Palo Alto Networks NG Firewalls Reviews

Solutions like firewalls and routers improve any company. If you don't have them, then I wouldn't be doing business with you. 

Palo Alto has embedded machine learning in the core of the firewall to provide inline, real-time attack prevention. That's big. We're embedding that type of security and information into every part of our corporate network as well as our products.

It has helped to reduce downtime in our organization. The savings are probably in single digits.

I typically get involved with it when it comes to audit and compliance and having to gather evidence of those firewalls, routers, and rule sets. The evidence that I typically need is there.

We got a lot of integrations into it, but I don't know if it integrates with all.

I don't deal with it from a day-to-day perspective, but I can say that the evidence that I typically need is there, but sometimes, it's a task to actually get it and pull it out. They can make it easier to gather that evidence. From our NetOps team's perspective also, they can make it easier to manage and constantly update those rule sets.

I don't know for how long exactly we have been using this solution, but I've been aware that we've had them probably since about 2016 or 2017.

It's very stable. They are highly ranked within their space.

It's a good product for securing all types of workplaces. It's specifically good for data centers, which are all brick-and-mortar houses. Small businesses must also have it because they don't have the ability to have everything in a cloud or virtualized firewalls and other things like that.

I haven't dealt with their support team.

I was not involved in its initial deployment.

I am able to gather some of the evidence and things that I need. Our NetOps team uses it heavily, and they love it.

I would assume that it's still within mid-range given its company structure and everything else. My guess is it's still okay.

To someone at another company who says, “We are just looking for the cheapest and fastest firewall,” I would say that you just lost the customer because I'm not going to do business with somebody who is going for the cheapest. I'm always looking for a vendor or customer that has more input and cares about the security of their systems.

The value received from attending an RSA Conference includes prizes and other things, but on a personal level, I love the tech talks, knowing about a lot of industry changes, and different product solutions being showcased.

RSAC definitely has an impact on our organization’s cybersecurity purchases made throughout the year. One of my main roles is vendor due diligence, so I come to RSA quite often, and I have conversations with many different sales engineers who can explain the security of their products because that's what I focus on during our onboarding process. 

Overall, I would rate this solution a seven out of ten.

We deployed Palo Alto Networks NG Firewalls for inbound and outbound protection, as well as DMC protection, in our data center.

The key aspect of this solution that provides the most value is its next-gen capabilities, which represented a significant change for us. Previously, we had been using Check Point.

We switched to this solution due to its advanced next-gen capabilities, which allowed us to create rules based on applications rather than ports or protocols. As a result, the solution became much more relevant to our needs compared to our previous solution.

Palo Alto Networks NG Firewalls allowed for more flexibility in defining rules, as it was based on applications rather than strict port and protocol definitions. This made it easier to adapt to changing needs and configurations.

We were able to automate things using the API. Savings are minimal, but we save a significant amount of time when we deploy rules that we learn when we deploy the policy. Is the process still the same? Perhaps the implementation will take only a few hours or minutes.

We have been exclusively using it for the Next-Gen firewall, MDPN, and remote access for a while.

It integrates the core capabilities into one.

To make it more affordable, we had to separate the integrated features into individual components. The integrated solution was more expensive than when we broke it down into separate components.

I have been using Palo Alto Networks NG Firewalls for over five years, and perhaps even as long as ten years.

The stability of Palo Alto Networks NG Firewalls is very good.

We have upgraded it several times for additional features, and we have never experienced any crashes or performance issues. Overall, it has been quite stable.

In terms of scalability, the cost is a limiting factor. We can buy a large number of them, but it would not make financial sense for us to do so due to the high cost.

In contrast to the cloud environment where you can scale incrementally and horizontally, in our case, we have to purchase the entire unit. As a result, scaling our responsibilities becomes challenging.

We have around 2,000 compute resources that need protection, so getting a large firewall is necessary to safeguard our environment.

Technical support is very good.

I would rate the technical support an eight out of ten.

F5 and Cloudflare are types of support that were really good. There is no escalation whatsoever. The first person you get to already is the top-notch technical person.

With Palo Alto, you have to escalate, but eventually, you get to a good one.

Positive

The deployment process was easy.

We used a migration tool to transfer from our previous firewall to Palo Alto, and it proved to be quick.

We received support from a Palo Alto sales engineer.

While Palo Alto is expensive, it's still the better option compared to the other two vendors that were evaluated since they didn't provide the necessary performance and benefits.

Overall, the expenses for Palo Alto are manageable, and it's worth the investment.

It's too expensive.

Although Palo Alto is a good and fast product, it is not the most affordable option out there, and it may not be the easiest to use.

We evaluated Cisco and Fortinet.

During our evaluation process for selecting a firewall vendor, we prioritize performance as the number one factor. 

Price range is ranked second in importance. 

Other important factors include ease of use, API support, and next-gen features, all of which are used as evaluation criteria. We have previously used Magic Quadrant, but it is important for us to carefully choose our firewall vendor.

Integrating machine learning at the core of Palo Alto Networks NG Firewalls would be highly beneficial. The ability to automatically detect threats without the need to create rule sets manually would be a game changer.

Attending events like RSA is valuable to me because it allows me to explore different vendors and products. Sometimes, I come across new vendors that I haven't heard of before, which is good.

Attending events like RSA can have a significant impact on our company's cybersecurity purchases throughout the year. If we come across a new vendor with a fresh approach to protecting the company or identifying threats, we are definitely interested in exploring their offerings.

I would rate Palo Alto Networks NG Firewalls an eight out of ten.

We are using it for network layer protection. And we have added all the Layer 7 protection there is, such as sinkhole protection and spyware and adware detection.

When you have the advanced URL protection enabled on a Palo Alto NG Firewall, the load on the application layer is reduced. The web application firewall features are already enabled in Palo Alto and those features give you an extra layer of protection, even if you have another technology above the Palo Alto firewall. That extra layer of protection is an opportunity that we have with Palo Alto.

The most important thing is that it's really user-friendly. I have almost stopped using the CLI because I like the graphical interface. You can do whatever you want on a single screen, including all the configuration and implementation, using Panorama. You don't have to switch from one place to another. And the best part is that you can manage multiple Palo Alto devices. We do have other companies' devices and for them we need to go to the CLI. But with Panorama, you almost get everything you need. It is very important for managing all the technology and features on the device, and for adding multiple devices, on one page.

Palo Alto also gives you a lot more options to troubleshoot and fix problems. That really helps our operations team.

Another valuable feature is the sinkhole option. If a malicious packet travels across the firewall, the firewall detects it as malicious traffic but it doesn't stop the traffic then and there. That way the attacker assumes that they have been successful but they have not. It's a type of honeytrap. It allows us to keep on responding to those packets.

Also, when the firewall does network discovery it can detect a malfunction or bugs or a configuration issue. That is very important. If your endpoint system is not functioning properly, it gives you an extra layer of protection in the network discovery field. It shows you all the options and all the data if your system is not compliant.

The Single Pass architecture is a nine out 10. A single pass is always good.

Palo Alto keeps coming out with antivirus and malware updates. When we have to integrate those updates we face some problems with the cloud platform, not the on-prem setup. The device works fine, but sometimes the sync doesn't happen on time.

It's not an issue that happens all the time, just sometimes. It's not a major issue. The device doesn't go down. It is not a priority-ticket situation.

Also, while Palo Alto is doing really well, they should bring out some small devices. As of now, we have the PA-800 Series firewall and the 440 Series firewall. A small Palo Alto firewall would be helpful for low-budget companies.

For the last six to seven months I've been using Palo Alto Networks NG Firewalls for architectural purposes. My job is to build infrastructure for our clients to support their functions. I also used Palo Alto for other clients in my previous organization for almost two years.

Scalability is something that I assume is feasible when you have Palo Alto in the cloud. In that case it's feasible to scale it very well, and you don't have to manage it. You just need to order it and it can be scaled per your request.

But with an on-prem setup it can be difficult if you want to scale anything. Then you need to order the physical device and do all kinds of configuration. I haven't really worked on scaling physical devices.

Support is really nice, but they keep on adding features, so regular training is really required for Palo Alto technical support. Every other day, every week, every month, they come up with something new. Sometimes, even technical support doesn't know about an update when it is still in the transition phase. They should have short-term training to be aware of when they are launching a particular new feature.

With more and better training, they will end up saving a lot of time, because they won't have to search for information or ask their colleagues or their engineering team about new features that have been added. That way, customers will be happy.

Positive

The initial deployment is absolutely straightforward. It's a very easy configuration. You just need to follow the instructions.

And the best part is that you get a lot of training material over the internet. I used to think that Cisco gave the best training materials over the internet but I was wrong. If you have any problem, you can Google it. There will be a lot of answers for Palo Alto NG Firewalls on the internet itself.

If everything goes well and if you don't have a major configuration to implement, you just want to set it up, the maximum it would take is one to two hours, because the image deployment is very easy. Once the device is racked up properly and all the cables are connected, you just need to boot up with the latest image and start the to-the-box and through-the-box configurations. Both configurations can be done within two to three hours.

The pricing is fair enough. 

This year, the pricing has increased. They played it really smart by increasing the support license costs and decreasing the platform costs. If you don't want to go for that particular license, you can opt out. The pricing model is very helpful, especially for small companies. If they don't want URL Filtering because they don't have any URL options, they can opt out of the URL Filtering.

I haven't seen Panorama go down in my entire tenure. I've worked with different companies. For example, I worked in Cisco TAC. Cisco users used to say that Firepower, the unified platform, was down and that they could not manage anything. Even though all the other components were running, they could not do any configuration because the unified configuration page itself was down. And, unfortunately, you don't have the ability to configure anything using the Cisco CLI anymore.

But I would give a slight edge to Cicso's technical support over Palo Alto's. I would rate Cisco's support at nine out of 10, and Palo Alto's at eight. Cisco gives priority to its customers.

Before you go ahead and invest in Palo Alto, look at as many reviews as you can. Do proper research before you deploy any firewall.

If someone says they are just looking for the cheapest and the fastest firewall, I would tell them to go for the PA-800 Series and their problem will be solved. Also, for small office requirements, you could go with the PA-440. The PA-450 and 460 will be a little expensive. If your requirements are to set something up for less than 100 users, the 440 will do it.

Our company, in particular, always wants an extra layer of protection. They don't remove any extra layers of security. But an advantage of Palo Alto NG Firewalls is they are sufficient to tackle complications

Palo Alto's firewall is stable, helpful, and user-friendly.

The solution is more towards the front of the security stack.

We use both AWS and Alibaba Cloud.

The single pass architecture has helped a lot in the implementation and maintenance of Palo Alto Networks. It changed the customer's opinion on UTM platforms. In the past, when customers used UTM platforms, they feared the security features would impact the performance and slow down the network, causing some instability. However, with the single pass architecture, Palo Alto has demonstrated that you can use a lot of the security features without having an impact on the security and network performance. Therefore, most of our customers will dare to use most of Palo Alto Networks' security features.

• Application identification
• Antivirus
• Vulnerability protection
• URL filtering
• SSL VPN
• IPsec VPN

Palo Alto NGFW provides a unified platform that natively integrates all security capabilities. Most of our customers are busy. They cannot afford the time to learn very complicated user interfaces and configuration procedures. With Palo Alto Networks, they offered a unified user interface for all its NG Firewall products and Panorama. I think it reduces some of our customers' maintenance time. 

Palo Alto NGFW’s unified platform has helped our customers eliminate security holes. With a unified platform, customers can deploy the NG Firewall both in the data center edge, inside the data center, and in the product/public cloud environments. They have the same user interfaces and platform, so they can be maintained by a single unified platform called Panorama. Customers can use Palo Alto Network NG Firewalls in all the places where they need to protect their environments. This helps to decrease security holes.

Over the past one or two years, Palo Alto Networks has added a lot of features into the NG Firewall products. I think this is becoming more complicated for our customers. Therefore, we could use some best practices, best practice tools, and implementation guides for some of the complicated features.

I have been using it for eight years, though my company does not use it.

Compared to its competitors, the stability of NG Firewalls is very good. We have faced some strange problems with the hardware platform or operating system. Most of these customer cases come from complicated configs and bugs. However, stability is very good overall.

Scalability is not that good. Palo Alto Networks NG Firewalls product is for middle-sized and small businesses. It has fixed parts and capacities for processing. Some of their higher-end products have the scalability to expand capacities, but only a few customers can afford their larger product.

I would rate it as eight to nine out of 10. Most of the technical engineers, who provide support for our customers, are efficient. There are one or two Tier 1 tech support engineers who often don't have answers.

Palo Alto NGFW’s unified platform has helped to eliminate multiple network security tools and the effort needed to get them to work together with each other. Before using Palo Alto Networks NG Firewalls, customers might need to implement Layer 4 firewalls, IPS and possibly an antivirus, gateways, and maybe web proxies for all their devices. With Palo Alto NGFW’s unified platform, if a customer can do all the config and security policies on one platform, then this will merge all their security things onto a single platform.

The initial setup is not complex; it is straightforward. Our users only need a cable and some basic steps to configure the management interface. Then, it can set up the NG Firewall and ensure that the network and routing are working as expected in the environment. I think its steps are easier than most of its competitors. The initial setup takes one or two hours.

The full setup time depends on the features, then whether the environment or customer needs are complicated or not.

For our implementation strategy, we talk to our customers and work out documents for all their configs, which includes basic information that we need to know for implementing the firewall. Then, we follow the documents and do the implementation. We also may modify some content of the documents as the project processes.

It needs one or two employees with enough skills to manage and maintain it. They may need to modify firewalls, firewalls security rules, and possibly inspect alerts that are generated from firewalls.

By having a customer operate on a unified platform, they can do the application control, traffic control, threat protection, and URL filtering on a single platform. This effectively reduces the workload on all their networks and security tools.

Cheap and faster are the opposite sides of security. Security inspections have some technical and money costs. If you just purchase some cheap, fast firewalls, then you will lose a lot of the security features and fraud protection capabilities.

My company uses Cisco Firepower NGFW Firewall, not Palo Alto Networks NG Firewalls. We started our cooperation with Cisco a lot longer than with Palo Alto Networks. We have been working with Cisco to expand their business in China for more than 20 years, which is why the leaders in our company might be choosing Cisco products.  

Most of our customers have been using Palo Alto Networks for a long time and do not want to change to another vendor. The unified user interface is a big benefit for them.

Palo Alto NGFW’s DNS Security is an effective way to detect and block DNS tunneling attacks, because most competitors do not have these techniques to detect the DNS tunneling on a single device. They require maybe a SIM or some analysts. So, this is something quite creative for Palo Alto Networks.

For our customers, I would tell them that Palo Alto Networks NG Firewalls is easy to use, but probably difficult to master. It has a very easy to use interface and configuration utility, but it has a lot of advanced features that need some deep knowledge of the product.

No product can guarantee 100% evasions being blocked, but I think Palo Alto is among the top of the threat inspection vendors. From the NSS Labs Test Report, we can see that Palo Alto Networks always has a top score.

Machine learning in a single firewall is not that accurate or important for our customers. Since it will only see some network traffic, it cannot connect everything together, like endpoints and servers. Therefore, our customers do not value the machine learning techniques on a single firewall very much.

We may review the alerts generated by machine learning modules, then we can see if the alerts are real alerts, not false positives. This may tell us how efficient machine learning is.

Very few customers in China have used the Palo Alto NGFW’s DNS Security module. It is a new feature that was introduced only two years ago. Customers already know what the product can provide in terms of protection. Its DNS Security provides something that is not really easy to understand. Also, it increases the cost of the firewall because it requires another license to be implemented, and the cost is not low.

DNS Security is very impressive, and I think it will be an efficient way to block the rapidly changing threat landscape and maybe Zero-day attack methods.

Biggest lesson learnt: If you want to protect something, you need to gain visibility of the entire network. NG Firewalls provides a deep visibility into network traffic.

I would rate Palo Alto Networks NG Firewalls as nine out of 10.

We're using Palo Alto Networks NG Firewalls as a backup hardware solution. When the main firewalls have an issue, we're using the backup solution and hardware firewalls to avoid any network issues or prolonged downtime.

Palo Alto Networks Firewalls helped us reduce downtime. When we have another backup solution, the firewalls come down, we have backup hardware, and we have a Docker site that can work if we have an issue in our HQ data center.

Palo Alto provides more security. 

I have no issues if the subscription is renewed on time. 

Some configurations can take time.

The dashboard needs improvement as I find it more complicated compared to Sophos. It is not as user-friendly, especially when trying to easily check problems or generate reports which are easier with Sophos.

I've used the solution for two years.

The solution is stable. It has a feature that allows load balancing across multiple lines. If one line drops, another line can maintain service until the issue is resolved and we return to the original line.

The solution is scalable for large companies, however, it is expensive for medium and small companies.

I would rate technical support from Palo Alto at an eight out of ten.

Positive

We are still using a Sophos appliance as well. However, we are planning to consolidate to using just one solution soon.

I was involved in the setup. I participated with the company that ran the implementation. They didn't provide me with most of the information necessary to help implement in other areas.

The consultant company we're dealing with is the one handling the setup for this solution, not us. The consultant is a partner with Palo Alto.

As an investment, if you're going to use it for enterprise, it's good.

The price of Palo Alto Firewalls is too expensive compared to Sophos licenses and appliance hardware.

For medium companies, I would advise using Sophos. For larger enterprises, Palo Alto is more suitable.

I'd rate the solution seven out of ten.

We use Palo Alto Networks NG Firewalls for security purposes and to mitigate risk.

Palo Alto Networks NG Firewalls enabled us to have better visibility overall.

The inline, real-time attack prevention provided by embedded machine learning is not bad.

Also, the firewalls are moderate in terms of securing data centers consistently across all workplaces, i.e., from the smallest office to the largest data centers.

We have been able to reduce downtime because we have better visibility. We're faster and can act preemptively.

Palo Alto Networks NG Firewalls do not provide a unified platform that natively integrates all security capabilities.

Customer support could be improved.

I've been using this solution for about one year.

Palo Alto Networks NG Firewalls are stable.

The firewalls' scalability is good.

I would rate Palo Alto's network support a six out of ten.

Neutral

We have seen a slight ROI, enough to justify the cost of the solution.

The cost is steep, but most firewalls cost a lot.

If you're looking for the cheapest and fastest firewall, I would not recommend Palo Alto NG Firewalls.

Overall, I would rate Palo Alto Networks NG Firewalls an eight out of ten.

I place a high value on attending the RSA Conference. I get a lot out of it because I'm able to learn about up-and-coming companies. I can see what options are available, whether someone's doing it better, and if I can get a cheaper option.

Attending RSAC does have an impact on my organization’s cybersecurity purchases made throughout the year.

We use the solution as a firewall for our network. We can manage our traffic between internal traffic and external traffic handling. The solution protects the traffic and we manage the standard firewall issues.

The solution's embedded machine learning in the core of the firewall that provides in-line real-time attack prevention is important and provides good insight for us. The machine learning actions and learning activities provide some useful information. 

The solution's machine learning for securing our networks against rapidly evolving threats is good. We utilize an IoT tool that comprehends IoT devices, such as webcams, and can therefore interpret their behavior and send information on their activity. The tool also applies appropriate firewall rules to these devices, taking into account the clearance level of each device based on its traffic.

Before implementing Palo Alto, we had to rely on a management company to handle our firewall security. However, now that we have Palo Alto, we can manage our firewall security in-house.

Palo Alto Networks NG Firewalls unified platform helped to eliminate security holes.

The zero-delay signature feature helps keep our security updated against new attacks.

Palo Alto Networks NG Firewalls provides a unified platform that natively integrates all security capabilities which is important to our organization.

Palo Alto Networks NG Firewalls' zero-delay signature feature is important, and it receives daily updates.

At times, server capacity can result in issues. While Palo Alto is a top firewall company, it's crucial to properly size the firewall to meet our needs. In the case of larger attacks, the capacity of our current firewall may not be adequate, requiring us to obtain more advanced and expensive versions to ensure network protection.

There is a tradeoff between security and network performance, as security is always top-notch, but performance can sometimes lag and has room for improvement.

The cost of the solution has room for improvement.

I have been using the solution for one year.

I give the stability an eight out of ten.

The solution is not very scalable. We need to define our requirements and purchase the correct product for our needs.

We are an enterprise company with over 3,000 people. All the network traffic goes through the solution but we have five people that work directly on the solution.

The technical support is great.

Positive

We previously used Check Point NGFW and switched to Palo Alto Networks NG Firewalls because of the stability.

I give the initial setup a five out of ten. The deployment took one month.

Implementation was completed in-house by a consultant.

Compared to other firewall solutions, this is an expensive solution.

I give the solution an eight out of ten.

We use Palo Alto Networks NG Firewalls to protect small businesses that work within the defense industrial base.

By using Prisma Access, we can easily connect to our network from different locations around the world without having to deploy multiple firewalls. This not only makes it more convenient but also saves us a lot of expenses.

Prisma Access is the most valuable feature of Palo Alto Networks NG Firewalls.

The ability to provide secure access to people without having to carry an additional device around really benefits us in the defense industrial base.

The training provided is satisfactory, but there is certainly room for improvement. It would be great to have more comprehensive training at a lower cost, or even for free.

I would say that Palo Alto Networks NG Firewalls provide a unified platform for many, but not all.

Having everything in one pane of glass is important to me because I have a lot of responsibilities. It would be really nice to have everything in one place, so I don't have to switch around between different applications and can stay focused on one platform.

It's important to have machine learning embedded, but it's equally important to not solely rely on it. We still need human interaction to ensure proper security measures. Nonetheless, machine learning is a vital component of our security strategy.

I have been using Palo Alto Networks NG Firewalls for five years.

Palo Alto Networks NG Firewalls have been instrumental in reducing our downtime as we moved away from less robust devices. By implementing Palo Alto firewalls, we have significantly improved our network stability.

If I had to estimate, it has saved us 10 to 15 hours per year.

Palo Alto Networks NG Firewalls is a very stable solution.

I haven't encountered the need to scale the solution yet. Our current setup meets our requirements and has been working well for us. Given that we are a small company, we have not felt the need to look into scaling it at this point.

The technical support provided by Palo Alto Networks is excellent. Although I have only needed to contact them a few times, they have always been quick to respond, and their team is very knowledgeable.

I would rate the technical support a nine out of ten.

Positive

Before, we used SonicWall, but we decided to switch to Palo Alto Networks NG Firewalls because they offer a much better solution and are leading the market.

I was part of the deployment team, but since I was new to Palo Alto devices, the deployment process was more complex for me. That's where the training came into play.

I had to familiarize myself with their user interface and terminologies since I was used to using a different system. It took some time for me to learn and compare it with what I've used before.

We purchased from a reseller.

It was a straightforward process. We made the purchase online and they shipped it to us. After that, it was a matter of getting it up and running.

It's difficult to determine. When looking at the ten to fifteen hours a year, it's unclear whether or not I would consider that as part of the return on investment. It's a bit challenging to assess from an IT perspective.

Reducing costs is important, especially since Prisma can be expensive. It would be great if it were more affordable.

Although the hardware can be expensive, the quality of Palo Alto Networks NG Firewalls is excellent. While a lower cost would be desirable, we recognize the value of investing in a reliable and effective solution.

When we were moving away from SonicWall, we evaluated FortiGate and Meraki's solutions.

In my opinion, I was impressed with FortiGate's system on a chip. It was really fast compared to Palo Alto's, but I think Palo Alto has a better feature set and interface. As for SonicWall, we had several reasons for leaving. Regarding Meraki, I find their management interface not suitable for my needs, and they seem to be more of a consumer-grade or prosumer-grade product.

I am not in a position to comment on the solution's ability to secure data centers consistently across all workplaces, from the smallest office to the largest data centers since I have only used their smaller solutions.

My advice to those who are seeking a firewall solution is not to prioritize the cheapest or the fastest options, as it could be risky. Instead, it is important to invest in the best quality firewall that is within your budget. This is something that I have experienced with Palo Alto Networks, which provides a high-quality solution that is worth the investment.

I would rate Palo Alto Networks NG Firewalls a nine out of ten.

The experience has been amazing, with a few sessions resulting in new services that I can offer my company directly. The best part is that I can do it without having to invest in an expensive tool that costs hundreds of thousands of dollars.

It does impact the purchases we will make throughout the year.

If I can perform 95% of the work at a lower cost, we are unlikely to consider Mandiant and spend a significant amount of money.