Palo Alto Networks NG Firewalls Reviews

We use three types of firewalls for comprehensive network security. Our perimeter firewall, a Palo Alto Networks NG Firewall, safeguards our network from external threats by controlling access at the network's edge.

Palo Alto Networks provides a unified platform by integrating its next-generation firewalls with Cortex XDR, an extended detection and response solution.

It also provides inline protection using ML, which detects almost 100 percent of threats.

Palo Alto Networks NG Firewalls are top-of-the-line security solutions. We are quite satisfied with their performance, as they have effectively addressed our security needs without any issues. Their robust features and reliability make them a valuable asset to our organization.

Palo Alto Networks NG Firewalls block up to 3,000 daily attacks on our organizations.

On certain levels, it protects our information. Luckily, I had switched to Palo Alto as our VPN solution for our users. We finished that in December of 2019, just in time for COVID to hit. We had a system that was able to support 650 to 700 users remoting into our campus through the VPN. This was a huge use case for us, as it was not intended to be the solution for COVID, but it turned out to be the solution for COVID. So, it was a great use case. Obviously, we want to protect our servers, virtual servers in the cloud, and on-prem. 

We have the eighth fastest supercomputer in the world. Unfortunately, we don't get to protect that because it has so much data going through it, i.e., petabytes a day. There isn't a firewall that can keep up with it. We just created a science DMZ for that kind of stuff as well as large data movers since we do weather data for the world. We research the ocean, sky, and solar weather. We have 104 universities who work with us around the world. Therefore, we need to have data available for all of them. We need to be protected as much as we can.

We started with Palo Alto 5060, then the 3060 came in, which was the next form. We have now switched to an HA system and have four firewalls as our base: a pair of 5220s and a pair of 5250s. We have been running the different OSs from PAN-OS 8.0, 8.1, 9.0, 9.1, and then 10.1. We are about to move to 10.2. We are in the process of doing that over the next week. We like to stay on the cutting edge because they are always adding more features and security.

We have it deployed in a number of different ways. We have our four main firewalls, which have two high availability pairs. One is set primarily for users and outward-facing functions. Therefore, our DMZ servers, staff, and guest networks are on one pair of firewalls. Back behind the scenes, labs and our HR department are on a separate set of firewalls. We call them: untrust and trust. Then, we have another set of firewalls, both in our Wyoming supercomputing center and in our Boulder main campus, which runs a specific program that has a DOD contract that requires more security, so they have their own set of firewalls. We also have firewalls in Azure Cloud for our tests and production environments. I am in the process of purchasing another VM firewall to put on the AWS Cloud. The last set that we have is at our Mauna Loa Solar Observatory, where we have an HA pair of just 800s because we only have a one gig radio link down the side of the volcano to the University of Hawaii.

We have between 1,200 and 1400 staff at any given time. Essentially all of them use the solution one way or another, either to access systems or through the VPN. We also have remote users who aren't employees but instead collaborators, and they can be anywhere in the world and remote into our systems. We then have people who are doing PhD programs at universities around the world who need to get into our systems to download data sets as part of their PhD or Master's program. Thus, the solution is not limited to our employees.

We have been around since the late 50s to early 60s. We were one of the original people who helped set up the ARPANET, which was a precursor to the Internet. Historically, our science has been open science. We want everyone to have it. The mindset has been that our network is flat and open to everything, and we have slowly reeled that in. Now, more of our stuff is behind firewalls. We are now going through a project where we are doing some more segmentation within the protected part. Each lab is protected from each other, or at least can be. They still talk to each other all the time, so we have rules for that. If we need to, we can shut access down right away because of the firewalls.

It was set up for VPN tunnels and inbound file access in my previous organization. We also had connections from our on-prem systems to any cloud systems, meaning Azure, AWS, or site-to-site VPNs.

We had a unified platform to look at and compare configurations between firewalls, the versions that we have, and what was available. We could do upgrades or updates to the firewalls using the interface.

Palo Alto Networks NG Firewalls are the best in the field in terms of usability and coverage.

Palo Alto Networks NG Firewalls did help reduce downtime. Because of the features that they had, we were able to push updates. We would do one site at a time. We had set up the cluster mode, so it saved the previous configuration, and then it went through the updates while the other one was running. It would apply the patch, recycle it, and make sure all the connections failover before going to the next one.

We rarely had any downtime. We were running 24/7. Most of the issues we had were with ISP. We did have multiple firewalls, and we were going through two different ISPs. Once one ISP was down, and then it was able to switch over to the other ISP automatically because of the way it was set up. If we had not set up the clustering or failover correctly with the Palo Alto Firewalls handling the two ISPs, it would have been almost a day's worth of downtime. When one ISP was down, if it had not automatically failed over, we would've had to go in and take care of this. This team was pretty much remote, so it would have easily taken us a day.

NG Firewalls form the edge between customers' networks and the internet. They often provide load balancing to multiple internet providers. In most cases, people use NG Firewalls for more than just a basic firewall function. 

The intrusion detection and prevention feature is usually the most significant piece that people want because it provides layers of protection against malware, ransomware, and things of that nature.

My colleague likes to tell our clients that none of his customers who installed a Palo Alto have ever had a ransomware attack. I'm always nervous when he says that because things change so fast. However, it gives people peace of mind that they're protected at the network's edge. 

The firewall is going to do everything possible to protect resources and data. We have customers with social security numbers, HIPAA data, and other sensitive customer information. Other products don't seem to provide the same level of protection and leave customers open to malware or ransomware attacks.

Palo Alto has many features to protect against data leakage and unauthorized downloads, so it can do quite a lot to protect a network against any attack. The leadership at our client companies feel reassured that they've done what they can with the best solution out there to protect themselves.

Smart people always do stupid things, like clicking on something they shouldn't. They often realize their mistake five minutes or five seconds after doing it. We've seen what these mistakes can quickly do to an organization. Palo Alto's features help you prevent those types of things from happening. You can immediately block suspicious file downloads and push those up to Palo Alto to investigate. You can get ahead of the problem and help other folks who might not have seen that attack.

NG Firewalls provide a unified platform that natively integrates all security capabilities. Having all those features in one platform at the edge is essential. That's a massive component of the customers' overall security structure. It isn't everything, but it protects the edge of the network. 

It does not prevent someone from getting their company laptop infected at home and infecting the network when they come to the office the next day. That's where other pieces come into play to make an overall security structure. The firewall is designed to protect everything at the edge and has everything you need to do that. It protects you at the edges and provides reports that give people information about what's happening on the network at a given time and date. 

NG Firewalls take care of any holes in the client's network and reduces the number of security tools needed. A decade ago, deploying these types of tools required multiple devices, whether that was Barracuda email, firewall, and an intrusion detection platform. Generally, people had antivirus and anti-spyware systems running in their enterprises. All of that is now integrated into the Palo Alto Firewall platform. 

The antivirus and anti-spyware features are as good as anything out there. It's updated constantly, so any novel threats are automatically detected. On top of all these features, it provides a solid edge platform that incorporates all of the security features necessary in that edge component.

Palo Alto Networks NG Firewalls are primarily used for perimeter security, typically deployed in pairs at most locations. Smaller sales offices often have just one, while larger facilities prioritize security with more firewalls due to their broader operational scope. These firewalls are also highly valuable in mixed environments where standardized security features are essential.

Palo Alto Networks NG Firewalls provides a unified platform that natively integrates all security capabilities. Panorama is our single console that allows us to do all things Palo Alto. We are a value-added reseller. Some customers specifically request Palo Alto firewalls, while others need guidance and comparisons. 

Palo Alto Networks NG Firewalls are considered some of the most secure firewalls available, offering robust protection when configured with strict security rules. Palo Alto firewalls maintain consistent security functionality across all models, with the primary difference being throughput capacity. While they previously faced criticism for their licensing model requiring separate purchases for features like URL filtering, their advanced malware detection, Wildfire and other integrated tools like IDS, IPS, and SIEM reporting provide comprehensive threat protection. Furthermore, their single-pass processing architecture mitigates the performance degradation typically associated with enabling multiple security features, ensuring consistent performance even with advanced threat protection enabled.

It can help reduce downtime caused by malicious insiders. If an employee intends to steal data on behalf of a competitor, these firewalls can help prevent data exfiltration and maintain network availability.

These are gateway firewalls to the Internet for every site. At a majority of the sites, we use the firewall as our gateway for the network below.

Previously, we used them just for the Internet firewall and Internet security side. However, in the last year or two, we have started to migrate them as the gateway routers, e.g., as gateways for the networks below. They are doing Internet firewalling as well as firewalling for the networks below.

We are using the PA-220s, PA-440s, PA-820s, PA-3250s, and PA-5250s. We are using all of those hardware models. Then, we are running the PAN-OS 10.1.3 on those.

We have around 40 locations worldwide. At minimum, we have one Palo Alto Networks NG Firewall at each location. At some of the larger sites, we have two Palo Alto Networks NG Firewalls in HA configuration. Then, at our headquarters and disaster recovery site, we have two at each site.

The WildFire feature that they offer is very nice to have. The URL filtering that they offer has been a great help to us as well. We have found with the URL filtering that they offer that we are able to categorize what traffic can go outbound to the Internet from our internal network. By doing the URL filtering, we are able to say that we are not allowing gambling, adult content, or certain URL categories that we just don't want to allow. Then, with WildFire, that helps detect any viruses coming inbound or on east-west traffic inside of our network.

Palo Alto Networks NG Firewalls embeds machine learning in the core of the firewall to provide inline, real-time attack prevention, which is very important. I got an email saying that there was going to be a new 400 series firewall, and it was talking about the ML and AI features that it is offering. That is very exciting to see coming for all our firewalls.

We have the Palo Alto Next-Gen firewalls as well as Cortex XDR for the antivirus side. We are making use of Cortex XDR and Data Lake to correlate the data. We definitely see the benefits of having all that in one unified platform. Some of my colleagues are able to see how certain malware security incidents can correlate to how the virus or malware came into the network, then how it traversed our network based on the XDR information.

I can manage 1,000 firewalls from a single pane of glass.

In my previous company, we used Palo Alto Networks NG Firewalls for the government, specifically for the Security Operation Center (SOC). We used it not only for on-premises but also for the cloud infrastructure in AWS. Instead of using the cloud-native firewall, we implemented Palo Alto Networks NG Firewalls to inspect the traffic.

The version we work with varies based on the customer.

Palo Alto Networks NG Firewalls reduced the downtime. We upgraded the primary and then failed over to the secondary, so there was no impact on the customer. There was just one ICMP packet drop.

The IPS with firewalls is very important. We do not have to buy a separate appliance. We have just one firewall. We have the single-plane and parallel processing. The traffic is spread from layer 2 to layer 3 to layer 4 to layer 7, including the applications. There are also antivirus, spyware, and vulnerability checks. It is very important to inspect the traffic.

We use Palo Alto Networks Next-Generation Firewalls in our data center to manage security for both east-west and north-south traffic. These firewalls provide comprehensive protection for various traffic types, ensuring secure communication within the data center and between the data center and external networks.

Palo Alto Networks Next-Generation Firewalls provide a unified threat management solution with various security features, including threat prevention, URL filtering, security policies, and zone protection. These features are crucial for internet-level protection, enabling URL filtering, threat prevention, security policies, user identification, and a comprehensive VPN solution for site-to-site and remote access connections.

Palo Alto Networks Next-Generation Firewalls include WildFire, which uses machine learning for inline, real-time threat prevention.

It effectively secures our data centers with their application-based approach. Unlike traditional firewalls that solely rely on port numbers and IP addresses, these firewalls identify applications to determine whether to allow or block traffic. This enhanced inspection ensures only legitimate applications access the network, providing robust security.

It has also helped us reduce downtime because the failover is very swift and the performance is good. This offers us good throughput and parallel processing.