We use Palo Alto Networks NG Firewalls for our gateway security.
System Engineer at DLP
Has good ID management and the configuration is easy
Pros and Cons
- "The user experience is good and the configuration is very easy."
- "Technical support can be faster at responding."
What is our primary use case?
How has it helped my organization?
Embedded machine learning is important.
The user experience is good and the configuration is very easy.
Palo Alto Networks NG Firewalls provide a unified platform that natively integrates security capabilities.
What is most valuable?
IDM is the most valuable feature.
What needs improvement?
The process of applying updates to Palo Alto Networks NG Firewalls has room for improvement.
The price also has room for improvement and the technical support could respond faster.
Buyer's Guide
Palo Alto Networks NG Firewalls
December 2024
Learn what your peers think about Palo Alto Networks NG Firewalls. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.
For how long have I used the solution?
I have been using Palo Alto Networks NG Firewalls for one year.
What do I think about the stability of the solution?
The solution is extremely stable.
What do I think about the scalability of the solution?
The solution is scalable. We have 60 people that use the solution in our organization.
How are customer service and support?
The technical support is good but can sometimes be slow.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I previously used WatchGuard XTM firewalls, but I switched to Palo Alto Networks NG Firewalls because of their superior performance and features.
What was our ROI?
We have seen a good return on investment.
What's my experience with pricing, setup cost, and licensing?
Palo Alto Networks NG Firewalls are expensive compared to WatchGuard XTM firewalls.
What other advice do I have?
I give Palo Alto Networks NG Firewalls a ten out of ten.
We have to perform regular updates for the solution.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Software Engineer at a tech vendor with 501-1,000 employees
Provides a unified platform that natively integrates all security capabilities
Pros and Cons
- "Their Prisma log collection is pretty great. Our product collects the logs, and it definitely makes the configuration of log collection easier."
- "Everything has been great. More machine learning would be something great to see, but I don't know if it's a priority for Palo Alto."
What is our primary use case?
We're partners. Essentially, we take all the Palo Alto firewall policy information and all the device information, and we put it on a single pane of glass for them.
How has it helped my organization?
It provides a unified platform that natively integrates all security capabilities. This communication between security devices or security platforms is pretty important.
It helps to reduce downtime in our organization, but I don't have the metrics.
What is most valuable?
Their Prisma log collection is pretty great. Our product collects the logs, and it definitely makes the configuration of log collection easier.
What needs improvement?
Everything has been great. More machine learning would be something great to see, but I don't know if it's a priority for Palo Alto.
For how long have I used the solution?
We're partners with Palo Alto. We've been partnering with them for about ten years for their firewalls.
What do I think about the stability of the solution?
It's pretty stable.
What do I think about the scalability of the solution?
It's pretty scalable. Palo Alto does a great job across the board from small businesses to large enterprise solutions.
How are customer service and support?
I have not had direct communication with their support.
Which solution did I use previously and why did I switch?
We've worked with different firewall solutions such as Check Point, Cisco, ACI, and Fortinet, but Palo Alto is definitely among the ones that I like to work with.
What was our ROI?
Overall, it provides a wide range of features for securing an environment.
What's my experience with pricing, setup cost, and licensing?
You get what you pay for.
What other advice do I have?
The RSA Conference is great. You get to see a wide range of products all in one place. In terms of security, this is the place to be. It has been a great experience.
I believe attending the RSA Conference has an impact on our organization’s cybersecurity purchases made throughout the year afterward. It gives us a good forecast as to where the industry is going and what's to come so that we can be better prepared to partner with all different vendors.
To a colleague at another company who says, “We are just looking for the cheapest and fastest firewall,” I would say that Palo Alto is definitely not the cheapest. It's one of those things where you prefer quality.
Overall, I'd rate this solution a nine out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Buyer's Guide
Palo Alto Networks NG Firewalls
December 2024
Learn what your peers think about Palo Alto Networks NG Firewalls. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.
Manager, Global Security Operations at a non-tech company with 10,001+ employees
Is updated often with the latest threat signatures and secures data centers consistently across all workplaces
Pros and Cons
- "I like that Palo Alto does a good job of keeping the firewall updated with the latest threat signatures."
- "The performance of the Panorama interface needs to be improved. It tends to be very sluggish at times."
What is our primary use case?
As a Security Engineer, I use this solution for protection. I put in additional rules and also use the solution for forensic investigations and to look at traffic logs.
What is most valuable?
I like that Palo Alto Networks does a good job of keeping the firewall updated with the latest threat signatures.
We use Panorama, so we're able to manage an entire array of firewalls in one console. It's really useful because we can make one change and deploy it to all of our firewalls.
Palo Alto Networks NG Firewalls do a great job at providing a unified platform that natively integrates all security capabilities. For example, we can easily export our firewall logs into our SIEM. We have so many tools to manage that having a unified platform makes our job easier.
This firewall is great at securing data centers consistently across all workplaces.
We have high availability, and Palo Alto Networks NG Firewalls helped reduce downtime.
What needs improvement?
The performance of the Panorama interface needs to be improved. It tends to be very sluggish at times.
For how long have I used the solution?
I've been using Palo Alto Networks NG Firewalls for five years.
What do I think about the stability of the solution?
I have not heard of any complaints or issues regarding the stability of the firewalls.
What do I think about the scalability of the solution?
We can easily add nodes into Panorama with no problem. As such, scalability is not an issue. We have an enterprise environment with approximately 15,000 users in multiple countries.
How are customer service and support?
I haven't had to call technical support, but my colleagues have. They've always spoken positively about the experience and would probably rate the technical support an eight out of ten.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
My organization used Cisco Secure Firewall ASA and switched to Palo Alto Networks NG Firewalls because Cisco was lagging behind in many features. For example, the management interface on the ASAs was awful compared to that in the NG Firewalls.
What was our ROI?
We have absolutely seen an ROI in the fact that we haven't ended up in the news. We can look at any time and see all the threats that have been stopped by Palo Alto Networks NG Firewalls.
What other advice do I have?
If you are looking for the cheapest and fastest firewall, I would say that it's a risky angle to take. Security costs money, and you'll get what you pay for.
The benefits I receive from attending an RSA conference are networking, meeting people and having conversations face-to-face, making contacts in the industry, getting suggestions about products, and attending briefings about specific products.
Also, attending RSAC can have an impact on your organization’s cybersecurity purchases because you may find out about products that you hadn't heard of before.
Overall, I would rate Palo Alto Networks NG Firewalls an eight on a scale from one to ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior Network Analyst at a non-profit with 1,001-5,000 employees
Debugging and troubleshooting through package capture are very easy from CLI
Pros and Cons
- "It's very important that Palo Alto NG Firewalls embed machine learning into the core of the firewall to provide inline, real-time attack prevention. That increases our security posture... The firewall is able to capture it and flag it and it is easy to mitigate as soon as we see something like that happening, to secure the environment more, in real time."
- "In the last three years at least, they have been lagging behind their competitors. The main issue is the support that we can get... You have to wait for them to get back to you and sometimes it's random. And the biggest problem I have is that you have to wait hours on the line when you're calling them to get a hold of the next available engineer."
What is our primary use case?
We used the solution as an edge or internet firewall where we were running IPS/IDS and doing filtering on it, apart from the other security features. We are still using it for our users' VPN activity and to manage site-to-site VPN tunnels with other clouds, like AWS and Azure, so that there is connectivity back and forth between those cloud providers and our on-prem data center.
What is most valuable?
The features I like are the debugging and troubleshooting through package capture. It's easy to capture from the CLI and it's also easy to get logs from the CLI.
It's very important that Palo Alto NG Firewalls embed machine learning into the core of the firewall to provide inline, real-time attack prevention. That increases our security posture. It gives us real-time anti-cyber activity and enables us to look at it. The firewall is able to capture it and flag it and it is easy to mitigate as soon as we see something like that happening, to secure the environment more, in real time.
These firewalls have the zero-delay signatures feature, which is really important because you don't want to be lagging behind with any kind of security updates. It doesn't affect our security a lot, but without it, we could be compromised a little bit. If updates are delayed by a couple of hours, there's an opportunity for the bad actors to execute something in that time frame. It gives us a little bit more security, but it's not like it's a high-severity situation.
Overall, they're doing great with the features. They're improving them day by day and year by year, which is really good. They're making new products that are compact inside, which is also really good. Instead of a full rack, they have tiny devices that have the same or even better performance compared to the bigger ones. They are doing well in improving the units, features, and security.
For how long have I used the solution?
I've been using Palo Alto Networks NG Firewalls for eight years.
What do I think about the stability of the solution?
They're very reliable and stable. Compared to some of the competitors, they're more reliable.
What do I think about the scalability of the solution?
The scalability is also good. They provide good options for scaling. The only thing that I would think about is that, in the newer firewalls, they have increased the performance but decreased the number of concurrent VPN connections or users. The new, compact devices have better performance, but they have reduced the number of users that can connect. Maybe that's a marketing strategy to sell higher-end models.
In my organization, everybody is using the Palo Alto firewalls because they're connected to the VPN, but the management and operations aspects are limited to the folks in IT.
How are customer service and support?
These firewalls used to bring a lot of value to us, but in my practical experience, in the last three years at least, they have been lagging behind their competitors. The main issue is the support that we can get.
For example, in the past, if something happened, we could just give them a call and open a ticket, and we would have technical support right away to help us. Whether it was a severity-one, critical incident, where we had no connectivity, or just a minor or medium-severity issue, we used to get support right away. But in the last three years, it has been really hard to get hold of an engineer. I have reached out a couple of times to give them a heads-up, "This is a ticket I opened three days ago. I'm trying to get a hold of anybody."
It's okay that they force us to open a ticket on the portal, but after opening a ticket, it's really hard to get support when you need it. You have to wait for them to get back to you and sometimes it's random. And the biggest problem I have is that you have to wait hours on the line when you're calling them to get a hold of the next available engineer.
They should make it easier to get in touch with their TAC. This is what they have called transforming the customer experience, but I believe it's getting worse. That's the only thing they have to improve. When you do get someone, the support from their end stands out, it's a nine out of 10. But getting a hold of an engineer is a two out of 10.
How would you rate customer service and support?
Neutral
How was the initial setup?
The initial setup is very straightforward. You need to connect through the portal manager and to the IP that you want to access remotely. And pushing the configuration from other devices is very easy. They provide tools so that you can get the configuration from competitors' devices and convert that into the Palo Alto version. It's very easy to configure initially and to manage as well.
On the maintenance side, it's really good. We don't have to put a lot of effort into that.
What other advice do I have?
The security and performance of the PA-400 series of Palo Alto NGFWs, versus its price, is really good. It's very inexpensive and has good performance compared to the previous higher-end 3000 models.
Palo Alto provides Panorama where you can manage a bunch of firewalls from a single pane of glass or just one device. It allows you to manage all of the firewalls in one, integrated location. You don't have to make a chain of 50 different firewalls. It will push what you need to be changed to all the other firewalls. We used to use it, but we got rid of it because we replaced all our Palo Altos with competitors' firewalls and we don't use Palo Alto anymore, other than for VPN. We have six firewalls in our organization right now, although we used to have 35 to 40. Because we no longer have a lot of firewalls, we got rid of Panorama. We don't want to pay for it to just manage six firewalls where we are not making any changes frequently. If we had 35 or 40 still, I would definitely recommend having Panorama.
Panorama is for managing the rules. It saves time on configuration, but it doesn't affect your security posture. Whether you're managing each firewall or using Panorama, it's exactly the same thing. But it helps you to execute changes in a very short period of time. It's a way of pushing the config to all your devices.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Director IT Security at a healthcare company with 501-1,000 employees
Good threat hunt capabilities, good support, and easy to deploy
Pros and Cons
- "Mechanically, all firewalls work in a similar fashion, but what makes Palo Alto different is that it also has some of the threat hunt capabilities. It is a little bit better than other vendors."
- "As things are evolving, we want to make sure that Palo Alto is able to keep up with what is going on outside. They should continue to do more intelligence-related enhancements and integrate with some of the other security tools. We want to have a more intelligent toolset down the road."
What is our primary use case?
Basically, it is for protection and security. We are using it to make sure that our network is as secure as possible. We are able to evaluate each stack in each pocket and take certain actions as needed when we look into some of the content of the payload.
We have on-prem deployments, and we also have SaaS-based services.
What is most valuable?
Mechanically, all firewalls work in a similar fashion, but what makes Palo Alto different is that it also has some of the threat hunt capabilities. It is a little bit better than other vendors.
What needs improvement?
As things are evolving, we want to make sure that Palo Alto is able to keep up with what is going on outside. They should continue to do more intelligence-related enhancements and integrate with some of the other security tools. We want to have a more intelligent toolset down the road.
For how long have I used the solution?
We implemented this solution last year.
What do I think about the scalability of the solution?
We currently have 25,000 users. Its usage won't increase a lot, but IT is changing very rapidly, and it would depend on the security model towards which we are moving.
How are customer service and technical support?
Palo Alto provides pretty good support.
How was the initial setup?
It is straightforward. The deployment duration varies because there are different modules and components, but it doesn't mean that we have to complete everything to make it work. For the core piece of it, it would probably take a couple of months to install, configure, and test.
What about the implementation team?
We have a vendor to help us. We have two or three people for its deployment.
What's my experience with pricing, setup cost, and licensing?
It has a yearly subscription.
What other advice do I have?
I would recommend this solution. I would rate Palo Alto Networks NG Firewalls an eight out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Technology Manager at Italtel
Easy for clients to connect to their information
Pros and Cons
- "They have a good system operator in the firewalls and it provides many tools that they can use to protect their networks."
- "Maybe they could add some tools and more competing services, like servers, but that would increase the cost of the solution."
What is our primary use case?
Our primary use case is for the perimeter connection of our clients in the network. Our client brings their services to their clients, and they have the option to connect to a webpage. With Palo Alto Networks NG Firewalls they can safely provide a username and password to their clients.
It is mainly on-premise, because the majority of the clients at this point want that kind of option. But many of them are already asking for the cloud option, like Prisma, for example.
How has it helped my organization?
It has improved our clients' organizations because previously the clients did not have the option to fully connect. In this solution, they have the opportunity to add services to their web page and book clients.
What is most valuable?
The feature that I have found most valuable is the connection. It's very easy for the clients to connect to their information. They use an SSL connection by BPM.
What needs improvement?
We work very closely with the vendors here and at this point they use external support.
Maybe they could add some tools and more competing services, like servers, but that would increase the cost of the solution.
For how long have I used the solution?
My company has been using Palo Alto Networks NG Firewalls for almost one year. It is new for us. We have more experience with Cisco and Fortinet.
What do I think about the stability of the solution?
In my company, I am responsible for the development of the proposal that we give to the client. We develop the spectrum and the pricing. We make presentations to the customer to explain the solution and answer questions about it.
What do I think about the scalability of the solution?
The scalability is very strong. The vendor provides has high availability.
Our clients are medium sized businesses.
Palo Alto is not a cheap solution. It is expensive. But because of its technology it pays itself back. In each case we work with the vendor to obtain a major discount for their business. I give that discount to our customer, who benefit from the services that we can bring them.
How are customer service and technical support?
This is our first dealing with Palo Alto. With other vendors we have more experience, like with Cisco and Fortinet.
Palo Alto's documentation and manuals are very complete. It's very easy to obtain the information that way.
Which solution did I use previously and why did I switch?
The client still uses Cisco, Fortinet, and Checkpoint. Palo Alto has very good administration tools which is not the case with the others. You can't compare all vendors. Also, the granularity of the information that they can obtain from the firewalls is better.
How was the initial setup?
The initial setup depends. In the case of one client, for example, they have a very complex connection of networks, which is architectural. It is integrated and we need to pick it out and include all the rules that they have and to put in the firewalls which they want to buy in the next month. That kind of job is not easy for us, not just regarding Palo Alto but for other vendors, too.
What other advice do I have?
On a scale of one to ten, I would give Palo Alto Networks NG Firewalls a nine.
I would recommend this product to others.
In terms of what advice I would give to future customers looking into implementing Palo Alto Firewalls, I would tell them that they have a good system operator in the firewalls and that it provides many tools that they can use to protect their networks. You don't find that in the other vendors.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Technical Engineer - Technical Security at a tech services company with 1,001-5,000 employees
It incorporates machine learning into the firewall and reduces downtime, but enabling multiple features can lead to performance degradation
Pros and Cons
- "The most valuable features of Palo Alto Networks NG Firewalls are DNS sync calls, enabled security features, and Wildfire."
- "Palo Alto Networks NG Firewalls helped reduce our downtime."
- "The machine learning component on the firewall level requires more computing power to perform at the full production level."
- "The machine learning component on the firewall level requires more computing power to perform at the full production level. Therefore, the ML is currently providing partial real-time attack prevention."
What is our primary use case?
Palo Alto Networks NG Firewalls are our perimeter firewalls that protect the network from external attackers. They provide visibility into network activity, from layer four to layer seven, including application visibility, user awareness, and content awareness. These features are crucial for any network and organization, regardless of size, whether it's 20 users or two million users – they all need a firewall.
How has it helped my organization?
It's crucial that the entire cybersecurity landscape shifts from traditional methods to artificial intelligence and machine learning. When vendors stay current with emerging and future technologies, they're better positioned for success. This proactive approach ensures they remain relevant and effective in the ever-evolving cybersecurity space.
Palo Alto Networks NG Firewalls helped reduce our downtime.
What is most valuable?
The most valuable features of Palo Alto Networks NG Firewalls are DNS sync calls, enabled security features, and Wildfire.
What needs improvement?
The machine learning component on the firewall level requires more computing power to perform at the full production level. Therefore, the ML is currently providing partial real-time attack prevention.
In large data centers, enabling multiple features, such as SSL decryption, can lead to performance degradation. This is especially noticeable in Palo Alto firewalls when SSL inspection is enabled. Ideally, this shouldn't happen. To address this, enterprises are often forced to upgrade to higher-end models, which is unnecessary. Palo Alto needs to address this issue. When performance degrades due to full packet inspection, the solution should be to increase the computing power within the same firewall, not to recommend upgrading to a larger, more expensive model. Performance issues during full inspection need to be resolved without requiring hardware upgrades.
The technical support has room for improvement.
For how long have I used the solution?
I have been using Palo Alto Networks NG Firewalls for five years.
What do I think about the stability of the solution?
I would rate the stability of Palo Alto Networks NG Firewalls six out of ten. After the upgrade, we are experiencing performance issues. Occasionally, we need to reboot the firewalls to refresh and recreate sessions. Gradually, performance returns to normal. Immediately following the upgrades, performance and utilization spike significantly.
What do I think about the scalability of the solution?
I would rate the scalability of Palo Alto Networks NG Firewalls eight out of ten.
Which solution did I use previously and why did I switch?
We previously used Checkpoint firewalls, but the performance was subpar and lacked an available interface. In contrast, Palo Alto Networks NG Firewalls offered more interfaces.
How was the initial setup?
The initial deployment was not complex but we did face some issues with respect to dynamic routing configurations.
What about the implementation team?
We used a third-party for the deployment.
What was our ROI?
We have observed an average return on investment from Palo Alto Networks NG Firewalls.
What's my experience with pricing, setup cost, and licensing?
Palo Alto Networks NG Firewalls are expensive. The total cost of ownership is high.
What other advice do I have?
I would rate Palo Alto Networks NG Firewalls six out of ten.
For those looking for the cheapest NG firewall, I would recommend Fortinet.
We deployed a total of four Palo Alto Networks NG Firewalls, two in the data center and two in the data recovery center. We have a total of 1,800 endpoints in our organization.
Frequent updates necessitate regular maintenance, which requires a team of four people.
Before purchasing, conduct a proof of concept to verify functionality, alignment with use cases and organizational requirements. Validate hardware compatibility and ensure correct sizing. Opt for direct Palo Alto OEM support instead of partner-enabled support.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Last updated: Nov 27, 2024
Flag as inappropriateAssociate cloud system admin at Innocap
Is used to secure our Internet traffic and the application traffic
Pros and Cons
- "The payload is a very valuable feature."
- "The technical support needs improvement."
What is our primary use case?
We use the solution to secure our Internet traffic and the application traffic from the Internet.
There is also no need to connect to a VPN most of the time.
What is most valuable?
The payload is a very valuable feature.
What needs improvement?
The technical support needs improvement.
For how long have I used the solution?
I have been using Palo Alto Networks NG Firewalls for six years.
What do I think about the stability of the solution?
It is a stable solution.
How was the initial setup?
The deployment takes five to ten minutes.
What's my experience with pricing, setup cost, and licensing?
There are security licenses.
What other advice do I have?
Overall, I rate the solution a nine out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Last updated: May 19, 2024
Flag as inappropriateBuyer's Guide
Download our free Palo Alto Networks NG Firewalls Report and get advice and tips from experienced pros
sharing their opinions.
Updated: December 2024
Product Categories
FirewallsPopular Comparisons
Fortinet FortiGate
Netgate pfSense
Cisco Secure Firewall
Azure Firewall
Check Point NGFW
WatchGuard Firebox
SonicWall TZ
Juniper SRX Series Firewall
Untangle NG Firewall
Fortinet FortiGate-VM
SonicWall NSa
KerioControl
Buyer's Guide
Download our free Palo Alto Networks NG Firewalls Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Is Palo Alto the best firewall for an on-premise/cloud hybrid IT network?
- What are the main differences between Palo Alto and Cisco firewalls ?
- Expert Opinion on Palo-Alto Required.
- Which is the best IPS - Cisco Firepower or Palo Alto?
- Features comparison between Palo Alto and Fortinet firewalls
- Is Palo Alto Networks NG Firewalls better than Check Point NGFW?
- Which is better - Palo Alto Networks NG Firewalls or Sophos XG?
- What are the main differences between Palo Alto firewalls and Cisco Secure Firepower?
- What is a better choice, Azure Firewall or Palo Alto Networks NG Firewalls?
- Which Palo Alto Networks NG Firewalls model is recommended for 1200 users?