Palo Alto Networks VM-Series Reviews

Palo Alto VM-Series is something we recommend as a firewall solution in certain situations for clients with particular requirements who have the budget leeway.  

The Palo Alto VM-Series is nice because I can move the firewalls easily. For instance, we once went from one cloud provider to another. The nice thing about that situation was that I could just move the VMs almost with a click of a button. It was really convenient and easy and an option that every firewall will not give you.  

We would really like to see Palo Alto put an effort into making a real Secure Access Service Edge (SASE). Especially right now where we are seeing companies where everybody is working from home, that becomes an important feature. Before COVID, employees were all sitting in the office at the location and the requirements for firewalls were a different thing.  

$180 billion a year is made on defense contracts. Defense contracts did not stop because of COVID. They just kept going. It is a situation where it seems that no one cared that there was COVID they just had to fulfill the contracts. When people claimed they had to work from home because it was safer for them, they ended up having to prove that they could work from home safely. That became a very interesting situation. Especially when you lack a key element, like the Secure Access Services.  

Palo Alto implemented SASE with Prisma. In my opinion, they made a halfhearted attempt to put in DLP (Data Loss Prevention), those things need to be fixed.  

I have been using Palo Alto VM-Series for probably around two to three years.  

I think the stability of Palo Alto is good — leaning towards very good.  

Palo Alto does a good job on the scalability. In my opinion, it has excellent scalability.  

My experience with Palo Alto is that it is really bad when it comes to technical support. When we have a situation where we have to call them, we should be able to call them up, say, "I have a problem," and they should ask a series of questions to determine the severity and the nature of the problem. If you start with the question "Is the network down?" you are at least approaching prioritizing the call. If it is not down, they should be asking questions to determine how important the issue is. They need to know if it is high, medium, or low priority. Then we can get a callback from the appropriate technician.  

Do you want to know who does the vetting of priority really, well? Cisco. Cisco wins hands down when it comes to support. I do not understand that, for whatever reason, Palo Alto feels that they do not have a need to answer questions, or they just do not want to.  

It is not only that the support does not seem dedicated to resolving issues efficiently. I am a consultant, so I have a lot of clients. When I call up and talk to Palo Alto and ask something  like, "What is the client's password?" That is a general question. Or it might be something even less sensitive like "Can you send me instructions on how to configure [XYZ — whatever that XYZ is]?"  Their response will be something like, "Well, we need your customer number." They could just look it up because they know who I am. Then if I do not know my client's number, I have got to go back to the client and ask them. It is just terribly inefficient. Then depending on the customer number, I might get redirected to talk to Danny over there because I can not talk to Lisa or Ed over here.  

The tedium in the steps to get a simple answer just make it too complicated. When the question is as easy as: "Is the sky sunny in San Diego today?" they should not be worried about your customer representative, your customer number, or a whole bunch of information that they really do not use anyway. They know me, who I am, and the companies I deal with. I have been representing them for seven or eight years. I have a firewall right here, a PA-500. I got it about 11 years ago. They could easily be a lot more efficient.  

I have clients whose architecture is configured in a lot of different ways and combinations. I use a lot of different products and make recommendations based on specific situations. For example:  

• I have one client that actually uses multiple VM-series and then at each one of their physical sites that have the K2-series — or the physical counterpart of the VM-series.  
• I have other clients that use Fortinet AlarmNet. As a matter of fact, almost all my healthcare providers use Fortinet products.  
• I have another customer that used to be on F5s and they had had some issues so switched to Fortinet.  
• I have a couple of holdouts out there that are still using the old Cisco firewalls who refuse to change.  
• I have a new client that is using a Nokia firewall which is a somewhat unique choice.  

I have a customer that used to be on F5s and they had had some issues. The result of the issue was that they came to me and we did an evaluation of what they really needed. They came in and they said, "We need you to do an evaluation and when you are done with the evaluation, you need to tell us that we need Palo Alto firewalls." I said that was great and I sat down and got to work building the side-by-side comparison of the four firewalls that they wanted to look at. When I was done, just like they wanted the Palo Alto firewall was right there as the first one on the list. They selected the Fortinet firewall instead.  

Nokia is specifically designed to address the LTE (Long Term Evolution, wireless data transmission) threats with faster networks and such. So it is probably not considered to be a mainstream firewall. The client who uses Nokia is a service provider using it on a cellular network. They are a utility and they are using Nokia on a cellular network to protect all their cellular systems and their automated cellular operations. The old Nokia firewalls — the one on frames — was called NetGuard. This client originally had the Palo Alto K-series and they switched over to the Nokia solution. That is my brand new Nokia account. They were not happy with the K-series and I am not sure why.  

The thing about Cisco is nobody is ever going to fire you for buying a Cisco product. It is like the old IBM adage. They just say that it is a Cisco product and that automatically makes it good. What they do not seem to acknowledge is that just because their solution is a Cisco product does not necessarily make it the right solution for them. It is really difficult to tell a customer that they are wrong. I do not want to say that it is difficult to tell them in a polite way — because I am always polite with my customers and I am always pretty straightforward with them. But I have to tell them in a way that is convincing. Sometimes it can be hard to change their mind or it might just be impossible.  

When I refer to Cisco, I mean real Cisco firewalls, not Meraki. Meraki is the biggest problem I think that I deal with. I do not have the network folks manage the Meraki firewalls differently than they manage their physical firewalls. I do not want there to be a difference, or there should be as little difference as possible in how the firewalls are handled. They do have some inherent differences. I try not to let them do stuff on the virtual firewalls that they can not do in the physical firewalls. The reason for that is because in defense-related installations it matters. Anytime you are dealing with defense, the closer I can get to maintaining one configuration, the better off I am. Unless something unique pops up in Panorama, I will not differentiate the setups.  

I say that there are differences because there is a little bit of configuration that inherently has to be different when you are talking about physical and virtual firewalls, but not much. I can sanitize the virtual machine and show the cloud provider that since I was going into a .gov environment or a .gov cloud, that it met all the requirements as stated in the Defense Federal Acquisition Regulation Supplement. That is huge for our situation. Of course with a cloud provider, you are not going to have a physical firewall. Had we had a physical firewall, that becomes a bit of a chore because you have got to download the configuration file, then you have got to sanitize the configuration. Things like that become a bit of a burden. Having a VM-Series for that purpose makes it much easier.  

I did not mention Sophos in the list. Sophos does a semi-decent job with that too, by the way. The only problem with Sophos is that they are not enterprise-ready, no matter what they say. I have deployed Sophos in enterprises before, and the old Sophos models did very well. The new ones do very poorly. The SG-Series — Sierra Golf — they are rock solid. As long as we keep going with them, our customers love it. It works. I have one client with 15,000 seats. They are running 11 or 12 of them and they have nothing but great things to say about the product. The second you go to the X-Series, they are not up to the task.  

Setting up Palo Alto is relatively quick. But I also have an absolute rockstar on our team for when it comes to Palo Alto installations. When he is setting it up, he knows what he is doing. The only thing he had to really learn was the difference between the VM-Series and the PA-Series.  

I lay out the architecture and I tell people doing the installations exactly what has to be there. I sit down and create the rule sets. Early on, the person actually doing the fingers-on-the-keyboard complained a little saying that the setup was a little bit more complicated than it should have been. I agree, generally speaking. I generally feel that Palo Alto is more complicated than it needs to be and they could make an effort to make the installations easier.  

But, installing Palo Alto is not as bad as installing Cisco. Cisco is either a language that you speak or a language that you do not. I mean, I can sit down and plot the firewall and get the firewall together about 45 minutes with a good set of rules and everything. But that is me and it is because I have experience doing it. Somebody who is not very well-versed in Cisco will take two or three days to do the same thing. It is just absolutely horrid. It is like speaking English. It is a horrid language.  

I do not have to do budgets and I am thankful for that. I am just the guy in the chain who tells you what license you are going to need if you choose to go with Palo Alto VM-Series. How they negotiate the license and such is not my department. That is because I do not resell.  

I know what the costs might be and I know it is expensive in comparison to other solutions. I get my licenses from Palo Alto for free because they like me. I have proven to be good to them and good for them. When they have customers that are going to kick them out, I can go in and save the account.  

I will tell you, they do practice something close to price gouging with their pricing model, just like Cisco does. When I can go out and I can get an F5 for less than half of what I pay for Palo Alto, that is a pretty big price jump. An F5 is really a well-regarded firewall. When I can get a firewall that does twice what a Palo Alto does for less than half, that tells me something.  

Sophos decided that they were going to play with the big boys. So what they did is they went in and jacked up all their prices and all their customers are going to start running away now. The model is such that it is actually cheaper to buy a new firewall with a three-year license than it is to renew the Sophos license of the same size firewall for an older product. It sorta does not make sense.  

I make recommendations for clients so I have to be familiar with the firewalls that I work with. In essence, I evaluate them all the time.  

I work from home and I have two Cisco firewalls. I have a Fortinet. I have the Palo Alto 500 and I have a Palo Alto 5201. I have a Sophos. My F5 is out on loan. I usually have about eight or nine firewalls on hand. I never go to a client without firing up a firewall that I am going to recommend, testing it, and getting my fingers dirty again to make sure I have it fresh in my mind. I know my firewalls.  

The VM-Series are nice because you can push them into the cloud. The other nice thing is whether you are running a VM-Series or the PA-Series, we can manage it with one console. Not without hiccups, but it works really well. Not only that, we can push other systems out there. For instance, for VMware, we are pushing Prisma out to them. VMware and the Palo Alto VM-Series do really well with Prisma. The issue I have with it is — and this is where Palo Alto and I are going to disagree — they are not as good at SASE (Secure Access Service Edge). I do not care what Palo Alto says. They do a poor job of it and other products do it better.  

Palo Alto claims it is SASE capable, but even Gartner says that it is not. Gartner usually has the opinion that favors those who pay the most, and Palo Alto pays them well. So when Gartner even questions their Secure Access Service Edge, it is an issue. That is one of those places where you want the leader in the field.  

From my hands-on experience, Fortinet's secure access service edge just takes SASE hands down.  

My first lesson when it comes to advice is a rule that I follow. When a new version comes out, we wait a month. If in that month we are not seeing any major complaints or issues with the Palo Alto firewall customer base, then we consider it safe. The client base is usually a pretty good barometer for announcing to the world that Palo Alto upgrades are not ready. When that happens, making the upgrade goes off our list until we hear better news. If we do not see any of those bad experiences, then we do the upgrade. That is the way we treat major revisions. It usually takes about a month, or a month-and-a-half before we commit. Minor revisions, we apply within two weeks.  

I am of the opinion right now that there are some features missing on Palo Alto that may or may not be important to particular organizations. What they have is what you have to look at. Sit down and be sure it is the right solution for what you need to do. I mean, if the organization is a PCI (Payment Card Industry) type service — in other words, they need to follow PCI regulations — Palo Alto works great. It is solid, and you do not have remote users. If you are a Department of Defense type organization, then there are some really strong arguments to look elsewhere. That is one of the few times where Cisco is kind of strong choice and I could make an argument for using them as a solution. That is really bad for me to say because I do not like Cisco firewalls.  

On a scale from one to ten (where one is the worst and ten is the best), I would rate the Palo Alto Networks VM-series as an eight-out-of-ten.  

This is our core firewall for the data center network.

We have two on-premises appliances set up in a high availability configuration.

The VM-Series enables us to extend consistent next-generation protection across different infrastructures with a unified policy model, which makes it very easy for us. It is very important that we have this single pane for monitoring all of the network resources and multiple devices because, today, it's a complex environment where you have to take care of many devices.

This solution makes it very easy to quickly migrate workloads to the cloud.

Since we updated the system, the network has been very stable. Previously, there were issues with traffic throughput. With the improved visibility we now have, the traffic is being properly monitored, which means that we are better able to manage it. These are improvements that we saw very quickly.

This is a firewall product and every OEM has claims about their special features. This device is very user-friendly and offers ease of monitoring.

Changes to the configuration happen quickly.

There is a single pane of glass for reporting, which is quite good. 

The interface is user-friendly.

It would be helpful if we had a direct number for the support manager or the supporting engineer. That would be better than having to email every time because there would be less wait. Having a dedicated number where we could send a text message in the case of an emergency would be helpful.

We have been using Palo Alto Networks VM-Series for approximately six months.

We are very much satisfied with the stability and performance.

This solution is quite scalable because it has options for deploying in a VM as well as an appliance. The interfaces are all license-based, which means that features can be added just by obtaining another license.

Our current environment has more than three gigs of traffic.

We have a team of four or five people that is responsible for the network. They are continually monitoring the firewall and updating the policies, as required.

Pala Alto has very good support. Generally, the response is very good and they address our issues as soon as we contact them. For example, they assisted us during our deployment and it was a very good experience.

My only complaint about the support has to do with complications that we had with communication. Sometimes, support was done over email, and because of the difference in time zone, there was occasionally a long gap in time before we got the proper response.

We used to have Cisco ASA and Firepower, and we had some issues with those firewalls. Once they were replaced by Palo Alto, we didn't have any problems after that. 

Compared to the previous devices that we have used from other vendors, Palo Alto is very user-friendly, and we are comfortable with the features and capabilities that it offers.

The initial setup is very straightforward and we had no issues with it. It is not complex because the procedures are properly defined, the documentation is available, and there is proper support. Our initial setup took about 15 days, which included migrating all of the data.

Our deployment is ongoing, as we are adding policies and dealing with updates on a day to day basis. We have a very complex environment that includes a firewall for the data center, as well as for the distribution networks.

The Palo Alto team supported us through the deployment process.

Palo Alto definitely needs to be more competitive compared to other products. The problem that I have faced is that the price of licensing is very high and not very competitive. When a customer wants to implement Palo Alto, even a small box, there are several licenses, and having all of them is sometimes really hard to justify. It is difficult for some clients to understand why such a small box costs so much.

For instance, they have the dashboard license, and then they have the user license, and so on. If the pricing were more competitive then it would be good because more customers would use the product, rather than use simpler firewalls.

We have worked with firewalls like Sophos, FortiGate, and Cisco ASA. We have dealt with almost all of the vendors but at this point, our experience with Palo Alto has been the best one. Palo Alto has been doing what it claims to do, whereas the other vendors' products have various shortcomings.

For example, some vendors do not have the performance that they claim in terms of throughput. Sometimes, the user interface is complex, or the device needs to restart whenever you make changes. With Palo Alto, it's simple to use and easy to get things done.

We have not yet used Panorama for centralized management but in the future, we may do so for other projects.

My advice for anybody who is looking into purchasing a firewall is to carefully consider what their requirements are. I have seen that when a customer procures a firewall, they initially choose products like Sophos. Over time, they engage in trials with the majority of the vendors and finally end up with Palo Alto. This is only after spending a lot of time and money on other products.

If instead, a client is aware of the requirements including how much traffic there is and what throughput is needed, it's better to invest in Palo Alto than to try all of the cheaper alternatives. Then, evaluate everything afterward and finally select Palo Alto. This, of course, is providing the client doesn't have limitations on the investment that they're going to make.

I say this because generally, in my practice, what I've seen is that when choosing a firewall, the clients first choose a cheaper alternative. Then, after some time they think that it may not be what they wanted. This could be brought about by a throughput issue or maybe some threats were not blocked or they have had some security incidents. After trying these firewalls, they replace them with another, and yet another, until finally, they settle on Palo Alto.

Essentially, my advice is to skip the cheaper vendors and go straight to Palo Alto.

In summary, this is a very good product and my only real complaint is about the cost. If it were more competitive then more customers would choose it, and those people suffering losses as a result of security incidents would be saved. I find the real reason that people don't choose the right product is due to the cost factor. Even when they know that the product is the best choice, because of the limitation that they have on the investment they can make, they're not able to choose it.

I would rate this solution a nine out of ten.

We are a service provider and I work on both shared firewall and dedicated firewall solutions for our customers. The primary focus is firewall threat protection. The rest of the features are used, albeit not too much. At this moment, it is not an overly complicated or advanced solution. 

What I like about the VM-Series is that you can launch them in a very short time. You don't have to wait for the hardware to route for them to be staged and installed. From that perspective, it's easy to launch and it's good because it is more scalable.

The product is quite responsive.

The one issue that I didn't like is that the SNMP integration with interfaces didn't record the interface counters. It seems that you really need to upgrade to the very latest version, whereas the physical one has worked for ages now. I think that it narrowly affects the Azure deployment because I remember that we were using the VMware solution before, and we didn't have such issues.

I think that the most important point for Palo Alto is to be as consistent and compatible as possible. It should be compliant such that all of the features are consistently available between the physical and virtualized deployments.

It is not always easy to integrate Palo Alto into the network management system. This is significant because you want to compare what your network management system is giving you to what Palo Alto is giving you. Perhaps in the GUI, they can allow for being able to monitor the interface traffic statistics.

The other things are pretty much great with traffic calls and sessions, but just being able to look at it on an interface physical level, would either avoid using the monitoring integration by SNMP or would create a reference, a baseline check. This would allow you to see whether your network monitoring system or tool is actually giving you correct traffic figures. You need traffic figures for being able to recognize trends and plan the capacity.

I have been using the VM-Series for almost five years, since 2016.

We have not had trouble with bugs or glitches.

The scalability is good. We haven't experienced any constraint limitations for scaling.

I have been in contact with technical support and I find them to be quite good.

In my previous work, I dealt with both physical and virtual systems. However, currently, I am only working on virtual solutions.

I have found the initial setup to be okay. But, then again, I have been using Palo Alto firewalls since 2014, so it's hard for me to say if it is difficult to become familiar with or not.

Our in-house team is responsible for maintenance.  We usually have three people who are able to work on it and do so from time to time, depending on the requirement.

I don't have too many complaints as I compare the virtualized version to the physical one. Perhaps I haven't noticed any issues because we use the proper hardware, and it was strong enough to carry the workload and remain quite responsive.

My advice for anybody who is implementing the VM-Series is to be very well prepared and test it in advance. Make sure to scope it and understand the performance implications. Also, be sure that the core features are understood and are supported on the VM. Then, test it before implementation or migration.

This is a very good product but I can't rate it as perfect because there are these little issues that are pretty common and you expect things to work, but they don't because of some incompatibilities. I think there was also some limitation on how you can do the high availability on virtualized power, in Azure in particular. If these common features were consistently working on both physical and virtual deployments then I would probably rate it a ten out of ten.

As it is now, I would rate this solution a nine out of ten.

It is deployed on the Azure cloud to inspect the outbound traffic, but in the near future we will be working to inspect inbound and Azure Express Route traffic as well.

With Palo Alto VM-Series, we are capable through a single point of management and visualization both in infrastructure and on premises and in the cloud. This allows us to improve the speed to create new rules, speed up the resolution of problems, having a holistic vision of our firewall infrastructure.

Its security features, i.e. antimalware, threat prevention, URL Filtering, VPN, antivirus are the most valuable. The ID-User integrated with AD and 2FA feature is also very useful to provide access to servers and some users in the company. 

It can be improved in areas such as DevOps and quality assurance. The installation rules deployment process we also improved when we deployed these firewalls. In terms of new features, for simplicity reasons, it is faster, because as I mentioned above we can reused the same rules and the same objects from the local PAN that has a Panorama such as the single point of supervision.

We are looking for ways to integrate with other cloud in the future. For this, we will require a more secure integration and encrypted connections with other companies. 

I have been using this brand for more than ten years in on premises (appliances). Now, we are expanding this features to our Azure tenant with PAN VM-Series + Panorama.

It is stable and robust solution. Through Panorama manager, we can scale up automatically if the demand increase. At the moment, we do not have any problems with its stability.

We currently don't have many end-users of this solution. It is being used mostly for servers. We have around 100 servers. In the future, we plan to have more users. Our company has around 10,000 people.

PAN provides good support in general through its partners in Chile

No, the same brand is deployed, but in this case the change was a high availability architecture under Azure VM Scale Set mode.

We had some complexity because we had no experience in implementing it in the cloud, but with the support of the partner and the endorsement of the brand it was solved quickly. It took us a couple of weeks to implement it, and then we started testing. (traffic stress, fault escenarios, scale up, vulnerability assessment, etc.)

We took the professional services of a PAN partner or reseller in Chile. We had a good experience with them. They provide good support and have a qualified team working in security, together with the internal team of our company.

Its cost is $75.000. This is the total cost, and it includes the license, implementation fee, and support for two years.

We also evaluated Check Point, Fortinet, and Azure Firewall. We needed a single point to manage the on-premises firewall and cloud firewall. Our focus was simplicity without losing the security.

Fortinet is growing in the industry. Many companies in Chile are adopting this brand. Our company has not yet adopted this solution.  Our maintenance teams don't know this technology, which would have been a problem.

Check Point is a good brand. Their product is robust, but we found an issue in using their firewall manager with the hybrid architecture like ours, where we have both on-premises and on-cloud deployments.

Both are also a leader in Gartner Quadrant and Forrester together with Palo Alto.

Azure Firewall needs to improve.

Good support from the brand and local partner in Chile.

I am a firewall expert, although my job is not on the management side. I take care of the routing and switching aspects. We have approximately 1,000 firewalls in the company.

This product is a complete security system, wherein we provide direct internet access to our hub site.

The most valuable feature is that you can control your traffic flowing out and coming out, allowing you to apply malware and threat protection, as well as vulnerability checks.

It has an advanced engine that does parallel processing for packet and deep packet inspection. It also supports user authentication.

The disadvantage with Palo Alto is that they don't have a cloud-based solution that includes a secure web gateway. For example, if a person is working from home and you want a proxy then you have to rely on a secure web gateway. Palo Alto cannot do that because they don't have a cloud solution. So, if you want direct internet access and if you also want the proxies then Palo Alto is not a good choice.

I have been working with the Palo Alto VM-Series for four years.

The stability is absolutely good and there is no problem with it.

We have almost 3,000 branch offices set up across the globe.

Our intention is to increase usage of Palo Alto, adopting it for security in all of our future products.

Technical support from Palo Alto is very good.

We did not use another firewall product before this one.

With any organization, if you want to change the firewalls that are being used in production then it's a hectic task. You have some rules and engines that can be used, but it's a step-by-step process.

Migrating from an existing solution to Palo Alto needs to be done in phases. Phase one would be installing the devices. Phase two is testing a lab setup and diverting traffic, then analyzing it. Finally, the third phase is to enable other features like threat protection, malware detection, and other advanced options.

Depending on the size of the organization, if a migration is well planned then it will take three to four months to complete.

The configuration is different between our branch offices in order to meet our requirements. Some use the hardware appliance, whereas others use the software version.

We had a Palo Alto engineer who was assisting us, in-house, for our deployment. We also have support from our vendor, which provides LAN and WAN solutions.

We considered using Cisco ASA, but we chose Palo Alto because it can also act as a proxy for your hub site. Palo Alto is more advanced than the Cisco solution.

This is definitely a product that I can recommend.

Overall, it is a good product, although it would be better if they offered a cloud proxy.

I would rate this solution a seven out of ten.

The Palo Alto VM-Series is a firewall that is part of our security solution.

With Palo Alto, it feels like you're using the Rolls-Royce of firewalls.

All of the next-generation features are valuable and set Palo Alto apart from other firewalls.

The application filtering, or AppiID, and URL filtering are good.

The interface with Panorama makes it very easy to use.

The command-line interface is something that some people struggle with and I think that they should have an option to go straight to the GUI.

The interface for Panorama has not changed greatly and could be updated.

I have been using Palo Alto VM-Series for more than six years.

It is very easy to scale. All you have to do is get access to the VM base and then spin it off into another virtual environment or send it into the cloud.  This means that you now have a data center through Palo Alto.

They have a new product called Prisma that allows you to create links between remote users working from different areas and use that to connect to the clouds in this infrastructure. It also allows you to get connectivity to that but not using a backhaul. Rather, you connect straight from wherever you are.

In the places where we have deployed this solution, they have a couple of thousand users.

The technical support is great. This is a brand and they have to protect it, so they make sure that the users get what they need.

I have experience with Check Point and Cisco, who both started improving their management interface after Panorama.

I would say that the initial setup is easy. I have been an IT professional for more than 20 years and can say that this is an example of a product where you simply have to read the manual. If you jump straight into it then you will start struggling.

During the initial setup you begin with the CLI, but you enter a command and it brings you to the GUI. Once you are in the GUI, you will see words on the tabs. All of these things are there if you look carefully.

The price of this solution is very high for some parts of Africa, which makes it a challenge. If it were lowered then it would be more popular.

I have been using Palo Alto since version 6.0, and I am currently evaluating the latest one, version 9.1.

My advice to anybody who is considering this solution is to try the trial version first. It is good for 30 days and it can actually be used because it is the full product. You can test all of the scenarios and try the next-generation features. You can use features like the VPN GlobalProtect and actually see it work. The same with URL filtering and antivirus.

Overall, this is a great next-generation firewall.

I would rate this solution a nine out of ten.

We primarily use the solution for IT. I am from the Palo Alto Partner end, so I am not using it deliberately. I usually deploy to clients in various industries, including the payment gateway industry. 

In Palo Alto the most important feature is the App-ID. It's the biggest selling point in my opinion.

Another important application feature is the Content-ID.

The solution offers great templates.

Overall, the solution has a lot of great features on offer.

Even when the solution locks away a virus, there seems to be a delay for four or five minutes. It should be as little as one. Right now, it's such a long delay. It can be frustrating for clients and I need to answer a lot of questions surrounding that.

The solution needs to have more easily searchable details or documentation about it online, so it's easier to Google if you have queries.

The solution requires more use cases.

I've been on this Firewall for the last two years.

The stability is very good. There aren't bugs, glitches, or crashes. It's very reliable.

Although I haven't personally tried to scale the solution, my understanding is that it's easy to do so. It's convenient for enterprises. It's my understanding it would scale especially well for enterprises.

I've had to reach out to technical support many times. Sometimes, I find that it can take a while to reach support, or for them to get back to us. This is especially true on weekends and holidays. Other than that, it's been pretty good. We're pretty satisfied with the level of support we get.

I only have experience with Palo Alto; I don't know much about other VM firewall solutions.

The initial setup is not complex. It's quite straightforward. The deployment process is great. It only takes about five to ten minutes or so.

I handle the maintenance and troubleshoot any issues that arise. 

I mostly figured out the deployment myself and used Google to assist when I had questions.

I don't have any dealings with the accounting side of the solution. That's handled by someone else. I'm not sure what the cost is or if we pay monthly or yearly.

We're partners with Palo Alto. We're using the latest version of the solution.

We have a VM-Series via Palo Alto and K2K and the hardware Series.

I'd rate the solution seven out of ten.

We use the solution for hands-on testing purposes and also for activating firewall re-entries, which is easy to accomplish. We only need to turn up the VM to the firewall. This serves users who are working at home due to the COVID-19 pandemic. We also utilize the solution in respect to several servers which are behind the firewall.

A valuable feature of the solution is that it is not dependent on the hypervisor so we can install it on Hyper-V Microsoft software and deploy it. We have even installed it on Nutanix 81, in which it is supported. It is not dependent on the platform and is stable. 

When we activate the solution on Amazon, instead of AWS, GCP or another type of public cloud, we encounter problems, as our engineers are not yet completely hands-on in respects of the public cloud platforms. Still, they can configure the firewall just fine. 

Integrative capabilities with other solutions should also be addressed. 

I have been using Palo Alto Networks VM-Series for the past five-and-a-half years.

The solution is reliable. 

We have tried to scale. The Western side of migration is very easy in terms of scalability. Our customers may increase their licensing counts in tandem with their increased performance requirements from the firewall. In this case, they would procure a VMP and the license. The activation of the firewall would be accomplished by the tech in the back-end. The customer would get the migration capabilities and procure the license without experiencing any downtime. 

There is room for improvement from the side of technical support. 

The initial setup was straightforward. 

The deployment takes two days. This includes installing the solution on the OVO files, upgrading the firewall panel records, activating the license and configuring basic policies and rules. However, our setup was basic and did not involve business activity, which would necessitate a technical business setup. In such case, the process from start to finish may take a customer up to 10 or 15 days. 

The VM series is licensed annually.

The option exists to procure a basic license. With this, the firewall feature comes with the application and the board, with everything in code. A subscription is included. 

The solution is cost effective in comparison to others. 

We deploy the solution on-premises for customers and organizations, although we also do so via AWS.

There are around 16 users connected to the VMP firewall. 

The security feature is really good, although there would be a bit of a learning curve when it comes to the cloud.

I rate Palo Alto Networks VM-Series as a nine out of ten.