alto Networks Panorama Report and get advice and tips from experienced pros sharing their opinions.
Updated: September 2022
Buyer's Guide
Download our free Palo Alto Networks Panorama Report and get advice and tips from experienced pros sharing their opinions.