We are a solution provider and WildFire is one of the security products that we implement for our customers. We are also using it for testing purposes.
It is primarily used to check for cloud-based malware.
Download the Palo Alto Networks WildFire Buyer's Guide including reviews and more. Updated: September 2022
We are a solution provider and WildFire is one of the security products that we implement for our customers. We are also using it for testing purposes.
It is primarily used to check for cloud-based malware.
Nowadays, this product is very important for customers because there are a large number of zero-day attacks. It gives them a sense of security and confidence because you never know what type of malware will be invented tomorrow.
The most valuable feature is the cloud-based protection against zero-day malware attacks.
The only complaint that we receive from our customers is in regards to the price. Our clients are happy with the technical aspects, but the cost is expensive.
Some customers complain that it takes a long time to make changes to the configuration, but this depends on the customer and the environment. It may not be a problem that is directly related to the product. There are a lot of changes that need to be made for the security of a big company.
The technical support team in Poland should be larger.
Palo Alto needs to invest more in marketing because there is not enough awareness for the brand in Poland.
We have been using WildFire for one year.
We have not experienced any problems related to stability in our environment, and have not had any such complaints from our clients.
We have not had any issues that required going outside of our own technical team.
The Palo Alto team in Poland is very small, so getting an engineer's time can be a challenge. If you have a small team then it's hard to support everybody. The local distributor has taken over some of the responsibilities for solving technical issues that customers have.
My thinking is that we don't have to contact technical support with serious issues because we don't have big problems with the product. I'm sure that there are bigger customers in need of support, and it may be lacking in Poland, but of course, there is an international team that can handle issues as well.
We deal with other vendors including Cisco and Fortinet, and we see a trend where more and more companies are implementing a WildFire-type solution into their products.
Fortinet is the market leader in Poland, in part because of their pricing. Another important thing is that if you want to implement a PoC and need a device of any kind, it is readily available from Fortinet. However, with Palo Alto, it cannot be done so quickly.
We have been in contact with Cisco technical support, and it is much easier to contact an engineer than it is with Palo Alto. The Cisco support is really good in Poland.
When it comes to installation and configuration, it is very good. The length of time required for deployment depend on the number of features and how much configuration has to be done. Typically, it takes between one and three weeks.
We also deploy WildFire using VM models so that we can test various solutions for our clients.
Our in-house team is responsible for the deployment, maintenance, and support.
This is an expensive product and the market for Palo Alto in Poland could be much bigger if the pricing was comparable to Fortinet. We have lost a lot of deals to Fortinet over the price issue.
As an example, if somebody is satisfied with Fortinet and they only need to renew their subscription then it is difficult to convince them to try a completely new device at a higher price.
WildFire is always a product that we recommend for our Palo Alto clients because it tracks potential malware in the cloud and it is very important to prevent these types of attacks.
In today's climate with the pandemic, a lot of staff are working offsite and remotely, leading to a surge in internet usage. This makes the work environments prone to various threats, which is one of the reasons that products like WildFire are so important.
Overall, from our point of view, it is a good product that works well.
I would rate this solution a nine out of ten.
I work on the network equipment in our company including switches, routers, firewalls, VPN, and all of the perimeter devices. Palo Alto WildFire is one of the products that we use to secure our network.
Generally, it detects threats to our network and blocks them. This includes checking applications for malware.
What I like about Palo Alto is that it is a complete product, with everything in it.
In the future, I would like to see more automation in the reporting.
We have been using WildFire for between four and five years.
This product is pretty stable.
Our network and security group are the ones who use it. We haven't had to scale beyond that.
We don't have a lot of contact with technical support but when we do, they are pretty quick.
I haven't used another solution that is better than this one.
The initial setup is straightforward. It was not complex for me at all.
The pricing is highly expensive.
From my perspective, Palo Alto is the best solution in the market. This is the reason that we implemented it.
I would rate this solution an eight out of ten.
We are a solution provider and Palo Alto WildFire is one of the products that we implement for our customers. One of the things that we do is design firewalls for companies that need to enhance their security.
The most valuable feature is the improved security that it offers.
The price of WildFire should be reduced in order to make it more affordable for our customers.
Deployment to mobile devices should be easier.
I have not been in contact with technical support, although my colleagues tell me that the experience with them is very good.
Being the solution designer, I do not have experience with the installation and setup process.
Our in-house team is responsible for deployment and maintenance. We have a couple of engineers who are familiar with it.
There is no one product that can give you 100% protection, but Palo Alto WildFire has some good features. Overall, WildFire is a good product and I recommend it.
I would rate this solution a nine out of ten.
I think they should lower the price of this solution. They are losing customers because the price is too high.
The deployment model could be better.
WildFire is quite unknown in my country. They should develop a better system for teaching their customers how to use this solution and its features.
The technical support is good; they provide good service.
On a scale from one to ten, I would give this solution a rating of nine. I would like to give it a ten, but nobody's perfect.
WildFire is being deployed based on vendor and security best practices and recommendations from our Managed Service Provider. leveraging their inherent knowledge it allows us to think outside the box.
When a security Intel threat talks about an IOC. We can then go to our MSP and ask, "Is there a signature for this particular type of malware?" The response is generally yes, it is applied almost in real time.
It's not a problem specific to the technology, it's a problem across the board. All the encrypted traffic can be a challenge. Becoming a man in the middle requires CPU cycles, causing additional overhead.
The stability's great as long as its sized correctly. no huge hits from a CPU or RAM from a performance perspective. It would be prudent to monitor performance statistics.
The way it's delivered, I don't see scalability being an issue.
We're a managed service, so we've got to fill in the middle that's running interference for us.
The initial setup is really straightforward. Turn the WildFire service on within firewalls and then apply that service to the security policies you want.
Some services require additional licensing. WildFire was one of the services we definitely wanted out of the gate. Suggestion is to determine your requirements of services and map back to the cost of turning on the service.
Install the solution set it up the service in alert mode. Run reports and determine how you want it tuned, them move into block mode. You may want to go to block mode right away with known out of the box threats.
We had two 800-Series Palo Alto Firewalls, but as they reached end-of-life, we began researching alternatives. Ultimately, we chose to switch to Cisco Firepower, so we no longer use WildFire.
The most valuable feature for us is the VPN. We used GlobalProtect for the VPN, as well as site-to-site.
It is very simple to use.
The support needs to be improved because it takes too long to resolve severity-one issues.
Better integration with third-party products and services is needed.
The need to implement their own multifactor authentication, rather than relying on third-party add-ons for it.
They have malware protection and web-filtering in place, although they are not as effective as Titan or Cisco Umbrella.
I began working with Palo Alto WildFire a year ago when I joined the company.
It is a solid, stable network solution.
In terms of scalability, Palo Alto is at the top of the market.
Managing this solution we had six network administrators, who are network analysts. In terms of end-users, the entire company was using the Palo Alto network.
When you contact support, there is no guarantee that they will be available to help you tackle the issue that you are facing. Sometimes you are left on the phone for three or four hours before you can speak with an engineer, which is very, very poor. If you have an emergency situation or a network outage of severity-one, then you cannot wait for hours to support your clients.
Palo Alto was the first solution of this type that we used. However, we have recently purchased Cisco Firepower and no longer work with Palo Alto products.
Prior to Firepower being released, Palo Alto was very simple and better than Cisco ASA. Now, however, Firepower is simpler and the support is outstanding. With Cisco, if you have a severity-one outage then it will be less than ten minutes before you get an engineer on the phone to help you.
I have also worked with Check Point and Juniper solutions, and I feel that scalability-wise, Palo Alto is better than the rest, except for perhaps Cisco, where it is neck and neck.
The setup is not complex. When you come from a CLI background of Cisco ASA or any other platform, Palo Alto is much easier. As long as you are familiar with the general steps in the procedure, it is not difficult.
This solution is very pricey and it depends on the package that you implement. There are sometimes promotions on, which can save on costs.
The Palo Alto models that we were using are the PA800-500 and PA830.
I have seen people in different organizations and different industries set their firewall solutions up in different ways. It depends on the level of support, in terms of who will be maintaining the network. It also includes the level of knowledge they have, as well as their management preference. Some people choose Palo Alto because they don't care about the costs, and it is an easy solution to use, especially if they are already familiar with it. I would say that if they have the budget then this is a good choice and I recommend it.
However, if they are looking to consolidate all of their services, then the option to choose is definitely Cisco. It's a cloud-based solution with malware protection, filtering, and everything you need all in one box. It makes a lot of difference.
Finally, some people prefer FortiGate because the pricing is good and it is simple to use, whereas some people prefer Check Point for other reasons. It's an individual choice, but it should be well researched before the final choice is made.
I would rate this solution an eight out of ten.
We have the Palo Alto Firewall sitting on the edge and everything that comes through it is analyzed. Even if anything comes through via email, it is forwarded to the WildFire service, which then opens up email attachments to see if they do any damage to the system. If it reports back that the attachment should not be forwarded then it keeps it out.
WildFire has discovered a lot of stuff that our other anti-spam tool did not, so it has been quite good.
Using WildFire has reduced the number of viruses and the amount of malware that comes into our system, which means that I don't have to rely on the end-users to identify it. This results in less chance that our systems will get infected. I would estimate that there has been a 15% - 20% reduction in that kind of stuff getting through.
The most valuable feature is where it automatically opens up the emails and checks to see if any damage occurs to the system. That's something that would be difficult for us to do here manually, simply because we get so many emails coming in. I think about 80% of the emails we get are spam and for us to be able to manually go through that, one by one, looking to see whether they are good or not, would take perhaps 50 people full-time.
Palo Alto is very tech-heavy, and the average user can't just go and deploy one. You really need to know what you're doing. I've been doing IT for more than 25 years and I sometimes have to double-check things or ask for help. The reason is that there is so much included in the solution. It would be nice if there was an easier way to install and deploy it, such as through the inclusion of wizards. Having a more complex product generally means that you need more technical expertise, although if very experienced people are still having trouble then it is probably worth revisiting and trying to improve.
It would be nice to have some sort of remote management tool. As far as I'm aware, they don't have a tool that runs on a mobile device, so you need to be in front of a workstation in order to get it up and running. If I had a remote tool that allowed me to access it then it would be very helpful. Even if I have to VPN into the network, that's fine, because being able to remotely do stuff on my phone would be useful. Everything is going that way.
We have been using Palo Alto WildFire for about seven years.
This solution is quite stable and we've had very few problems.
We did have one false positive that nobody was able to figure out, including Palo Alto and our consultants. Ultimately, I was able to find the problem, write some code and embed it, and that has kept the problem from reoccurring. Otherwise, it has been rock solid.
It is quite extensively used in our organization. Literally, it is used non-stop.
This solution is quite scalable. The specific solution that we have was sized for our environment but I know that you can get other models that will scale up or down, depending on what you need. I think that it should work fine, regardless of what type of organization you're in.
We have between 60 and 70 users. Everybody from the CEO to delivery drivers, office workers, and mobile employees use this solution.
Technical support from Palo Alto is very strong. Whenever I've had problems, they've been able to help me out, every single time. I've gone to them with some pretty complex stuff and they will sit with you until it's done. They have technical support that follows the sun, so if I've got somebody who is in the same timezone and their shift ends, they will transfer me to another person who is just starting their day and can spend another eight hours with me, if necessary.
The biggest lesson that I learned from using this solution is not to hesitate to call support. You're going to bang your head against the wall trying to figure things out, and meanwhile, these guys are just sitting there waiting to help you. They will figure things out a lot faster than you will.
The company did have a previous solution. I don't know what it was, but the switch to this product was based on the recommendation from the telco.
The initial setup is fairly complex.
One of the challenges is that you often need to have a third-party implement the solution, and whoever handles the task needs to understand your network and your use case extremely well. They have to know it so well that really, they need to be an employee and work with the environment in order to roll it out properly. It's difficult to do, so that means you need to have a highly technically skilled individual who can go in and implement stuff that works with the company. Unfortunately, most smaller companies just don't have that kind of person.
From the point that we first started talking about it, followed by the installation, setting it up, and testing, it probably took a couple of months. We first implemented a test network, which was segmented off and used in parallel. We had some people who were willing to test the new system and helped us to gain confidence in the implementation. Once it was complete, we brought everybody over to the new network and remove the old one.
We had a consultant come in and he did an okay-job. However, I had to go back in later on and rework a bunch of stuff, simply because he didn't understand the environment.
The company we used was Telus, which is a telco in Canada. When the primary consultant would run into problems then he would call somebody else, who in turn called somebody else. In total, we had several people from Telus who were working on the implementation.
For the deployment staff, you will be needing two or three people. They have to have an understanding of the business, networking, networking protocols, and security.
With respect to the maintenance, it is pretty hands-off. One or two people can handle it, as long as they've got a strong understanding of how the Palo Alto system works. The only time you really need to touch it is if you need to make a modification to the web filtering rules or if you need to modify the configuration to allow for different services or different devices on the network.
This solution saves us a pile of money because we don't have to manually go through all of our emails.
Smaller organizations may find it a bit costly. It is not a cheap solution, simply because of everything that it can do, so there might be a cost barrier for smaller organizations.
We pay between $3,000 and $4,000 CAD ($2,200 - $3,000 USD) per year to maintain this solution. There are different charges the depend on the different options, such as WildFire or different virus signatures.
This is a very good solution and from a technical perspective and it does a fantastic job. At the same time, we are actually planning on getting rid of it, as it is probably overkill for what we need. I think that when they were looking at this device, they didn't really know where to turn. I was not working here at the time, so they took the recommendation from their telco.
My intention is to replace it with four or five individual firewalls, which gives us a little bit of redundancy and does some other things for us. Palo Alto has a lot of advanced stuff that it brings with it, and we don't have a need for it.
Specifically for WildFire, we're shifting away from on-premises email and going to a cloud-based email system. In that type of managed solution, the provider handles messaging security.
My advice for anybody who is researching this solution is to consider the requirements and the cost. I guarantee that this product will do what you need, but you have to make sure that what you need is what it provides. It is possible that there is more in there than what you'll actually use, so you need to think about whether it is worth the cost. The reason that we're changing is cost-related. For what they are charging us every year, I will completely replace all of our hardware, get exactly what we need, and only pay for it once. We will be saving $3,000 - $5,000 CAD ($2,200 - $3,800 USD) every year after this, just because we don't have those licensing costs associated with it.
The bottom line is that this solution has the ability to do an awful lot of stuff, and if it were easier to configure then it would be even better.
I would rate this solution an eight out of ten.
We primarily use Wildfire products to prevent attacks. As resellers, we showcase the Wildfire capabilities like handling known and unknown threats on the customer side.
The way that the solution quickly updates to adjust to threats is the solution's most valuable aspect. When there's a security attack, within five minutes, all Wildfire subscribers have access to updates so that all systems will be safe. Its threat prevention is way better than other vendor products.
In terms of threat prevention capabilities, the solution doesn't need any improvements that I can see. We've been quite satisfied.
The size of Palo Alto's cloud is big but it could be easier to use from a product management perspective.
I've been using the solution for nine months now. I'm new to Palo Alto Networks but I have been using the solution since I started working with Palo Alto Networks on the reseller side.
We've dealt with technical support in the past. Once you open a ticket from the support portal, you will be assigned an engineer. That engineer will only focus on your case until it is solved. It's unlike other vendors that don't necessarily give you the same engineer or service representative for the same ticket. It offers good continuity when there are issues to be resolved. We've been quite satisfied with their level of service.
I've used Sophos Firewall in the past. They can also block or scan threats.
The solution is very straightforward. Setting it up is easy. We just create a Wildfire profile then apply it on the security parcel. It is pretty straightforward.
The pricing of the solution is a bit higher, but it's worth the extra money you will spend because of the protection that you get.
I really recommend Palo Alto Networks. Out of 10 stars, I would give 11.
I would recommend the solution because it's so easy to deploy and when you read the security profiles, it's very easy to handle, unlike other vendors. When it comes to threat protection, the features are easy to use and understand.
Our primary use case for this solution is for threat intelligence, to detect threats.
This solution has given us a higher level of assurance that we don't have an active threat.
The most valuable feature is the Automatic Verdict feature that recognizes whether something is a threat or not.
I would like to see them continue their developmental roadmap for the product.
We have never experienced any downtime or inaccuracies.
This product is super scalable.
Their technical support is excellent.
We previously used a different solution but it was ineffective and didn't integrate well.
The initial setup for this solution was very easy. You just turn it on and put it in monitoring mode. One person can deploy and maintain this product.
We implemented in-house.
The ROI is pretty much right away.
The licensing fees are on an annual basis and there are no costs in addition to the standard fees.
Before choosing this solution we evaluated OpenDNS.
WildFire is a perfect complement to a Palo Alto Firewall, it's invaluable.
I would rate this solution a ten out of ten.
We use Palo Alto Networks WildFire for firewall and IT services. We also use it for bank security requirements. They are remarkable for support of threat analysis on files.
There are always problems with the operational files. You can only do malware identification. That is the way that this device functions.
All of the traffic is scanned in a single flow, which improves the response times for the user. This is how Palo Alto Networks WildFire helps our organization.
We appreciate the support of Palo Alto Networks WildFire for our next-generation firewall equipment in deployment.
There are certain changes that I was expecting in the previous version, and I hope that they are soon fixed. Their database has good Information over threats because of Unit42 however there is a serious competition to the product from Cisco ThreatGrid and Umbrella
I don't think there are any major features that are different from Palo Alto versus their competitors but with time the PA needs to improvise on products and threat feed if it needs to be the leader
I regularly work with companies with over 2000 users and they safely use Palo Alto Networks WildFire. I haven't seen any problems with stability.
At my company, we use it regularly. For my previous customers, it's a first for them to use Palo Alto products.
Using virtual settings, scalability with WildFire is awesome. On the physical configuration, it is harder and more independent. The scalability is limited there.
There are very good options available with the Palo Alto Networks WildFire. They have given me options for all the support that I need.
With internet speed, the settings range from 2GB or 10GB to 40GB. There are a lot of internet settings options, so I guess they're very scalable in that.
We are not an overly large company, so I can say safely around 400 to 2000 is the user base of people that we support.
Palo Alto's customer support is good. They are awesome. I would rate them nine out of ten for technical support services.
We have not compared this product with other but we would like to evaluate the options if they are available.
They have many different options with Palo Alto WildFire and the setup is quick. The deployment normally takes around 15 minutes.
If you have all the details in hand, it does not take more than 15 minutes to deploy a wildfire and integrate them. Most of it has been deployed before the said timeframe. The only challenge is for tuning on policies and implementing it with DLP to make sure it is in compliance. The key point that I look for while protecting the customer is to make sure that they don't have any opportunities for a malware attack.
An integrator was not required for deployment. I did the installation myself. We had very good documentation. I just needed to read the documentation thoroughly and it was deployed.
Palo Alto does not require any additional costs to the standard licensing fees, but we have the regular license model. If I just want a firewall, then I need to buy two licenses.
If we use a VM base, then I need to buy the VM base license, along with the support package from the provider. However, without the license fee, I need to buy IPS support separately.
Other products like Cortex Data Lake support also need to be licensed separately, but that is a wonderful feature.
With Palo Alto, I can just go buy whatever extra features I want, and they give me a 30-day free license, so that is useful for me.
I can go ahead and buy the product, or if it is not for me anymore, it is free to try. That is a good way to sell their products too. Our subscription runs on a yearly base.
On a scale from 1 to 10, I would give Palo Alto Networks WildFire a 8 for safety.
Our primary use cases are for firewalls, cloud, and on-premise.
It helps us when segmenting and securing the network and all sort of technologies, all sort of next generation needs. It's the next generation phases of firewall like anti-virus, sandboxing, wifi, and VPN.
All of the features are quite good.
Other vendors have some sort of bandwidth management built into the firewall itself and Palo Alto is missing that.
If there was anything extra for the endpoint security and VNC that would be good, but again it's coming with Palo Alto and must come with some additional cost.
It's very stable. With respect to scalability and stability both, I would say are quite scalable and very steady. I haven't seen any issues.
This solution is being used corporate-wide, more than a couple thousand people.
Most of the time their technical support has been perfect. A few times a few of the tech support engineers did not have strong knowledge. Overall, though, it's good.
I have worked with Cisco, Fortinet, Juniper, CheckPoint, too many of them.
The initial setup was straightforward. The setup took less than an hour, it's a simple firewall setup.
It's a stable product. It's pretty expensive but with respect to value for money, it's okay.
I would rate it a nine out of ten.
My primary use case of this solution is on-frame and in-cloud security of the infrastructure.
We use this with different clients in the financial sphere, the health sector, and the insurance sector. Across all of these different verticals, we use this product.
Being an application-based firewall, this is one of the critical focus factors along with the threat prevention services it provides.
As a firewall and 360 degrees of security, there needs to be more maturity. And, the industry is currently moving towards automation and orchestration. I would like to see more of this in the product. They are part of the future roadmap to AI (Artificial Intelligence).
It is stable, and we are also trying to integrate this with the Palo Alto MIME shell. We did that, and also I have inquired recently about Evident, which is a recent acquisition. So I have requested for demos, and still I did not see any response from Palo Alto yet. This is something that we would like to explore.
It's pretty much scalable. We were able to manage both the cloud, and also the on-frame devices or appliances from centralized management station. So, we just implemented in the migration onto the cloud.
We used tech support to help us implement the product initially.
I have prior experience with Cisco Firepower. But, they are very expensive in comparison to Palo Alto.
The initial setup was complex because we were switching from traditional firewalls to application-based firewalls. We needed Palo Alto's help insetting up initially. From there, we tried to understand, and followed suit with implementation.
It is a reasonable price compared to other solutions on the market.
Some of our clients used to have the traditional firewalls so where we do have enabled the application control but being it's a pretty small firewall. At the end of the day, even in spite of them demanding the application controls, it's on top of the firewall functionality (especially in terms of controlling the applications). So, after implementing the Palo Alto firewalls, they have achieved more than what is expected, and we are able to control the number of applications; who gets to have access, and what is flowing inside the network. Anything that is traversing the firewall, is available right now.
My primary use case for this solution is for a secure gateway. It creates a proxy or an appropriation for the suspicious files that can be damaging.
The cloud-based services are a nice feature.
I do not find it as secure as other solutions. Furthermore, the cloud-based solutions are still not legally available in countries like Saudi Arabia, Iran, and Russia. Some countries do not allow the service according to country obligations. They can not use the cloud services for government offices. So, Wildfire is not allowed in several locations.
I think it would be nice for Palo Alto to work without the connection to the cloud. It is 100% powerful when connected to the cloud. But, if you disconnect from the cloud, you only get 40-50% power.
I have previous experience with FireEye and Symantec. I find that Symantec is a standalone on an enterprise level secure market, which I cannot say for WildFire.
The initial setup was straightforward and easy.
The primary use case for this solution is the attention to detail. IT is also easy to manage, and easy to use. It is a really good product.
The reporting feature helps our performance.
I really like the product, it is easy to manage and easy to use.
In the duration of our use, it has been stable.
It is a scalable product. We have had no issues with scalability.
I have not had issues with technical support of this solution.
The initial setup was very easy for us.
The pricing is OK, it is not too expensive.
We looked at other products, but found PaloAlto to be the best solution for our needs.
I would give this product a rating of 9 out of 10 due to some slight issues of performance.
We don't want a virus. We don't want people visiting unknown sites and opening us up to any type of malware or any type of virus attacks.
We haven't had a virus. That is a good thing. It makes my job easier. For the organization as a whole, no viruses mean people keep their jobs, which is a good thing.
It is an outstanding solution. It is one of the top solutions out there from what we have tested, and we have even tested Cisco Firepower.
You can see everything that's going on in your network. It constantly updates their signatures and new anti-spyware signatures. That is updated daily.
It catches modified signatures of known viruses. It is an easy interface to use.
They should make their user interface a little more user-friendly.
We are a decent size organization. If the product can fit our organization, it should be able to fit pretty much any other organization just as well.
Their technical support is outstanding and top-notch.
They were things that only somebody who had worked with Palo Alto before would probably be able to break down, then tell you how to set up your initial rule sets and explain what exactly they do. The vendor helped us look at what we have going out versus what is coming in.
They provided in-house support when we initially set it up. They made sure that we were supported from start to finish. Any questions we had, we had someone that we could reach out to, and we had an answer within a matter of minutes to hours. They are very responsive and easy to work with.
Test it in your environment because everyone's environment is different.
Most important criteria when selecting a vendor:
Installing this product as a datacenter firewall for segregation and segmentation, and also configuring policies between zones.
Threat Prevention and WildFire features should be enabled in Palo Alto. With this product, we receive the best monitoring and reports.
The VPN and decryption need improvement.
No, I did not encounter any issues with Palo Alto's firewall. The product is very stable.
No, but you should do the rightsizing before buying the product.
They provide a medium level of technical support.
I used Cisco. Palo Alto is better for datacenter and Cisco for perimeter.
Straightforward to use.
More expensive than other firewalls.
We evaluated Cisco Firepower.
My advice is to install Palo Alto's firewall as a datacenter. You should enable the features (Threat Prevention (AS, AV, and Vulnerability Protection), File Blocking, URL Filtering, WildFire, etc.).
Palo Alto's firewall is the best firewall right now. I have used Palo Alto since 2014.
This product/feature is an enhancement to traditional company/corporate AV and VP solutions, not a replacement. As such, it strengthens existing protections and provides significant visibility into files and applications that are moving through the company's systems.
Detailed reporting on analysis of content. The inspections are easily applied to security policy profiles and profile groups, and may be assigned on a per-rule basis.
No stability issues.
No scalability issues.
I have never accessed PAN (Palo Alto Networks) technical support regarding this feature.
This is a fairly unique feature offered by Palo Alto Networks (may be comparable to FireEye). As such, it was an addition to our existing protection suites.
Very straightforward. Basically, a few check boxes and desired behaviors.
It is expensive, a feature more accessible to enterprise class customers, but provides an enhanced possibility that Zero- or near-Zero-day threats may be identified and mitigated. The cost of the product weighed against the potential impact of even one successful crypto malware-type exploit may justify the expense.
No, again this "WildFire" is a fairly unique feature. The closest comparison may be FireEye, but I have not used that product.
Consider your level of exposure to exploits of any nature. Also, consider the impact (cost and loss of business) of even one successful exploit to help make a business decision regarding this product.
I would also advise that the decision should be considered with regard to the company's ability/willingness to provide the assets to keep abreast of these types of products and features. There are no set and forget type functions.
It provides the enhancing network and endpoint security for the client through its IDA and IPS system filtering.
The most valuable features are:
The data analytical system for deployment needs to improve.
Technical support is excellent, I would rate it a 10/10.
It is quite easy to set up.
The pricing and licensing option should be categorized for various countries such as for Bangladesh.
We looked at Forcepoint NGFW.
Technical support is excellent and it is a promising option.
WildFire has been instrumental in blocking a number of new threats, before common desktop anti-virus tools were able to detect them. When Wannacry first came out, wildfire was detecting it and dropping incoming threats within seconds. We were dropping over 10,000 files per day with no additional firewall load at all.
I am very happy with WildFire and can see no obvious areas of improvement at this point.
This product is rock solid in terms of stability.
There were no problems with scalability. We have rolled out more firewalls to clients, and no scalability issues were found.
Technical support is fine. We have never needed to contact them regarding WildFire.
We previously used Fortinet. However, we found it to miss a lot of incoming viruses, because at the time, they had no sandbox style service.
The setup was very easy. Simply license the feature and enable it within your scanning profiles.
This feature is implemented in-house.
As soon as it began dropping incoming threats, measured in days, that desktop scanners could not find, it hit its ROI.
It's not particularly cheap, but it is absolutely worth it.
We evaluated Fortinet and Cisco.
The GUI is better in 8.0, but I still feel it lacks the fast response most of us desire. Logs are much quicker.
We have not encountered any stability issues.
We have not encountered any scalability issues.
Customer service is excellent. Their support is top-tier for sure.
Technical support is excellent. Their support is top-tier for sure.
We previously used legacy Cisco ASA. We switched because it was buggy and had no visibility; it was not easy for the rest of my team to use.
Initial setup was straightforward.
A vendor team implemented it. They were amazing.
It IS a bit expensive, but I think you get what you pay for. Value is there.
Before choosing this product, we also evaluated Check Point, Cisco, and Fortinet.
From a technical perspective this has given us a new high as this is how a technology solution should function. From a sales perspective, we have been able to pitch the solution to new customers as it seems cheap to customers when we bundle the solution, compared to getting each device for individual functions.
I believe these are the major improvements in the pipeline.
I've been using it for four years.
It crashes too frequently for a few boxes, which could be expected from a new vendor as it evolves. The best part is RMA, as you get the box back quickly if you have it in the contract.
No issues encountered.
No issues encountered.
If it is Arrow support, it's pathetic. I wouldn't recommend them. However, if you go directly with the PA team they are the best tech junkies I have worked with.Technical Support:
We used to have Netscreen as our favourite, but it went EOL. Being an MSP we have to have expertise with all the devices. Although, Netscreen is our favourite.
I would say that this is difficult to answer, as the setup would be adaptable based on the mode you use, and the way the firewall can be configured. If you ask an expert it would be straightforward. If you ask a newbie, it would be not that difficult to configure if you follow the mentioned steps.
Go forward, this is an amazing device to be implemented if you have the cost to bear.
It has one of the best WebUIs that I have used, because at a glance looks simple, but offers us a lot of options to secure all the traffic that is passing through the device (or all traffic that the user decides to pass through). Besides, the way that scan the applications to detect what kind of application is do not affect anything about the device's performance. The way that the product process or handle the traffic, is one of the best in the industry.
Well, I work as a security consultant, so one of my functions is to help and provide to the end users with recommendations about technologies or process to secure their network. So, one of my customer decide to migrate from TMG/UMG to Palo Alto, it took a while, but during this process, I showed them many ways to improve their current security with Palo Alto, and after a while, they are very comfortable with the technology, for them now, it is easier to apply some kind of web filtering or application filtering than the past.
I'd like to see a wizard to create IPSec VPNs. They need to improve the graphics to show the network behavior.
Deployment is easy.
The stability is acceptable.
It depends about the project, but offers a good HA option.
Always show to the customer what the product can do for them and what not, is a good practice, because they can open their eyes and to be sure what are the benefits of that technology. Always analyze the network topology, using the customer's network diagram and ask every doubt that you have, for my experience a good analysis and deployment plan give us a successful implementation.
Palo Alto is an easy to manage firewall. It connects successfully in AD and LADP for user based policy. It has rich application info for app.based policies and it gives enough IDS performance. New policy compile is speedy.
It can do sandboxing on the premises, and it can be directly integrated with Palo Alto NGFW. The malware information on the file that has been sandboxing will be directly updated to the Palo Alto NGFW, and added to the Palo Alto Networks NGFW malware signature library. Also, the credential data within the file that has been sandboxing still be kept on the premises.
Palo Alto Networks WildFire can detect many types of attacks that are using malware embedded on files/URLs with minimum time, and it can increase the effectiveness of resources (time and people) to prevent the malware.
In my opinion, it could be developed to be dependent not only on signatures, but also on patterns and behavior of malware. What I would like to see in the next version/release is to be able to handle much more file types on premises during deployment, because now on premises deployment a .APK file must be sent to the cloud for sandboxing.
I can't remember exactly, but probably more than six months.
For now, I have no issues with the deployment.
For now, I have no issues with the stability.
For now, I have no issues with the scalability.
Both customer server and technical support are very good.
In our case, before we contact Palo Alto Networks technical support, we can contact the Palo Alto Networks local distributor, who provide Palo Alto Networks technical support locally.
I forgot what the name or product that used previously, but the reason I choose Palo Alto Networks wildfire is it integrated with Palo Alto Networks NGFW that already used on the network environment
The initial setup of Palo Alto Networks WildFire is simple.
We’re the ones who implement the Palo Alto Networks WildFire in our customers environments.
It’s not about what we will get directly from having Palo Alto Networks WildFire as an ATD device, but it’s all about the loss of resources you suffer if you don't have it implemented.
User identification and the Applipedia are the most useful. The integration of the Applipedia with the application identification at layer seven makes it a very comprehensive, and secure, firewall.
We have the ability to see what traffic is coming and going in a much deeper and more detailed fashion. We have also found, and stopped, several malware applications before they infected the endpoints.
I've used it for five months.
During initial testing we were too strict on what was allowed outbound. We ended up needing to open up more broad categories. We also found that several websites do not function well with the SSL Decryption feature. We also found that a custom script is required to put the SSL Decryption certificate into Mozilla Firefox.
No the product has been very stable and reliable.
We implemented it in a smaller environment but, find that the 3000 series has plenty of power and has the ability to grow with us as we provide north-south as well as east-west security between internal environments.
Customer service is very friendly and responsive to any request.Technical Support:
I have found the tech support to be impressive. Support agents are available 24/7, and I have never waited for more than an hour to speak with an agent. I would consider the first team you call to be equivalent to most level two or three engineers.
Previously we used Cisco ASA 5510 and Fortinet. Fortinet was an old version and was phased out due to this. The Cisco ASA was replaced do to the limited capability of the out of box functionality and reporting.
Initial set-up was straightforward and easy. We were able to get both devices on the network and set-up to look at traffic within a few hours on split up time. The products complexity came from the terms and the overall thinking of how the product works.
We did it in-house.
Before choosing Palo Alto we also reviewed Cisco ASA, Fortinet, and Sophos.
The product is straightforward to implement, though if you are looking for a quick implementation, I would suggest bringing in an expert.
Being able to discover malicious files unknown to most AV vendors.
It has allowed me to stop new attacks before they could gain a foothold in my network.
I've used it for three years. However, my current company isn't using the product. I took a different engineering route into the company and I decided to use other protection solutions and not Wildfire.
The deployment of Wildfire was surprisingly easy.
Wildfire itself was a very stable product.
I never had any issues with scalability. When I enabled it, it seemed to work in the environment that the firewall was already servicing.
Great when I was at a large company but average or less than average at a small company.Technical Support:
Overall their support people are better than most tech companies.
There was no solution in this space before Wildfire. Both FireEye and Wildfire came onto the market right around the same time.
It was straightforward as I could, literally, turn on the firewall settings in five minutes or less.
You really don't need to pay to turn it on. The configuration is very simple.
There are two levels of Wildfire.
Initially, the product doesn't cost anything for the first tier of usage you can prove the product before buying it.
If you're running Palo Alto firewalls there is no reason not to use it at the free level. Once you have run it for a while at the basic level, you can make an educated decision if it's worth paying for the subscription (it is).