Palo Alto Networks K2-Series Reviews

Until recently, most of my time was spent implementing this product and our company still does that. As a security solutions architect, I'm now more focused on the architecture and that side of things. We're partners with Palo Alto. 

It's a very good product, simple to use. The visibility is very, very important, and that's good with Palo Alto. The solution has simple integrations with the domain controllers and other inventories, which the endpoint traps by cloud which is very important. It's an easy firewall, very easy to configure, to monitor, and to use. It's easier than Forte, for example. 

The solution could be improved with more dedicated reporting about the user's context. For example, if I need to have a summarized report that includes uses as well as consolidating the user's activities, threads and applications on the endpoint machine, Palo Alto does not have the visibility for the endpoint in their firewalls. If I want to have a report from the firewall that summarizes user application from the user side, rather than the server side, Palo Alto software does not have that information.

Other vendors, such as Cisco, have that in their profile. You can generate a report from Cisco firewall and it will tell you that you're using the internet, and using Firefox or Google Chrome. Palo Alto doesn't have that extended visibility to the end point. 

It would be the same for additional features - I need to have the visibility of the endpoint application, endpoint context. It's an innate feature in Cisco firewalls. I don't like the style of Forte, for example. It has email spam over the firewall. I don't like this feature, and I don't like to have features that are not really good for out of the box. What Forte does have that is good is an explicit proxy capability and Palo Alto could include that.

I've been using this solution for more than 10 years. 

Palo Alto is stable. They used to have some issues but now they're good. All software has a vulnerability, but stability here is fine.

It never used to be scalable but they've recently added a cluster mechanism so you can scale as much as you need. I've spoken to them and they're going to make an announcement about it later in the month if they haven't already. 

Palo Alto support is good, I contact them all the time. They have two kinds of support: Premium, which allows you to contact the vendor directly, they open the case, and you communicate with Palo Alto and they'll help you on the spot. There is also Partner support. I would not recommend that to anyone. 

Palo Alto is the easiest solution in this field to implement. 

Implementation depends on the use case. For example, if you implement on the edge, or you implement on-prem, or you implement on the internet, it's different from implementing to the data center. It's generally a quick process. It might take around two weeks, depending on the number of applications in the data center. If you're using solutions like Forte or Cisco, they will take longer. 

The number of people required to implement also varies depending on how you plan to implement - whether over the internet or if you deploy through the application theme. It requires communication between all parties. 

It's a good product. I would suggest people think about the design, the architecture, what they have and the applications. If they have a different kind of firewall, if they have an internet firewall, they can use the Palo Alto tool. Or they can use something else depending on what they have on their network.

I recommend Palo Alto because it's a platform as well as a firewall and it has a lot of features. I would suggest testing the features and trying to get all the benefits of all the functions in the box. 

I would rate this solution a seven out of 10. 

The most valuable feature is availability.

There are a lot of bugs in this solution.

We have been using this solution for three years.

We have approximately 3,000 users and we have no plans to increase our usage at this time.

I am satisfied with the technical support.

We are also using Cisco Firewall products.

We have installed many firewalls and continue to do so on an ongoing basis. The biggest one took perhaps three months.

The price of this solution is too high.

This is a product that I would recommend. My advice to anybody who is implementing it is to make sure that you have full control over all of the features that you are using.

Overall, the features are very good but the price is too high.

I would rate this solution a seven out of ten.

The primary use for this solution depends on the preference of a customer and to some extent their existing environment.  

We have to establish things like:  

• what are the business requirements  
• how we can utilize what is existing or if the client needs to upgrade equipment  
• what kind of servers do we put in  
• what kind of servers does he have on cloud  
• what kind of servers do we have on-premises  

So it all depends on the customer's requirements. If a query comes up with a client, I am happy to answer that and provide a resolution but the situation needs to consider specific needs.  

The thing I like the most about Palo Alto is that the IPS system is the strongest you can get. Even if you check with resources like the NSS Labs or Gardner — anywhere else — they all say it has the strongest IPS. It holds true even over the past five years. They are the leaders in the field.  

The reason I believe in my eyes that the IPS is the most valuable feature in Palo Alto is that the IPS is basically protecting everything. I think every two or three hours the database for the IPS signatures gets updated.  

One more feature of Palo Alto, which is not in Fortinet if you compare, is decryption. Palo Alto firewalls are doing SSL inspection and they are doing decryption as well. If we need SSL inbound inspection it is available in Palo Alto but Fortinet does not have this feature. They are not doing SSL inbound inspection. It is one more thing I would like to include as a positive feature of Palo Alto in my opinion.  

There is not really anything that needs to be improved in the product. It might be nice if it were possible for newer users to get a higher level of support.  

The company I work for now is a business I more recently joined. It has been about two years with the company but I have been dealing with Palo Alto products for 10 years now.  

We are talking about a firewall and we are not talking about a simple machine. We are talking about a machine that is not something you can just make simple. We are not talking about a general machine, so it does not really have general features. It does have multiple features. It does have processing engines — the parallel processing of Palo Alto — which is great. The stability will depend on the configuration and use. You really only have two options. You can either go for Palo Alto, or with Fortinet. These are the leaders of network security right now, so I guess those are stable or they would not be popular.  

Palo Alto has got a lot of customers now — even in the middle East. Almost every version has been scalable. That is the main reason that people are buying the product. I am satisfied with the scalability.  

The quality of technical support usually depends on your support level. If your support level is 24/7 365 then obviously your support is going to be perfect. But if you did not purchase that support, you will have some other level of support which is not 365 days. For example, they have an option for eight-by-seven which is eight hours per day seven days a week or something like that. The eight-by-seven support is not good in that case if you need it often or at times when it is not available.  

I have worked for Palo Alto as well as consulting about their products and they are really good at what they are doing, but there are pros and cons for every product. This applies especially to the goals when it comes to support. Most of the customers are not educated enough to do hands-on technical stuff on a product that is new for them every time even if they have experience with similar products. They need support because the basic concepts are essentially the same for firewalls everywhere, but the operating system and the way it does the processing is different for every type of firewall. So new users of Palo Alto may require support to set up most of the things, and if a user does not have the level of support he needs, he will be facing issues. He will not be able to finish his work on time.  

I really feel that all products have some level of technical support issues. Every product has pros and cons and even in the support level. A lot of times we will not find support in our same region. It would be located in different regions. So it happens to be pretty much normal for IT. People probably do not feel that is a good issue to face, but issues in the support are actually fine. That is manageable.  

I do have experience using next-generation firewalls, traditional firewalls, NDN (Named Data Networking) firewalls, distributed firewalls, and NSX. We still use various products but I prefer to use Palo Alto because of its capabilities.  

I am actually satisfied with the pricing of Palo Alto even though it is expensive. If you are talking about using products by a leader in the field and it is a bit expensive compared to other vendors, then that is totally fine for me because you are not compromising your security. In many other cases — like if there are budget issues — the companies can always go for Fortinet. It is also a good firewall, but it is cheaper. If you have got the budget to purchase Palo Alto, get it. If you do not have the budget, go for Fortinet or any other firewall.  

When we were looking for some different solutions, I was looking for comparisons between AlgoSec's firewall and others. I have been trying to research basically right now before purchasing another solution. We are looking for firewall management. We have multiple-vendor firewalls and we are looking to manage them from one console. From there I can manage all my multi-vendor firewalls, DMZ, internal firewalls, group firewalls, et cetera. That is why I was looking at AlgoSec, because it is capable of doing re-certification as well as integrating with NSX as well. There are a lot of things it can do. AlgoSec seems to meet my basic requirements for the solution.  

We are using multiple vendors like Cisco, Palo Alto, Fortinet, and Juniper. We are not limited to one vendor. We have different environments and different firewalls for each environment.  

But mostly, in the current market over here, the clients are preferring to go with Palo Alto as a DC (Data Center) firewall to use internally because IPS (Intrusion Prevention System) is really strong. As for Fortinet, people are preferring that as a solution for DMZ.  

On a scale from one to ten where one is the worst and ten is the best, I would give Palo Alto a rating of nine-out-of-ten.  

I would not give the product a ten and it is not really because there are additional features can be included to make it a perfect ten. Nobody is perfect. Based on smaller support issues is not really something I can rate a product on. Based on their performance in being a leader of these technologies and the leaders and the inventors of next-generation firewalls — based on that, I am giving them a nine. They have better processing which Palo Alto is the only one doing. Based on that and IPS system I give them a nine. And because I am not a perfect guy, I keep one Mark.  

The solution was a firewall that bridged the internal systems with their DMC equipment and/or restricted systems access that wasn't generally available to anyone outside of the organization.

The solution gets the access controls down to an even more precise part of the network traffic. It's not just any user going to an IP address or going to a port to get on the network. It's very thorough.

Our organization liked the fact that it wasn't just firewalls that handled addresses and ports. It also handles actual URL inspections. 

The solution is at the cutting edge of technology. 

The solution has good at controlling restricted access.

Palo Alto has better and finer controls than, say, Cisco or Check Point.

The solution is very strong from a security standpoint.

It's like anything else. What's good today might not be in a day, a week, a month, etc. The solution needs to constantly be adapting and updating.

The solution needs a series of OS changes.

I have been using the solution for five years.

The stability of the solution is rather excellent. It is really stable unless somebody messes up a configuration. We didn't face any bugs or crashes or have any issues with glitches.

The solution was scalable for our purposes. We distributed it to three or four different locations and these were all internal edge firewalls. It wasn't more than a half a day to get any new location up, once the network equipment was in place. (For example, switch hardware, cables, etc.). We would just bring in the hardware, set it up, connect to it, and finish turning it on.

The technical support is excellent. There haven't been problems that they couldn't resolve quickly. Pretty much are all cases that we had were dealt with to our satisfaction.

Prior to Palo Alto, we had been using Check Point. There wasn't a technical reason that we switched. As an organization, we just periodically switch technologies.

I can't really answer any questions related to the initial setup as there was another person who handled it. However, I do believe it was straightforward for them. My understanding was that deployment only took a day. It wasn't a long process.

For the initial deployment, I'm pretty sure they used a subject matter expert. After that, the organization did not need outside assistance. One of our own team members ended up becoming the subject matter expert for a lot of the implementation strategy.

I don't have an idea of what the licensing costs are.

I'd advise companies considering setting up the solution to make sure they have a trained team. If the team doesn't have any expertise with this type of firewall, then they've got to take some training. The training's pretty good and once you understand the concepts, it's pretty quick to put together. 

At the time we implemented it, it was easier than Check Point and the Check Point had a lot of similar capabilities. It also offered finer filtering on what was going to be allowed through various parts of the firewall ports. 

I'd rate the solution ten out of ten due to its reliability and ease, and the consistency of configuration.

K2-Series' best features include its scalability, which is the best on the market, and its continuous development of new technologies and features.

Palo Alto releases a lot of bug fixes for their firewalls, which means it's necessary to do frequent upgrades. They should work on decreasing their bugs so that upgrades aren't needed so often. They also don't always ensure that their upgrades are available for older firewalls.

I've been using K2-Series for two to three years.

Palo Alto's firewalls are the most stable on the market.

K2-Series is scalable.

Palo Alto offers two different types of support - partner-enabled and direct. The direct support is a bit expensive because it allows customers to open cases directly with Palo Alto techs. In contrast, the partner-enabled support goes to the ticket distributor, which can be time-consuming. In general, it can be hard to get answers from Palo Alto's support.

The initial setup of the firewall was easy and took between five and ten minutes. However, implementing DNS or IoT security or packing working features requires assistance from an integrator or professional service.

If you compare K2-Series' quality with its price, I think it is reasonable.

I would rate K2-Series nine out of ten.