Palo Alto Networks Advanced Threat Prevention Reviews

There have been updates to the solution recently that have ramped up protection. Before this, we had a lot of hacks on the network, specifically in the cloud environment. After the proper implementation of that product, we've not had one hack attempt. The last six months have been very good.

The solution offers a feature to show which traffic is the highest on the network, and which traffic is the lowest. There's also a feature that scans incoming and outgoing traffic, and one feature that is able to flag a suspicious IP address. These are all valuable features. With the IP address flag, I was able to see that I was being hacked. The moment there was an interaction between somebody on my network and that IP, the solution was able to flag it, and we were able to protect ourselves.

The solution needs to improve Reverse DNS functionalities.

Right now, when you check the IP address, it tells all. It assumes that that IP address is locally available on the inside. When the request is going back to me it's supposed to do what we call rights. Instead of giving me the public IP address in my response, it's supposed to give me the private IP address or the local IP address so that I can reach the device locally. That's the challenge right now.

Sometimes when you want to group a set of ports, and communicate with Palo Alto, you cannot group TCP and UDP ports together. This needs to be adjusted.

The solution is stable.

The solution is quite scalable.

Apart from software updates, we've not had any reason to reach out to technical support, so I don't have much experience with them.

We've previously used Cisco, Salesforce, and Fortinet. We last used Salesforce, and we mainly switched due to the cost of the solution.

The initial setup is straightforward.

We handled the implementation ourselves.

We use both the cloud and on-premises deployment models.

I'd rate the solution eight out of ten.

The primary use is for application control and encryption.

The application control and vulnerability protection are the most valuable features.

The IPS can be improved on the solution.  The itineration, for example. Also, if additional features, like SD Wan, etc. can be added. This would be helpful.

Other additional features that could be added include Individual Traps. In terms of enhancement for overall protection, we would like more Traps or other solutions that are developing within the firewall.

The solution needs to improve its local technical support services. There is no premium support offered in our market.

The solution is very stable. We've used it a number of years and never had any problems. However, only just recently, we found a bug on the model 2220. Other than that, the solution is quite stable.

The scalability of the solution is very good. In our company, we have about 2,000 users.

Technical support is okay, but we have an issue here in terms of local support and company support. Palo Alto doesn't provide premium support directly. It forces us to use third-party support and local distributors. Sometimes it's difficult for us to communicate and get support.

One of the reasons that our clients choose Palo Alto is because they have complex networks, therefore the setup is typically also complex.

Compared to other security offerings, Palo Alto is very expensive. Palo Alto also doesn't offer many discounts. They may discount as much as 15%. However, in comparison, Cisco can give a discount of up to 85%.

We work with the public and private cloud as well as the on-premises deployment models. Our role is to implement security solutions at our customer's premises. The deployment depends on the infrastructure.

I would rate the solution seven out of ten. As a next-generation IPS, it's a very good firewall. I would recommend it.

We use it to upload, delete, and list what to publish on the net to block websites and even posts.

Recently, I blocked Adobe Acrobat Reader. When you install it on your PC, sometimes it contacts the internet and opens some posts. Thus, it can be easily hacked by a user on the internet. When you browse for this kind of list, you can easily upload it on Palo Alto without any difficulty.

It's very easy to use and configure.

What is nice about Palo Alto is that even if you don't understand how to use it, you can just click on upload and upload everything that needs to be blocked.

It also has signature-based prevention.

The interface is really user friendly. You can easily see what sites you have been blocking and their criticality. 

You can also capture packets from this tool, which is really nice.

The cost involves the price of the hardware, which is expensive. However, most of the Palo Alto solutions are expensive.

These devices cost a lot here in Mauritius, for example, one device can cost approximately $4,000. The cost for the license would be in addition to this.

I would rate this solution at ten on a scale from one to ten because I've never had any issues with it and have never been hacked.

We primarily use this solution for general user security and protection. In our organization, there are around 250 users, using this solution.

Its simplified management interface, self-updating, and self-alerting systems require very little management overhead.

Edge protection is a valuable feature. Also, WildFire I think has been the most valuable active protection against a zero-day.

It's also very intuitive and user-friendly.

I have been using this solution for roughly five years.

Both the scalability and stability of this solution are fine for our needs.

The technical support is excellent; I would give them a nine out of ten — their response time could be better.

The initial setup was pretty straightforward. 

We had an SE help us with the installation.

The pricing has improved with the newer generation of their Firewalls, but the price could always be lower. In comparison with other solutions, I believe they're quite competitive.

If you're going to use this solution, you should have a professional set it up for you.

On a scale from one to ten, I would give this solution a rating of nine. They're cutting edge. They're one of the leaders in the industry, and they're continuously improving their product.

We use this solution for the security of our organization. It protects the LAN and WAN traffic.

We have two boxes that have this solution for threat prevention. Some of our servers also have Palo Alto agents installed on them. 

We have an on-premises deployment.

This solution has more than just the threat prevention by itself. It's also a Firewall and many other components.

The most valuable features are the simplicity, transparency, and overall ease of management.

The price of licenses should be lowered to make it less costly to scale our solution.

I would like to see consolidated licensing for on-premises solutions. This would give us all of the features available for the one box.

This is a stable solution, and we have not had any issues.

For ten years we have had a high-availability network. There have been outages as the result of power, or our network, but nothing that is a result of this solution.

Scalability is not a problem from a technical standpoint. However, the price of this solution makes it hard to scale.

We have approximately one thousand users.

The initial setup was simple, but it's been ten years since then and we have grown. The migration has also been simple and straightforward.

You can have a network with thousands of machines with only a few security rules to migrate, or you can have a network with only a few machines and thousands of security rules that make it difficult to migrate.

If you want to have all of the good features then you have to pay extra for licensing.

Security in business is an important issue. There is a difference between the quote and the end price of the end product. Some vendors are impressed with the numbers they see on paper, then they start to use it and compare it and assess the ratio between the quote, security, and final price of the end product. It is important to consider the people who will maintain the solution. For example, if you don't have a large team in your organization, then one person is tasked with several duties, as opposed to having several departments with equal responsibilities. These are all things to consider when it comes to security.

Sometimes, when you have more than one security product running, they fight with each other and it can make things difficult. In the case of this solution, things have been very smooth.

So far, there have been no security issues and we are absolutely happy with Palo Alto Networks.

It is easy to test out a trial version, but there is a problem with that. In my experience, after paying for the solution, it takes time to get to know it. There are complex things that may take half a year to understand how they work. In some cases, it is simple testing at the beginning, but over time you might find problems. With Palo Alto, you can ask for extended trial licenses, which is not something that you get from a lot of vendors.

I have spent a lot of time in IT and I know that there is no such thing as an absolutely perfect solution. This one is easy to use and works well in our organization, but it might not be as suited to another organization. This is a product that I recommend, although it depends on the environment. Every product has pros and cons. Good planning and good testing is the best way to choose the product that best suits you.

I would rate this solution a nine out of ten.

We are resellers of this solution so we facilitate technical services to our clients. We maintain Palo Alto for what we are responsible for maintaining, on the latest version of the software.

It's a monster, it's got so many beautiful features. We do deal with other firewalls and we've got a better idea of what other firewalls' capabilities are. In any comparison with the Palo Alto, I liked the quality of service on the applications that you can control the amount of bandwidth an application is allowed to consume. The best feature is the quality of the application quality of service.

We haven't had any stability problems. Maybe once or twice the cache was released fairly quickly. There were no stability issues.

There isn't a firewall on earth available at the moment that's more scalable than Palo Alto. It's in the tens of thousands. We are servicing clients and we tally all the users from those clients together and it's in the tens of thousands, maybe hundreds of thousands. We are a reseller, so I can only speak in terms of our clients. We have at least tens of thousands of users. Palo Alto is the most scalable firewall out there by far.

In Africa, the technical support is probably not as good as in Europe and the USA because it's a specific premium support, partner-enabled premium support and all of that. But it's really good, I don't really have any complaints, it's fairly good. I'll give them 80%.

One of the reasons we chose the Palo Alto firewall is because it's probably one of the simplest firewalls to set up, it's very intuitive. We've done probably around 50 deployments and depending on the size and scope it takes around five hours but sometimes an implementation could take five months. It's very difficult to say how long it takes, but if you compare it with other firewalls, the implementation cycles of Palo Alto beat them hands down.

The pricing and the licensing are pretty competitive at this stage. As a reseller, I would like to see the price come down a little bit so I can compete better against other firewalls because we do that all the time. Especially on these smaller firewalls and so on, we need to be a bit more competitive. Palo Alto is a company that focuses more on the high endS, high-speed class type of massive organizations and firewalls and so on, which is why they are the most scalable firewall. In Africa, the organizations tend to be smaller than you would get in Europe, the USA, China and those types of places so we tend to sell more of the smaller firewalls. Palo Alto's smallest firewall at this stage is very expensive which makes it difficult, but then again it's just not the area that they're really playing in. It still outperforms any of the other firewalls.

It's a brilliant product, we periodically look at several other firewalls to stay on top of their capabilities and so on, and it's the best bang for your buck that you can get. Some of the other firewalls are starting to catch up. I implemented a baby, which could be regarded as a baby Palo Alto firewall. We pushed through in a single day with everything switched on, all the capabilities switched on, we pushed through 4.3 terabytes of data per day. Which is phenomenal for such a baby, little firewall, with all the capabilities switched on, it's absolutely mind-boggling that it handled that, and it did. It was at a university that we implemented it. 

The advice that I would give is to partner with somebody that has the necessary skills to implement it. Buy from somebody that has proven skills to implement the product because if you don't have a partner to implement the product, that knows the product, and is qualified, it's pretty useless buying the product.

I would rate this solution a nine out of ten.

For a total overall solution, Palo Alto Threat Prevention can satisfy most of your needs as a company. Right now, we are implementing Cisco ASA and renewing our Palo Alto license.

All of the Palo Alto Threat Prevention functions are good. We feel like the product is comfortable to use and is what it should be. 

Palo Alto Threat Prevention is recommended for large enterprise organizations and SMEs. We have good results on our follow up calls with clients using the software.

Most of the features of Palo Alto Threat Prevention are alright. I recommend features like content filtering, IP address, & intelligent firewalls. The reporting feature is very good.

In most areas, Palo Alto Threat Prevention is a fine choice. The application is very good. The most important feature we find to be the NCR Reader. It is best for application security. I don't know how they could improve it more. The application is already working fine with good results. 

Support is really good with Palo Alto and we are resellers of the software to our customers. They will let us know how they find it valuable after we implement it. Most of our customers have found Palo Alto Threat Prevention very good to use. We have a number of customers in the market. Everybody is happy with the product. Overall, Palo Alto Threat Prevention doesn't need much more. From a general point of view, you get everything. If it is content filtering, it should be no problem.

The stability of Palo Alto Threat Prevention is very good when compared to Cisco.

Generally, to deploy it will take some downtime, about a day. For customization, it will take you a little more time. For the maintenance, around one week. It depends on the project.

For most projects, I have around three people dedicated to product support and maintenance.

The scalability of Palo Alto Threat Prevention is very good. For most of the requirements, we find it very easy to implement and deploy.

We have about 20,000 users on Level One, 80 agents at Level Two, and around 30 big operations on Level Three.

For me, Palo Alto Threat Prevention customer support is very good. I am happy with the technical support from Palo Alto.

We just replaced a firewall, so we didn't find the setup to be complex. We have network rules to convert. For the rules and connections, we use tools from Palo Alto to convert them.

We implement the firewall setup for our customers. It generally takes a little bit of time, i.e. one or two weeks to customize the policy that they use. 

The old rules we can remove with Palo Alto Threat Prevention, which is nice.

We take licensing on a yearly basis. Palo Alto provides a straightforward cost structure on the annual plan.

If you are a first time user, you should be pretty pleased with it. I would rate Palo Alto Threat Prevention a nine out of ten.

We primarily use the solution as a firewall.

It's not so easy to set up a test environment because it's not so easy to get the test license.

The vendor only gives you 90 days for a test license; it's a tough license to get.

The stability of the solution is quite good.

So far, scalability is okay, but you don't really need too much scalability in a firewall solution.

Technical support is good. We do get some support from the reseller.

We do have other solutions that we run in parallel, but it isn't like we had one solution and then we switched to Palo Alto.

The initial setup was straightforward. It's quite easy. Deployment took one to two weeks.

The pricing is a bit higher than the competition, but it's okay. The cost seems cheaper than Cisco's Firepower.

We use the on-premises deployment model.

The solution is very good, especially compared to other solutions. I would rate it nine out of ten. It also offers re-instruction detection and prevention software, which we also use in conjunction with the Threat Prevention solution.