Palo Alto Networks NG Firewalls Reviews

Our primary use case is to provide our clients with an internet gateway. 

The best feature is the packet inspection; compared to solutions like Cisco and FortiGate, Palo Alto's packet inspection is much less CPU intensive, allowing it to detect threats embedded within packages more quickly and efficiently. 

Palo Alto Networks NGFW provides a unified platform that natively integrates all security capabilities; it's easy to integrate with other platforms, and we never faced any issues doing so.  

Using Palo Alto Networks NGFW's unified platform, our clients have eliminated multiple network security tools and the effort needed to get them to work together.

The solution doesn't support routing in virtual firewall creation, and we want that to be enabled. 

We've been involved with Palo Alto Networks since 2008 and are a reseller, so we implement the solutions for our clients.

The solution is very stable; we don't have any problems with the stability. 

The product is very scalable. Most of our customers are enterprise-sized financial institutions with over 3,000 branches. 

Palo Alto Networks doesn't directly support Pakistan but rather through distributors. Out tickets go to the distributors, which are then forwarded to Palo Alto.

Neutral

The initial setup is very straightforward; we can complete it three to four hours after activating the licenses.

The product is expensive. With one being the cheapest and ten being the most expensive, I give it an eight.

I rate the solution nine out of ten. 

Palo Alto Networks NGFW is an excellent solution; 90% of the financial institutions in Pakistan use it as their ultimate gateway. 

People are just starting to get into machine learning in Pakistan, so we're not 100% sure of its capabilities and potential. I believe machine learning becomes more efficient in a cloud environment than a hybrid one, though I have yet to research this thoroughly.

To a colleague at another company who says they want the cheapest and fastest firewall, Palo Alto Networks provides an expensive solution, but you can't compromise on security. You can buy the most inexpensive firewall, but you'll have to purchase add-ons and subscriptions to enable a complete security infrastructure in your organization. One solution for every situation that doesn't require any additional services is a better choice. 

I advise those considering the solution to understand where they want to deploy it in the organization, as a broad installation is best for internet gateways. Next, the sensitivity of the data is important; for a financial institution like a bank, I recommend Palo Alto NGFWs because of the quality of the security and machine learning.

We use Palo Alto Networks NG Firewalls mostly for firewalls.

Palo Alto Networks NG Firewalls saves our company time and resources, which equals money.

Palo Alto Networks NG Firewalls saves us time. The solution's firewalls have secured our company, and we don't have to worry about anything.

I would like more reporting and metrics in the solution.

We have been using Palo Alto Networks NG Firewalls for two years.

It is a stable solution.

It is a very scalable solution.

We have seen an ROI with Palo Alto Networks NG Firewalls because it saves us time. We haven't worried about any security issues and feel very protected with Palo Alto Networks NG Firewalls.

It is expensive but is worth the price.

Before choosing Palo Alto Networks NG Firewalls, we did evaluate other options.

We're fine with the firewall and not shopping around for a firewall.

The fact that it embeds machine learning in the core of the firewall to provide inline, real-time attack prevention is invaluable to me.

Palo Alto NGFW provides a unified platform that natively integrates all security capabilities, which is invaluable to me.

It does a great job of securing data centers consistently across all workplaces, i.e., from the smallest office to the largest data centers, and we have zero complaints.

Palo Alto Networks NG Firewalls have helped us reduce about twenty extra hours a week of downtime in our organization.

I rate the value we receive from attending an RSA Conference a ten out of ten.

Attending RSAC will surely have an impact on our organization's cybersecurity purchases made throughout the year afterward.

Overall, I rate the solution a ten out of ten.

I am a customer of Palo Alto Networks. If any issue arises, I raise a ticket with Palo Alto.

We are currently using Palo Alto in our national data center, which is a large Tier Three data center. As all communication is now going through APIs, it would be beneficial to improve Palo Alto by adding an API scanner in the future.

The most valuable feature of the solution is the network protection.

We decided to use Palo Alto because they are the leader in the market.

Palo Alto does provide a unified platform that natively integrates all security capabilities.

These days, DDoS attacks are becoming more frequent, especially in external data centers. Therefore, we need to enhance the DDoS attack block list and update patches in our national data center.

The API scanner could be improved.

The support could be improved. 

Palo Alto does not have a support team located in Bangladesh, and their support team operates from another location. Therefore, when we raise a ticket, it takes some time for them to respond, which can be problematic for us.

I have been working with Palo Alto Networks NG Firewalls for seven years.

Since we have definitely used Palo Alto Networks NG Firewalls, it's not possible to compare them with any other product.

The stability of Palo Alto Networks NG Firewalls is good.

The current solution is satisfactory, but we require more scalability from Palo Alto.

Technical support is good.

I would rate the technical support a nine out of ten.

Positive

Previously, we did not use another solution.

The initial setup was straightforward, as we prioritize quality over price for our federal work. Our main concern is protection, as we need to safeguard national assets.

I am the consultant.

We have observed a positive return on investment because if a DDoS attack were to occur, it would result in a loss of business and other adverse effects.

By using Palo Alto to protect our data, we can prevent such attacks and ensure that our business runs smoothly.

We always aim to reduce the pricing, as it is currently a bit high and needs to be lowered.

Before my organization purchases any product, they must obtain my permission and also conduct an evaluation.

From the very beginning, we have been using Palo Alto Networks NG Firewalls, I cannot make a comparison with other firewall solutions.

Palo Alto is the market leader in firewall technology, and we also use their firewall. However, we have been experiencing DDoS attacks and are using Palo Alto to protect against them. 

In some cases, we may need to increase the DDoS block list and update patches through Palo Alto.

As someone who works in the national data center, we always strive to use the very best, not the cheapest.

I would rate Palo Alto Networks NG Firewalls a nine out of ten.

We primarily use the solution for our internal network.

The active features on the solution are excellent.

The dashboard and management console are both very user-friendly. Everything is easy to navigate.

The interface is very nice. We generally like the UI the product offers.

The ability to check cases could be improved upon. We find that most of the packets we have to directly open with the PA. Until then, it's possible that there cannot be any support.

Take, for example, the XDR. The XDR is the real power to all our solutions from PA, however, when we are using their XDR, we have directly to contact PA. It's like this for the licensing or for any technical issues.

The solution could offer better pricing. We'd like it if it could be a bit more affordable for us.

The solution should offer SD-WAN.

We've been using the solution since 2016. It's been quite a few years now, at this point.

The solution is quite stable. We don't have bugs or glitches. It doesn't crash or freeze. It's quite good and we've been happy with it.

We haven't tried to expand the solution or to scale it up. It's not an aspect of the solution our company has explored just yet. Therefore, I can't speak to its capabilities in this aspect. I'm not sure what exactly is possible.

I don't have any experience with technical support. I've never had to contact them. Other colleagues would be the ones that deal with this aspect. I wouldn't be able to comment on their level of knowledge of responsiveness.

We're also using Check Point as a firewall.

The initials setup was pretty straightforward. It was not complex at all for us. We didn't run into any issues during the implementation.

The licensing is paid on a yearly basis. 

The pricing could be better, however, the cost depends on the sizing of the product. The pricing, therefore, varies from company to company for the most part.

We have a partnership with Palo Alto.

We're using the 5000 series of Palo Alto. It's a next-generation firewall. We're currently using the Management Gateway and Virtual Firewall. Also, the Endpoint Solution.

I'd recommend the solution to other organizations. We've been pretty happy with it so far.

I'd rate the solution at an eight out of ten.

We use this firewall as part of our overall security solution. It is used to protect our perimeter on the internet side. We have the on-premises version installed for our offices and the cloud-based version for our cloud offerings. For our cloud setup, we use both Azure and AWS.

The most valuable feature is the security provided by the ATP. It is definitely better than the security provided by other firewalls.

The API is available for integration with tools for automation and AI, which is very good.

The interface contains some decentralized tools, so simplifying it would be an improvement.

I would like the option to be able to block the traffic from a specific country in a few clicks.

Some of the implements under artificial intelligence should provide better visibility in terms of my traffic, such as where it originates and where it is going.

Better integration with industry tools would allow me to do quicker automation and reduce my operational costs.

We have been using the Palo Alto Next-Generation firewall for almost five years.

This solution is definitely not scalable. Although it is a next-generation firewall, it has its limitations in terms of policies. At one point in time, it becomes the bottleneck, which is something that we have to optimize.

We are using this firewall at between 10 and 15 locations.

We have been in contact with technical support and we are satisfied with the service.

We also use FortiGate VDOM, although this is for internal protection. The FortiGate interface is simpler in design than Palo Alto.

Prior to Palo Alto, we were using the Cisco ASA platform. When it was through with its lifecycle, we switched. Seeing the next-generation firewall competition in the market, Cisco definitely has a larger portfolio, but it is not as competitive in the security domain. Solutions from Palo Alto and Fortinet are better in this space.

It is easy to install and we did not find the initial setup complex at all. The basic firewall can be set up, and then it takes a little time for the hardening. In total, the deployment can usually be completed within two or three hours.

The pricing is competitive in the market.

Palo Alto NG is definitely a firewall that I recommend for the right size of deployment.

I would rate this solution an eight out of ten.

We are basically using a double protection layer in which we take care of all our DMV, VPN, tunnels, and internal network. We are basically using it for application based configuration  controlling our traffic on applications with layers four to seven. We are customers of Palo Alto and I'm an information security specialist. 

I like the training material they provide and the reporting is very good. The solution is very easy to configure, and very easy to understand and explain. Compared to firewalls offered by their competitors, I find it easier to use and more thorough. The most important thing the solution provides is, of course, the firewalling up to the application level.

There could be improvement with their logs, especially their CLI. When you go to the command line to understand the command line interface it's tricky and requires a deep understanding of the product. We recently faced one issue where the server side configuration changed and it wasn't replicated at the firewall. It required us to tweak things and now it is working fine. Finally, the HIPS and audio call features could be improved. 

I've been using this solution for two years. 

In the past two years I haven't had any issues with the stability. That applies to the hardware, software, upgrades, updates, new feeds. I haven't faced any big issue, you can say that. 

We are using their big boxes, like the 7,000 series. So it's already at that level. We're already using 120 GB, like three 40 gigs and it's working fine for us. You can scale as you wish.
We have over 10,000 people using the service through this firewall. It's working 24/7 and it's been that way for the past two and a half years. 

The initial setup is not complex. It took us 15 to 20 days because we were migrating from the other firewall. The strategy was to take the backup and simultaneously create a leg and transfer to that. The first time we deployed, we used the integrator recommended by the vendor. That worked very well. Our team worked with the integrator. We planned everything and they supervised us. 

We currently have four people helping with maintenance. They are security admins and their job is with the firewalls, like configuring and maintaining and upgrading all those things. 

Yes, we evaluated other options. Cisco was there, as was FortiGate. We were using Juniper at that time, and then Palo Alto came into picture. We carried out a comparison of pricing, support, features, etc. and then we made our choice. It was really the next generation features and application level security that were key to our decision. 

The advice I can give is that this is a good solution: Easy to deploy, easy to manage, easy to understand, reporting is very good, and it will give you the full picture up to the layer seven. Their VPN service is very good. 

The good thing is that whenever you need to train anyone on these devices, it's very easy to explain. Previous firewalls I've used, required a lot more work before you could configure. This isn't like that, it takes maybe 30 minutes and it's done. 

We primarily use Palo Alto Networks NG Firewalls as Foundry Network devices, but we also use them to filter internal network traffic.

I don't believe there is a significant difference. It is similar to any Google firewall product in that it works as long as they are reliable.

The most important part of this solution is its reliability, as it just works without any fancy features. Users are mainly concerned about their ability to function consistently and dependably.

I believe that companies could potentially gain an advantage by leveraging their engineers' familiarity with certain interfaces. Typically, the familiarity factor plays a significant role in product selection, and if they have experience using certain interfaces, they are more likely to opt for those products.

In terms of the interface, I don't feel there is any distinction between this vendor and others. I believe that familiarity with the products itself is an important consideration.

With the use cases that I am familiar with, I don't believe that additional features would be of any benefit. 

Adding more features generally causes more issues. I would prefer they focus on improving reliability rather than adding new features.

My preference would be to exclude machine learning since it must be capable of explanation. This is really important to us, and the performance must also be highly predictable. If it is implemented, at the very least, the option to disable it completely must be available.

In my view, machine learning is often a bothersome addition that can potentially compromise security by allowing unauthorized traffic to pass through undetected. 

From my experience, this tends to occur in networks where all the traffic is clearly defined.

Enhancements could potentially be made to the firmware to improve its inspectability.

In my current job, I have been using Palo Alto Networks NG Firewalls for three years.

In my experience, Palo Alto Networks NG Firewalls have been a stable solution.

It has been as scalable as you would expect.

I have experience working on both small office networks as well as larger ones spanning multiple locations, typically around three to five locations.

I have worked with a range from small office setups with around fifty devices to larger ones with a scale of maybe a thousand, two thousand, or even five thousand devices.

I have experience with quite a lot of other vendors.

In my opinion, I find the configuration of this product more appealing than that of Cisco, but ultimately, it comes down to the preference of the organization's administrators. In terms of features, I don't see a significant difference between them; they all seem pretty standard to me.

I find their syntax more appealing, especially for the command line.

 I am rarely involved in the deployment.

When assessing firewalls for securing data centers consistently and across all workspaces or places, Palo Alto Networks NG Firewalls are suitable products. 

From my experience, they have demonstrated excellent performance.

While it may not necessarily decrease downtime, it also doesn't cause any increase in downtime.

Attending events like RSA has proven to be quite beneficial for me in terms of meeting new people and discovering interesting products. These events generated new contacts and partnerships for my organization.

I believe that we will likely evaluate and purchase at least one of the products in the near future.

It's a decent product, I would rate Palo Alto Networks NG Firewalls an eight out of ten.

I design networks for our customers; I always use a high-speed packet filter upfront because I work for a Juniper partner company. This is usually a Juniper SRX series firewall and it does most of the easy work. Behind that, I add a more intelligent firewall, Palo Alto NGFW. We are partnered with Palo Alto, but that's not the main reason we use their solution. I worked with Check Point products for four years, and the Palo Alto alternative seriously impressed me. Here in Hungary, Palo Alto is considered the de facto intelligent firewall, for good reason.

I work for an integrator and support company, and I support our customer's security platforms; we have many customers with Palo Alto Networks NG Firewalls.

The firewalls improved our organization. Creating firewall rules is much simpler. The solution is so straightforward that customers can configure it themselves, and they rarely call us for that, which is great for us as a support company. It makes our job much easier as Palo Alto NGFWs don't require a security specialist to configure; it can be done by systems engineers or IT support staff. 

All the features are valuable, but my main one is the straightforward and well-designed GUI. I'm over 50 and have been in this business since the internet started. I'm not a GUI guy; I prefer using the command line. The product's GUI is excellent, and so is the threat intelligence. It's also straightforward to configure and flexible. The solution even has good networking, such as VLAN and subinterfaces, which is great because, in my experience, if the firewall is good, then the router usually isn't and vice-versa, but Palo Alto has both.

We use the on-premises solution, and it's very impressive; both flexible and intelligent. The machine learning functionality is excellent, and I love the product as a support guy because it makes my job much easier. I have very little troubleshooting, and our customers haven't had a single security incident since implementing Palo Alto. I'm deeply impressed with this solution.

The machine learning against evolving threats works well. The best thing I can say is that none of our customers have had any security issues; I can't find any problems with the solution.

The support is outstanding; we are always alerted about potential issues such as bugs in advance, so we have time to adapt and prepare. Palo Alto has grown more effective; most importantly, there haven't been any security issues. I would give the product a 10 out of 10 for flexibility and at least a seven for security. I can't say precisely what security threats our customers face, but nothing has gotten through.

The solution provides a unified platform, which is essential because there is a significant shortage of experienced IT specialists in Hungary and elsewhere. Their effectiveness is amplified by the quality and straightforward nature of the solution, and the result is more robust security.

I don't have a direct view of our customer's security threats as it is privileged information, but I can say that there have been no security breaches. I would say the solution does eliminate security holes. 

Our Palo Alto firewalls have the zero-delay signature feature implemented, and it works fine. There haven't been any issues with us or any of our customers. This feature makes the whole security system more efficient. 

The network performance is top-notch; I would give it a 10 out of 10. Intelligent firewalls tend to be slower, but this solution is fast. Previously, I used a simple packet filter or zone-based packet filter in conjunction with an intelligent firewall, but Palo Alto is fast and secure enough for standalone use. I've been familiar with the solution's architecture from the beginning, and it's a very nice platform.

I recommend this solution to any engineer; technically speaking, it's the best product on the market. I know it isn't the cheapest, and decisions are often made on a financial level, but Palo Alto in Hungary always gives us a good deal. 

The solution's VPN, called GlobalProtect, could be improved as I've had a few issues with that. 

It can be challenging to migrate configurations between Palo Alto firewalls or restart with a backup configuration using the CLI. That could be improved. I think I'm one of the only people still using the CLI over the GUI, so that's just a personal issue.

I have been working with the solution for four years.

The solution is incredibly stable.

We work with hardware platforms, and they are usually slightly over designed to be on the safe side. The virtual firewall is highly customizable, but I have experience with the hardware platforms, and there is an upper limit on those, but I haven't had any scaling issues thus far.

In Hungary, where I live, the population is 10 million, similar to London. When I say we have 1000 end-users, it may seem like a small number, but that's relatively high for Hungary. Other vendors also supply the solution here, so 1000 is just our customers.

I mostly do deployments and maintenance alone. There are three systems engineers at our company.

The customer service and support are good. I have full support when I have a problem, and they can even do remote assistance. We had a big power failure, and the firewall didn't restart; they provided a hardware expert over the phone to solve the problem. They are very impressive. I would say Juniper offers the best support, but Palo Alto is almost as good, if not just as good for me.

Positive

I have been in this business from the beginning, so I used most firewall solutions. I focused on Cisco for 15 years, but that changed due to license-based selling in a very price-sensitive market. Cisco is not as viable an option as it used to be as customers consider it too expensive. I also used a Check Point solution, which was regarded as the go-to intelligent firewall five years ago, but now Palo Alto has taken that top spot. 

We are partners with several providers, including Juniper, Palo Alto, and a few others, but I always go with Palo Alto because it's a straightforward solution with easy installation.

The setup is easy; it's straightforward for anyone with basic networking and security knowledge. It's comparable to setting up a firewall at home, which is very impressive. It's still easy with very complex network setups, only the VPN concentrator, GlobalProtect, is more challenging, as it requires two-factor authentication, but it's still straightforward.

Initial setup time depends on the specific implementation, but we can do a new deployment in one or two days. It is more complicated when migrating from other platforms because the customer expects the same logic and features in the new platform. Palo Alto has an excellent marketing strategy, so their customers know their product uses a unique logic. This helps keep the implementation straightforward and shorter compared to other solutions. 

My implementation strategy begins with a plan for the customer's network based on their needs. Then I set up all the networking parameters and configure the solution in my lab device, so I can export it and import it on-site. Every setup begins in our lab, as it's more impressive to go to the customer and import the configuration right away. 

I don't know about the price of the platform or the license fees, as the finance department deals with that. I only bill for the materials involved in the design.

I don't know about the price. When there's a new project, I go to the meeting, but after a point, all the engineers leave when it comes to money because it's not our business. I know Palo Alto offers good discounts for the partners, and the solutions are good. They offer free trials and win many customers because it allows them to test products and see how well they perform.

The only thing I can say is it's a top technology. 

I would rate this solution a nine out of ten.

Cloud-based solutions are very unpopular in Eastern Europe, only private clouds are used, but on-premises is the favored deployment method. We use cloud solutions at home and for small companies or companies with particular use cases. I implemented the solution for a customer, and my first task was to disable all cloud-related features. It's exceedingly difficult to find a financial or government institution using a cloud-based platform; this market segment tends to have a more conservative mentality.

I don't use the solution personally, but I'm the first-level troubleshooter. If I can't solve a problem, I open a ticket to Palo Alto's customer support.

I have clients who used separate firewalls and VPN concentrators, but after switching to this solution, they now use the Palo Alto firewall and its VPN, GlobalProtect. I don't think it's the best VPN concentrator, it's an excellent firewall, but the weak point is the VPN.

I advise reading the documentation before configuring, which goes for any platform.