Palo Alto Networks VM-Series Reviews

We use it to secure all traffic leaving and entering AWS.

It allows us to see all our traffic to properly secure it and only allow what is needed through the firewall.

• Full content inspection
• Visibility into the traffic in AWS.

There is work to be done on the integration side, as AWS doesn't integrate well with third-party firewalls.

I would like to see AWS have more integration with Palo Alto from a routing standpoint, so it could become a routing egress without having to redesigning it.

It is very stable, and we are not putting stress on it.

It is fairly scalable. We have a couple hundred servers already.

They are the leading next-generation firewall. I would recommend deploying a next-generation firewall.

I am using the on-premise and AWS version. They are exactly the same.

We use it to monitor all traffic, so we can do URL filtering with it. We can also use the VPN features, which we have not set up yet, but we know the functionalities are there. In addition, we use it to monitor all our trusted and non-trusted traffic, then block it as appropriate. 

It does a lot of threat management as well. It is like a threat management gateway and it does some virus scanning. From that perspective, it is really good.

We now have a lot more details about what our users are doing on the network. Whereas before, we did not know certain things they were accessing, websites they were going to, and what vulnerabilities were potentially being introduced into our network. Now, we have a very good understanding of what is actually traversing our network, what is coming in, and what is going out.

Threat management. That is very important, obviously. There has been a lot of press about hacking, virus vulnerabilities, the cron bug, etc. It is very important that we detect these as soon as it happens, so we can implement measures before they get on to our network. It is very good at doing that; it is very good at identifying these vulnerabilities.

The interface, maybe. It is all Java-based and I would prefer an HTML5 interface. It would make things a bit quicker. It is not that it is really bad once you are in, it is just another Java-based application that is not amazing. I am not really a fan of Java-based applications. 

The user-friendliness of the UI could be improved.

No issues, it is very stable. It is fairly easy to use. I would not say it is difficult, just sometimes it can be a bit sluggish navigating through pages. That is just purely because of Java.

We picked the PA-3050s. They can handle a lot of traffic, so we are nowhere near our limits on it. We are not really touching its full capacity at the moment.

It is very good. I have not actually called their support line, because we have a direct contact to a senior engineer in the company for any issues that we handle with them. I will say they are very responsive, and they do give you the information you need when you need it.

We previously used Cisco ASA. We switched to Palo Alto because it can do a lot more. They are called Next-Generation Firewalls (NGFW). They can do a lot of threat detection and things that the Cisco firewalls could not, or could only do with plugins, and the firewalls were not really built for that purpose. Palo Alto can handle a lot more and give us more insight into our network. 

The hardware install was mildly complex; it was somewhere in the middle. It was just about working out the best way to monitor our traffic, because you can have a segregation of interfaces. You can use something called vwire, which is like a bump in the wire, or you can use Layer 3 interfaces. It was just working out which way to go with. We could not really configure the Layer 3 interface solution properly, so we just went for a different setup. 

It was not overly complex. There was enough information online and enough support. There is enough info in the community on their website to allow you to do what you need to do.

For what you get, it does do what it says it does. It is a good value for an enterprise firewall.

We had a look at Check Point firewalls, as well as Huawei. 

• With Check Point, it was a feature-rich product, but it was a bit more expensive. 
• With Huawei, it was not really a valuable solution or as advanced as the other two, so we discounted them straight away.

Make sure you have a detailed plan of what you want to get out of it, you fully understand your network infrastructure beforehand and you have all the IP addresses documented and things that you might need before you actually implement it. Also, it is a feature-rich product, so ensure you have looked at what it can give you, and decide if you need all that functionality in your network. If you do not need it, then you can obviously go for something that is a bit less feature-rich.

We primarily use the solution for IT. I am from the Palo Alto Partner end, so I am not using it deliberately. I usually deploy to clients in various industries, including the payment gateway industry. 

In Palo Alto the most important feature is the App-ID. It's the biggest selling point in my opinion.

Another important application feature is the Content-ID.

The solution offers great templates.

Overall, the solution has a lot of great features on offer.

Even when the solution locks away a virus, there seems to be a delay for four or five minutes. It should be as little as one. Right now, it's such a long delay. It can be frustrating for clients and I need to answer a lot of questions surrounding that.

The solution needs to have more easily searchable details or documentation about it online, so it's easier to Google if you have queries.

The solution requires more use cases.

I've been on this Firewall for the last two years.

The stability is very good. There aren't bugs, glitches, or crashes. It's very reliable.

Although I haven't personally tried to scale the solution, my understanding is that it's easy to do so. It's convenient for enterprises. It's my understanding it would scale especially well for enterprises.

I've had to reach out to technical support many times. Sometimes, I find that it can take a while to reach support, or for them to get back to us. This is especially true on weekends and holidays. Other than that, it's been pretty good. We're pretty satisfied with the level of support we get.

I only have experience with Palo Alto; I don't know much about other VM firewall solutions.

The initial setup is not complex. It's quite straightforward. The deployment process is great. It only takes about five to ten minutes or so.

I handle the maintenance and troubleshoot any issues that arise. 

I mostly figured out the deployment myself and used Google to assist when I had questions.

I don't have any dealings with the accounting side of the solution. That's handled by someone else. I'm not sure what the cost is or if we pay monthly or yearly.

We're partners with Palo Alto. We're using the latest version of the solution.

We have a VM-Series via Palo Alto and K2K and the hardware Series.

I'd rate the solution seven out of ten.

We are a solution provider and the Palo Alto VM-Series is one of the products that we implement for our customers. Our customers use this virtualized next-generation firewall as part of their security solution.

The VM series has an advantage over the physical version because we are able to change the sources that the machine has, such as the amount of available RAM. With a physical machine, you cannot the resources without adding something to the machine.

The management can be done from a single console window.

The implementation should be simplified.

We have been using the Palo Alto Networks VM-Series for three years. 

This solution is stable.

The VM-Series is a scalable product.

The support is good.

The implementation involves setting up policies.

We deploy this product with our in-house team.

I would rate this solution an eight out of ten.