Palo Alto Networks NG Firewalls Reviews

We deployed the Palo Alto Next Generation Firewall on the perimeter of the network, so all traffic that flows to the company from the internet and from the company to the internet scanned by the Palo Alto Networks Firewall. In addition, all of the internal traffic from LAN users to services that are on the DMZ zone traverse the Palo Alto Firewall.

The strengths of Palo Alto Networks NG Firewalls are application visibility and application awareness. Their strong point is identifying applications for traffic. So all of the policies that are configured are related to the application and not to a port.

For example, let's say you want to allow HTTP traffic and the server is not listening on the standard http port which port 80 but listens on port 25 which Is the standard port for SMTP, this is not an obstacle has the firewall is focusing on the application, it identify the HTTP application and allow the HTTP application and block any other application on port 25. So we don't care on which port the app traverses.

It is easy to install and is stable too.

There is another solution from Palo Alto for endpoints - XDR  that integrates with the firewall  thus providing protection at the network level and also at the end point but the XDR solution is only a cloud based solution. I would really like it if would be possible to implement this solution on-premises this is something that I would love to see with Palo Alto Networks NG Firewalls.

The price could be lower.

I've worked with Palo Alto Networks NG Firewalls within the last 12 months.

So far, it's stable. I haven't had any problem with it. I'm always authorizing to have the minor version aligned with the latest version. There haven't been any published vulnerabilities with the product so far.

I'm using the cluster, and that's a great long term solution. So I haven't needed to expand.

There are more than 10,000 employees in the company. We hope to migrate the other branches that have a different vendor to Palo Alto.

The initial setup was straightforward from my point of view.

From a financial perspective, this solution is quite expensive.

The licensing is on a yearly basis even though we close the deal for three years upfront.

I would advise that those thinking about Palo Alto Networks NG Firewalls need to switch how they think about a policy on the firewall. They should not to look at it from the point of view of the service and what port that policy is related to. Instead, they should look at it from the application side. Don't pay too much attention to the port. Just look at the application. For example, the NGFW doesn't care if SMTP traverses on port 25 or 65. It just enforces the protocol.

From a technical point of view, I don't think that there's something that's missing from the Palo Alto Networks NG Firewalls. So, I would rate it at nine on a scale from one to ten.

We primarily use the product for web browsing and in order to protect some sites that we are publishing to the web internet.

The solution is very helpful in controlling spam.

The product offers very good web content control and various aspects of security.

The stability of the product has been good over the years.

The initial setup is very easy. Compared to Cisco or other solutions, Palo Alto is very easy to implement and administer. They are both very easy.

I can't recall a feature that was missing. It's a pretty complete solution.

The cost of the device is very high.

To buy license support is very slow. For renewing devices and products, it's slow in terms of contacting and activating upgraded devices.

I've been using the solution for four years at this point. It's been a while. We've been using it over the last 12 months as well.

The stability is excellent. It's reliable. We don't deal with bugs or glitches. It doesn't crash or freeze. Overall, it's been very good in terms of performance.

We have not proven the scalability yet. We're planning to extend our office within the next year or six months to eight months. We are buying some appliances for the process of extending our office.

Currently, around 1,000 people use this solution.

We've never been in touch with technical support. Having never dealt with them, I wouldn't be able to speak to how they are in terms of services.

We also use Barracuda and Cisco for certain aspects of security.

The initial setup is pretty straightforward. It's quite easy to implement.

The deployment takes about one week, or maybe a bit less, depending on the requirements. That includes both implementing and training.

Currently, two people are required for deployment and maintenance of the product

We implement the solution with our network team. We implement the solution ourselves. We don't need the help of integrators or consultants.

The pricing is quite high on Palo Alto.

On the lower end, it's likely to cost $15,000 for renovation and support.

We evaluated Cisco, Juniper, and Dell among other solutions before ultimately choosing this solution. Cisco can be complex in terms of device management compared to other options, for example. Cisco can be cheaper than Palo Alto, but that is not always the case.

I'm not sure which version of the solution we're using. We use a physical appliance.

We're using three different models, for the most part.

My company is an outsourcing company that deploys software and testing.

The solution is very user-friendly and easy to manage and administrate. For that reason, I would rate the product at a nine out of ten.

We have clients in the government and supermarkets, for example, who use this firewall for integration with EDR, NDR, CN, and IPS.

Palo Alto Networks NG Firewalls' IPS is more complete and is very good. This is a user-friendly solution that is easy to install, and it provides the best protection.

It's very important that Palo Alto Networks NG Firewalls embed machine learning in the core of the firewall to provide inline, real-time attack prevention because all components are moving laterally these days. We need tools that follow the zero-trust model.

These firewalls have helped reduce downtime in our organization as well.

Palo Alto needs to improve their training. They do not invest in their partners. I have been a partner for seven years, and it is very expensive for me to certify my engineers.

I've been working with these firewalls for almost seven years.

The firewalls are very stable.

Palo Alto's scalability is not as good as that of Check Point. With Check Point, I can integrate the firewall with other products.

We do not have technical support in Brazil, so I would rate it a two out of ten. However, Palo Alto's technical support in the US is good, and I would give them a rating of eight out of ten. 

Neutral

I have worked with Check Point, but it's very difficult to configure. Palo Alto is much easier to configure, and the dashboard is very user-friendly as well.

Because I have worked with Palo Alto for seven years, the initial setup is very easy for me. However, new engineers may find the configuration difficult.

Palo Alto Networks NG Firewalls are very expensive compared to other firewalls such as Fortinet. As a result, Palo Alto is losing some of its market share. 

I would rate Palo Alto Networks NG Firewalls an eight out of ten because it's a good product.

I like attending RSA conferences because it gives me the opportunity to see what competitors are doing and what is new on the market.

Attending RSAC does have an impact on our cyber security purchases, but I would like to see manufacturers offer more training, certifications, labs, and demos at RSAC. 

Our use cases include combining multiple next-gen firewalls and bringing them into the Panorama centralized platform.

In general, it's one of the better firewall brands out there. It definitely has the investment and the dedication of the Palo Alto team to constantly improve their product and move forward. They're not a static company, like some of the other companies out there, and that's why I like them.

From a firewall perspective, there is a unified platform that natively integrates all security capabilities, which is good because there is a single pane of glass. I don't have to go to every single firewall to look at certain things. I don't have to go to every single firewall to deploy rules. I can use Panorama to deploy the rules, so it's a one-stop job type of thing.

For securing data centers consistently across all workplaces, all next-gen firewalls pipe into the same Panorama centralized management solution. We can manage everything from a single pane of glass, deploy all that out, and make sure it goes through each firewall and updates correctly. That's huge. If you had to do it manually and you had thirty locations, that'd be like a day's job versus thirty minutes.

Having a centralized platform where they all feed into the Panorama solution significantly drops firewall-by-firewall management. We can use the Panorama solution to communicate with all of them.

I like the navigation of the general Panorama solution. I can easily navigate around and get to the thing I need. I'm not wasting time trying to find something.

Personally, I feel that their dashboards for reporting and things like that need some improvement.

We've been using Palo Alto for one to two years.

It has been very stable so far.

So far, it has been scalable enough to hit multiple divisions.

I have not personally contacted their support. That just dictates that they have a good product.

Positive

We also use Cisco firewalls.

I am not directly involved in its deployment, but I do help manage it. To my knowledge, the deployment was straightforward. It was easy to connect them into the Panorama platform.

There was a consultant. They knew their stuff.

There is typically no return on investment for firewalls because it's an IT cost, and we don't make money because we don't resell them.

It's pretty good.

We evaluated Fortinet and Check Point.

The value I receive from attending an RSA Conference is huge because I visit all my vendor partners to understand their roadmaps for the future. Attending an RSA Conference has had an impact on our organization’s cybersecurity purchases made throughout the year afterward because it brings out new features and subsets of the vendor partners. Also, if there is a deficiency in any of the current ones we currently use, we'll go engage other providers in order to find out if they can reach that gap or not, and then it'll dictate future proof of concepts and decisions.

Palo Alto embeds machine learning in the core of the firewall to provide inline, real-time attack prevention, but I personally haven't experienced that. It's a good thing that there hasn't been an attack where that became useful, but that's great to know.

As a result of our experience with Palo Alto NGFW, to a colleague at another company who says, “We are just looking for the cheapest and fastest Firewall,” I would say, "Go with Palo Alto."

Overall, I would rate Palo Alto NGFW an eight out of ten.

Almost all of my deployments are regulated to each firewall perimeter or as a data center firewall. The perimeter firewalls are deployed to control the user traffic and establish IPv6 VPN connections between a company's headquarter and its branches. This solution comes with threat prevention and URL filtering licenses for perimeter deployment. For data center deployments, the solution is deployed as a second layer of protection for the network traffic, especially for VLANs. It also prevents lateral movement of network attacks.

Almost all of my deployments in the Middle East are deployed on-prem. There is no acceptance of cloud solutions, especially for government and banking rules.

Palo Alto Networks Next-Generation Firewall comes with full visibility into the network traffic. The administrator of this next-generation firewall can troubleshoot the traffic, network issues, or connectivity issues that busted through the Palo Alto Next-Generation Firewall, then detect whether the problem is from the client side or the server side. This solution helps the administrator to troubleshoot and have their network up and running all of the time.

A feature introduced by Palo Alto with the version 10-OS is embedded machine learning in the core of the firewall to provide inline, real-time attack prevention. Machine learning analyzes the network traffic and detects if there is any usual traffic coming from outside to inside. Because of Palo Alto, organizations detect around 91% of malicious attacks using machine learning. The machine learning helps customers by implementing firewalls in critical and air gap areas so there is no need to integrate with the cloud sandbox. 

I integrate Palo Alto with different Security Information and Event Management (SIEM) solutions as well as Active Directory to control the traffic based on users and integration with the email server to send notifications and look at domain recipients. I also integrate Palo Alto with Duo as a multi-factor authentication, which is easy to integrate. 

They have introduced more security components that can be integrated. We are talking about Cortex XDR and WildFire. These are natively integrated with Palo Alto Networks. These help to predict malicious attacks on the endpoint and network. WildFire is easy to deploy and integrate.

SP3 architecture helps distribute the bucket into different engines. Each engine has their own tasks: the networking engine, the management engine, and application and security. Each one of these tasks is done by a single task or dedicated CPUs and RAM for handling traffic.

I have been using this solution for about four or five years.

They have a stable solution, stable hardware, and stable software since they have released multiple OSs. If there are any issues, they release a new OS. Each month, you will see new batches with a new OS introduced to customers. You can update it easily. 

With Palo Alto Networks, you have a dedicated management plan. Therefore, if you face an issue regarding the management interface, e.g., the GUI and CLI of Palo Alto Networks, if you have any problem on that you can restart it without effects on the data streams.

The technical support team is great. We have no tickets open with Palo Alto. There are distributed tech centers worldwide that do not have Palo Alto employees, but have the capability to solve your problem in an easy way. They help you to close your gaps or pains.

Positive

I am expert with next-gen Firewalls, especially in Fortinet and Palo Alto. I am NSE 4, NSE 7, and PCSAE certified.

Palo Alto has introduced new features in their next-generation firewall, such as SD-WAN. However, the technique of SD-WAN implementation is not easy to understand. It is not easy to deploy at this moment. Maybe, in the future, they can improve the process and how the administrators, partners, or support team can easily deploy this SD-WAN solution on their next-generation firewall. The SD-WAN solution from Fortinet is easy to do. It does not take more than five or 10 minutes. When we talk about Palo Alto, it takes extra effort to implement SD-WAN.

If you are looking for a great firewall that helps you stop attacks as well as giving you visibility with the administration, this firewall is the best choice. You should not look at the price the first time. Instead, you should look into the solution's productivity and return on investment.

There are some differences in regards to the integrations between Palo Alto and other vendors. Palo Alto handles the traffic using Single Pass Parallel Processing (SP3) engines unlike other vendors, like Fortinet, who use ASIC processors to handle the traffic. The SP3 engine is a different, new architecture for next-generation firewalls. The SP3 engine curbs the traffic and makes the decision based on the buckets, then it evaluates the bucket and other features regarding routing. 

SP3 helps the customer when we talk about data sheets and the performance of the administration firewall. We introduce SP3 to show them real numbers. When we talk about Fortinet, they introduce a different performance number for networking and application throughputs. With Palo Alto Networks, the deduplication between the firewall throughput to the full inspection mode throughput is minimal. There is no big difference between the networking throughput and full inspection mode throughput.

I use DNS security from other vendors, not Palo Alto. I have tested Palo Alto with some scripts in regards to exfiltration and about 50% to 70% of exfiltration attacks could be stopped by Palo Alto. This year, Palo Alto has improved its DNS security against data exfiltration attacks. They enhanced the DNS security features with Palo Alto Networks Next-Generation Firewall by introducing a cloud solution. The solution now forwards these DNS requests to the cloud, which can analyze it using machine learning and artificial intelligence to decide if it is legitimate traffic or not.

The integration is based on the customer environment and what they need. Enterprise customers have some regulations and compliance so they need to send all their logs to the same solutions. We can integrate it using a syslog protocol over UDP. So, it is easy to integrate Palo Alto with some solutions. However, with other Palo Alto technologies or solutions, I integrate them just with WildFire. WildFire is a dedicated solution related to sandboxing and can be deployed on-prem or in the cloud.

The NSS Labs Test Report information has previously helped me to convince customers to buy Palo Alto Networks Next-Generation Firewalls. However, I am now not using the NSS Labs Test Report. Instead, I am using Gartner reports to offer customers Palo Alto Networks Next-Generation Firewalls.

Machine learning on the Palo Alto Networks Next-Generation Firewall was introduced on version 10.

I would rate this solution as nine out of 10.

The most valuable features of this solution are all of the services it provides. 

The application layer to the hardware Layer is good, as are all layers it offers.

It's a very comprehensive solution.

The features should be built into the system. For example, it generates many logs with a lot of information that can be converted into security and business information and shown to the user. This is a time-consuming job.

I would like to see it provide us with intelligent information from the data that it captures, within the same cost.

I have been using this solution for two years.

It's a very stable product, so far.

It's very scalable. We have 300 users in our company.

Technical support is very good.

We have worked with various firewalls such as Check Point, Sophos, Cisco, and some unknown product names as well.

There are several things to consider before recommending a solution. It depends on the business requirements, the budget, and the complexity of the security needs.

I believe that Palo Alto is the best one, then Check Point and Sophos. Those are my three preferences.

Palo Alto and Check Point would be rated an eight out of ten and the others would be a seven out of ten.

The initial setup is complex, but it can be done.

The rollout takes a couple of weeks but you have to keep improving it every day.

Part of the setup was completed by me, with some help externally.

We have a subcontractor for maintenance.

This is an expensive product, as are the others of this type.

Know your business requirements, the features, the ease of use, and know what type of budget you have. These are the types of requirements to know before you use this product.

I would rate this solution an eight out of ten.

We utilize advanced threat prevention features like web filtering and SSL decryption, which haven't caused any issues.

The tool's central management system is complicated, making it challenging to manage multiple devices centrally. Individually, the firewalls are easy to use and manage.

I'd like to see better central management features in the next release. They've introduced some, but I haven't tried them yet, so I can't say how effective they are. However, having a single management interface would be a big improvement.

I have been working with the product for six years. 

The product is scalable. 

The tool is stable. 

The tool's technical support is good compared to other vendors. 

Positive

Setting up the tool can be challenging, especially if configuring them individually. There's an option for zero-touch configuration, but it still involves managing Palo Alto Networks NG Firewalls, which adds complexity and doesn't always justify the cost. If you're experienced with the technology and starting from scratch, expect a steep learning curve.

The tool is expensive, especially considering all the necessary licenses for centrally managing firewalls. For medium-sized companies like ours, it's often not feasible within our budget constraints.

We pay around €200k yearly for all our firewalls. Additionally, we received a quote of over 1 million per year for Prisma Access. There is a significant cost difference compared to other options, where it's around €200k per year.

We have to pay a license for support. 

We started with on-premise infrastructure, including domain controllers. Still, as we moved to the cloud, there was a gap in group membership management until Palo Alto came up with a solution. We have multiple firewalls, about 50 of which are difficult to manage. However, the features offered by the firewalls themselves are really good.

In the future, we might consider switching from Palo Alto Networks NG Firewalls. We're currently evaluating a new solution. However, cost is a concern, as it seems more expensive than other products and SaaS solutions.

Integration with Palo Alto Networks NG Firewalls and other security tools or IT infrastructure is not entirely straightforward but manageable. It's easier compared to some other vendors but still requires effort. I have tried to integrate it with Cisco ISE. 

I recommend Palo Alto NG Firewalls for large enterprises. However, due to their high price, I wouldn't recommend them for small—to medium-sized companies, especially those with limited IT budgets.

We've found that Palo Alto NG Firewalls are particularly good at stopping zero-day attacks. Compared to other companies like Fortinet, we've had fewer security breaches with it.

I rate the overall solution a seven out of ten. 

The product’s most valuable feature is security.

Palo Alto Networks NG Firewalls work slowly for vulnerability management. Its performance could be faster.

We have been using Palo Alto Networks NG Firewalls for five years.

The product is stable. I rate its stability a ten out of ten.

I rate the product’s scalability a nine out of ten.

The technical support services are good. They respond immediately.

Positive

We used FortiGate earlier. We plan to switch again to FortiGate as per our vendor’s preference.

The initial setup process is quite easy. It took less than a month to complete.

I rate the product’s pricing an eight out of ten.

We evaluated Check Point. We decided to go to Palo Alto for better pricing.

I rate Palo Alto Networks NG Firewalls a nine out of ten.