Try our new research platform with insights from 80,000+ expert users
reviewer2173284 - PeerSpot reviewer
Information Security Analyst at a tech vendor with 10,001+ employees
Vendor
Top 20
Helps with audit and compliance, but it should be easier to gather evidence
Pros and Cons
  • "I typically get involved with it when it comes to audit and compliance and having to gather evidence of those firewalls, routers, and rule sets. The evidence that I typically need is there."
  • "I don't deal with it from a day-to-day perspective, but I can say that the evidence that I typically need is there, but sometimes, it's a task to actually get it and pull it out. They can make it easier to gather that evidence."

How has it helped my organization?

Solutions like firewalls and routers improve any company. If you don't have them, then I wouldn't be doing business with you. 

Palo Alto has embedded machine learning in the core of the firewall to provide inline, real-time attack prevention. That's big. We're embedding that type of security and information into every part of our corporate network as well as our products.

It has helped to reduce downtime in our organization. The savings are probably in single digits.

What is most valuable?

I typically get involved with it when it comes to audit and compliance and having to gather evidence of those firewalls, routers, and rule sets. The evidence that I typically need is there.

We got a lot of integrations into it, but I don't know if it integrates with all.

What needs improvement?

I don't deal with it from a day-to-day perspective, but I can say that the evidence that I typically need is there, but sometimes, it's a task to actually get it and pull it out. They can make it easier to gather that evidence. From our NetOps team's perspective also, they can make it easier to manage and constantly update those rule sets.

For how long have I used the solution?

I don't know for how long exactly we have been using this solution, but I've been aware that we've had them probably since about 2016 or 2017.

Buyer's Guide
Palo Alto Networks NG Firewalls
December 2024
Learn what your peers think about Palo Alto Networks NG Firewalls. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.

What do I think about the stability of the solution?

It's very stable. They are highly ranked within their space.

What do I think about the scalability of the solution?

It's a good product for securing all types of workplaces. It's specifically good for data centers, which are all brick-and-mortar houses. Small businesses must also have it because they don't have the ability to have everything in a cloud or virtualized firewalls and other things like that.

How are customer service and support?

I haven't dealt with their support team.

How was the initial setup?

I was not involved in its initial deployment.

What was our ROI?

I am able to gather some of the evidence and things that I need. Our NetOps team uses it heavily, and they love it.

What's my experience with pricing, setup cost, and licensing?

I would assume that it's still within mid-range given its company structure and everything else. My guess is it's still okay.

What other advice do I have?

To someone at another company who says, “We are just looking for the cheapest and fastest firewall,” I would say that you just lost the customer because I'm not going to do business with somebody who is going for the cheapest. I'm always looking for a vendor or customer that has more input and cares about the security of their systems.

The value received from attending an RSA Conference includes prizes and other things, but on a personal level, I love the tech talks, knowing about a lot of industry changes, and different product solutions being showcased.

RSAC definitely has an impact on our organization’s cybersecurity purchases made throughout the year. One of my main roles is vendor due diligence, so I come to RSA quite often, and I have conversations with many different sales engineers who can explain the security of their products because that's what I focus on during our onboarding process. 

Overall, I would rate this solution a seven out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer2171625 - PeerSpot reviewer
Cloud Infrastructure Engineer at a energy/utilities company with 10,001+ employees
Real User
Allowed for more flexibility in defining rules, as it was based on applications rather than strict port and protocol definitions
Pros and Cons
  • "The key aspect of this solution that provides the most value is its next-gen capabilities, which represented a significant change for us."
  • "It's too expensive."

What is our primary use case?

We deployed Palo Alto Networks NG Firewalls for inbound and outbound protection, as well as DMC protection, in our data center.

What is most valuable?

The key aspect of this solution that provides the most value is its next-gen capabilities, which represented a significant change for us. Previously, we had been using Check Point.

We switched to this solution due to its advanced next-gen capabilities, which allowed us to create rules based on applications rather than ports or protocols. As a result, the solution became much more relevant to our needs compared to our previous solution.

Palo Alto Networks NG Firewalls allowed for more flexibility in defining rules, as it was based on applications rather than strict port and protocol definitions. This made it easier to adapt to changing needs and configurations.

We were able to automate things using the API. Savings are minimal, but we save a significant amount of time when we deploy rules that we learn when we deploy the policy. Is the process still the same? Perhaps the implementation will take only a few hours or minutes.

We have been exclusively using it for the Next-Gen firewall, MDPN, and remote access for a while.

It integrates the core capabilities into one.

To make it more affordable, we had to separate the integrated features into individual components. The integrated solution was more expensive than when we broke it down into separate components.

For how long have I used the solution?

I have been using Palo Alto Networks NG Firewalls for over five years, and perhaps even as long as ten years.

What do I think about the stability of the solution?

The stability of Palo Alto Networks NG Firewalls is very good.

We have upgraded it several times for additional features, and we have never experienced any crashes or performance issues. Overall, it has been quite stable.

What do I think about the scalability of the solution?

In terms of scalability, the cost is a limiting factor. We can buy a large number of them, but it would not make financial sense for us to do so due to the high cost.

In contrast to the cloud environment where you can scale incrementally and horizontally, in our case, we have to purchase the entire unit. As a result, scaling our responsibilities becomes challenging.

We have around 2,000 compute resources that need protection, so getting a large firewall is necessary to safeguard our environment.

How are customer service and support?

Technical support is very good.

I would rate the technical support an eight out of ten.

F5 and Cloudflare are types of support that were really good. There is no escalation whatsoever. The first person you get to already is the top-notch technical person.

With Palo Alto, you have to escalate, but eventually, you get to a good one.

How would you rate customer service and support?

Positive

How was the initial setup?

The deployment process was easy.

We used a migration tool to transfer from our previous firewall to Palo Alto, and it proved to be quick.

What about the implementation team?

We received support from a Palo Alto sales engineer.

What was our ROI?

While Palo Alto is expensive, it's still the better option compared to the other two vendors that were evaluated since they didn't provide the necessary performance and benefits.

Overall, the expenses for Palo Alto are manageable, and it's worth the investment.

What's my experience with pricing, setup cost, and licensing?

It's too expensive.

Although Palo Alto is a good and fast product, it is not the most affordable option out there, and it may not be the easiest to use.

Which other solutions did I evaluate?

We evaluated Cisco and Fortinet.

During our evaluation process for selecting a firewall vendor, we prioritize performance as the number one factor. 

Price range is ranked second in importance. 

Other important factors include ease of use, API support, and next-gen features, all of which are used as evaluation criteria. We have previously used Magic Quadrant, but it is important for us to carefully choose our firewall vendor.

What other advice do I have?

Integrating machine learning at the core of Palo Alto Networks NG Firewalls would be highly beneficial. The ability to automatically detect threats without the need to create rule sets manually would be a game changer.

Attending events like RSA is valuable to me because it allows me to explore different vendors and products. Sometimes, I come across new vendors that I haven't heard of before, which is good.

Attending events like RSA can have a significant impact on our company's cybersecurity purchases throughout the year. If we come across a new vendor with a fresh approach to protecting the company or identifying threats, we are definitely interested in exploring their offerings.

I would rate Palo Alto Networks NG Firewalls an eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Palo Alto Networks NG Firewalls
December 2024
Learn what your peers think about Palo Alto Networks NG Firewalls. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.
reviewer2169345 - PeerSpot reviewer
CISO at a comms service provider with 51-200 employees
Real User
It offers better Layer 7 protection than competing solutions and it's easier to deploy
Pros and Cons
  • "Palo Alto offers better Layer 7 protection than competing solutions by Cisco and Fortinet. I also like the VPN client more. The interface is simple, so administrators can deploy and configure it much faster than other firewalls"
  • "The first level of support will usually do nothing for you. If you're an IT company, you're not looking for level one support. You need to escalate. Other vendors have a direct support line for enterprise clients, but not Palo Alto."

What is our primary use case?

I use NG Firewalls for perimeter defense. 

How has it helped my organization?

We've seen better throughput compared to our previous firewall. End-users are happier with their connections through Palo Alto. 

What is most valuable?

Palo Alto offers better Layer 7 protection than competing solutions by Cisco and Fortinet. I also like the VPN client more. The interface is simple, so administrators can deploy and configure it much faster than other firewalls. The interoperability with other vendors is excellent. We can connect Palo Alto firewalls to all our other solutions. 

What needs improvement?

I would like to see more artificial intelligence. However, that is going beyond firewalls to products like Prisma. Palo Alto has those features in an entirely different ecosystem. It isn't a problem. Machine learning is valuable, but I rely more on threat intel. 

For how long have I used the solution?

I have been using Palo Alto's solutions since 2014.

What do I think about the stability of the solution?

I rate Palo Alto NG Firewalls a nine out of ten for stability. We have had zero downtime except for scheduled maintenance. The firewalls are in a cluster that never goes down.

What do I think about the scalability of the solution?

The scalability is excellent because you can always purchase a bigger firewall as you grow. 

How are customer service and support?

I rate Palo Alto's support a seven out of ten. It is good overall but worse in some regions. The first level of support will usually do nothing for you. If you're an IT company, you're not looking for level-one support. You need to escalate. Other vendors have a direct support line for enterprise clients, but not Palo Alto.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

Palo Alto has a better interface and integration with other solutions than competing vendors. The only drawback is the price. Go with FortiGate if you're looking for a firewall that is cheap and decent. If you can't afford Palo Alto, FortiGate is the next cheapest. 

How was the initial setup?

We can deploy Palo Alto firewalls faster and easier than most other solutions. We assess the traffic, buy the appropriate size, and implement it. 

What was our ROI?

Palo Alto firewalls are expensive, but they're worth what we pay. 

What other advice do I have?

I rate Palo Alto NG Firewalls a nine out of ten. Technical support has some room for improvement, and there are several minor issues that aren't worth mentioning. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Solutions Architect at HCL Technologies
Real User
Advanced URL protection reduces the load on the application layer
Pros and Cons
  • "The most important thing is that it's really user-friendly. I have almost stopped using the CLI because I like the graphical interface. You can do whatever you want on a single screen, including all the configuration and implementation, using Panorama. You don't have to switch from one place to another."
  • "Palo Alto keeps coming out with antivirus and malware updates. When we have to integrate those updates we face some problems with the cloud platform, not the on-prem setup. The device works fine, but sometimes the sync doesn't happen on time."

What is our primary use case?

We are using it for network layer protection. And we have added all the Layer 7 protection there is, such as sinkhole protection and spyware and adware detection.

How has it helped my organization?

When you have the advanced URL protection enabled on a Palo Alto NG Firewall, the load on the application layer is reduced. The web application firewall features are already enabled in Palo Alto and those features give you an extra layer of protection, even if you have another technology above the Palo Alto firewall. That extra layer of protection is an opportunity that we have with Palo Alto.

What is most valuable?

The most important thing is that it's really user-friendly. I have almost stopped using the CLI because I like the graphical interface. You can do whatever you want on a single screen, including all the configuration and implementation, using Panorama. You don't have to switch from one place to another. And the best part is that you can manage multiple Palo Alto devices. We do have other companies' devices and for them we need to go to the CLI. But with Panorama, you almost get everything you need. It is very important for managing all the technology and features on the device, and for adding multiple devices, on one page.

Palo Alto also gives you a lot more options to troubleshoot and fix problems. That really helps our operations team.

Another valuable feature is the sinkhole option. If a malicious packet travels across the firewall, the firewall detects it as malicious traffic but it doesn't stop the traffic then and there. That way the attacker assumes that they have been successful but they have not. It's a type of honeytrap. It allows us to keep on responding to those packets.

Also, when the firewall does network discovery it can detect a malfunction or bugs or a configuration issue. That is very important. If your endpoint system is not functioning properly, it gives you an extra layer of protection in the network discovery field. It shows you all the options and all the data if your system is not compliant.

The Single Pass architecture is a nine out 10. A single pass is always good.

What needs improvement?

Palo Alto keeps coming out with antivirus and malware updates. When we have to integrate those updates we face some problems with the cloud platform, not the on-prem setup. The device works fine, but sometimes the sync doesn't happen on time.

It's not an issue that happens all the time, just sometimes. It's not a major issue. The device doesn't go down. It is not a priority-ticket situation.

Also, while Palo Alto is doing really well, they should bring out some small devices. As of now, we have the PA-800 Series firewall and the 440 Series firewall. A small Palo Alto firewall would be helpful for low-budget companies.

For how long have I used the solution?

For the last six to seven months I've been using Palo Alto Networks NG Firewalls for architectural purposes. My job is to build infrastructure for our clients to support their functions. I also used Palo Alto for other clients in my previous organization for almost two years.

What do I think about the scalability of the solution?

Scalability is something that I assume is feasible when you have Palo Alto in the cloud. In that case it's feasible to scale it very well, and you don't have to manage it. You just need to order it and it can be scaled per your request.

But with an on-prem setup it can be difficult if you want to scale anything. Then you need to order the physical device and do all kinds of configuration. I haven't really worked on scaling physical devices.

How are customer service and support?

Support is really nice, but they keep on adding features, so regular training is really required for Palo Alto technical support. Every other day, every week, every month, they come up with something new. Sometimes, even technical support doesn't know about an update when it is still in the transition phase. They should have short-term training to be aware of when they are launching a particular new feature.

With more and better training, they will end up saving a lot of time, because they won't have to search for information or ask their colleagues or their engineering team about new features that have been added. That way, customers will be happy.

How would you rate customer service and support?

Positive

How was the initial setup?

The initial deployment is absolutely straightforward. It's a very easy configuration. You just need to follow the instructions.

And the best part is that you get a lot of training material over the internet. I used to think that Cisco gave the best training materials over the internet but I was wrong. If you have any problem, you can Google it. There will be a lot of answers for Palo Alto NG Firewalls on the internet itself.

If everything goes well and if you don't have a major configuration to implement, you just want to set it up, the maximum it would take is one to two hours, because the image deployment is very easy. Once the device is racked up properly and all the cables are connected, you just need to boot up with the latest image and start the to-the-box and through-the-box configurations. Both configurations can be done within two to three hours.

What's my experience with pricing, setup cost, and licensing?

The pricing is fair enough. 

This year, the pricing has increased. They played it really smart by increasing the support license costs and decreasing the platform costs. If you don't want to go for that particular license, you can opt out. The pricing model is very helpful, especially for small companies. If they don't want URL Filtering because they don't have any URL options, they can opt out of the URL Filtering.

Which other solutions did I evaluate?

I haven't seen Panorama go down in my entire tenure. I've worked with different companies. For example, I worked in Cisco TAC. Cisco users used to say that Firepower, the unified platform, was down and that they could not manage anything. Even though all the other components were running, they could not do any configuration because the unified configuration page itself was down. And, unfortunately, you don't have the ability to configure anything using the Cisco CLI anymore.

But I would give a slight edge to Cicso's technical support over Palo Alto's. I would rate Cisco's support at nine out of 10, and Palo Alto's at eight. Cisco gives priority to its customers.

What other advice do I have?

Before you go ahead and invest in Palo Alto, look at as many reviews as you can. Do proper research before you deploy any firewall.

If someone says they are just looking for the cheapest and the fastest firewall, I would tell them to go for the PA-800 Series and their problem will be solved. Also, for small office requirements, you could go with the PA-440. The PA-450 and 460 will be a little expensive. If your requirements are to set something up for less than 100 users, the 440 will do it.

Our company, in particular, always wants an extra layer of protection. They don't remove any extra layers of security. But an advantage of Palo Alto NG Firewalls is they are sufficient to tackle complications

Palo Alto's firewall is stable, helpful, and user-friendly.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Security Team Technical Manager at ECCOM Network System Co., Ltd.
Reseller
Its unified platform effectively reduces the workload on networks and security tools
Pros and Cons
  • "Palo Alto NGFW’s unified platform has helped our customers eliminate security holes. With a unified platform, customers can deploy the NG Firewall both in the data center edge, inside the data center, and in the product/public cloud environments. They have the same user interfaces and platform, so they can be maintained by a single unified platform called Panorama. Customers can use Palo Alto Network NG Firewalls in all the places where they need to protect their environments. This helps to decrease security holes."
  • "Over the past one or two years, Palo Alto Networks has added a lot of features into the NG Firewall products. I think this is becoming more complicated for our customers. Therefore, we could use some best practices, best practice tools, and implementation guides for some of the complicated features."

What is our primary use case?

The solution is more towards the front of the security stack.

We use both AWS and Alibaba Cloud.

How has it helped my organization?

The single pass architecture has helped a lot in the implementation and maintenance of Palo Alto Networks. It changed the customer's opinion on UTM platforms. In the past, when customers used UTM platforms, they feared the security features would impact the performance and slow down the network, causing some instability. However, with the single pass architecture, Palo Alto has demonstrated that you can use a lot of the security features without having an impact on the security and network performance. Therefore, most of our customers will dare to use most of Palo Alto Networks' security features.

What is most valuable?

  • Application identification
  • Antivirus
  • Vulnerability protection
  • URL filtering
  • SSL VPN
  • IPsec VPN

Palo Alto NGFW provides a unified platform that natively integrates all security capabilities. Most of our customers are busy. They cannot afford the time to learn very complicated user interfaces and configuration procedures. With Palo Alto Networks, they offered a unified user interface for all its NG Firewall products and Panorama. I think it reduces some of our customers' maintenance time. 

Palo Alto NGFW’s unified platform has helped our customers eliminate security holes. With a unified platform, customers can deploy the NG Firewall both in the data center edge, inside the data center, and in the product/public cloud environments. They have the same user interfaces and platform, so they can be maintained by a single unified platform called Panorama. Customers can use Palo Alto Network NG Firewalls in all the places where they need to protect their environments. This helps to decrease security holes.

What needs improvement?

Over the past one or two years, Palo Alto Networks has added a lot of features into the NG Firewall products. I think this is becoming more complicated for our customers. Therefore, we could use some best practices, best practice tools, and implementation guides for some of the complicated features.

For how long have I used the solution?

I have been using it for eight years, though my company does not use it.

What do I think about the stability of the solution?

Compared to its competitors, the stability of NG Firewalls is very good. We have faced some strange problems with the hardware platform or operating system. Most of these customer cases come from complicated configs and bugs. However, stability is very good overall.

What do I think about the scalability of the solution?

Scalability is not that good. Palo Alto Networks NG Firewalls product is for middle-sized and small businesses. It has fixed parts and capacities for processing. Some of their higher-end products have the scalability to expand capacities, but only a few customers can afford their larger product.

How are customer service and technical support?

I would rate it as eight to nine out of 10. Most of the technical engineers, who provide support for our customers, are efficient. There are one or two Tier 1 tech support engineers who often don't have answers.

Which solution did I use previously and why did I switch?

Palo Alto NGFW’s unified platform has helped to eliminate multiple network security tools and the effort needed to get them to work together with each other. Before using Palo Alto Networks NG Firewalls, customers might need to implement Layer 4 firewalls, IPS and possibly an antivirus, gateways, and maybe web proxies for all their devices. With Palo Alto NGFW’s unified platform, if a customer can do all the config and security policies on one platform, then this will merge all their security things onto a single platform.

How was the initial setup?

The initial setup is not complex; it is straightforward. Our users only need a cable and some basic steps to configure the management interface. Then, it can set up the NG Firewall and ensure that the network and routing are working as expected in the environment. I think its steps are easier than most of its competitors. The initial setup takes one or two hours.

The full setup time depends on the features, then whether the environment or customer needs are complicated or not.

What about the implementation team?

For our implementation strategy, we talk to our customers and work out documents for all their configs, which includes basic information that we need to know for implementing the firewall. Then, we follow the documents and do the implementation. We also may modify some content of the documents as the project processes.

It needs one or two employees with enough skills to manage and maintain it. They may need to modify firewalls, firewalls security rules, and possibly inspect alerts that are generated from firewalls.

What was our ROI?

By having a customer operate on a unified platform, they can do the application control, traffic control, threat protection, and URL filtering on a single platform. This effectively reduces the workload on all their networks and security tools.

Cheap and faster are the opposite sides of security. Security inspections have some technical and money costs. If you just purchase some cheap, fast firewalls, then you will lose a lot of the security features and fraud protection capabilities.

Which other solutions did I evaluate?

My company uses Cisco Firepower NGFW Firewall, not Palo Alto Networks NG Firewalls. We started our cooperation with Cisco a lot longer than with Palo Alto Networks. We have been working with Cisco to expand their business in China for more than 20 years, which is why the leaders in our company might be choosing Cisco products.  

Most of our customers have been using Palo Alto Networks for a long time and do not want to change to another vendor. The unified user interface is a big benefit for them.

Palo Alto NGFW’s DNS Security is an effective way to detect and block DNS tunneling attacks, because most competitors do not have these techniques to detect the DNS tunneling on a single device. They require maybe a SIM or some analysts. So, this is something quite creative for Palo Alto Networks.

What other advice do I have?

For our customers, I would tell them that Palo Alto Networks NG Firewalls is easy to use, but probably difficult to master. It has a very easy to use interface and configuration utility, but it has a lot of advanced features that need some deep knowledge of the product.

No product can guarantee 100% evasions being blocked, but I think Palo Alto is among the top of the threat inspection vendors. From the NSS Labs Test Report, we can see that Palo Alto Networks always has a top score.

Machine learning in a single firewall is not that accurate or important for our customers. Since it will only see some network traffic, it cannot connect everything together, like endpoints and servers. Therefore, our customers do not value the machine learning techniques on a single firewall very much.

We may review the alerts generated by machine learning modules, then we can see if the alerts are real alerts, not false positives. This may tell us how efficient machine learning is.

Very few customers in China have used the Palo Alto NGFW’s DNS Security module. It is a new feature that was introduced only two years ago. Customers already know what the product can provide in terms of protection. Its DNS Security provides something that is not really easy to understand. Also, it increases the cost of the firewall because it requires another license to be implemented, and the cost is not low.

DNS Security is very impressive, and I think it will be an efficient way to block the rapidly changing threat landscape and maybe Zero-day attack methods.

Biggest lesson learnt: If you want to protect something, you need to gain visibility of the entire network. NG Firewalls provides a deep visibility into network traffic.

I would rate Palo Alto Networks NG Firewalls as nine out of 10.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
PeerSpot user
reviewer2534667 - PeerSpot reviewer
IT System Administrator at a manufacturing company with 201-500 employees
Real User
Top 5
Enhanced backup and good security with room for simpler dashboard navigation
Pros and Cons
  • "The solution provides more security."
  • "The dashboard needs improvement as I find it more complicated compared to Sophos."

What is our primary use case?

We're using Palo Alto Networks NG Firewalls as a backup hardware solution. When the main firewalls have an issue, we're using the backup solution and hardware firewalls to avoid any network issues or prolonged downtime.

How has it helped my organization?

Palo Alto Networks Firewalls helped us reduce downtime. When we have another backup solution, the firewalls come down, we have backup hardware, and we have a Docker site that can work if we have an issue in our HQ data center.

What is most valuable?

Palo Alto provides more security. 

I have no issues if the subscription is renewed on time. 

What needs improvement?

Some configurations can take time.

The dashboard needs improvement as I find it more complicated compared to Sophos. It is not as user-friendly, especially when trying to easily check problems or generate reports which are easier with Sophos.

For how long have I used the solution?

I've used the solution for two years.

What do I think about the stability of the solution?

The solution is stable. It has a feature that allows load balancing across multiple lines. If one line drops, another line can maintain service until the issue is resolved and we return to the original line.

What do I think about the scalability of the solution?

The solution is scalable for large companies, however, it is expensive for medium and small companies.

How are customer service and support?

I would rate technical support from Palo Alto at an eight out of ten.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We are still using a Sophos appliance as well. However, we are planning to consolidate to using just one solution soon.

How was the initial setup?

I was involved in the setup. I participated with the company that ran the implementation. They didn't provide me with most of the information necessary to help implement in other areas.

What about the implementation team?

The consultant company we're dealing with is the one handling the setup for this solution, not us. The consultant is a partner with Palo Alto.

What was our ROI?

As an investment, if you're going to use it for enterprise, it's good.

What's my experience with pricing, setup cost, and licensing?

The price of Palo Alto Firewalls is too expensive compared to Sophos licenses and appliance hardware.

What other advice do I have?

For medium companies, I would advise using Sophos. For larger enterprises, Palo Alto is more suitable.

I'd rate the solution seven out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
reviewer2186784 - PeerSpot reviewer
Network Engineer at a computer software company with 5,001-10,000 employees
Real User
The solution uses machine learning embedded in the core of the firewall to provide in-line, real-time attack prevention
Pros and Cons
  • "I like the remote access and URL filtering features that are available on global products."
  • "The analysis of the ITS ID by Palo Alto Networks NG Firewalls could be improved."

What is our primary use case?

We use Palo Alto Networks NG Firewalls to protect our end-to-end environment.

How has it helped my organization?

Palo Alto Networks NG Firewalls use machine learning embedded in the core of the firewall to provide in-line, real-time attack prevention.

Palo Alto Networks NG Firewalls use predictive analytics and machine learning to instantly block DNS-related attacks. The data for attacks or prevention is based on a segmented mask. Palo Alto Networks also keeps signatures updated on a holiday and on the Palo Alto Network and cloud. This helps to prevent signature leaks and secures dynamic web applications.

The solution is able to detect and resolve the initial tunneling attack.

Palo Alto Networks NG Firewalls are constantly being updated with new feature packages, and the improvements are the best we have seen compared to any other product in the industry. This is due to the company's deep knowledge of technology and the field.

The solution provides a unified platform that natively integrates all security capabilities. The ability to integrate all of the capabilities is good because it is ready to use right out of the box. Additionally, it is an ECPU. The security is quite robust.

The unified platform helps to eliminate security holes in our organization by providing multiple layers of security. This is important because it can help to prevent any attack.

The unified platform helps eliminate the need for multiple network security tools and the effort required to get them working together. If we are filtering traffic using any other firewall, we will be using different processing methods. However, when we use a firewall or a third-party tool, it then has access to the restriction using the firewall. We can then use this feature to centralize and combine with this.

The zero-delay signature feature handles Wi-Fi. It analyzes each file type that is downloaded during a session and then sends the file analysis signature to the file cloud. This has made our network more secure.

Palo Alto Networks NG Firewalls' single pass architecture provides greater security and performance because all security functions are consolidated into a single device.

What is most valuable?

I like the remote access and URL filtering features that are available on global products. There are also other features, such as application-based access, that allow us to provide user IDs based on the type of access needed.

What needs improvement?

The analysis of the ITS ID by Palo Alto Networks NG Firewalls could be improved.

For how long have I used the solution?

I have been using Palo Alto Networks NG Firewalls for six years.

What do I think about the stability of the solution?

Palo Alto Networks NG Firewalls are stable.

What do I think about the scalability of the solution?

Palo Alto Networks NG Firewalls are scalable. We have around 10,000 users.

How are customer service and support?

The technical support is generally good, but it can be difficult to get the right person on the phone.

How would you rate customer service and support?

Positive

How was the initial setup?

The initial setup is moderate. We can deploy within an hour or two. The deployment requires two people. Four to five people can handle the maintenance.

What about the implementation team?

We implement the solution for our clients. 

What was our ROI?

Our clients have seen a return on investment with the solution.

What's my experience with pricing, setup cost, and licensing?

Palo Alto Networks NG Firewalls are expensive compared to other firewalls such as FortiGate Next-Generation Firewall.

What other advice do I have?

I give Palo Alto Networks NG Firewalls a nine out of ten.

Organizations that require network security should not choose a firewall based on cost. I recommend Palo Alto Networks NG Firewalls to harden security posture.

I definitely recommend Palo Alto Networks NG Firewalls for medium and large organizations.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer2173290 - PeerSpot reviewer
Manager, Cyber Security Risk & Compliance at a financial services firm with 5,001-10,000 employees
Real User
Top 20
Provides better visibility and is stable and scalable
Pros and Cons
  • "Palo Alto Networks NG Firewalls enabled us to have better visibility overall."
  • "Palo Alto Networks NG Firewalls do not provide a unified platform that natively integrates all security capabilities."

What is our primary use case?

We use Palo Alto Networks NG Firewalls for security purposes and to mitigate risk.

How has it helped my organization?

Palo Alto Networks NG Firewalls enabled us to have better visibility overall.

What is most valuable?

The inline, real-time attack prevention provided by embedded machine learning is not bad.

Also, the firewalls are moderate in terms of securing data centers consistently across all workplaces, i.e., from the smallest office to the largest data centers.

We have been able to reduce downtime because we have better visibility. We're faster and can act preemptively.

What needs improvement?

Palo Alto Networks NG Firewalls do not provide a unified platform that natively integrates all security capabilities.

Customer support could be improved.

For how long have I used the solution?

I've been using this solution for about one year.

What do I think about the stability of the solution?

Palo Alto Networks NG Firewalls are stable.

What do I think about the scalability of the solution?

The firewalls' scalability is good.

How are customer service and support?

I would rate Palo Alto's network support a six out of ten.

How would you rate customer service and support?

Neutral

What was our ROI?

We have seen a slight ROI, enough to justify the cost of the solution.

What's my experience with pricing, setup cost, and licensing?

The cost is steep, but most firewalls cost a lot.

What other advice do I have?

If you're looking for the cheapest and fastest firewall, I would not recommend Palo Alto NG Firewalls.

Overall, I would rate Palo Alto Networks NG Firewalls an eight out of ten.

I place a high value on attending the RSA Conference. I get a lot out of it because I'm able to learn about up-and-coming companies. I can see what options are available, whether someone's doing it better, and if I can get a cheaper option.

Attending RSAC does have an impact on my organization’s cybersecurity purchases made throughout the year.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Palo Alto Networks NG Firewalls Report and get advice and tips from experienced pros sharing their opinions.
Updated: December 2024
Product Categories
Firewalls
Buyer's Guide
Download our free Palo Alto Networks NG Firewalls Report and get advice and tips from experienced pros sharing their opinions.