Is Palo Alto the best firewall for an on-premise/cloud hybrid IT network?

  • 3
  • 573
PeerSpot user

6 Answers

it_user1227435 - PeerSpot reviewer
Nov 12, 2019

You can choose Palo Alto as one of the best security product lines. For a hybrid network use central management to get a consolidated view of the security status.

Product comparison that may be of interest to you
Real User
Feb 10, 2020

I have been working with Palo Alto for more than 5 years now and I think I have worked with almost every other firewall platform out there. Palo Alto is my go to firewall for several reasons: Always a leader with Gartner, performance, support, centralized management with Panorama, ease of use, human readable logging, etc... They are not the cheapest solution but you definitely get what you pay for.

it_user1149558 - PeerSpot reviewer
Real User
Nov 18, 2019

It depends on how you want to deploy.

The main difference between PA and other vendors is, that you can mix Virtual wire(transparent) interfaces, L3 interfaces or L2 interface types on the same firewall. Instead of choosing only transparent mode firewalling. For the rest, it's quite a flexible firewall. In regards to application type rules, they are much easier to implement than on a Fortinet. I have worked with PA's inactive/active and active/standby setups without any problem. (active/active does have it's own caveats in regards to design and deployment). In regards to the hybrid cloud, we have an HA pair between our datacenters and direct connects going to AWS. For in the cloud itself you best read reference guides that Palo Alto has and probably checkpoint and Fortinet as well. In regards to performance, I have found that Palo Alto lives up to its specs.

Nov 12, 2019

I work for Check Point based on conviction. CloudGuard is the best cloud security either on-prem or public.

it_user977133 - PeerSpot reviewer
Nov 12, 2019

Palo Alto gets very high marks from the research groups like Gartner and Forrester. I like them because of their Zero Trust framework and ability to define security policies based on App-ID, Content-ID, and User ID versus just defining what IP addresses and TCP/UDP ports are allowed. The only downside of PA is that they are "proud" of their solution. One of my specialties is working with large enterprises that are looking to adopt a Zero Trust strategy. You can email me if you would like more info. I did a workshop yesterday on Zero Trust. sorell@unitieditsystems.com

Real User
Top 20
Nov 12, 2019

If you are evaluating different options to test a few different solutions side by side, for example in virtual wire mode (lots of vendors supports that mode of installation ) you can get the best final view. Each case is different from another. The simplicity of everyday operation (Security, NAT rules, etc), the stability of the HA cluster, even migration from smaller hardware to bigger with minimal impact for infrastructure.

Find out what your peers are saying about Palo Alto Networks NG Firewalls vs. Palo Alto Networks VM-Series and other solutions. Updated: November 2023.
745,341 professionals have used our research since 2012.

Related Q&As