Palo Alto Networks VM-Series OverviewUNIXBusinessApplication

Palo Alto Networks VM-Series is the #6 ranked solution in top ATP (Advanced Threat Protection) tools and #18 ranked solution in best firewalls. PeerSpot users give Palo Alto Networks VM-Series an average rating of 8.8 out of 10. Palo Alto Networks VM-Series is most commonly compared to Azure Firewall: Palo Alto Networks VM-Series vs Azure Firewall. Palo Alto Networks VM-Series is popular among the large enterprise segment, accounting for 62% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 22% of all views.
Palo Alto Networks VM-Series Buyer's Guide

Download the Palo Alto Networks VM-Series Buyer's Guide including reviews and more. Updated: November 2022

What is Palo Alto Networks VM-Series?

The VM-Series is a virtualized form factor of our next-generation firewall that can be deployed in a range of private and public cloud computing environments based on technologies from VMware, Amazon Web Services, Microsoft, Citrix and KVM.

The VM-Series natively analyzes all traffic in a single pass to determine the application identity, the content within, and the user identity. These core elements of your business can then be used as integral components of your security policy, enabling you to improve your security efficacy through a positive control model and reduce your incident response time though complete visibility into applications across all ports.

In both private and public cloud environments, the VM-Series can be deployed as a perimeter gateway, an IPsec VPN termination point, and a segmentation gateway, protecting your workloads with application enablement and threat prevention policies.

Palo Alto Networks VM-Series Customers

Warren Rogers Associates

Palo Alto Networks VM-Series Video

Archived Palo Alto Networks VM-Series Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Senior Network Architect at a manufacturing company with 5,001-10,000 employees
Real User
Good support, and the filtering options for URLs and applications help to improve our security

What is our primary use case?

The VM-Series firewall is part of our overall security solution.

What is most valuable?

The most valuable features are the User ID, URL filtering, and application filtering. These features have helped us a lot. 

What needs improvement?

The user interface could use some improvement.

I would like to see SD-WAN features added in the future.

For how long have I used the solution?

We have been using this product for three years.

Buyer's Guide
Palo Alto Networks VM-Series
November 2022
Learn what your peers think about Palo Alto Networks VM-Series. Get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
656,862 professionals have used our research since 2012.

What do I think about the stability of the solution?

Stability-wise, this product is great.

What do I think about the scalability of the solution?

This is a scalable solution.

How are customer service and support?

I have been in contact with technical support and find that they are great.

Which solution did I use previously and why did I switch?

We have the VM-Series as well as the physical appliance.

How was the initial setup?

The initial setup is straightforward. It doesn't take too long to deploy, although every company their own set of requirements. For example, the level of compliance varies between companies.

Which other solutions did I evaluate?

When I joined the company, the VM-Series firewall was already in-place.

What other advice do I have?

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Senior Network Engineer at a tech services company with 51-200 employees
Real User
Easy to launch, scalable, and technical support is good
Pros and Cons
  • "What I like about the VM-Series is that you can launch them in a very short time."
  • "The one issue that I didn't like is that the SNMP integration with interfaces didn't record the interface counters."

What is our primary use case?

We are a service provider and I work on both shared firewall and dedicated firewall solutions for our customers. The primary focus is firewall threat protection. The rest of the features are used, albeit not too much. At this moment, it is not an overly complicated or advanced solution. 

What is most valuable?

What I like about the VM-Series is that you can launch them in a very short time. You don't have to wait for the hardware to route for them to be staged and installed. From that perspective, it's easy to launch and it's good because it is more scalable.

The product is quite responsive.

What needs improvement?

The one issue that I didn't like is that the SNMP integration with interfaces didn't record the interface counters. It seems that you really need to upgrade to the very latest version, whereas the physical one has worked for ages now. I think that it narrowly affects the Azure deployment because I remember that we were using the VMware solution before, and we didn't have such issues.

I think that the most important point for Palo Alto is to be as consistent and compatible as possible. It should be compliant such that all of the features are consistently available between the physical and virtualized deployments.

It is not always easy to integrate Palo Alto into the network management system. This is significant because you want to compare what your network management system is giving you to what Palo Alto is giving you. Perhaps in the GUI, they can allow for being able to monitor the interface traffic statistics.

The other things are pretty much great with traffic calls and sessions, but just being able to look at it on an interface physical level, would either avoid using the monitoring integration by SNMP or would create a reference, a baseline check. This would allow you to see whether your network monitoring system or tool is actually giving you correct traffic figures. You need traffic figures for being able to recognize trends and plan the capacity.

For how long have I used the solution?

I have been using the VM-Series for almost five years, since 2016.

What do I think about the stability of the solution?

We have not had trouble with bugs or glitches.

What do I think about the scalability of the solution?

The scalability is good. We haven't experienced any constraint limitations for scaling.

How are customer service and technical support?

I have been in contact with technical support and I find them to be quite good.

Which solution did I use previously and why did I switch?

In my previous work, I dealt with both physical and virtual systems. However, currently, I am only working on virtual solutions.

How was the initial setup?

I have found the initial setup to be okay. But, then again, I have been using Palo Alto firewalls since 2014, so it's hard for me to say if it is difficult to become familiar with or not.

What about the implementation team?

Our in-house team is responsible for maintenance.  We usually have three people who are able to work on it and do so from time to time, depending on the requirement.

What other advice do I have?

I don't have too many complaints as I compare the virtualized version to the physical one. Perhaps I haven't noticed any issues because we use the proper hardware, and it was strong enough to carry the workload and remain quite responsive.

My advice for anybody who is implementing the VM-Series is to be very well prepared and test it in advance. Make sure to scope it and understand the performance implications. Also, be sure that the core features are understood and are supported on the VM. Then, test it before implementation or migration.

This is a very good product but I can't rate it as perfect because there are these little issues that are pretty common and you expect things to work, but they don't because of some incompatibilities. I think there was also some limitation on how you can do the high availability on virtualized power, in Azure in particular. If these common features were consistently working on both physical and virtual deployments then I would probably rate it a ten out of ten.

As it is now, I would rate this solution a nine out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Buyer's Guide
Palo Alto Networks VM-Series
November 2022
Learn what your peers think about Palo Alto Networks VM-Series. Get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
656,862 professionals have used our research since 2012.
Senior Network Engineer at a tech services company with 51-200 employees
Real User
Easy to launch, scalable, and stable
Pros and Cons
  • "The most valuable feature is that you can launch it in a very short time. You don't have to wait for the hardware to arrive and get it staged and installed. From that perspective, it is easy to launch. It is also scalable."
  • "It would be good if the common features work consistently in physical and virtual environments. There was an integration issue in the virtual deployment where it didn't report the interface counters, and we had to upgrade to the latest version, whereas the same thing has been working in the physical deployment for ages now. It seems that it was because of Azure. We were using VMware before, and we didn't have any such issues. We do see such small issues where we expect things to work, but they don't because of some incompatibilities. There also seems to be a limitation on how to do high availability in a virtualized environment. All features should be consistently available in physical and virtual environments. It is not always easy to integrate Palo Alto in the network management system. We would like to be able to compare two network management systems. They can maybe allow monitoring an interface through the GUI to create a reference or do a baseline check about whether your network monitoring system is actually giving you the correct traffic figures. You need traffic figures to be able to recognize the trends and plan the capacity."

What is our primary use case?

We mostly use it for threat protection. Currently, I'm working on virtual solutions, and it is deployed on the cloud. We have three people who work with this solution.

I have previously worked on the shared firewall as well as dedicated firewall solutions, where we deployed it on-premises as well as on the cloud. 

What is most valuable?

The most valuable feature is that you can launch it in a very short time. You don't have to wait for the hardware to arrive and get it staged and installed. From that perspective, it is easy to launch. It is also scalable.

What needs improvement?

It would be good if the common features work consistently in physical and virtual environments. There was an integration issue in the virtual deployment where it didn't report the interface counters, and we had to upgrade to the latest version, whereas the same thing has been working in the physical deployment for ages now. It seems that it was because of Azure. We were using VMware before, and we didn't have any such issues. We do see such small issues where we expect things to work, but they don't because of some incompatibilities. 

There also seems to be a limitation on how to do high availability in a virtualized environment. All features should be consistently available in physical and virtual environments. 

It is not always easy to integrate Palo Alto in the network management system. We would like to be able to compare two network management systems. They can maybe allow monitoring an interface through the GUI to create a reference or do a baseline check about whether your network monitoring system is actually giving you the correct traffic figures. You need traffic figures to be able to recognize the trends and plan the capacity.

For how long have I used the solution?

I have been using Palo Alto Networks VM-Series since 2016. 

What do I think about the stability of the solution?

I didn't see any issues with its stability. 

What do I think about the scalability of the solution?

It is scalable.

How are customer service and technical support?

I found them quite good.

How was the initial setup?

I found the initial setup okay. I have been using firewalls since 2014, so it is hard for me to say whether it is easy to install or not.

What other advice do I have?

I would advise getting very well prepared by defining the scope and testing it in advance. Make sure that you understand the performance implications and that the core features are supported on the VM, and they are tested before the implementation or migration.

I would rate Palo Alto Networks VM-Series a nine out of ten. 

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Security Operations Specialist at a logistics company with 201-500 employees
Real User
A stable, scalable solution that meets our requirements

What is our primary use case?

We use it for all next-gen firewall features such as ACLS, application monitoring, security, virtual networking, etc.

What is most valuable?

The feature that I have found the most useful is that it meets all our requirements technically. 

What needs improvement?

Its web interface is a bit outdated, and it needs to be updated. 

They can also improve the NAT functionality. We have had issues with the NAT setup.

For how long have I used the solution?

I have been using this solution for the last five years. 

What do I think about the stability of the solution?

It has good stability. We haven't had any issues, and it has never been down. 

What do I think about the scalability of the solution?

It is scalable. It has handled the network very well with our growth in the last five years. 

How are customer service and technical support?

I haven't directly contacted them, but based on what I have heard from our network team, they are pretty quick at getting back to us. 

How was the initial setup?

It was complex. We used a lot of professional service hours. 

What about the implementation team?

We had an in-house team as well as a consultant. 

What other advice do I have?

I would definitely recommend this solution. It comes under the top industry leaders and is comparable to other top products in this category. 

I would rate Palo Alto Networks VM-Series a nine out of ten. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Executive Cyber Security Consultant at a tech services company with 11-50 employees
Consultant
An excellent solution for the right situations and businesses
Pros and Cons
  • "The Palo Alto VM-Series is nice because I can move the firewalls easily."
  • "It has excellent scalability."
  • "The product needs improvement in their Secure Access Service Edge."
  • "They made only a halfhearted attempt to put in DLP (Data Loss Prevention)."
  • "Palo Alto is that it is really bad when it comes to technical support."

What is our primary use case?

Palo Alto VM-Series is something we recommend as a firewall solution in certain situations for clients with particular requirements who have the budget leeway.  

What is most valuable?

The Palo Alto VM-Series is nice because I can move the firewalls easily. For instance, we once went from one cloud provider to another. The nice thing about that situation was that I could just move the VMs almost with a click of a button. It was really convenient and easy and an option that every firewall will not give you.  

What needs improvement?

We would really like to see Palo Alto put an effort into making a real Secure Access Service Edge (SASE). Especially right now where we are seeing companies where everybody is working from home, that becomes an important feature. Before COVID, employees were all sitting in the office at the location and the requirements for firewalls were a different thing.  

$180 billion a year is made on defense contracts. Defense contracts did not stop because of COVID. They just kept going. It is a situation where it seems that no one cared that there was COVID they just had to fulfill the contracts. When people claimed they had to work from home because it was safer for them, they ended up having to prove that they could work from home safely. That became a very interesting situation. Especially when you lack a key element, like the Secure Access Services.  

Palo Alto implemented SASE with Prisma. In my opinion, they made a halfhearted attempt to put in DLP (Data Loss Prevention), those things need to be fixed.  

For how long have I used the solution?

I have been using Palo Alto VM-Series for probably around two to three years.  

What do I think about the stability of the solution?

I think the stability of Palo Alto is good — leaning towards very good.  

What do I think about the scalability of the solution?

Palo Alto does a good job on the scalability. In my opinion, it has excellent scalability.  

How are customer service and technical support?

My experience with Palo Alto is that it is really bad when it comes to technical support. When we have a situation where we have to call them, we should be able to call them up, say, "I have a problem," and they should ask a series of questions to determine the severity and the nature of the problem. If you start with the question "Is the network down?" you are at least approaching prioritizing the call. If it is not down, they should be asking questions to determine how important the issue is. They need to know if it is high, medium, or low priority. Then we can get a callback from the appropriate technician.  

Do you want to know who does the vetting of priority really, well? Cisco. Cisco wins hands down when it comes to support. I do not understand that, for whatever reason, Palo Alto feels that they do not have a need to answer questions, or they just do not want to.  

It is not only that the support does not seem dedicated to resolving issues efficiently. I am a consultant, so I have a lot of clients. When I call up and talk to Palo Alto and ask something  like, "What is the client's password?" That is a general question. Or it might be something even less sensitive like "Can you send me instructions on how to configure [XYZ — whatever that XYZ is]?"  Their response will be something like, "Well, we need your customer number." They could just look it up because they know who I am. Then if I do not know my client's number, I have got to go back to the client and ask them. It is just terribly inefficient. Then depending on the customer number, I might get redirected to talk to Danny over there because I can not talk to Lisa or Ed over here.  

The tedium in the steps to get a simple answer just make it too complicated. When the question is as easy as: "Is the sky sunny in San Diego today?" they should not be worried about your customer representative, your customer number, or a whole bunch of information that they really do not use anyway. They know me, who I am, and the companies I deal with. I have been representing them for seven or eight years. I have a firewall right here, a PA-500. I got it about 11 years ago. They could easily be a lot more efficient.  

Which solution did I use previously and why did I switch?

I have clients whose architecture is configured in a lot of different ways and combinations. I use a lot of different products and make recommendations based on specific situations. For example:  

  • I have one client that actually uses multiple VM-series and then at each one of their physical sites that have the K2-series — or the physical counterpart of the VM-series.  
  • I have other clients that use Fortinet AlarmNet. As a matter of fact, almost all my healthcare providers use Fortinet products.  
  • I have another customer that used to be on F5s and they had had some issues so switched to Fortinet.  
  • I have a couple of holdouts out there that are still using the old Cisco firewalls who refuse to change.  
  • I have a new client that is using a Nokia firewall which is a somewhat unique choice.  

I have a customer that used to be on F5s and they had had some issues. The result of the issue was that they came to me and we did an evaluation of what they really needed. They came in and they said, "We need you to do an evaluation and when you are done with the evaluation, you need to tell us that we need Palo Alto firewalls." I said that was great and I sat down and got to work building the side-by-side comparison of the four firewalls that they wanted to look at. When I was done, just like they wanted the Palo Alto firewall was right there as the first one on the list. They selected the Fortinet firewall instead.  

Nokia is specifically designed to address the LTE (Long Term Evolution, wireless data transmission) threats with faster networks and such. So it is probably not considered to be a mainstream firewall. The client who uses Nokia is a service provider using it on a cellular network. They are a utility and they are using Nokia on a cellular network to protect all their cellular systems and their automated cellular operations. The old Nokia firewalls — the one on frames — was called NetGuard. This client originally had the Palo Alto K-series and they switched over to the Nokia solution. That is my brand new Nokia account. They were not happy with the K-series and I am not sure why.  

The thing about Cisco is nobody is ever going to fire you for buying a Cisco product. It is like the old IBM adage. They just say that it is a Cisco product and that automatically makes it good. What they do not seem to acknowledge is that just because their solution is a Cisco product does not necessarily make it the right solution for them. It is really difficult to tell a customer that they are wrong. I do not want to say that it is difficult to tell them in a polite way — because I am always polite with my customers and I am always pretty straightforward with them. But I have to tell them in a way that is convincing. Sometimes it can be hard to change their mind or it might just be impossible.  

When I refer to Cisco, I mean real Cisco firewalls, not Meraki. Meraki is the biggest problem I think that I deal with. I do not have the network folks manage the Meraki firewalls differently than they manage their physical firewalls. I do not want there to be a difference, or there should be as little difference as possible in how the firewalls are handled. They do have some inherent differences. I try not to let them do stuff on the virtual firewalls that they can not do in the physical firewalls. The reason for that is because in defense-related installations it matters. Anytime you are dealing with defense, the closer I can get to maintaining one configuration, the better off I am. Unless something unique pops up in Panorama, I will not differentiate the setups.  

I say that there are differences because there is a little bit of configuration that inherently has to be different when you are talking about physical and virtual firewalls, but not much. I can sanitize the virtual machine and show the cloud provider that since I was going into a .gov environment or a .gov cloud, that it met all the requirements as stated in the Defense Federal Acquisition Regulation Supplement. That is huge for our situation. Of course with a cloud provider, you are not going to have a physical firewall. Had we had a physical firewall, that becomes a bit of a chore because you have got to download the configuration file, then you have got to sanitize the configuration. Things like that become a bit of a burden. Having a VM-Series for that purpose makes it much easier.  

I did not mention Sophos in the list. Sophos does a semi-decent job with that too, by the way. The only problem with Sophos is that they are not enterprise-ready, no matter what they say. I have deployed Sophos in enterprises before, and the old Sophos models did very well. The new ones do very poorly. The SG-Series — Sierra Golf — they are rock solid. As long as we keep going with them, our customers love it. It works. I have one client with 15,000 seats. They are running 11 or 12 of them and they have nothing but great things to say about the product. The second you go to the X-Series, they are not up to the task.  

How was the initial setup?

Setting up Palo Alto is relatively quick. But I also have an absolute rockstar on our team for when it comes to Palo Alto installations. When he is setting it up, he knows what he is doing. The only thing he had to really learn was the difference between the VM-Series and the PA-Series.  

I lay out the architecture and I tell people doing the installations exactly what has to be there. I sit down and create the rule sets. Early on, the person actually doing the fingers-on-the-keyboard complained a little saying that the setup was a little bit more complicated than it should have been. I agree, generally speaking. I generally feel that Palo Alto is more complicated than it needs to be and they could make an effort to make the installations easier.  

But, installing Palo Alto is not as bad as installing Cisco. Cisco is either a language that you speak or a language that you do not. I mean, I can sit down and plot the firewall and get the firewall together about 45 minutes with a good set of rules and everything. But that is me and it is because I have experience doing it. Somebody who is not very well-versed in Cisco will take two or three days to do the same thing. It is just absolutely horrid. It is like speaking English. It is a horrid language.  

What's my experience with pricing, setup cost, and licensing?

I do not have to do budgets and I am thankful for that. I am just the guy in the chain who tells you what license you are going to need if you choose to go with Palo Alto VM-Series. How they negotiate the license and such is not my department. That is because I do not resell.  

I know what the costs might be and I know it is expensive in comparison to other solutions. I get my licenses from Palo Alto for free because they like me. I have proven to be good to them and good for them. When they have customers that are going to kick them out, I can go in and save the account.  

I will tell you, they do practice something close to price gouging with their pricing model, just like Cisco does. When I can go out and I can get an F5 for less than half of what I pay for Palo Alto, that is a pretty big price jump. An F5 is really a well-regarded firewall. When I can get a firewall that does twice what a Palo Alto does for less than half, that tells me something.  

Sophos decided that they were going to play with the big boys. So what they did is they went in and jacked up all their prices and all their customers are going to start running away now. The model is such that it is actually cheaper to buy a new firewall with a three-year license than it is to renew the Sophos license of the same size firewall for an older product. It sorta does not make sense.  

Which other solutions did I evaluate?

I make recommendations for clients so I have to be familiar with the firewalls that I work with. In essence, I evaluate them all the time.  

I work from home and I have two Cisco firewalls. I have a Fortinet. I have the Palo Alto 500 and I have a Palo Alto 5201. I have a Sophos. My F5 is out on loan. I usually have about eight or nine firewalls on hand. I never go to a client without firing up a firewall that I am going to recommend, testing it, and getting my fingers dirty again to make sure I have it fresh in my mind. I know my firewalls.  

The VM-Series are nice because you can push them into the cloud. The other nice thing is whether you are running a VM-Series or the PA-Series, we can manage it with one console. Not without hiccups, but it works really well. Not only that, we can push other systems out there. For instance, for VMware, we are pushing Prisma out to them. VMware and the Palo Alto VM-Series do really well with Prisma. The issue I have with it is — and this is where Palo Alto and I are going to disagree — they are not as good at SASE (Secure Access Service Edge). I do not care what Palo Alto says. They do a poor job of it and other products do it better.  

Palo Alto claims it is SASE capable, but even Gartner says that it is not. Gartner usually has the opinion that favors those who pay the most, and Palo Alto pays them well. So when Gartner even questions their Secure Access Service Edge, it is an issue. That is one of those places where you want the leader in the field.  

From my hands-on experience, Fortinet's secure access service edge just takes SASE hands down.  

What other advice do I have?

My first lesson when it comes to advice is a rule that I follow. When a new version comes out, we wait a month. If in that month we are not seeing any major complaints or issues with the Palo Alto firewall customer base, then we consider it safe. The client base is usually a pretty good barometer for announcing to the world that Palo Alto upgrades are not ready. When that happens, making the upgrade goes off our list until we hear better news. If we do not see any of those bad experiences, then we do the upgrade. That is the way we treat major revisions. It usually takes about a month, or a month-and-a-half before we commit. Minor revisions, we apply within two weeks.  

I am of the opinion right now that there are some features missing on Palo Alto that may or may not be important to particular organizations. What they have is what you have to look at. Sit down and be sure it is the right solution for what you need to do. I mean, if the organization is a PCI (Payment Card Industry) type service — in other words, they need to follow PCI regulations — Palo Alto works great. It is solid, and you do not have remote users. If you are a Department of Defense type organization, then there are some really strong arguments to look elsewhere. That is one of the few times where Cisco is kind of strong choice and I could make an argument for using them as a solution. That is really bad for me to say because I do not like Cisco firewalls.  

On a scale from one to ten (where one is the worst and ten is the best), I would rate the Palo Alto Networks VM-series as an eight-out-of-ten.  

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Senior Manager Network Engineering at a manufacturing company with 10,001+ employees
Real User
Good control over traffic with an advanced packet inspection engine, but it needs to include a secure web gateway
Pros and Cons
  • "The most valuable feature is that you can control your traffic flowing out and coming it, allowing you to apply malware and threat protection, as well as vulnerability checks."
  • "The disadvantage with Palo Alto is that they don't have a cloud-based solution that includes a secure web gateway."

What is our primary use case?

I am a firewall expert, although my job is not on the management side. I take care of the routing and switching aspects. We have approximately 1,000 firewalls in the company.

How has it helped my organization?

This product is a complete security system, wherein we provide direct internet access to our hub site.

What is most valuable?

The most valuable feature is that you can control your traffic flowing out and coming out, allowing you to apply malware and threat protection, as well as vulnerability checks.

It has an advanced engine that does parallel processing for packet and deep packet inspection. It also supports user authentication.

What needs improvement?

The disadvantage with Palo Alto is that they don't have a cloud-based solution that includes a secure web gateway. For example, if a person is working from home and you want a proxy then you have to rely on a secure web gateway. Palo Alto cannot do that because they don't have a cloud solution. So, if you want direct internet access and if you also want the proxies then Palo Alto is not a good choice.

For how long have I used the solution?

I have been working with the Palo Alto VM-Series for four years.

What do I think about the stability of the solution?

The stability is absolutely good and there is no problem with it.

What do I think about the scalability of the solution?

We have almost 3,000 branch offices set up across the globe.

Our intention is to increase usage of Palo Alto, adopting it for security in all of our future products.

How are customer service and technical support?

Technical support from Palo Alto is very good.

Which solution did I use previously and why did I switch?

We did not use another firewall product before this one.

How was the initial setup?

With any organization, if you want to change the firewalls that are being used in production then it's a hectic task. You have some rules and engines that can be used, but it's a step-by-step process.

Migrating from an existing solution to Palo Alto needs to be done in phases. Phase one would be installing the devices. Phase two is testing a lab setup and diverting traffic, then analyzing it. Finally, the third phase is to enable other features like threat protection, malware detection, and other advanced options.

Depending on the size of the organization, if a migration is well planned then it will take three to four months to complete.

The configuration is different between our branch offices in order to meet our requirements. Some use the hardware appliance, whereas others use the software version.

What about the implementation team?

We had a Palo Alto engineer who was assisting us, in-house, for our deployment. We also have support from our vendor, which provides LAN and WAN solutions.

Which other solutions did I evaluate?

We considered using Cisco ASA, but we chose Palo Alto because it can also act as a proxy for your hub site. Palo Alto is more advanced than the Cisco solution.

What other advice do I have?

This is definitely a product that I can recommend.

Overall, it is a good product, although it would be better if they offered a cloud proxy.

I would rate this solution a seven out of ten.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Manager, Information Technology at SWPA Corp
Real User
Good stability and the posture assessment feature is helpful
Pros and Cons
  • "The most valuable feature is the Posture Assessment."
  • "In the next release, I would like to see better integration between the endpoints and the firewalls."

What is our primary use case?

The primary use case of this solution is as a firewall for our servers.

We are running a total of 12 servers. Four of them are hardware servers and the rest are VMware servers. We have about 80 clients running Windows 10.

What is most valuable?

The most valuable feature is the Posture Assessment.

What needs improvement?

From my understanding, we used to have the Sophos firewall and a nice feature that is missing in Palo Alto is the heartbeat that monitors each endpoint. It would be helpful if Palo Alto monitored the status of every endpoint. It could be that it was not set up correctly.

In the next release, I would like to see better integration between the endpoints and the firewalls.

For how long have I used the solution?

I have been using Palo Alto for approximately 12 months.

What do I think about the stability of the solution?

The stability is good.

What do I think about the scalability of the solution?

We haven't explored the scalability yet.

We have approximately 80 Windows 10 clients, and we have approximately 85 users in our organization.

How are customer service and technical support?

Technical support is okay. It's the same across the board, you have good techs and you have bad techs.

At times, it's a little slow in getting back to us, but nothing out of the norm.

Which solution did I use previously and why did I switch?

Prior to using Palo Alto, we used a Sophos firewall.

How was the initial setup?

The initial setup was complex, but we were able to work through it.

What's my experience with pricing, setup cost, and licensing?

I would rate this solution an eight out of ten.

Which other solutions did I evaluate?

We evaluated quite a few solutions before choosing Palo Alto Networks VM-Series.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user1386156 - PeerSpot reviewer
Technology Specialist at Accretive Technologies Pvt Ltd
Real User
Great templates and very stable but needs more documentation
Pros and Cons
  • "In Palo Alto the most important feature is the App-ID."
  • "The solution needs to have more easily searchable details or documentation about it online, so it's easier to Google if you have queries."

What is our primary use case?

We primarily use the solution for IT. I am from the Palo Alto Partner end, so I am not using it deliberately. I usually deploy to clients in various industries, including the payment gateway industry. 

What is most valuable?

In Palo Alto the most important feature is the App-ID. It's the biggest selling point in my opinion.

Another important application feature is the Content-ID.

The solution offers great templates.

Overall, the solution has a lot of great features on offer.

What needs improvement?

Even when the solution locks away a virus, there seems to be a delay for four or five minutes. It should be as little as one. Right now, it's such a long delay. It can be frustrating for clients and I need to answer a lot of questions surrounding that.

The solution needs to have more easily searchable details or documentation about it online, so it's easier to Google if you have queries.

The solution requires more use cases.

For how long have I used the solution?

I've been on this Firewall for the last two years.

What do I think about the stability of the solution?

The stability is very good. There aren't bugs, glitches, or crashes. It's very reliable.

What do I think about the scalability of the solution?

Although I haven't personally tried to scale the solution, my understanding is that it's easy to do so. It's convenient for enterprises. It's my understanding it would scale especially well for enterprises.

How are customer service and technical support?

I've had to reach out to technical support many times. Sometimes, I find that it can take a while to reach support, or for them to get back to us. This is especially true on weekends and holidays. Other than that, it's been pretty good. We're pretty satisfied with the level of support we get.

Which solution did I use previously and why did I switch?

I only have experience with Palo Alto; I don't know much about other VM firewall solutions.

How was the initial setup?

The initial setup is not complex. It's quite straightforward. The deployment process is great. It only takes about five to ten minutes or so.

I handle the maintenance and troubleshoot any issues that arise. 

What about the implementation team?

I mostly figured out the deployment myself and used Google to assist when I had questions.

What's my experience with pricing, setup cost, and licensing?

I don't have any dealings with the accounting side of the solution. That's handled by someone else. I'm not sure what the cost is or if we pay monthly or yearly.

What other advice do I have?

We're partners with Palo Alto. We're using the latest version of the solution.

We have a VM-Series via Palo Alto and K2K and the hardware Series.

I'd rate the solution seven out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
IT Security Head with 1,001-5,000 employees
Real User
Easy to set up, powerful IDS and IPS functionality, and helpful policy compliance reporting
Pros and Cons
  • "The most valuable features are web control and IPS/IDS."
  • "I would like to have automatic daily reporting, such as how many users have connected via SSL VPN."

What is our primary use case?

Palo Alto VM Series is a firewall that makes up part of our security solution, handing IPS, IDS, and other security measures.

What is most valuable?

The most valuable features are web control and IPS/IDS.

The work from home features, VPN and SSL VPN, are useful and part of the GlobalProtect functionality.

What needs improvement?

I would like to have automatic daily reporting, such as how many users have connected via SSL VPN. As it is now, we have to manually look at the logs, which is tedious. There are no ready-made reports on that level and the information is not easily available.

I really need more advanced features that support the correlation of log files.

For how long have I used the solution?

I have years of experience with the Palo Alto VM Series.

What do I think about the stability of the solution?

This firewall is quite stable and we haven't faced any kinds of issues.

What do I think about the scalability of the solution?

It is scalable but I cannot really comment on how much because we have not taken it to that level. We have between 450 and 500 users.

How are customer service and technical support?

I am satisfied with the technical support. However, they regularly provide training on the system so we have rarely opened a support case. 

How was the initial setup?

The initial setup is straightforward and easy. 

The deployment will take a couple of hours at the max and will depend on the configuration that you are looking for. Palo Alto will give you a report that recommends policies that are based on industry standards. For example, if you have approved Telnet access then you will be warned because it is not recommended and you should be using SSH instead. They will give you lots of recommendations to warn that the configuration does not follow the standard practice and if allowed to remain then it will explain what vulnerabilities you might face in the future. This kind of report is really valuable.

What other advice do I have?

I highly recommend this service compared to other vendors. It has everything included in one platform including IPS, IDS, and antivirus. By using the Palo Alto initial configuration, it is going to block many threats from day one and it is pretty easy to do. You don't have to have an in-house technical team that is capable of doing that. You don't require that kind of knowledge, which is important because many people don't understand IDS, IPS, or file blocking. They need experience. With Palo Alto, a normal person with perhaps a year of technical experience will understand how to configure the firewall and generate reports.

I would rate this solution a nine out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Kofi Otchere - PeerSpot reviewer
ICT Infrastructure Specialist (E-Transform Project) at Ministry of Communications and Information
Real User
Easy to use with good application and URL filtering
Pros and Cons
  • "The interface with Panorama makes it very easy to use."
  • "The command-line interface is something that some people struggle with and I think that they should have an option to go straight to the GUI."

What is our primary use case?

The Palo Alto VM-Series is a firewall that is part of our security solution.

How has it helped my organization?

With Palo Alto, it feels like you're using the Rolls-Royce of firewalls.

What is most valuable?

All of the next-generation features are valuable and set Palo Alto apart from other firewalls.

The application filtering, or AppiID, and URL filtering are good.

The interface with Panorama makes it very easy to use.

What needs improvement?

The command-line interface is something that some people struggle with and I think that they should have an option to go straight to the GUI.

The interface for Panorama has not changed greatly and could be updated.

For how long have I used the solution?

I have been using Palo Alto VM-Series for more than six years.

What do I think about the scalability of the solution?

It is very easy to scale. All you have to do is get access to the VM base and then spin it off into another virtual environment or send it into the cloud.  This means that you now have a data center through Palo Alto.

They have a new product called Prisma that allows you to create links between remote users working from different areas and use that to connect to the clouds in this infrastructure. It also allows you to get connectivity to that but not using a backhaul. Rather, you connect straight from wherever you are.

In the places where we have deployed this solution, they have a couple of thousand users.

How are customer service and technical support?

The technical support is great. This is a brand and they have to protect it, so they make sure that the users get what they need.

Which solution did I use previously and why did I switch?

I have experience with Check Point and Cisco, who both started improving their management interface after Panorama.

How was the initial setup?

I would say that the initial setup is easy. I have been an IT professional for more than 20 years and can say that this is an example of a product where you simply have to read the manual. If you jump straight into it then you will start struggling.

During the initial setup you begin with the CLI, but you enter a command and it brings you to the GUI. Once you are in the GUI, you will see words on the tabs. All of these things are there if you look carefully.

What's my experience with pricing, setup cost, and licensing?

The price of this solution is very high for some parts of Africa, which makes it a challenge. If it were lowered then it would be more popular.

What other advice do I have?

I have been using Palo Alto since version 6.0, and I am currently evaluating the latest one, version 9.1.

My advice to anybody who is considering this solution is to try the trial version first. It is good for 30 days and it can actually be used because it is the full product. You can test all of the scenarios and try the next-generation features. You can use features like the VPN GlobalProtect and actually see it work. The same with URL filtering and antivirus.

Overall, this is a great next-generation firewall.

I would rate this solution a nine out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Sarith Sasidharan - PeerSpot reviewer
System Administrator at a government with 201-500 employees
Real User
Top 5
Helpful support, and the security and packet routing speed are good
Pros and Cons
  • "The most valuable features are security and support."
  • "There should be an option for direct integration with the Azure platform."

What is most valuable?

The most valuable features are security and support.

The packet routing speed is very good.

What needs improvement?

There should be an option for direct integration with the Azure platform. This would allow this product to take advantage of the auto-scaling that is offered by Azure. Because I am purchasing it as a SaaS model, I should get the complete functionality.

I would like to see the direct support and product ownership from the principal vendor. Ideally, the vendor should maintain ownership and be responsible for the system, including that it is operating correctly. This would give my company a better value when purchasing the product.

The pricing could be improved.

The Panorama management license should come with this solution. We have eight nodes and we still have to purchase it separately. Everything should come with a single license, rather than something that is broken into many parts.

For how long have I used the solution?

I have been using the Palo Alto VM-Series Firewall for a few months.

What do I think about the stability of the solution?

This solution is stable.

What do I think about the scalability of the solution?

This is a scalable solution but it would be better if it had direct integration with Microsoft Azure.

Currently, we have three administrators and more than 5,000 end-users through our public website.

How are customer service and technical support?

Technical support is very good and I would give them full marks.

How was the initial setup?

This firewall is easy to implement. 

What other advice do I have?

Everything from Palo Alto is good and I recommend that people implement this firewall.

I would rate this solution a ten out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
PeerSpot user
Hewlett Packard Enterprise Solution Architect at a tech services company with 11-50 employees
Consultant
It prevents data loss and business disruption
Pros and Cons
  • "Embedding it into my application development lifecycle prevents data loss and business disruption, allowing the adoption to operate at the speed of my AWS Cloud."
  • "It has a good performance which helps you with the stability of your virtual environment."
  • "It can definitely improve on the performance."
  • "It has to be more scalable for the deployment of VMs on the cloud."

What is our primary use case?

We use it to protect applications and data on AWS.

How has it helped my organization?

Embedding it into my application development lifecycle prevents data loss and business disruption, allowing the adoption to operate at the speed of my AWS Cloud.

What is most valuable?

It prevents data loss and business disruption.

What needs improvement?

It can definitely improve on the performance.

I would like more scalability included on the next release.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

It has a good performance which helps you with the stability of your virtual environment.

What do I think about the scalability of the solution?

It has to be more scalable for the deployment of VMs on the cloud.

What about the implementation team?

You have to be an expert administrator of a virtual environment to know how to integrate it with your AWS environment.

What's my experience with pricing, setup cost, and licensing?

Purchasing through the AWS Marketplace is a secure way to purchase this solution. Our organization chose to procure this solution via the AWS Marketplace because we have clients who were interested in the solution. Also, for out proof of concept, we decided to purchase it.

The pricing and licensing of this product on AWS should be from $1.28/hr or $4,500.00/yr. Then, it would be a good price for the performance that it delivers.

What other advice do I have?

It solves several challenges protecting your AWS workloads with good security features, delivering superior visibility, control, and threat prevention at the application level when compared to other cloud-oriented security solutions.

I have not tried integrating Palo Alto with other products.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Michael Robtoy - PeerSpot reviewer
Infrastructure Team Lead at a financial services firm with 201-500 employees
Real User
App-ID and User-ID have repeatedly shown value in securing business critical systems, but we have run into issues with the antivirus interfering with App-ID
Pros and Cons
  • "In AWS, Palo Alto provides us a better view than flow logs for network traffic."
  • "App-ID and User-ID have repeatedly shown value in securing business critical systems."
  • "I would like to see a more thorough QA process. We have had some difficulties from bugs in releases."
  • "We have ran into issues with Palo Alto’s limitations for resolving large IP lists from DNS lookups, as well as the antivirus interfering with App-ID."

What is our primary use case?

We use this as our primary security barrier between trusted and untrusted zones.

How has it helped my organization?

App-ID and User-ID have repeatedly shown value in securing business critical systems.

What is most valuable?

In AWS, Palo Alto provides us a better view than flow logs for network traffic.

What needs improvement?

We have ran into issues with Palo Alto’s limitations for resolving large IP lists from DNS lookups, as well as the antivirus interfering with App-ID.

I would like to see a more thorough QA process. We have had some difficulties from bugs in releases.

I see more improvements needed from AWS than from Palo Alto on the VM-Series, namely a design centered on NGFW.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

We are typically at only about eight to ten percent load.

What do I think about the scalability of the solution?

The limit of the product is based on resources that we can obtain from AWS. We have approximately 3500 users and 200 servers leveraging the Palo Alto product.

What's my experience with pricing, setup cost, and licensing?

We used BYOL, because of the cost to own.

We procure the solution through AWS Marketplace because previous experience with their physical appliances.

The pricing and licensing of this product on AWS for a three-year commitment is a great deal, if you can plan that far ahead.

What other advice do I have?

It is a good product, but there is room for improvement.

We use this with Microsoft AD, N2WS, IIS, MySQL, MS SQL, and a number of proprietary applications.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Sachin Sheth - PeerSpot reviewer
Director of Cloud Security at a tech services company with 10,001+ employees
Reseller
It provides complete security posture from end-to-end
Pros and Cons
  • "It provides complete security posture from end-to-end. This has given us better visibility into what our security aspects are."
  • "The product could provide protection above Layer 3, which gets into the application layer and provides better visibility into those aspects of application security."

What is our primary use case?

Primary use case is network protection, next-generation IDS, and IPS protection.

How has it helped my organization?

  • It provides better protection.
  • There is seamless integration.
  • It provides complete security posture from end-to-end. This has given us better visibility into what our security aspects are.

What is most valuable?

The next-generation features of its IDS and IPS.

What needs improvement?

The product could provide protection above Layer 3, which gets into the application layer and provides better visibility into those aspects of application security. This would be very helpful. This way, there would be one tool that we could continue using.

The data aspects of data security and data loss prevention could provide visibility which would be very useful.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

It is stable. We haven't had any issues and don't think about the stability.

What do I think about the scalability of the solution?

One of the great features that we liked and selected it was its  scalability. We can autoscale and put it in Auto Scaling groups, which is very useful.

How is customer service and technical support?

We have hardly any issues. We have had some patches of data needing some help, but that was it, and the technical support has been spot on.

How was the initial setup?

Integration on on our AWS environment was one of the points that we liked about it.

What about the implementation team?

We used technical support in the initial stages when we were setting it up and configuring some of the features. We used their Professional Services, who were very useful.

What was our ROI?

We have already seen ROI. 

We continue using it, because the concept was at six months, we should receive value back out of it. If the value is seen, only then would we continue using it. It is two years later, and we still continue using it.

What's my experience with pricing, setup cost, and licensing?

Because the solution was getting deployed on AWS, it was the best place to go and it was available there.

One of the factors for selecting Palo Alto was they had flexible pricing. They had a pay-as-you-go model. Comparable to other products, such as Check Point, the price point was definitely a plus. It was expensive but it was comparable.

Which other solutions did I evaluate?

We looked at Palo Alto, Check Point, Fortinet, and some other vendors.

We chose Palo Alto because its features, especially its advanced features from the IDS and IPS. We were existing customers with Palo Alto from the on-premise side along with the integration aspects of its hardware.

What other advice do I have?

Identify a use case first of all. If the use case is a match, then use the product.

We use it in the cloud for both AWS and non-AWS versions. The AWS version is far better. It works seamlessly and integrates very well with some other services. 

We have integrated it with Splunk for the security aspects and with identity and access management for configuration purposes. 

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
PeerSpot user
Pradeep Kurra - PeerSpot reviewer
Cloud Practice Engineer at a tech services company with 51-200 employees
Real User
You can scale it if you put it in Auto Scaling groups. On the cloud side, they need to come up with more HA solutions to support the multi-region.
Pros and Cons
  • "You already can scale it if you put it in Auto Scaling groups. If you put it in a load balancer, it should already be able to scale."
  • "On the cloud side, they need to come up with more HA solutions to support the multi-region."

What is our primary use case?

We use Palo Alto for the VPN, firewalls, and the hybrid site-to-site.

We have purchased Palo Alto VM for one of our customers. It has been a year since we have been using this product.

We use Palo Alto's on-premise version for a different purpose. We are using the cloud version for our contractors to VPN to the AWS environment.

For Palo Alto on-premise, we use it more for security firewalls. On the cloud side, we use it for customer contractors to get into the AWS environment for VPN. we use native routing and native security tools that they developed already in AWS. 

How has it helped my organization?

We have big team which can support Palo Alto on-premise. We have engineers which are familiar with Palo Alto products. Our customers are perfectly suited for our use case. They wanted to get onto AWS or be on the hybrid cloud. They want to keep the technology consistent across the board. Therefore, Palo Alto makes sure that they are a leader in this space. We are able to support them, and customers can take advantage of using these products, both on-premise and cloud.

What is most valuable?

  • Firewalls
  • VPN

What needs improvement?

On the cloud side, they need to come up with more HA solutions to support the multi-region.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

The stability is fine. The product has been running well so far.

We have about 150 contractors who log into Palo Altos. We don't put heavy stress on them, but they are working fine for now.

What do I think about the scalability of the solution?

You already can scale it if you put it in Auto Scaling groups. If you put it in a load balancer, it should already be able to scale. 

We put our Palo Altos in the public VPC, then we have contractors come over the Internet and VPN into the Palo Altos to get into the AWS environment. 

How is customer service and technical support?

It depends on the person you get on the call from technical support, but many times I have gotten good people on the call. Sometimes, you get some bad experiences. Most of the time, it has been good.

How was the initial setup?

It is easy to install. You buy it on the AWS Marketplace, then you just install it. You have already purchased the license and everything else. It is easy to configure and use.

What's my experience with pricing, setup cost, and licensing?

The purchase process through AWS Marketplace was easy for us because we are partner to Palo Alto, so it was straightforward. All we need to do was purchase it from AWS Marketplace because we had a license.

AWS is available as a AMI that you can purchase from the AWS Marketplace. Therefore, you need to purchase the licensing, since it is per AMI. Then, you deploy it on a regular EC2. Then, for on-premise, you can use both Palo Alto's software and hardware. So, it depends on your usage.

Compared to other solutions, I think the pricing is efficient.

Which other solutions did I evaluate?

For on-premise, we evaluated Check Point and Fortinet.

What other advice do I have?

I would recommend the product, and tell people, "Go for it." It has not disappointed us for the purpose that we use it. It is really matured in the networking area.

Because of our use case, we didn't have to integrate the product with anything else.

The AWS side of the product is a seven out of ten rating. The on-premise side of the product is a ten out of ten for a rating.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
PeerSpot user
Director at a financial services firm with 1,001-5,000 employees
Real User
It allows us to see all our traffic to properly secure it
Pros and Cons
  • "It allows us to see all our traffic to properly secure it and only allow what is needed through the firewall."
  • "AWS doesn't integrate well with third-party firewalls."

What is our primary use case?

We use it to secure all traffic leaving and entering AWS.

How has it helped my organization?

It allows us to see all our traffic to properly secure it and only allow what is needed through the firewall.

What is most valuable?

  • Full content inspection
  • Visibility into the traffic in AWS.

What needs improvement?

There is work to be done on the integration side, as AWS doesn't integrate well with third-party firewalls.

I would like to see AWS have more integration with Palo Alto from a routing standpoint, so it could become a routing egress without having to redesigning it.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

It is very stable, and we are not putting stress on it.

What do I think about the scalability of the solution?

It is fairly scalable. We have a couple hundred servers already.

What other advice do I have?

They are the leading next-generation firewall. I would recommend deploying a next-generation firewall.

I am using the on-premise and AWS version. They are exactly the same.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
System Administrator at DeepMap
Real User
It offers a single pane of glass for all the different types of installations
Pros and Cons
  • "It offers a single pane of glass for all the different types of installations."
  • "It gives us the ease that we are secure. We have set up the proper things that help make our data safe."
  • "I would like a way to do everything programmatically, or be able to copy the configs from different prices at different levels."

What is our primary use case?

  • To do a lot of intrusion detection.
  • Threat prevention.
  • As an application firewall, to be able to securely deliver apps to the public.

How has it helped my organization?

It gives us the ease that we are secure. We have set up the proper things that help make our data safe. This is the biggest benefit.

What is most valuable?

It offers a single pane of glass for all the different types of installations.

The easy of use is pretty good.

What needs improvement?

I would like a way to do everything programmatically, or be able to copy the configs from different prices at different levels.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

The stability is excellent. We have about 50 to 60 employees on it per day. Then, we have about 100 edge connected devices coming through it as well.

What do I think about the scalability of the solution?

It is definitely scalable. We have about 100 users with about 200 to 300 instances on the cloud that we protect.

How are customer service and technical support?

The technical support is really good. It is usually one phone call to get everything done if we are having an issue.

Which solution did I use previously and why did I switch?

We chose to purchase Palo Alto through the AWS Marketplace because we needed an easy to use firewall and a way to protect our public applications and services.

How was the initial setup?

The integration and configuration on our AWS environment was pretty simple. We did not have to ask any questions about anything on it, so it was good.

What was our ROI?

We haven't had any security issues since deploying it.

What's my experience with pricing, setup cost, and licensing?

Purchasing on the AWS Marketplace was simple, effective, and easy.

The price is not bad. They have a yearly renewal fee, and the pricing is exactly where we expect it to be.

Which other solutions did I evaluate?

We also evaluated Fortinet, but Palo Alto is sort of the new up and coming product. There were a lot of good recommendations from other security experts.

In addition, Palo Alto is easier to configure when you are building policies on applications. 

What other advice do I have?

Talk to their technical services to make sure you are getting the right size solution for what you want to do.

The product is easy use. I don't have to think twice when I am using it. I know it is doing its job. Customer support has been great.

We are using both the AWS and on-premise versions. Both versions are about the same. The interface is nice and easy to configure. I like that it seems like it is one platform to manage.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Solution Architect at JM Family Enterprises
Real User
AWS has improved our agility to apply firewall rules because everything is based in the cloud
Pros and Cons
  • "AWS has improved our agility to apply firewall rules. It has reduced the amount of time that it takes to apply firewall rules because everything is based in the cloud."
  • "We don't know how it will scale once we start putting more load on it."

What is our primary use case?

We use it for firewall purposes.

How has it helped my organization?

We use it mostly for the firewall and its ability to work in AWS. That is why we like it.

What is most valuable?

AWS has improved our agility to apply firewall rules. It has reduced the amount of time that it takes to apply firewall rules because everything is based in the cloud. It helps us to bring agility to the project teams when applying them.

What needs improvement?

We still need to understand what are the best practices which we need to implement. 

We also don't know how it will scale once we start putting more load on it.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

We like its stability.

What do I think about the scalability of the solution?

We are happy with the scalability. 

We just started migrating to the cloud. Thus, we are slowly adding more volume to it. Maybe next year, we should know how it is scaling in the cloud.

How are customer service and technical support?

We have in-house experts and a good relationship with the Palo Alto technical support team.

Which solution did I use previously and why did I switch?

We were using a lot of Cisco firewalls before. We switched because we wanted what works best in the cloud.

How was the initial setup?

We have been happy with the configuration and implementation on the AWS environment.

What was our ROI?

It takes the bottleneck away from the information security teams and increases their agility on projects. 

What's my experience with pricing, setup cost, and licensing?

We found purchasing process the product on the AWS Marketplace to be very good. We used the AWS Marketplace because we were set to move to AWS. We rely on Amazon and their partners to process our research.

What other advice do I have?

I would recommend to try it out.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Dan Rabinowitz - PeerSpot reviewer
Director of Infrastructure at Arcadia
Real User
Out-of-the-box, it has all of the components that you need for a very secure environment
Pros and Cons
  • "It has the ability to create Palo Alto VM-series using software."
  • "It is nice to have a rock solid security platform that we can count on."
  • "In the next release, I would like to see better integration of multi-factor authentication vendors."
  • "We have run into some issues with scaling and limitations associated with some of the configurations."

What is our primary use case?

We use Palo Alto as a perimeter security device.

How has it helped my organization?

It is nice to have a rock solid security platform that we can count on.

What is most valuable?

  • It is the leader in the marketplace.
  • It has the ability to create Palo Alto VM-series using software.
  • The VM-Series has all of the components (out-of-the-box) that you need in a very secure environment.

What needs improvement?

In the next release, I would like to see better integration of multi-factor authentication vendors.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

It is very stable. We have almost never had an issue.

We have around 15 VM-Series, which are running hot all day.

What do I think about the scalability of the solution?

We're still learning about the scalability. We have run into some issues with scaling and limitations associated with some of the configurations. However, it is a solution that we have been happy with overall.

How is customer service and technical support?

Technical support is good.

What about the implementation team?

The integration and configuration of this product in our AWS environment was easy to pick up and very usable. It was a good walk between the old physical way and the new software or infrastructure as code (IaC) model.

What was our ROI?

We use Palo Alto to provide remote access, and we've been able to provide access for hundreds of users with a very short build out time. In the past, this would take a lot longer. Now, we don't have to wait for a physical box, etc.

What's my experience with pricing, setup cost, and licensing?

Our company is entirely AWS, so it is the only place to go to purchase anything. 

Some parts of purchasing through AWS Marketplace are good, such as this product was easy to find and launch. Some of the other parts could be clearer in the AWS Marketplace, e.g., how to properly do an annual subscription.

The pricing and licensing are reasonable.

Which other solutions did I evaluate?

We also evaluated Fortinet and some other competitors.

We chose Palo Alto because we had institutional experience and knowledge that we could bring over.

What other advice do I have?

Do a demo. Set one up and try it. 

We have used both the physical and AWS versions. The physical version is a good product. However, in an AWS environment, the ability to automate and scale pieces of it are critical.

We integrated a couple other products with it, which seems to be working well.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Christian  Amaya - PeerSpot reviewer
Support Engineer & IT Professional at SISAP
Real User
A reliable tool with excellent support
Pros and Cons
  • "It is reliable and the support is very good."
  • "In the newer version, there are 3850s, all of them are scalable. They fit better into the medium or small businesses."
  • "From time to time, they have released some content updates that have some issues, maybe twice a year."
  • "There are various reports that come with the box or with the VMware, but you can only run them daily."

What is our primary use case?

For this VM in particular, it is microsegmentation which is used for implementing the firewall inside the data center.

How has it helped my organization?

When talking about the VM or the virtual firewall, it is mostly about the sessioncapacities that it can handle. In the early version of the firewall, the session or traffic that it could inspect was low. 

In quite a few releases, they have improved a lot. They started with the physical firewall, therefore it is almost virtually the same firewall with the same features, only that it is a virtual one. The main improvements that they have made are surrounding the processing capacity for the virtual machines.

What is most valuable?

The granularity which is used to confirm applications based in users. 

When you have VMware NSX, it is easy to deploy this virtual firewall because it is fully integrated with the VM solution. If I want to segment any type of network inside the data center, it is about two or three clicks, and it works.

What needs improvement?

The reporting. There are various reports that come with the box or with VMware, but you can only run them daily. If you want to generate a report from this week or the past month, you have to create a custom report. It is not that difficult, but I expect these reports to be pre-made. I would like to be able to choose the dates that I can run the reports. As of now, you can only run it for the day before, so this is one improvement they need to make. 

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

From time to time, maybe twice a year, they have released content updates which have some issues. When they release content updates, the applications with these updates give us a false positives. I manage older software developers and members, and almost everyone has one or two missteps a year regarding these updates.

What do I think about the scalability of the solution?

The Series 2000 version of Palo Alto were somewhat big for small or medium customers. They did not have a middle box. 

In the newer version (3850s), all of them are scalable. They fit better into medium or small businesses, so it is easy for us. E.g, if we have a VMware 500 appliance, we can upgrade it to a 100. They have improved in this way.

How are customer service and technical support?

The technical support is extremely good. They are a 10 out of 10, not only because of their fast response time, but their knowledgeable personnel as well. They have knowledge regarding very specific issues. 

When we finish creating tickets in the support portal, there are a lot of knowledge-based documents. They answer almost immediately, calling you back about 10 minutes later. When creating a support ticket, I always get a quick answer.

Which solution did I use previously and why did I switch?

I was using Cisco, but I was using the old Cisco. The firewall was the only working protocol. The Palo Alto Network Firewall is a Next-Generation Firewall, so it is a lot different. 

This is the first and only Next-Generation Firewall that I have used. I have put in several Sophos Firewalls, but they are not the same as Palo Alto.

How was the initial setup?

You will need to know what are you doing with the firewall. 

It's different than Sophos or Fortinet where you only need to click two or three times, and it puts you in engaged mode in the simplest way. 

With Palo Alto, you need to know where you are going to be implementing and what architectures you want. It is not complicated, but it is not as easy as Sophos or Fortinet, because when you start with these two firewalls, the quick setup wizard chooses for you and it automatically creates for you network rules.

With Palo Alto, you need to do all those steps manually, but it is somewhat better because it gives you the flexibility to choose how you want your network set up and how you are going to segment the networks.

What's my experience with pricing, setup cost, and licensing?

I know Palo Alto is not cheap because my finance team has been telling me that it is not a cheap solution. It is about the maturity of your security team or infrastructure team and whom you want to work with no matter how big your organization is: small, medium, or large.

The newest version of Cisco, the Next-Generation Firewall, is less expensive than Palo Alto. The price is more comparable to Check Point.

For licensing, it depends how you want to use the firewall. The firewall can be used only for IPS purposes. If you only want that firewall IPS, you will only need a license called threat prevention which includes vulnerabilities, antivirus signatures, and one additional measure; it includes three measures and security updates. 

If you do not want to buy the threat prevention license in the box, you can buy it with only the support license which is for the support of the hardware. It works like a simple firewall. It integrates what it calls user IDs and application IDs. If you do not buy any other license, only the firewall, Palo Alto will also help you improve your security.

Which other solutions did I evaluate?

We evaluated VanGuard for their Next-Generation Firewall.

We chose between Check Point and Palo Alto for their support teams. Check Point is very bad for support. We switched from Check Point to Palo Alto.

What other advice do I have?

If you do not have a Next-Generation Firewall, Palo Alto is a good choice. It is reliable and the support is very good. The VMware version is in all the boxes and they use the same OS, so it is not different if you manage a physical box or a virtual box. The only difference is the virtual box depends on where it will be placed, and its main usage is for microsegmentation and data center firewalls.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
PeerSpot user
Rene Ortega - PeerSpot reviewer
System Engineer at a tech consulting company with 501-1,000 employees
MSP
A solid operating system with all the necessary data center security features
Pros and Cons
  • "They now know the details about their network traffic that they did not know before: Applications that they are using and some application they did not know they were using."
  • "A solid operating system with all the necessary data center security features."

    What is our primary use case?

    I have some financial experience with the program. We use it with Cisco and Fortinet technology, and have integrated it with NSXi.  

    It has had good performance.

    As an integrator, we need to understand the business case:

    1. The customer's needs. 
    2. The implementation phase. 
    3. Provide clarity and clarify details with the customer.
    4. Relate to their business's needs more than the technology system. 

    How has it helped my organization?

    I am an integrator. Palo Alto Networks has improved my position in the cyber security market here in Paraguay. It is easy to sell. Basically, I just need to implement the demo and the program starts itself. So, it has improved our position in this market. It is a program with very strong performance in an excellent position along with quality data sharing. Overall, it has improved our width. 

    My clients have a group who will be on the security scheme. They now know the details about their network traffic that they did not know before: Applications that they are using and some application they did not know they were using. It has improved the retail control of their traffic and the users on their network. 

    What is most valuable?

    • Its strong intelligence is the feature that I like the most.
    • A solid operating system with all the necessary data center security features. 
    • Easy to manage.

    What needs improvement?

    When you have a client compare box against box, a lot of times Palo Alto is a bit more expensive, but its network firewalls have a very rich ratio.

    For how long have I used the solution?

    One to three years.

    What do I think about the stability of the solution?

    No issues. We did integration with NSXi and the system works likes a charm. There have not been any issues in regards to the format, delivery, or management. It has worked great.

    What do I think about the scalability of the solution?

    I have not encountered any problems.

    How are customer service and technical support?

    I have not had to call the technical support yet, which makes me very happy.

    Their pre-sale team, who assisted us initially, consists of very responsive, kind people.

    Which solution did I use previously and why did I switch?

    We were previously Cisco partners. It is different since it is a network company.

    How was the initial setup?

    It is very simple. They have a very unique approach to simplicity. You have to do some basic set up to some parts where it will be needed. Therefore, it is simple compared to Cisco or Check Point. Also, it is very flexible.

    What's my experience with pricing, setup cost, and licensing?

    The licensing is pretty much like everyone else.

    Which other solutions did I evaluate?

    In each case, it depends on the expectations of the customer. 

    I have worked with Fortinet, Cisco, and Check Point. However, once I began to work with the Palo Alto Networks, it became my preference for cyber security.

    Compared to Cisco, Palo Alto is a much better product.

    What other advice do I have?

    It is a great product. It is a great company, and I am very glad to work with them. 

    Use the learning material that Palo Alto has free on their webpage. The customer should compare it with other products. They need to see the product and understand the power that that technology brings to cyber security. In this case, they can see the benefit against risks to your network and its capacity to prevent threats.

    Disclosure: My company has a business relationship with this vendor other than being a customer: Integrator and partner.
    PeerSpot user
    Adao Costa - PeerSpot reviewer
    Managing Partner with 11-50 employees
    Reseller
    It scales linearly with load and no issues
    Pros and Cons
    • "We have reduced the number of configuration lines by 90%. We need fewer number of admins right now because of it."
    • "It scales linearly with load and no issues."
    • "All areas need improvement: manufacturing, education, financial, etc."

    How has it helped my organization?

    We have reduced the number of configuration lines by 90%. We need fewer number of admins right now because of it.

    What is most valuable?

    The best features are:

    • User identification
    • Application identification
    • Logs and monitoring.

    What needs improvement?

    All areas need improvement: manufacturing, education, financial, etc.

    For how long have I used the solution?

    One to three years.

    What do I think about the stability of the solution?

    None. Works by day with no issues.

    What do I think about the scalability of the solution?

    No issues. It scales linearly with load and no issues.

    How are customer service and technical support?

    I would rate the customer service as 10 out of 10: great.

    I would rate the technical support as 10 out of 10: very professional.

    Which solution did I use previously and why did I switch?

    We did have a previous solution that we used. We switched due to scalability and the other solution had too many issues.

    How was the initial setup?

    It was easy to deploy.

    The deployment works well.

    What about the implementation team?

    We did not need a vendor team. We implemented in-house.

    What was our ROI?

    Our ROI is excellent.

    What's my experience with pricing, setup cost, and licensing?

    Do not buy larges box if you do not need them. Rightsizing is a great task to do beforehand.

    Which other solutions did I evaluate?

    We evaluated Check Point, Fortinet, and others.

    Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
    PeerSpot user
    it_user798924 - PeerSpot reviewer
    Technical Lead Infrastructure at a healthcare company with 201-500 employees
    Real User
    We now have a lot more details about what our users are doing on the network
    Pros and Cons
    • "We now know a lot more detail about what our users are doing on the network."
    • "It is very stable. It is fairly easy to use."
    • "I have not actually called their support line, because we have a direct contact to a senior engineer in the company for any issues that we handle with them. I will say they are very responsive, and they do give you the information you need when you need it.​"
    • "The user-friendliness of the UI could be improved."
    • "The interface is all Java-based. I would prefer an HTML5 interface."
    • "Just sometimes it can be a bit sluggish navigating through pages. That is just purely because of Java.​"

    What is our primary use case?

    We use it to monitor all traffic, so we can do URL filtering with it. We can also use the VPN features, which we have not set up yet, but we know the functionalities are there. In addition, we use it to monitor all our trusted and non-trusted traffic, then block it as appropriate. 

    It does a lot of threat management as well. It is like a threat management gateway and it does some virus scanning. From that perspective, it is really good.

    How has it helped my organization?

    We now have a lot more details about what our users are doing on the network. Whereas before, we did not know certain things they were accessing, websites they were going to, and what vulnerabilities were potentially being introduced into our network. Now, we have a very good understanding of what is actually traversing our network, what is coming in, and what is going out.

    What is most valuable?

    Threat management. That is very important, obviously. There has been a lot of press about hacking, virus vulnerabilities, the cron bug, etc. It is very important that we detect these as soon as it happens, so we can implement measures before they get on to our network. It is very good at doing that; it is very good at identifying these vulnerabilities.

    What needs improvement?

    The interface, maybe. It is all Java-based and I would prefer an HTML5 interface. It would make things a bit quicker. It is not that it is really bad once you are in, it is just another Java-based application that is not amazing. I am not really a fan of Java-based applications. 

    The user-friendliness of the UI could be improved.

    For how long have I used the solution?

    Less than one year.

    What do I think about the stability of the solution?

    No issues, it is very stable. It is fairly easy to use. I would not say it is difficult, just sometimes it can be a bit sluggish navigating through pages. That is just purely because of Java.

    What do I think about the scalability of the solution?

    We picked the PA-3050s. They can handle a lot of traffic, so we are nowhere near our limits on it. We are not really touching its full capacity at the moment.

    How are customer service and technical support?

    It is very good. I have not actually called their support line, because we have a direct contact to a senior engineer in the company for any issues that we handle with them. I will say they are very responsive, and they do give you the information you need when you need it.

    Which solution did I use previously and why did I switch?

    We previously used Cisco ASA. We switched to Palo Alto because it can do a lot more. They are called Next-Generation Firewalls (NGFW). They can do a lot of threat detection and things that the Cisco firewalls could not, or could only do with plugins, and the firewalls were not really built for that purpose. Palo Alto can handle a lot more and give us more insight into our network. 

    How was the initial setup?

    The hardware install was mildly complex; it was somewhere in the middle. It was just about working out the best way to monitor our traffic, because you can have a segregation of interfaces. You can use something called vwire, which is like a bump in the wire, or you can use Layer 3 interfaces. It was just working out which way to go with. We could not really configure the Layer 3 interface solution properly, so we just went for a different setup. 

    It was not overly complex. There was enough information online and enough support. There is enough info in the community on their website to allow you to do what you need to do.

    What's my experience with pricing, setup cost, and licensing?

    For what you get, it does do what it says it does. It is a good value for an enterprise firewall.

    Which other solutions did I evaluate?

    We had a look at Check Point firewalls, as well as Huawei. 

    • With Check Point, it was a feature-rich product, but it was a bit more expensive. 
    • With Huawei, it was not really a valuable solution or as advanced as the other two, so we discounted them straight away.

    What other advice do I have?

    Make sure you have a detailed plan of what you want to get out of it, you fully understand your network infrastructure beforehand and you have all the IP addresses documented and things that you might need before you actually implement it. Also, it is a feature-rich product, so ensure you have looked at what it can give you, and decide if you need all that functionality in your network. If you do not need it, then you can obviously go for something that is a bit less feature-rich.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Buyer's Guide
    Download our free Palo Alto Networks VM-Series Report and get advice and tips from experienced pros sharing their opinions.
    Updated: November 2022
    Buyer's Guide
    Download our free Palo Alto Networks VM-Series Report and get advice and tips from experienced pros sharing their opinions.