Palo Alto Networks VM-Series Reviews

We use Palo Alto as a perimeter security device.

It is nice to have a rock solid security platform that we can count on.

• It is the leader in the marketplace.
• It has the ability to create Palo Alto VM-series using software.
• The VM-Series has all of the components (out-of-the-box) that you need in a very secure environment.

In the next release, I would like to see better integration of multi-factor authentication vendors.

It is very stable. We have almost never had an issue.

We have around 15 VM-Series, which are running hot all day.

We're still learning about the scalability. We have run into some issues with scaling and limitations associated with some of the configurations. However, it is a solution that we have been happy with overall.

Technical support is good.

The integration and configuration of this product in our AWS environment was easy to pick up and very usable. It was a good walk between the old physical way and the new software or infrastructure as code (IaC) model.

We use Palo Alto to provide remote access, and we've been able to provide access for hundreds of users with a very short build out time. In the past, this would take a lot longer. Now, we don't have to wait for a physical box, etc.

Our company is entirely AWS, so it is the only place to go to purchase anything. 

Some parts of purchasing through AWS Marketplace are good, such as this product was easy to find and launch. Some of the other parts could be clearer in the AWS Marketplace, e.g., how to properly do an annual subscription.

The pricing and licensing are reasonable.

We also evaluated Fortinet and some other competitors.

We chose Palo Alto because we had institutional experience and knowledge that we could bring over.

Do a demo. Set one up and try it. 

We have used both the physical and AWS versions. The physical version is a good product. However, in an AWS environment, the ability to automate and scale pieces of it are critical.

We integrated a couple other products with it, which seems to be working well.

For this VM in particular, it is microsegmentation which is used for implementing the firewall inside the data center.

When talking about the VM or the virtual firewall, it is mostly about the sessioncapacities that it can handle. In the early version of the firewall, the session or traffic that it could inspect was low. 

In quite a few releases, they have improved a lot. They started with the physical firewall, therefore it is almost virtually the same firewall with the same features, only that it is a virtual one. The main improvements that they have made are surrounding the processing capacity for the virtual machines.

The granularity which is used to confirm applications based in users. 

When you have VMware NSX, it is easy to deploy this virtual firewall because it is fully integrated with the VM solution. If I want to segment any type of network inside the data center, it is about two or three clicks, and it works.

The reporting. There are various reports that come with the box or with VMware, but you can only run them daily. If you want to generate a report from this week or the past month, you have to create a custom report. It is not that difficult, but I expect these reports to be pre-made. I would like to be able to choose the dates that I can run the reports. As of now, you can only run it for the day before, so this is one improvement they need to make. 

From time to time, maybe twice a year, they have released content updates which have some issues. When they release content updates, the applications with these updates give us a false positives. I manage older software developers and members, and almost everyone has one or two missteps a year regarding these updates.

The Series 2000 version of Palo Alto were somewhat big for small or medium customers. They did not have a middle box. 

In the newer version (3850s), all of them are scalable. They fit better into medium or small businesses, so it is easy for us. E.g, if we have a VMware 500 appliance, we can upgrade it to a 100. They have improved in this way.

The technical support is extremely good. They are a 10 out of 10, not only because of their fast response time, but their knowledgeable personnel as well. They have knowledge regarding very specific issues. 

When we finish creating tickets in the support portal, there are a lot of knowledge-based documents. They answer almost immediately, calling you back about 10 minutes later. When creating a support ticket, I always get a quick answer.

I was using Cisco, but I was using the old Cisco. The firewall was the only working protocol. The Palo Alto Network Firewall is a Next-Generation Firewall, so it is a lot different. 

This is the first and only Next-Generation Firewall that I have used. I have put in several Sophos Firewalls, but they are not the same as Palo Alto.

You will need to know what are you doing with the firewall. 

It's different than Sophos or Fortinet where you only need to click two or three times, and it puts you in engaged mode in the simplest way. 

With Palo Alto, you need to know where you are going to be implementing and what architectures you want. It is not complicated, but it is not as easy as Sophos or Fortinet, because when you start with these two firewalls, the quick setup wizard chooses for you and it automatically creates for you network rules.

With Palo Alto, you need to do all those steps manually, but it is somewhat better because it gives you the flexibility to choose how you want your network set up and how you are going to segment the networks.

I know Palo Alto is not cheap because my finance team has been telling me that it is not a cheap solution. It is about the maturity of your security team or infrastructure team and whom you want to work with no matter how big your organization is: small, medium, or large.

The newest version of Cisco, the Next-Generation Firewall, is less expensive than Palo Alto. The price is more comparable to Check Point.

For licensing, it depends how you want to use the firewall. The firewall can be used only for IPS purposes. If you only want that firewall IPS, you will only need a license called threat prevention which includes vulnerabilities, antivirus signatures, and one additional measure; it includes three measures and security updates. 

If you do not want to buy the threat prevention license in the box, you can buy it with only the support license which is for the support of the hardware. It works like a simple firewall. It integrates what it calls user IDs and application IDs. If you do not buy any other license, only the firewall, Palo Alto will also help you improve your security.

We evaluated VanGuard for their Next-Generation Firewall.

We chose between Check Point and Palo Alto for their support teams. Check Point is very bad for support. We switched from Check Point to Palo Alto.

If you do not have a Next-Generation Firewall, Palo Alto is a good choice. It is reliable and the support is very good. The VMware version is in all the boxes and they use the same OS, so it is not different if you manage a physical box or a virtual box. The only difference is the virtual box depends on where it will be placed, and its main usage is for microsegmentation and data center firewalls.

I have some financial experience with the program. We use it with Cisco and Fortinet technology, and have integrated it with NSXi.  

It has had good performance.

As an integrator, we need to understand the business case:

1. The customer's needs. 
2. The implementation phase. 
3. Provide clarity and clarify details with the customer.
4. Relate to their business's needs more than the technology system. 

I am an integrator. Palo Alto Networks has improved my position in the cyber security market here in Paraguay. It is easy to sell. Basically, I just need to implement the demo and the program starts itself. So, it has improved our position in this market. It is a program with very strong performance in an excellent position along with quality data sharing. Overall, it has improved our width. 

My clients have a group who will be on the security scheme. They now know the details about their network traffic that they did not know before: Applications that they are using and some application they did not know they were using. It has improved the retail control of their traffic and the users on their network. 

• Its strong intelligence is the feature that I like the most.
• A solid operating system with all the necessary data center security features. 
• Easy to manage.

When you have a client compare box against box, a lot of times Palo Alto is a bit more expensive, but its network firewalls have a very rich ratio.

No issues. We did integration with NSXi and the system works likes a charm. There have not been any issues in regards to the format, delivery, or management. It has worked great.

I have not encountered any problems.

I have not had to call the technical support yet, which makes me very happy.

Their pre-sale team, who assisted us initially, consists of very responsive, kind people.

We were previously Cisco partners. It is different since it is a network company.

It is very simple. They have a very unique approach to simplicity. You have to do some basic set up to some parts where it will be needed. Therefore, it is simple compared to Cisco or Check Point. Also, it is very flexible.

The licensing is pretty much like everyone else.

In each case, it depends on the expectations of the customer. 

I have worked with Fortinet, Cisco, and Check Point. However, once I began to work with the Palo Alto Networks, it became my preference for cyber security.

Compared to Cisco, Palo Alto is a much better product.

It is a great product. It is a great company, and I am very glad to work with them. 

Use the learning material that Palo Alto has free on their webpage. The customer should compare it with other products. They need to see the product and understand the power that that technology brings to cyber security. In this case, they can see the benefit against risks to your network and its capacity to prevent threats.

We have reduced the number of configuration lines by 90%. We need fewer number of admins right now because of it.

The best features are:

• User identification
• Application identification
• Logs and monitoring.

All areas need improvement: manufacturing, education, financial, etc.

None. Works by day with no issues.

No issues. It scales linearly with load and no issues.

I would rate the customer service as 10 out of 10: great.

I would rate the technical support as 10 out of 10: very professional.

We did have a previous solution that we used. We switched due to scalability and the other solution had too many issues.

It was easy to deploy.

The deployment works well.

We did not need a vendor team. We implemented in-house.

Our ROI is excellent.

Do not buy larges box if you do not need them. Rightsizing is a great task to do beforehand.

We evaluated Check Point, Fortinet, and others.

We use it to monitor all traffic, so we can do URL filtering with it. We can also use the VPN features, which we have not set up yet, but we know the functionalities are there. In addition, we use it to monitor all our trusted and non-trusted traffic, then block it as appropriate. 

It does a lot of threat management as well. It is like a threat management gateway and it does some virus scanning. From that perspective, it is really good.

We now have a lot more details about what our users are doing on the network. Whereas before, we did not know certain things they were accessing, websites they were going to, and what vulnerabilities were potentially being introduced into our network. Now, we have a very good understanding of what is actually traversing our network, what is coming in, and what is going out.

Threat management. That is very important, obviously. There has been a lot of press about hacking, virus vulnerabilities, the cron bug, etc. It is very important that we detect these as soon as it happens, so we can implement measures before they get on to our network. It is very good at doing that; it is very good at identifying these vulnerabilities.

The interface, maybe. It is all Java-based and I would prefer an HTML5 interface. It would make things a bit quicker. It is not that it is really bad once you are in, it is just another Java-based application that is not amazing. I am not really a fan of Java-based applications. 

The user-friendliness of the UI could be improved.

No issues, it is very stable. It is fairly easy to use. I would not say it is difficult, just sometimes it can be a bit sluggish navigating through pages. That is just purely because of Java.

We picked the PA-3050s. They can handle a lot of traffic, so we are nowhere near our limits on it. We are not really touching its full capacity at the moment.

It is very good. I have not actually called their support line, because we have a direct contact to a senior engineer in the company for any issues that we handle with them. I will say they are very responsive, and they do give you the information you need when you need it.

We previously used Cisco ASA. We switched to Palo Alto because it can do a lot more. They are called Next-Generation Firewalls (NGFW). They can do a lot of threat detection and things that the Cisco firewalls could not, or could only do with plugins, and the firewalls were not really built for that purpose. Palo Alto can handle a lot more and give us more insight into our network. 

The hardware install was mildly complex; it was somewhere in the middle. It was just about working out the best way to monitor our traffic, because you can have a segregation of interfaces. You can use something called vwire, which is like a bump in the wire, or you can use Layer 3 interfaces. It was just working out which way to go with. We could not really configure the Layer 3 interface solution properly, so we just went for a different setup. 

It was not overly complex. There was enough information online and enough support. There is enough info in the community on their website to allow you to do what you need to do.

For what you get, it does do what it says it does. It is a good value for an enterprise firewall.

We had a look at Check Point firewalls, as well as Huawei. 

• With Check Point, it was a feature-rich product, but it was a bit more expensive. 
• With Huawei, it was not really a valuable solution or as advanced as the other two, so we discounted them straight away.

Make sure you have a detailed plan of what you want to get out of it, you fully understand your network infrastructure beforehand and you have all the IP addresses documented and things that you might need before you actually implement it. Also, it is a feature-rich product, so ensure you have looked at what it can give you, and decide if you need all that functionality in your network. If you do not need it, then you can obviously go for something that is a bit less feature-rich.

We use Palo Alto Networks VM-Series for our company's customers, especially those who use Azure Firewall to secure their environment but still want a third-party firewall from companies like Fortinet FortiGate and Palo Alto in their environment. Whenever our company's customers want to opt for a third-party firewall, we suggest firewall products from companies like Fortinet FortiGate and Palo Alto. There have been cases where our company's customer who already uses firewall products from Fortinet FortiGate and Palo Alto deployed on an on-premises model want to shift the same product to the cloud, going on the good experience they have had with the products. If our company's customers are not interested in purchasing a third-party firewall, my company suggests the cloud-native firewall provided by Azure, specifically for their landing zone environment.

Regarding Palo Alto, my company normally does a high availability configuration for our customers, which are active-active and active-passive. There are multiple add-on packages a customer can choose from in Palo Alto, including antivirus, web filtering, IDS, and IPS solutions.

Considering Azure, some customers may purchase Palo Alto Networks VM-300. Considering the pricing perspective, customers want multiple NIC types because they might have different spokes, and they may like to extend it with different interfaces on different spokes. Considering VM-Series on Azure Virtual Machines, since there is a limitation when it comes to Azure VM-300 as it supports only four cores, there may be some modifications made to support more cores.

I have been using Palo Alto Networks VM-Series for three to four years. My company functions as a managed service provider and an integrator for Palo Alto Networks.

Palo Alto Networks VM-Series can be made more stable. I have seen some bugs in the solution. After deployment with an API call, you can use an HA solution in two scenarios, namely, as a load balancer and for API calls. I see that in the Palo Alto Networks VM-Series, there are some delays when it comes to an API call configuration.

It is a scalable tool. Considering the licensing part of the solution, it may not seem scalable, especially when you want to move from Palo Alto Networks VM-300 to Palo Alto Networks VM-500 since, for such a procedure, the virtual machines will have to be brought down and registered again with a different license, which is challenging.

My company's customers who use the solution are mostly enterprise-sized businesses.

The solution's technical support has been good. I rate the technical support a seven and a half to eight out of ten.

There are some delays that I have observed when my company communicates with Palo Alto's support engineers. There are also some problems related to the understanding of our company's issues with the product by Palo Alto's support team.

Positive

Users are provided with templates to go ahead with the deployment phase of Azure. There are already prepared templates available for installation, which users can use during installation.

Suppose our company's discussions with the customers are completed, and the design has been frozen. Considering the aforementioned case, the Palo Alto Networks VM-Series installation phase can be completed in a couple of hours, while the only time-consuming task is the creation of policies.

Palo Alto Networks VM-Series is easy to maintain.

From a security point of view, I find Palo Alto Networks VM-Series to be a better product compared to the other solutions in the market.

I rate the overall product a ten out of ten.

The most effective features for threat prevention are application-based prevention and WildFire. These features cover various threats, such as ransomware, malware, etc. They provide real-time visibility. By applying appropriate policies, threats can be blocked.

The solution needs to improve its visibility. It's not straightforward to use. Understanding the policies, authorizations, and initializing features requires careful review. The product needs to offer proper training. 

I have been working with the product for three to four months. 

I rate Palo Alto Networks VM-Series' stability as ten out of ten. 

The main issue with the tool's support is the delayed response time, ranging from one to two hours. This delay can impact customers who are waiting for support. Additionally, partners may become busy. 

Positive

The tool's improvement in cloud security posture depends on the features used and the licenses purchased. Different suites are available, such as Professional, Core, and Enterprise, each offering various features for endpoint.

Competitors such as Fortinet and Check Point also offer similar features, but I don't know much about their offerings. However, Palo Alto Network VM-Series stands out with its application deployment capability, iOS zone protection, and features like application ID, user ID, and device ID identification. These features enable policy application and on-premises protection, which may not be available in competing solutions.

I rate the overall product a nine out of ten. 

The tool's cloud version makes application migration easy. 

Palo Alto Networks VM-Series needs to improve its order process. 

I have been working with the solution for two years. 

I rate the solution's stability a nine out of ten. 

I rate the product's scalability a nine out of ten. 

Palo Alto Networks VM-Series' deployment is not difficult. 

The solution is expensive. I rate its pricing a three out of ten. 

Palo Alto Networks VM-Series is an enterprise product because it is costly. I rate it an eight out of ten.