Coming October 25: PeerSpot Awards will be announced! Learn more
2018-12-05T07:52:00Z
Miriam Tover - PeerSpot reviewer
Service Delivery Manager at PeerSpot (formerly IT Central Station)
  • 0
  • 21

What needs improvement with Palo Alto Networks VM-Series?

Please share with the community what you think needs improvement with Palo Alto Networks VM-Series.

What are its weaknesses? What would you like to see changed in a future version?

25
PeerSpot user
25 Answers
JH
Director of IT at Tavoca Inc
Real User
Top 20
2022-07-30T18:08:00Z
30 July 22

The web interface is very slow, and it needs to be faster.

Shrijendra Shakya - PeerSpot reviewer
C.T.O at Sastra Network Solution Inc. Pvt. Ltd.
Real User
Top 5Leaderboard
2021-11-09T23:39:00Z
09 November 21

It would be helpful if we had a direct number for the support manager or the supporting engineer. That would be better than having to email every time because there would be less wait. Having a dedicated number where we could send a text message in the case of an emergency would be helpful.

Darshil Sanghvi - PeerSpot reviewer
Consultant at a tech services company with 501-1,000 employees
Reseller
Top 5Leaderboard
2021-05-19T12:03:00Z
19 May 21

When we activate the solution on Amazon, instead of AWS, GCP or another type of public cloud, we encounter problems, as our engineers are not yet completely hands-on in respects of the public cloud platforms. Still, they can configure the firewall just fine. Integrative capabilities with other solutions should also be addressed.

Ricardo S. - PeerSpot reviewer
IT Infrastructure Architect at a financial services firm with 10,001+ employees
Real User
Top 5
2021-01-23T04:01:00Z
23 January 21

It can be improved in areas such as DevOps and quality assurance. The installation rules deployment process we also improved when we deployed these firewalls. In terms of new features, for simplicity reasons, it is faster, because as I mentioned above we can reused the same rules and the same objects from the local PAN that has a Panorama such as the single point of supervision. We are looking for ways to integrate with other cloud in the future. For this, we will require a more secure integration and encrypted connections with other companies.

Alexandru Sireteanu - PeerSpot reviewer
Assistant Professor at Facultatea de Economie și Administrarea Afacerilor din Iași
Real User
Top 20
2021-01-05T17:34:14Z
05 January 21

The firewall itself is very complex. You have to do a lot of research, look through all the documentation, consult, and figure out how to use it. It's not so easy as a regular firewall, like Hypertable. It'll help if Palo Alto Networks provided better documentation. It would be even better if they had simple documentation on some use cases as well.

RS
Network Security Engineer at a tech vendor with 51-200 employees
Real User
Top 5
2020-12-11T17:29:37Z
11 December 20

The implementation should be simplified.

Learn what your peers think about Palo Alto Networks VM-Series. Get advice and tips from experienced pros sharing their opinions. Updated: September 2022.
632,779 professionals have used our research since 2012.
GA
Senior Network Engineer at a tech services company with 51-200 employees
Real User
Top 5
2020-10-13T07:21:29Z
13 October 20

The one issue that I didn't like is that the SNMP integration with interfaces didn't record the interface counters. It seems that you really need to upgrade to the very latest version, whereas the physical one has worked for ages now. I think that it narrowly affects the Azure deployment because I remember that we were using the VMware solution before, and we didn't have such issues. I think that the most important point for Palo Alto is to be as consistent and compatible as possible. It should be compliant such that all of the features are consistently available between the physical and virtualized deployments. It is not always easy to integrate Palo Alto into the network management system. This is significant because you want to compare what your network management system is giving you to what Palo Alto is giving you. Perhaps in the GUI, they can allow for being able to monitor the interface traffic statistics. The other things are pretty much great with traffic calls and sessions, but just being able to look at it on an interface physical level, would either avoid using the monitoring integration by SNMP or would create a reference, a baseline check. This would allow you to see whether your network monitoring system or tool is actually giving you correct traffic figures. You need traffic figures for being able to recognize trends and plan the capacity.

GA
Senior Network Engineer at a tech services company with 51-200 employees
Real User
Top 5
2020-10-07T07:04:33Z
07 October 20

It would be good if the common features work consistently in physical and virtual environments. There was an integration issue in the virtual deployment where it didn't report the interface counters, and we had to upgrade to the latest version, whereas the same thing has been working in the physical deployment for ages now. It seems that it was because of Azure. We were using VMware before, and we didn't have any such issues. We do see such small issues where we expect things to work, but they don't because of some incompatibilities. There also seems to be a limitation on how to do high availability in a virtualized environment. All features should be consistently available in physical and virtual environments. It is not always easy to integrate Palo Alto in the network management system. We would like to be able to compare two network management systems. They can maybe allow monitoring an interface through the GUI to create a reference or do a baseline check about whether your network monitoring system is actually giving you the correct traffic figures. You need traffic figures to be able to recognize the trends and plan the capacity.

TD
Security Operations Specialist at a logistics company with 201-500 employees
Real User
2020-10-01T09:57:59Z
01 October 20

Its web interface is a bit outdated, and it needs to be updated. They can also improve the NAT functionality. We have had issues with the NAT setup.

KS
Senior Network Architect at a manufacturing company with 5,001-10,000 employees
Real User
2020-10-01T09:57:00Z
01 October 20

The user interface could use some improvement. I would like to see SD-WAN features added in the future.

JL
Executive Cyber Security Consultant at a tech services company with 11-50 employees
Consultant
2020-09-21T06:33:11Z
21 September 20

We would really like to see Palo Alto put an effort into making a real Secure Access Service Edge (SASE). Especially right now where we are seeing companies where everybody is working from home, that becomes an important feature. Before COVID, employees were all sitting in the office at the location and the requirements for firewalls were a different thing. $180 billion a year is made on defense contracts. Defense contracts did not stop because of COVID. They just kept going. It is a situation where it seems that no one cared that there was COVID they just had to fulfill the contracts. When people claimed they had to work from home because it was safer for them, they ended up having to prove that they could work from home safely. That became a very interesting situation. Especially when you lack a key element, like the Secure Access Services. Palo Alto implemented SASE with Prisma. In my opinion, they made a halfhearted attempt to put in DLP (Data Loss Prevention), those things need to be fixed.

NK
Senior Manager Network Engineering at a manufacturing company with 10,001+ employees
Real User
2020-09-10T07:35:40Z
10 September 20

The disadvantage with Palo Alto is that they don't have a cloud-based solution that includes a secure web gateway. For example, if a person is working from home and you want a proxy then you have to rely on a secure web gateway. Palo Alto cannot do that because they don't have a cloud solution. So, if you want direct internet access and if you also want the proxies then Palo Alto is not a good choice.

BK
Manager, Information Technology at SWPA Corp
Real User
2020-08-23T08:17:00Z
23 August 20

From my understanding, we used to have the Sophos firewall and a nice feature that is missing in Palo Alto is the heartbeat that monitors each endpoint. It would be helpful if Palo Alto monitored the status of every endpoint. It could be that it was not set up correctly. In the next release, I would like to see better integration between the endpoints and the firewalls.

Md Rezwan Ashique - PeerSpot reviewer
Technology Specialist at Accretive Technologies Pvt Ltd
Real User
2020-07-15T07:11:39Z
15 July 20

Even when the solution locks away a virus, there seems to be a delay for four or five minutes. It should be as little as one. Right now, it's such a long delay. It can be frustrating for clients and I need to answer a lot of questions surrounding that. The solution needs to have more easily searchable details or documentation about it online, so it's easier to Google if you have queries. The solution requires more use cases.

VG
IT Security Head with 1,001-5,000 employees
Real User
2020-04-16T08:44:43Z
16 April 20

I would like to have automatic daily reporting, such as how many users have connected via SSL VPN. As it is now, we have to manually look at the logs, which is tedious. There are no ready-made reports on that level and the information is not easily available. I really need more advanced features that support the correlation of log files.

Kofi Otchere - PeerSpot reviewer
ICT Infrastructure Specialist (E-Transform Project) at Ministry of Communications and Information
Real User
2020-04-13T06:27:32Z
13 April 20

The command-line interface is something that some people struggle with and I think that they should have an option to go straight to the GUI. The interface for Panorama has not changed greatly and could be updated.

Sarith Sasidharan - PeerSpot reviewer
System Administrator at a government with 201-500 employees
Real User
Top 5
2020-04-08T06:36:56Z
08 April 20

There should be an option for direct integration with the Azure platform. This would allow this product to take advantage of the auto-scaling that is offered by Azure. Because I am purchasing it as a SaaS model, I should get the complete functionality. I would like to see the direct support and product ownership from the principal vendor. Ideally, the vendor should maintain ownership and be responsible for the system, including that it is operating correctly. This would give my company a better value when purchasing the product. The pricing could be improved. The Panorama management license should come with this solution. We have eight nodes and we still have to purchase it separately. Everything should come with a single license, rather than something that is broken into many parts.

PeerSpot user
Hewlett Packard Enterprise Solution Architect at a tech services company with 11-50 employees
Consultant
2019-01-14T13:16:00Z
14 January 19

It can definitely improve on the performance. I would like more scalability included on the next release.

Michael Robtoy - PeerSpot reviewer
Infrastructure Team Lead at a financial services firm with 201-500 employees
Real User
2019-01-14T13:16:00Z
14 January 19

We have ran into issues with Palo Alto’s limitations for resolving large IP lists from DNS lookups, as well as the antivirus interfering with App-ID. I would like to see a more thorough QA process. We have had some difficulties from bugs in releases. I see more improvements needed from AWS than from Palo Alto on the VM-Series, namely a design centered on NGFW.

AP
Director at a financial services firm with 1,001-5,000 employees
Real User
2018-12-11T08:31:00Z
11 December 18

There is work to be done on the integration side, as AWS doesn't integrate well with third-party firewalls. I would like to see AWS have more integration with Palo Alto from a routing standpoint, so it could become a routing egress without having to redesigning it.

Sachin Sheth - PeerSpot reviewer
Director of Cloud Security at Wipro Technologies
Reseller
2018-12-11T08:31:00Z
11 December 18

The product could provide protection above Layer 3, which gets into the application layer and provides better visibility into those aspects of application security. This would be very helpful. This way, there would be one tool that we could continue using. The data aspects of data security and data loss prevention could provide visibility which would be very useful.

CB
System Administrator at DeepMap
Real User
2018-12-11T08:30:00Z
11 December 18

I would like a way to do everything programmatically, or be able to copy the configs from different prices at different levels.

Pradeep Kurra - PeerSpot reviewer
Cloud Practice Engineer at a tech services company with 51-200 employees
Real User
2018-12-11T08:30:00Z
11 December 18

On the cloud side, they need to come up with more HA solutions to support the multi-region.

PT
Solution Architect at JM Family Enterprises
Real User
2018-12-11T08:30:00Z
11 December 18

We still need to understand what are the best practices which we need to implement. We also don't know how it will scale once we start putting more load on it.

Dan Rabinowitz - PeerSpot reviewer
Director of Infrastructure at Arcadia
Real User
2018-12-05T07:52:00Z
05 December 18

In the next release, I would like to see better integration of multi-factor authentication vendors.

Related Questions
Netanya Carmi - PeerSpot reviewer
Content Manager at PeerSpot (formerly IT Central Station)
Oct 03, 2021
What are the pros and cons of each?
See 1 answer
03 October 21
Both products are very stable and easily scalable. The setup of Azure Firewall is easy and very user-friendly and the overall cost is reasonable. Azure Firewall offers a solid threat awareness, can easily identify threat risks, and gives users the ability to set filters to deny traffic from problematic malicious domains or IP addresses. Azure Firewall allows for the creation of virtual IP addresses, which makes it very attractive. Palo Alto VM Series can launch very quickly and makes it easy to move firewalls when needed. It offers great incoming and outgoing traffic control, which gives greater awareness with regard to threat and malware protection. Azure Firewall can be challenging when implementing across various regions and this solution could also be more customizable. Although it offers some great filtering options, it lacks some of the advanced features that some other solutions provide. Palo Alto VM Series can be a very complex solution to use and could be simplified. The VM series does not integrate that well with other solutions. It also does not have a cloud-based solution that offers a secure gateway, which can be problematic for many enterprises. The reporting processes need to be improved. We found that it lacks what many other solutions are offering. Conclusion Both the Azure Firewall and Palo Alto VM Series provide very secure options with regard to traffic control and threat awareness. As with many solutions, each of these has different capabilities that meet the varying needs of today’s complex and challenging business environments. While Azure Firewall offers ease of use and control overall, the Palo Alto VM series provides different options for more complex business situations. Choosing the best firewall solution for your enterprise really depends on the type of traffic, situation, and business.
Nurit Sherman - PeerSpot reviewer
Content Operations Manager at PeerSpot (formerly IT Central Station)
Aug 10, 2021
Hi community,  Is it required in your company to conduct a security review before purchasing a firewall? Also, do you need to perform reviews after (how often)? What are the common materials you use in the review? Do you have any tips or advice?  Any pitfalls to watch out for?
2 out of 23 answers
it_user904572 - PeerSpot reviewer
Owner with 1-10 employees
23 July 18
Yes, I recommend doing a security review regularly. Not necessarily before a firewall purchase unless you have not done one lately. Having the results of the review will help you understand what capabilities you need in a firewall. As an example, if you get a ton of login attempts from outside your country of origin but have no customers or partners outside the country you will want to have "country blocking" capabilities. There are a number of tools that can be used for evaluations. We currently use RMM and Security tools from SolarWinds. We have other tools as well. To perform a security review you have to have tools do the work. It simply is not possible for an individual to perform a thorough check without significant automation. We offer this as a service as well. Pro's: SolarWinds has a free version of some of the useful tools such as SIEM Security Information and Event Management (SIEM) Tool. You can rent some tools by going though a partner (such as us BayStateTechnology.com) Con's: Tools to purchase are a bit expensive. Performance checks that RMM uses is not accurate on large busy machines. Support leaves much to be desired.
Matthew Titcombe - PeerSpot reviewer
CEO & Sr. Information Security Consultant at a tech services company with 1-10 employees
23 July 18
The only question for a review would be based on your requirements. For example, does the firewall meet Common Criteria standards or other security controls. Generally, we suggest pursuing a NGFW and our initial recommendation is Fortinet. Good news is the NSS results put Fortinet as the #1.
Download Free Report
Download our free Palo Alto Networks VM-Series Report and get advice and tips from experienced pros sharing their opinions. Updated: September 2022.
DOWNLOAD NOW
632,779 professionals have used our research since 2012.