Palo Alto Networks VM-Series Reviews

We use the solution for network protection. Previously, I worked for a physical organization, but last year we moved to a Proof of Concept. Following the POC, we had to deploy the solution in three different geographical locations. We deployed all of the Palo Alto solutions in the hub environment and connected them to another node.

VM-Series allows us to maintain consistent next-generation firewall protection across virtual, private, and public cloud infrastructures using a unified policy model. We can use the provided templates to generate policies based on both global and local rules.

Panorama plays a vital role in allowing us to maintain a consistent security policy model across on-premises and various public cloud environments. Presently, we utilize Panorama exclusively in the cloud, spanning three different geographical locations: East Asia, Eastern U.S., and Western Europe.

Once we were able to configure Panorama's centralized management system we were able to have uninterrupted connections with no security issues.

Using Panorama helped us streamline our security policies in a cloud-based environment, saving us time. With Panorama, we no longer need to log in and manually adjust the template before transferring data, which increased our comfort level.

Palo Alto Networks VM-Series' security features are all good.

Centralized management is valuable because it allows us to configure settings in one location and apply them across all three locations.

The migration of workloads to the cloud is difficult because the cloud provider and Palo Alto Networks are different platforms. We had to research many articles online and after our research and development were completed we were able to deploy. The migration of data to the cloud can be more user-friendly and has room for improvement.

The utilization monitoring and GUI have room for improvement.

Sometimes we encounter licensing issues where our licenses are not activated, and as a result, we are required to redeploy. This problem could be related to VM-Series or the template image and how they are integrated with Azure Marketplace.

I have been using the solution for one year.

The solution is stable.

The technical support is good.

Positive

Previously, we utilized Azure Firewall, but we found it to be less mature compared to Palo Alto, prompting us to switch to the latter.

The initial setup is straightforward but the deployment portion is complex. We require 15 minutes for one VM deployment.

I give the solution a nine out of ten.

Azure Firewall is a cloud-native solution. It's only for netting and simple source-destination blocking. The client wanted everything, so they wanted us to implement a third-party solution. Palo Alto was the leading solution. It's easy to install. 

Palo Alto is dynamic regarding protocol rules, and it is classless. The client also wanted a third-party solution between their on-premise environment and Azure, so they went for Palo Alto. Palo Alto VM-Series is deployed on the Azure Cloud.

We previously had a hardware solution. With VM-Series, you don't need to purchase the hardware. You can deploy it in the cloud, or they have a PaaS, SaaS, and IaaS version. You connect your network to their cloud and get the traffic filtered. 

The most valuable feature is the proxy write. It's called the Write Fill process. It's in a bundle of everything. Palo Alto has everything, including CAD management, malware protection, and a file management system. There is a bundle of packages. This is not in the latest edition of Azure Firewall.

The VM-Series reports how much bandwidth a particular IP is using. You don't need to regularly log into a website, like a Cisco command, to see what kind of ACL it's getting. There isn't an ACL use portal event. You can go there and see how much my ACL has been getting me.

It automatically tells what rules are in place, like scheduled and additional rules. You don't need to create new rules every time. It will automatically tell you that this rule exists. 

Palo Alto's next-generation firewall is classless, and it's a bundle of everything, including malware management, bandwidth utilization, and how much each IP is costing you. It offers bandwidth utilization, DDoS protection, a next-generation firewall, and everything I need in one bundle.

You can integrate fully automated virtual firewall deployments and provisioning into existing DevOps workflows if you are a good developer. Palo Alto offers help for it, but you should have developer knowledge.

It's easy to migrate workloads to the cloud. They expose the API also. In two days, I can implement two firewalls in different regions. It's flexible. That is a feature of Azure and Palo Alto. This kind of integration is why I am able to do the migration in two days.

There's room for improvement in terms of integration with the load balancer. It isn't like Fortinet, which has a load balancer built into its firewall. It is effortless to integrate within the load balancer-plus-firewall solution. 

Palo Alto doesn't have much ability to load balance, so you must purchase a third-party load balancer. It would be great if they did these kinds of changes to integrate the solution with the load balancer.

I have used Palo Alto VM-Series for one year.

VM-Series is highly stable. One of our clients has been using it for one year, and we've been using it for a year and a half. There were some bugs initially, but in the past two years, it has gotten more stable. 

I give VM-Series six out of 10 for the scalability. It's one area where they need to improve. Scaling up requires a lot of effort because it's cloud infrastructure. You need to change a lot of settings and ask them to customize before it starts working. 

There are still some issues after a customer has customized the solution. Scalability is something they are working on. I am hoping that we'll see some decent scalability within a year and a half. 

I rate Palo Alto support nine out of 10. Palo Alto technical support is excellent. When you raise a ticket, you get a support call in 10 minutes. They will contact you by phone and follow up on WhatsApp to see if the issue hasn't been resolved. 

Positive

Setting up VM-Series is completely straightforward. You have to download the VM, and there is a free interface for internal and external management. You configure the interface and the root table within Azure, then the device is good to go. Lastly, you need to activate your license, and Palo Alto is integrated into Azure.

We had to purchase the license from the vendor and download the VMs from the Cloud market. You can download VM-Series from the Azure marketplace, it is a simple process. You configure everything in the management interface. Once that's done, you configure the access list so that others cannot access it from anywhere. 

After you purchase the license, you have to put the license in Azure VM. There's a similar license you have to implement in the Palo Alto portal. Your Palo Alto is ready to use once that goes through. It took us one week to deploy. An issue came up, and we had to raise a ticket, so it took seven days to complete the implementation within Azure Cloud. One person is enough to deploy it. I deployed two firewalls within seven days, so I didn't need anyone's help. One or two people are enough to manage it.

The price is fair enough. The most expensive is Cisco, followed by Fortinet, then Palo Alto. Palo Alto is very much within the range. We use Software Next-Generation Firewall Credits for licensing and consuming VM-Series. They have a cloud solution using their portal. You can go in and put it through the license.

We can't use the credits on the fly. It is not possible because they acquire new CPU RAMs. We cannot change this on the fly. It will take one day of downtime. It is not easy. This is planned downtime. You have to plan for it outside of business hours. If you do the downtime during the business day, you can't do anything. 

The Software Next-Generation Firewall Credits enable us to protect ourselves without going through a long procurement cycle. The licensing part plus implementation is very easy. You just create the firewall, and it can do everything.

I rate Palo Alto Networks VM-Series eight out of 10. Palo Alto is easy to use, and the price is fair compared to the other solutions on the market. I recommend Palo Alto, but you should also consider the other solutions out there. Some solutions have lots of bugs like FirePOWER. Also, the price for FirePOWER is quite high. That is not the case with Palo Alto. It has fewer bugs, requires minimum effort, and the price is fair. Everything is accessible within the same portal.

We use this product to secure our entire network.

At this point, it is used only for VPN purposes, allowing access to our servers behind the firewall.

Using this product has increased our security and has given us much better results in terms of security scans.

Palo Alto embeds machine learning into the core of the firewall to provide online real-time attack prevention, and I would rate that capability a six out of ten. It's definitely effective in terms of securing our network against threats that are able to evolve and morph rapidly.

This solution provides a unified platform that natively integrates all of the security capabilities, although we are not using parts of it. For example, we don't use the configuration tools like Panorama. We don't use the monitoring capabilities, either.

The most valuable feature is the CLI.

We have the firewall configured for zero-day signatures, which is very important to us. We have to be HIPAA security compliant, which means that we need those signatures immediately.

There is no noticeable trade-off between security and network performance. In fact, so far, we've not seen any negative network performance with it. We're very impressed in that regard.

The web interface is very slow, and it needs to be faster.

I have been working with the Palo Alto Networks VM-Series for three years.

This product is very stable. We have had zero problems with stability.

The scalability is fantastic. We're using the lowest-end product right now, and I don't foresee when we'll have to upgrade. We've got a long way where we can continue to scale up.

We currently have three or four people that use it for VPN purposes, to access our servers behind the firewall. It is not used nearly as extensively as it should be. However, next year, we're going to start flowing all of our internet traffic through it.

We're all working remotely, and we're going to be connecting through the firewall. This means that our traffic is going to greatly increase, meaning that our usage will also increase. We'll also be using many more of the features.

The technical support from Palo Alto is good, overall. However, their response times could be a little quicker.

We have not really had any big complaints with the technical support and I would rate them an eight out of ten.

Positive

Prior to using Palo Alto, we were using an on-premises solution by Juniper. When we switched from onsite to the cloud, we changed products.

We made the switch because Juniper became unbearable as far as complexity and performance go. It was getting really bad; we couldn't manage it well, and the performance was quite poor. 

The initial setup is quite complex. There is a steep learning curve and we failed at it a couple of times.

Our final deployment took between three and four hours.

Our in-house team was responsible for the deployment.

We have absolutely seen a return on our investment. We are definitely more secure. With the features that are in Palo Alto, we do not have to worry about people busting into our network. Even just out of the box, with the base features, it's really solid. The default configurations are very secure.

Our return on investment comes from the fact that we're not having to spend hours monitoring stuff the way we did before. We've saved man hours and we've saved stress. I can't put a monetary value to that, but that would be the return.

This is not the cheapest firewall but it's not the most expensive of the options on the market.

There's a new licensing structure coming in that we're really trying to understand, so I would suggest studying up on it. I recommend getting a partner involved for purchasing the product.

Beyond Palo Alto, we evaluated two or three other products. Two of them that I can recall are Fortinet and the Microsoft Azure Firewall.

We did some extensive reviews and some extensive testing and what we found is that for the price, Palo Alto gave us the best options. It had the best set of security features. It wasn't the cheapest product but it was the best solution that fit our requirements.

We have not yet implemented the DNS security features. However, we will likely be doing so next year.

If one of my colleagues at another company were to say that they were just looking for the cheapest and fastest firewall, I would suggest that they be careful. Palo Alto has a great balance. It's not super expensive compared to other options on the market, and it's quite quick when it comes to throughput and performance.

In summary, this is a good product but I do suggest that people shop around a little bit.

I would rate this solution an eight out of ten.

We are using it on Azure Cloud for our internal systems, where we have set up our internal workloads. We are using it as a perimeter firewall.

We are using it because our internal workflows are on the cloud. Almost everything in our production and development uses these instances. We are using it extensively for conducting reports of the development environment. It is working fine.

It improved all compliance activities. We can close open cases. Compared to other firewalls in these cases, it improved our score on the compliance side.

We are using the complete box. We are mostly using the security services and firewall rules in Panorama.

We need to look at different variables and granular policies of various tools. This makes it easy to understand.

We use Palo Alto’s Panorama centralized management system. We have an on-prem firewall where Panorama is very good for pulling logs in from the cloud so we can see what is going on. It gives us visibility into that as well as showing us what attacks are coming in.

Palo Alto’s Panorama centralized management system simplifies our security posture based on our requirements. Instead of manually pulling logs, then generating them into readable formats, it gives us the console in a readable format to view.

We have been using it for the last two years.

Stability has so far been good. We monitor the resources on the firewall to determine if there will be any spikes on the CPU, RAM utilization, or the load of the firewall. Though, we are yet not putting much load on it. 

I don't think that scaling will be a problem since we can adjust the VM-Series model that we want.

I have around 100 instances protected behind this device.

The customer support is good. They are able to give fast, readily-available solutions upon the creation of a help ticket. I would rate them as 10 out of 10.

Positive

We did a fresh setup for this, but it was pretty easy. We could easily integrate with the VM-Series, then just create our business servers. We were able to do this with the help of the tech team.

It took around seven to eight hours to deploy this solution and configure it to our environment.

We feel that the setup was complex. So, we asked the tech team about the setup process. They explained how to deploy it in the right way, which made it very simple. Once we had a checklist of what to do, it was pretty easy to deploy.

Deploying Panorama has saved us a lot of time. When any incidents happen, our people are comfortable going to the Panorama logs and view the incident report to see what happened.

Initially, pricing was high. Later on, we were able to negotiate the pricing and get something that fits our budget.

The solution provides protection and there wasn't an additional cost involved, in terms of security.

We evaluated FortiGate, Cisco, and the stuff that we are using. Compared to other products, we found it a very useful part of our compliance requirements and liked its format on the graphical interface. It is also a more secure firewall compared to other existing ones in the market. Based on our evaluation, it matched our compliance requirements.

Cisco is pretty complex in nature to deploy. It is helpful to have a skilled person with at least two years of experience. 

We are happy with their features for how we are using it and what we have deployed.

I would recommend giving the solution a try and see the difference between it and your existing firewalls. Give it a shot and see the difference.

In the firewall market, it is the number one product right now. I would rate it as 10 out of 10.

This is our core firewall for the data center network.

We have two on-premises appliances set up in a high availability configuration.

The VM-Series enables us to extend consistent next-generation protection across different infrastructures with a unified policy model, which makes it very easy for us. It is very important that we have this single pane for monitoring all of the network resources and multiple devices because, today, it's a complex environment where you have to take care of many devices.

This solution makes it very easy to quickly migrate workloads to the cloud.

Since we updated the system, the network has been very stable. Previously, there were issues with traffic throughput. With the improved visibility we now have, the traffic is being properly monitored, which means that we are better able to manage it. These are improvements that we saw very quickly.

This is a firewall product and every OEM has claims about their special features. This device is very user-friendly and offers ease of monitoring.

Changes to the configuration happen quickly.

There is a single pane of glass for reporting, which is quite good. 

The interface is user-friendly.

It would be helpful if we had a direct number for the support manager or the supporting engineer. That would be better than having to email every time because there would be less wait. Having a dedicated number where we could send a text message in the case of an emergency would be helpful.

We have been using Palo Alto Networks VM-Series for approximately six months.

We are very much satisfied with the stability and performance.

This solution is quite scalable because it has options for deploying in a VM as well as an appliance. The interfaces are all license-based, which means that features can be added just by obtaining another license.

Our current environment has more than three gigs of traffic.

We have a team of four or five people that is responsible for the network. They are continually monitoring the firewall and updating the policies, as required.

Pala Alto has very good support. Generally, the response is very good and they address our issues as soon as we contact them. For example, they assisted us during our deployment and it was a very good experience.

My only complaint about the support has to do with complications that we had with communication. Sometimes, support was done over email, and because of the difference in time zone, there was occasionally a long gap in time before we got the proper response.

We used to have Cisco ASA and Firepower, and we had some issues with those firewalls. Once they were replaced by Palo Alto, we didn't have any problems after that. 

Compared to the previous devices that we have used from other vendors, Palo Alto is very user-friendly, and we are comfortable with the features and capabilities that it offers.

The initial setup is very straightforward and we had no issues with it. It is not complex because the procedures are properly defined, the documentation is available, and there is proper support. Our initial setup took about 15 days, which included migrating all of the data.

Our deployment is ongoing, as we are adding policies and dealing with updates on a day to day basis. We have a very complex environment that includes a firewall for the data center, as well as for the distribution networks.

The Palo Alto team supported us through the deployment process.

Palo Alto definitely needs to be more competitive compared to other products. The problem that I have faced is that the price of licensing is very high and not very competitive. When a customer wants to implement Palo Alto, even a small box, there are several licenses, and having all of them is sometimes really hard to justify. It is difficult for some clients to understand why such a small box costs so much.

For instance, they have the dashboard license, and then they have the user license, and so on. If the pricing were more competitive then it would be good because more customers would use the product, rather than use simpler firewalls.

We have worked with firewalls like Sophos, FortiGate, and Cisco ASA. We have dealt with almost all of the vendors but at this point, our experience with Palo Alto has been the best one. Palo Alto has been doing what it claims to do, whereas the other vendors' products have various shortcomings.

For example, some vendors do not have the performance that they claim in terms of throughput. Sometimes, the user interface is complex, or the device needs to restart whenever you make changes. With Palo Alto, it's simple to use and easy to get things done.

We have not yet used Panorama for centralized management but in the future, we may do so for other projects.

My advice for anybody who is looking into purchasing a firewall is to carefully consider what their requirements are. I have seen that when a customer procures a firewall, they initially choose products like Sophos. Over time, they engage in trials with the majority of the vendors and finally end up with Palo Alto. This is only after spending a lot of time and money on other products.

If instead, a client is aware of the requirements including how much traffic there is and what throughput is needed, it's better to invest in Palo Alto than to try all of the cheaper alternatives. Then, evaluate everything afterward and finally select Palo Alto. This, of course, is providing the client doesn't have limitations on the investment that they're going to make.

I say this because generally, in my practice, what I've seen is that when choosing a firewall, the clients first choose a cheaper alternative. Then, after some time they think that it may not be what they wanted. This could be brought about by a throughput issue or maybe some threats were not blocked or they have had some security incidents. After trying these firewalls, they replace them with another, and yet another, until finally, they settle on Palo Alto.

Essentially, my advice is to skip the cheaper vendors and go straight to Palo Alto.

In summary, this is a very good product and my only real complaint is about the cost. If it were more competitive then more customers would choose it, and those people suffering losses as a result of security incidents would be saved. I find the real reason that people don't choose the right product is due to the cost factor. Even when they know that the product is the best choice, because of the limitation that they have on the investment they can make, they're not able to choose it.

I would rate this solution a nine out of ten.

We use the solution for hands-on testing purposes and also for activating firewall re-entries, which is easy to accomplish. We only need to turn up the VM to the firewall. This serves users who are working at home due to the COVID-19 pandemic. We also utilize the solution in respect to several servers which are behind the firewall.

A valuable feature of the solution is that it is not dependent on the hypervisor so we can install it on Hyper-V Microsoft software and deploy it. We have even installed it on Nutanix 81, in which it is supported. It is not dependent on the platform and is stable. 

When we activate the solution on Amazon, instead of AWS, GCP or another type of public cloud, we encounter problems, as our engineers are not yet completely hands-on in respects of the public cloud platforms. Still, they can configure the firewall just fine. 

Integrative capabilities with other solutions should also be addressed. 

I have been using Palo Alto Networks VM-Series for the past five-and-a-half years.

The solution is reliable. 

We have tried to scale. The Western side of migration is very easy in terms of scalability. Our customers may increase their licensing counts in tandem with their increased performance requirements from the firewall. In this case, they would procure a VMP and the license. The activation of the firewall would be accomplished by the tech in the back-end. The customer would get the migration capabilities and procure the license without experiencing any downtime. 

There is room for improvement from the side of technical support. 

The initial setup was straightforward. 

The deployment takes two days. This includes installing the solution on the OVO files, upgrading the firewall panel records, activating the license and configuring basic policies and rules. However, our setup was basic and did not involve business activity, which would necessitate a technical business setup. In such case, the process from start to finish may take a customer up to 10 or 15 days. 

The VM series is licensed annually.

The option exists to procure a basic license. With this, the firewall feature comes with the application and the board, with everything in code. A subscription is included. 

The solution is cost effective in comparison to others. 

We deploy the solution on-premises for customers and organizations, although we also do so via AWS.

There are around 16 users connected to the VMP firewall. 

The security feature is really good, although there would be a bit of a learning curve when it comes to the cloud.

I rate Palo Alto Networks VM-Series as a nine out of ten. 

It is deployed on the Azure cloud to inspect the outbound traffic, but in the near future we will be working to inspect inbound and Azure Express Route traffic as well.

With Palo Alto VM-Series, we are capable through a single point of management and visualization both in infrastructure and on premises and in the cloud. This allows us to improve the speed to create new rules, speed up the resolution of problems, having a holistic vision of our firewall infrastructure.

Its security features, i.e. antimalware, threat prevention, URL Filtering, VPN, antivirus are the most valuable. The ID-User integrated with AD and 2FA feature is also very useful to provide access to servers and some users in the company. 

It can be improved in areas such as DevOps and quality assurance. The installation rules deployment process we also improved when we deployed these firewalls. In terms of new features, for simplicity reasons, it is faster, because as I mentioned above we can reused the same rules and the same objects from the local PAN that has a Panorama such as the single point of supervision.

We are looking for ways to integrate with other cloud in the future. For this, we will require a more secure integration and encrypted connections with other companies. 

I have been using this brand for more than ten years in on premises (appliances). Now, we are expanding this features to our Azure tenant with PAN VM-Series + Panorama.

It is stable and robust solution. Through Panorama manager, we can scale up automatically if the demand increase. At the moment, we do not have any problems with its stability.

We currently don't have many end-users of this solution. It is being used mostly for servers. We have around 100 servers. In the future, we plan to have more users. Our company has around 10,000 people.

PAN provides good support in general through its partners in Chile

No, the same brand is deployed, but in this case the change was a high availability architecture under Azure VM Scale Set mode.

We had some complexity because we had no experience in implementing it in the cloud, but with the support of the partner and the endorsement of the brand it was solved quickly. It took us a couple of weeks to implement it, and then we started testing. (traffic stress, fault escenarios, scale up, vulnerability assessment, etc.)

We took the professional services of a PAN partner or reseller in Chile. We had a good experience with them. They provide good support and have a qualified team working in security, together with the internal team of our company.

Its cost is $75.000. This is the total cost, and it includes the license, implementation fee, and support for two years.

We also evaluated Check Point, Fortinet, and Azure Firewall. We needed a single point to manage the on-premises firewall and cloud firewall. Our focus was simplicity without losing the security.

Fortinet is growing in the industry. Many companies in Chile are adopting this brand. Our company has not yet adopted this solution.  Our maintenance teams don't know this technology, which would have been a problem.

Check Point is a good brand. Their product is robust, but we found an issue in using their firewall manager with the hybrid architecture like ours, where we have both on-premises and on-cloud deployments.

Both are also a leader in Gartner Quadrant and Forrester together with Palo Alto.

Azure Firewall needs to improve.

Good support from the brand and local partner in Chile.

I am the guy they call up first for the central infrastructure and configuration of the malware, firewall, and main applications, and I use Palo Alto Networks VM-Series for that.

Palo Alto Networks VM-Series is very easy to use. It takes maybe one week to learn how it works, but the suite itself is very flexible. After you install it, it's very easy to use because of the intuitive web interface.

It's great for me at the moment. I have all I need. All the traffic is very well filtered, and I believe it's the future of the firewall.

The firewall itself is very complex. You have to do a lot of research, look through all the documentation, consult, and figure out how to use it. It's not so easy as a regular firewall, like Hypertable. It'll help if Palo Alto Networks provided better documentation. It would be even better if they had simple documentation on some use cases as well.

I have been using Palo Alto Networks VM-Series for about one month.

At the moment, Palo Alto Networks VM-Series has been stable. 

I have used the Palo Alto Network's technical support before, and it's fine for the moment.

Palo Alto Networks VM-Series is a VMware appliance and very simple to install. It must be turned on to change the default password and to configure the IP address, and that is all. After that, it's easy because it has a very intuitive web interface.

I implemented Palo Alto Networks VM-Series on my own.

Because I work for a university and the URL is for the institution, it's a free license for us.

On a scale from one to ten, I would give Palo Alto Networks VM-Series a nine.