This is our core firewall for the data center network.
We have two on-premises appliances set up in a high availability configuration.
Download the Palo Alto Networks VM-Series Buyer's Guide including reviews and more. Updated: November 2022
The VM-Series is a virtualized form factor of our next-generation firewall that can be deployed in a range of private and public cloud computing environments based on technologies from VMware, Amazon Web Services, Microsoft, Citrix and KVM.
The VM-Series natively analyzes all traffic in a single pass to determine the application identity, the content within, and the user identity. These core elements of your business can then be used as integral components of your security policy, enabling you to improve your security efficacy through a positive control model and reduce your incident response time though complete visibility into applications across all ports.
In both private and public cloud environments, the VM-Series can be deployed as a perimeter gateway, an IPsec VPN termination point, and a segmentation gateway, protecting your workloads with application enablement and threat prevention policies.
Warren Rogers Associates
This is our core firewall for the data center network.
We have two on-premises appliances set up in a high availability configuration.
The VM-Series enables us to extend consistent next-generation protection across different infrastructures with a unified policy model, which makes it very easy for us. It is very important that we have this single pane for monitoring all of the network resources and multiple devices because, today, it's a complex environment where you have to take care of many devices.
This solution makes it very easy to quickly migrate workloads to the cloud.
Since we updated the system, the network has been very stable. Previously, there were issues with traffic throughput. With the improved visibility we now have, the traffic is being properly monitored, which means that we are better able to manage it. These are improvements that we saw very quickly.
This is a firewall product and every OEM has claims about their special features. This device is very user-friendly and offers ease of monitoring.
Changes to the configuration happen quickly.
There is a single pane of glass for reporting, which is quite good.
The interface is user-friendly.
It would be helpful if we had a direct number for the support manager or the supporting engineer. That would be better than having to email every time because there would be less wait. Having a dedicated number where we could send a text message in the case of an emergency would be helpful.
We have been using Palo Alto Networks VM-Series for approximately six months.
We are very much satisfied with the stability and performance.
This solution is quite scalable because it has options for deploying in a VM as well as an appliance. The interfaces are all license-based, which means that features can be added just by obtaining another license.
Our current environment has more than three gigs of traffic.
We have a team of four or five people that is responsible for the network. They are continually monitoring the firewall and updating the policies, as required.
Pala Alto has very good support. Generally, the response is very good and they address our issues as soon as we contact them. For example, they assisted us during our deployment and it was a very good experience.
My only complaint about the support has to do with complications that we had with communication. Sometimes, support was done over email, and because of the difference in time zone, there was occasionally a long gap in time before we got the proper response.
We used to have Cisco ASA and Firepower, and we had some issues with those firewalls. Once they were replaced by Palo Alto, we didn't have any problems after that.
Compared to the previous devices that we have used from other vendors, Palo Alto is very user-friendly, and we are comfortable with the features and capabilities that it offers.
The initial setup is very straightforward and we had no issues with it. It is not complex because the procedures are properly defined, the documentation is available, and there is proper support. Our initial setup took about 15 days, which included migrating all of the data.
Our deployment is ongoing, as we are adding policies and dealing with updates on a day to day basis. We have a very complex environment that includes a firewall for the data center, as well as for the distribution networks.
The Palo Alto team supported us through the deployment process.
Palo Alto definitely needs to be more competitive compared to other products. The problem that I have faced is that the price of licensing is very high and not very competitive. When a customer wants to implement Palo Alto, even a small box, there are several licenses, and having all of them is sometimes really hard to justify. It is difficult for some clients to understand why such a small box costs so much.
For instance, they have the dashboard license, and then they have the user license, and so on. If the pricing were more competitive then it would be good because more customers would use the product, rather than use simpler firewalls.
We have worked with firewalls like Sophos, FortiGate, and Cisco ASA. We have dealt with almost all of the vendors but at this point, our experience with Palo Alto has been the best one. Palo Alto has been doing what it claims to do, whereas the other vendors' products have various shortcomings.
For example, some vendors do not have the performance that they claim in terms of throughput. Sometimes, the user interface is complex, or the device needs to restart whenever you make changes. With Palo Alto, it's simple to use and easy to get things done.
We have not yet used Panorama for centralized management but in the future, we may do so for other projects.
My advice for anybody who is looking into purchasing a firewall is to carefully consider what their requirements are. I have seen that when a customer procures a firewall, they initially choose products like Sophos. Over time, they engage in trials with the majority of the vendors and finally end up with Palo Alto. This is only after spending a lot of time and money on other products.
If instead, a client is aware of the requirements including how much traffic there is and what throughput is needed, it's better to invest in Palo Alto than to try all of the cheaper alternatives. Then, evaluate everything afterward and finally select Palo Alto. This, of course, is providing the client doesn't have limitations on the investment that they're going to make.
I say this because generally, in my practice, what I've seen is that when choosing a firewall, the clients first choose a cheaper alternative. Then, after some time they think that it may not be what they wanted. This could be brought about by a throughput issue or maybe some threats were not blocked or they have had some security incidents. After trying these firewalls, they replace them with another, and yet another, until finally, they settle on Palo Alto.
Essentially, my advice is to skip the cheaper vendors and go straight to Palo Alto.
In summary, this is a very good product and my only real complaint is about the cost. If it were more competitive then more customers would choose it, and those people suffering losses as a result of security incidents would be saved. I find the real reason that people don't choose the right product is due to the cost factor. Even when they know that the product is the best choice, because of the limitation that they have on the investment they can make, they're not able to choose it.
I would rate this solution a nine out of ten.
We use this product to secure our entire network.
At this point, it is used only for VPN purposes, allowing access to our servers behind the firewall.
Using this product has increased our security and has given us much better results in terms of security scans.
Palo Alto embeds machine learning into the core of the firewall to provide online real-time attack prevention, and I would rate that capability a six out of ten. It's definitely effective in terms of securing our network against threats that are able to evolve and morph rapidly.
This solution provides a unified platform that natively integrates all of the security capabilities, although we are not using parts of it. For example, we don't use the configuration tools like Panorama. We don't use the monitoring capabilities, either.
The most valuable feature is the CLI.
We have the firewall configured for zero-day signatures, which is very important to us. We have to be HIPAA security compliant, which means that we need those signatures immediately.
There is no noticeable trade-off between security and network performance. In fact, so far, we've not seen any negative network performance with it. We're very impressed in that regard.
The web interface is very slow, and it needs to be faster.
I have been working with the Palo Alto Networks VM-Series for three years.
This product is very stable. We have had zero problems with stability.
The scalability is fantastic. We're using the lowest-end product right now, and I don't foresee when we'll have to upgrade. We've got a long way where we can continue to scale up.
We currently have three or four people that use it for VPN purposes, to access our servers behind the firewall. It is not used nearly as extensively as it should be. However, next year, we're going to start flowing all of our internet traffic through it.
We're all working remotely, and we're going to be connecting through the firewall. This means that our traffic is going to greatly increase, meaning that our usage will also increase. We'll also be using many more of the features.
The technical support from Palo Alto is good, overall. However, their response times could be a little quicker.
We have not really had any big complaints with the technical support and I would rate them an eight out of ten.
Prior to using Palo Alto, we were using an on-premises solution by Juniper. When we switched from onsite to the cloud, we changed products.
We made the switch because Juniper became unbearable as far as complexity and performance go. It was getting really bad; we couldn't manage it well, and the performance was quite poor.
The initial setup is quite complex. There is a steep learning curve and we failed at it a couple of times.
Our final deployment took between three and four hours.
Our in-house team was responsible for the deployment.
We have absolutely seen a return on our investment. We are definitely more secure. With the features that are in Palo Alto, we do not have to worry about people busting into our network. Even just out of the box, with the base features, it's really solid. The default configurations are very secure.
Our return on investment comes from the fact that we're not having to spend hours monitoring stuff the way we did before. We've saved man hours and we've saved stress. I can't put a monetary value to that, but that would be the return.
This is not the cheapest firewall but it's not the most expensive of the options on the market.
There's a new licensing structure coming in that we're really trying to understand, so I would suggest studying up on it. I recommend getting a partner involved for purchasing the product.
Beyond Palo Alto, we evaluated two or three other products. Two of them that I can recall are Fortinet and the Microsoft Azure Firewall.
We did some extensive reviews and some extensive testing and what we found is that for the price, Palo Alto gave us the best options. It had the best set of security features. It wasn't the cheapest product but it was the best solution that fit our requirements.
We have not yet implemented the DNS security features. However, we will likely be doing so next year.
If one of my colleagues at another company were to say that they were just looking for the cheapest and fastest firewall, I would suggest that they be careful. Palo Alto has a great balance. It's not super expensive compared to other options on the market, and it's quite quick when it comes to throughput and performance.
In summary, this is a good product but I do suggest that people shop around a little bit.
I would rate this solution an eight out of ten.
We are using it on Azure Cloud for our internal systems, where we have set up our internal workloads. We are using it as a perimeter firewall.
We are using it because our internal workflows are on the cloud. Almost everything in our production and development uses these instances. We are using it extensively for conducting reports of the development environment. It is working fine.
It improved all compliance activities. We can close open cases. Compared to other firewalls in these cases, it improved our score on the compliance side.
We are using the complete box. We are mostly using the security services and firewall rules in Panorama.
We need to look at different variables and granular policies of various tools. This makes it easy to understand.
We use Palo Alto’s Panorama centralized management system. We have an on-prem firewall where Panorama is very good for pulling logs in from the cloud so we can see what is going on. It gives us visibility into that as well as showing us what attacks are coming in.
Palo Alto’s Panorama centralized management system simplifies our security posture based on our requirements. Instead of manually pulling logs, then generating them into readable formats, it gives us the console in a readable format to view.
We have been using it for the last two years.
Stability has so far been good. We monitor the resources on the firewall to determine if there will be any spikes on the CPU, RAM utilization, or the load of the firewall. Though, we are yet not putting much load on it.
I don't think that scaling will be a problem since we can adjust the VM-Series model that we want.
I have around 100 instances protected behind this device.
The customer support is good. They are able to give fast, readily-available solutions upon the creation of a help ticket. I would rate them as 10 out of 10.
We did a fresh setup for this, but it was pretty easy. We could easily integrate with the VM-Series, then just create our business servers. We were able to do this with the help of the tech team.
It took around seven to eight hours to deploy this solution and configure it to our environment.
We feel that the setup was complex. So, we asked the tech team about the setup process. They explained how to deploy it in the right way, which made it very simple. Once we had a checklist of what to do, it was pretty easy to deploy.
Deploying Panorama has saved us a lot of time. When any incidents happen, our people are comfortable going to the Panorama logs and view the incident report to see what happened.
Initially, pricing was high. Later on, we were able to negotiate the pricing and get something that fits our budget.
The solution provides protection and there wasn't an additional cost involved, in terms of security.
We evaluated FortiGate, Cisco, and the stuff that we are using. Compared to other products, we found it a very useful part of our compliance requirements and liked its format on the graphical interface. It is also a more secure firewall compared to other existing ones in the market. Based on our evaluation, it matched our compliance requirements.
Cisco is pretty complex in nature to deploy. It is helpful to have a skilled person with at least two years of experience.
We are happy with their features for how we are using it and what we have deployed.
I would recommend giving the solution a try and see the difference between it and your existing firewalls. Give it a shot and see the difference.
In the firewall market, it is the number one product right now. I would rate it as 10 out of 10.
With Palo Alto VM-Series, we are capable through a single point of management and visualization both in infrastructure and on premises and in the cloud. This allows us to improve the speed to create new rules, speed up the resolution of problems, having a holistic vision of our firewall infrastructure.
Its security features, i.e. antimalware, threat prevention, URL Filtering, VPN, antivirus are the most valuable. The ID-User integrated with AD and 2FA feature is also very useful to provide access to servers and some users in the company.
It can be improved in areas such as DevOps and quality assurance. The installation rules deployment process we also improved when we deployed these firewalls. In terms of new features, for simplicity reasons, it is faster, because as I mentioned above we can reused the same rules and the same objects from the local PAN that has a Panorama such as the single point of supervision.
We are looking for ways to integrate with other cloud in the future. For this, we will require a more secure integration and encrypted connections with other companies.
I have been using this brand for more than ten years in on premises (appliances). Now, we are expanding this features to our Azure tenant with PAN VM-Series + Panorama.
It is stable and robust solution. Through Panorama manager, we can scale up automatically if the demand increase. At the moment, we do not have any problems with its stability.
We currently don't have many end-users of this solution. It is being used mostly for servers. We have around 100 servers. In the future, we plan to have more users. Our company has around 10,000 people.
PAN provides good support in general through its partners in Chile
No, the same brand is deployed, but in this case the change was a high availability architecture under Azure VM Scale Set mode.
We had some complexity because we had no experience in implementing it in the cloud, but with the support of the partner and the endorsement of the brand it was solved quickly. It took us a couple of weeks to implement it, and then we started testing. (traffic stress, fault escenarios, scale up, vulnerability assessment, etc.)
We took the professional services of a PAN partner or reseller in Chile. We had a good experience with them. They provide good support and have a qualified team working in security, together with the internal team of our company.
Its cost is $75.000. This is the total cost, and it includes the license, implementation fee, and support for two years.
We also evaluated Check Point, Fortinet, and Azure Firewall. We needed a single point to manage the on-premises firewall and cloud firewall. Our focus was simplicity without losing the security.
Fortinet is growing in the industry. Many companies in Chile are adopting this brand. Our company has not yet adopted this solution. Our maintenance teams don't know this technology, which would have been a problem.
Check Point is a good brand. Their product is robust, but we found an issue in using their firewall manager with the hybrid architecture like ours, where we have both on-premises and on-cloud deployments.
Both are also a leader in Gartner Quadrant and Forrester together with Palo Alto.
Azure Firewall needs to improve.
Good support from the brand and local partner in Chile.
We use the solution for hands-on testing purposes and also for activating firewall re-entries, which is easy to accomplish. We only need to turn up the VM to the firewall. This serves users who are working at home due to the COVID-19 pandemic. We also utilize the solution in respect to several servers which are behind the firewall.
A valuable feature of the solution is that it is not dependent on the hypervisor so we can install it on Hyper-V Microsoft software and deploy it. We have even installed it on Nutanix 81, in which it is supported. It is not dependent on the platform and is stable.
When we activate the solution on Amazon, instead of AWS, GCP or another type of public cloud, we encounter problems, as our engineers are not yet completely hands-on in respects of the public cloud platforms. Still, they can configure the firewall just fine.
Integrative capabilities with other solutions should also be addressed.
I have been using Palo Alto Networks VM-Series for the past five-and-a-half years.
The solution is reliable.
We have tried to scale. The Western side of migration is very easy in terms of scalability. Our customers may increase their licensing counts in tandem with their increased performance requirements from the firewall. In this case, they would procure a VMP and the license. The activation of the firewall would be accomplished by the tech in the back-end. The customer would get the migration capabilities and procure the license without experiencing any downtime.
There is room for improvement from the side of technical support.
The initial setup was straightforward.
The deployment takes two days. This includes installing the solution on the OVO files, upgrading the firewall panel records, activating the license and configuring basic policies and rules. However, our setup was basic and did not involve business activity, which would necessitate a technical business setup. In such case, the process from start to finish may take a customer up to 10 or 15 days.
The VM series is licensed annually.
The option exists to procure a basic license. With this, the firewall feature comes with the application and the board, with everything in code. A subscription is included.
The solution is cost effective in comparison to others.
We deploy the solution on-premises for customers and organizations, although we also do so via AWS.
There are around 16 users connected to the VMP firewall.
The security feature is really good, although there would be a bit of a learning curve when it comes to the cloud.
I rate Palo Alto Networks VM-Series as a nine out of ten.
I am the guy they call up first for the central infrastructure and configuration of the malware, firewall, and main applications, and I use Palo Alto Networks VM-Series for that.
Palo Alto Networks VM-Series is very easy to use. It takes maybe one week to learn how it works, but the suite itself is very flexible. After you install it, it's very easy to use because of the intuitive web interface.
It's great for me at the moment. I have all I need. All the traffic is very well filtered, and I believe it's the future of the firewall.
The firewall itself is very complex. You have to do a lot of research, look through all the documentation, consult, and figure out how to use it. It's not so easy as a regular firewall, like Hypertable. It'll help if Palo Alto Networks provided better documentation. It would be even better if they had simple documentation on some use cases as well.
I have been using Palo Alto Networks VM-Series for about one month.
At the moment, Palo Alto Networks VM-Series has been stable.
I have used the Palo Alto Network's technical support before, and it's fine for the moment.
Palo Alto Networks VM-Series is a VMware appliance and very simple to install. It must be turned on to change the default password and to configure the IP address, and that is all. After that, it's easy because it has a very intuitive web interface.
I implemented Palo Alto Networks VM-Series on my own.
Because I work for a university and the URL is for the institution, it's a free license for us.
On a scale from one to ten, I would give Palo Alto Networks VM-Series a nine.
We are a solution provider and the Palo Alto VM-Series is one of the products that we implement for our customers. Our customers use this virtualized next-generation firewall as part of their security solution.
The VM series has an advantage over the physical version because we are able to change the sources that the machine has, such as the amount of available RAM. With a physical machine, you cannot the resources without adding something to the machine.
The management can be done from a single console window.
The implementation should be simplified.
We have been using the Palo Alto Networks VM-Series for three years.
This solution is stable.
The VM-Series is a scalable product.
The support is good.
The implementation involves setting up policies.
We deploy this product with our in-house team.
I would rate this solution an eight out of ten.