We use it for LAN users, internet access, and more. The NG Firewall has many functions like user control, access control for servers, natural controls based on applications, schedules, ports, RTs, and IPS functionality with antivirus or security functionality. We also use it to control internet access, traffic shaping for bandwidth control, and fraud prevention.
Network Security Engineer at Raya Integration
A next-generation firewall with useful functions and features
Pros and Cons
- "I like all the functions and features."
- "I think automation and machine learning can be improved to make bulk configurations simpler, easier, and faster"
What is our primary use case?
What is most valuable?
I like all the functions and features.
What needs improvement?
I think automation and machine learning can be improved to make bulk configurations simpler, easier, and faster. Scalability can also be better.
For how long have I used the solution?
I've been working with NG Firewalls for six years.
Buyer's Guide
Palo Alto Networks NG Firewalls
January 2025
Learn what your peers think about Palo Alto Networks NG Firewalls. Get advice and tips from experienced pros sharing their opinions. Updated: January 2025.
831,265 professionals have used our research since 2012.
What do I think about the stability of the solution?
Palo Alto Networks NG Firewalls is a stable solution.
What do I think about the scalability of the solution?
I don't think Palo Alto and Fortinet firewalls are scalable. Only Cisco is scalable. For clustering, Cisco activity models like the 4000 model are better. For example, if the firewall is undersized due to expansion, you can cluster and add more appliances to the system.
How are customer service and support?
I think Palo Alto has good support. Technical support helped me solve most of my issues very quickly.
How was the initial setup?
The initial setup depends on the client's infrastructure and the project's scope.
If it's migration, Palo Alto has a great tool called the Expedition tool. It helps to migrate any firewall to the Palo Alto firewall. This process takes about a day, and it's very simple.
If it's a fresh installation, it depends on the number of policies you need to apply and the number of metrics. You can do it using the command line. You can do it easily and quickly, but it depends on how much the customers prepare. Sometimes the customer has no information to provide, and you struggle to get this information. Sometimes this process can take two to five days or take weeks.
What about the implementation team?
We implement and maintain Palo Alto Networks NG Firewalls for our customers.
What's my experience with pricing, setup cost, and licensing?
Paul Alto is the most expensive solution in this category. The subscriptions and support are also expensive, but everything is included in the hardware, including the subscriptions.
If a customer is price-sensitive, I will go for Fortinet without a second thought. If customers are willing to invest in their data centers, I might go with Palo Alto and Cisco.
What other advice do I have?
On a scale from one to ten, I would give Palo Alto Networks NG Firewalls a ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Senior Manager Network Design at MEEZA, Managed IT Services Provider
Provides ease of deployment and helps us maintain a secure network environment
Pros and Cons
- "The product's most valuable features are the ease of deployment, regularly updated security information, and robust hardware."
- "Palo Alto's various products need better integration to ensure they work harmoniously."
What is our primary use case?
We use this firewall to segment our network into two parts and control traffic between them, providing a secure and efficient way to manage our network.
What is most valuable?
The product's most valuable features are the ease of deployment, regularly updated security information, and robust hardware.
What needs improvement?
Palo Alto's various products need better integration to ensure they work harmoniously.
For how long have I used the solution?
We have been using Palo Alto Networks NG Firewalls for the past six years.
What do I think about the stability of the solution?
The firewall is very stable; I rate it ten out of ten in terms of stability.
What do I think about the scalability of the solution?
The solution is highly scalable, accommodating around 5,000 users at our site. We plan to increase usage, which is a matter of purchasing new licenses without affecting current operations.
How are customer service and support?
While I have not used technical support service, my team has, and they have found it to be very good.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We switched from AWS to Oracle Advanced Analytics because while AWS was easy to use, it was more expensive.
How was the initial setup?
The setup is easy but requires careful planning and expert design to ensure optimal deployment. The process involves planning, reviewing requirements, designing, implementing, and operating the firewall.
What other advice do I have?
Palo Alto NG Firewall effectively prevents threats and helps maintain a secure network environment.
I rate it a nine out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: May 26, 2024
Flag as inappropriateBuyer's Guide
Palo Alto Networks NG Firewalls
January 2025
Learn what your peers think about Palo Alto Networks NG Firewalls. Get advice and tips from experienced pros sharing their opinions. Updated: January 2025.
831,265 professionals have used our research since 2012.
Head of Engineering at a tech services company with 11-50 employees
Has a user-friendly dashboard and a more complete IPS
Pros and Cons
- "Palo Alto Networks NG Firewalls' IPS is more complete and is very good. This is a user-friendly solution that is easy to install, and it provides the best protection."
- "Palo Alto needs to improve their training. They do not invest in their partners. I have been a partner for seven years, and it is very expensive for me to certify my engineers."
What is our primary use case?
We have clients in the government and supermarkets, for example, who use this firewall for integration with EDR, NDR, CN, and IPS.
What is most valuable?
Palo Alto Networks NG Firewalls' IPS is more complete and is very good. This is a user-friendly solution that is easy to install, and it provides the best protection.
It's very important that Palo Alto Networks NG Firewalls embed machine learning in the core of the firewall to provide inline, real-time attack prevention because all components are moving laterally these days. We need tools that follow the zero-trust model.
These firewalls have helped reduce downtime in our organization as well.
What needs improvement?
Palo Alto needs to improve their training. They do not invest in their partners. I have been a partner for seven years, and it is very expensive for me to certify my engineers.
For how long have I used the solution?
I've been working with these firewalls for almost seven years.
What do I think about the stability of the solution?
The firewalls are very stable.
What do I think about the scalability of the solution?
Palo Alto's scalability is not as good as that of Check Point. With Check Point, I can integrate the firewall with other products.
How are customer service and support?
We do not have technical support in Brazil, so I would rate it a two out of ten. However, Palo Alto's technical support in the US is good, and I would give them a rating of eight out of ten.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
I have worked with Check Point, but it's very difficult to configure. Palo Alto is much easier to configure, and the dashboard is very user-friendly as well.
How was the initial setup?
Because I have worked with Palo Alto for seven years, the initial setup is very easy for me. However, new engineers may find the configuration difficult.
What's my experience with pricing, setup cost, and licensing?
Palo Alto Networks NG Firewalls are very expensive compared to other firewalls such as Fortinet. As a result, Palo Alto is losing some of its market share.
What other advice do I have?
I would rate Palo Alto Networks NG Firewalls an eight out of ten because it's a good product.
I like attending RSA conferences because it gives me the opportunity to see what competitors are doing and what is new on the market.
Attending RSAC does have an impact on our cyber security purchases, but I would like to see manufacturers offer more training, certifications, labs, and demos at RSAC.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Director of Information Technology at a hospitality company with 10,001+ employees
A stable next-generation firewall solution
Pros and Cons
- "I like that they are more stable than the previous ones, and they allow a lot of other features."
- "It would be better to have more tools to control Palo Alto Networks NG Firewalls. We don't have too many tools to access Palo Alto. For example, the IT team doesn't have access to it. We can see it physically and see if it's running or not. We need to contact a special team to receive that information. I would also like to see more reporting in the next release."
What is our primary use case?
We use Palo Alto Networks NG Firewalls to manage the villains. Basically, to protect the environment.
What is most valuable?
I like that they are more stable than the previous ones, and they allow a lot of other features.
What needs improvement?
It would be better to have more tools to control Palo Alto Networks NG Firewalls. We don't have too many tools to access Palo Alto. For example, the IT team doesn't have access to it. We can see it physically and see if it's running or not. We need to contact a special team to receive that information. I would also like to see more reporting in the next release.
For how long have I used the solution?
I have been using Palo Alto Networks NG Firewalls for two years.
What do I think about the stability of the solution?
Palo Alto Networks NG Firewalls is stable.
What do I think about the scalability of the solution?
Palo Alto Networks NG Firewalls is scalable. We have about 250 people using it at our hotel.
How are customer service and technical support?
We use Trustwave, a company that provides the devices. We have an agreement with them, and we're satisfied with the support.
Which solution did I use previously and why did I switch?
We used to use Juniper and Fortinet.
How was the initial setup?
The initial setup is pretty much straightforward. It takes us about two hours to set up and deploy this solution. It takes a team of two guys to deploy and maintain this solution.
What other advice do I have?
I would recommend this solution to new users.
On a scale from one to ten, I would give Palo Alto Networks NG Firewalls a nine.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
M&B at a computer software company with 11-50 employees
Good protection, easy to install, and reliable
Pros and Cons
- "The most valuable feature of the solution is the network protection."
- "The support could be improved. Palo Alto does not have a support team located in Bangladesh, and their support team operates from another location. Therefore, when we raise a ticket, it takes some time for them to respond, which can be problematic for us."
What is our primary use case?
I am a customer of Palo Alto Networks. If any issue arises, I raise a ticket with Palo Alto.
How has it helped my organization?
We are currently using Palo Alto in our national data center, which is a large Tier Three data center. As all communication is now going through APIs, it would be beneficial to improve Palo Alto by adding an API scanner in the future.
What is most valuable?
The most valuable feature of the solution is the network protection.
We decided to use Palo Alto because they are the leader in the market.
Palo Alto does provide a unified platform that natively integrates all security capabilities.
These days, DDoS attacks are becoming more frequent, especially in external data centers. Therefore, we need to enhance the DDoS attack block list and update patches in our national data center.
What needs improvement?
The API scanner could be improved.
The support could be improved.
Palo Alto does not have a support team located in Bangladesh, and their support team operates from another location. Therefore, when we raise a ticket, it takes some time for them to respond, which can be problematic for us.
For how long have I used the solution?
I have been working with Palo Alto Networks NG Firewalls for seven years.
What do I think about the stability of the solution?
Since we have definitely used Palo Alto Networks NG Firewalls, it's not possible to compare them with any other product.
The stability of Palo Alto Networks NG Firewalls is good.
What do I think about the scalability of the solution?
The current solution is satisfactory, but we require more scalability from Palo Alto.
How are customer service and support?
Technical support is good.
I would rate the technical support a nine out of ten.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
Previously, we did not use another solution.
How was the initial setup?
The initial setup was straightforward, as we prioritize quality over price for our federal work. Our main concern is protection, as we need to safeguard national assets.
What about the implementation team?
I am the consultant.
What was our ROI?
We have observed a positive return on investment because if a DDoS attack were to occur, it would result in a loss of business and other adverse effects.
By using Palo Alto to protect our data, we can prevent such attacks and ensure that our business runs smoothly.
What's my experience with pricing, setup cost, and licensing?
We always aim to reduce the pricing, as it is currently a bit high and needs to be lowered.
Before my organization purchases any product, they must obtain my permission and also conduct an evaluation.
Which other solutions did I evaluate?
From the very beginning, we have been using Palo Alto Networks NG Firewalls, I cannot make a comparison with other firewall solutions.
What other advice do I have?
Palo Alto is the market leader in firewall technology, and we also use their firewall. However, we have been experiencing DDoS attacks and are using Palo Alto to protect against them.
In some cases, we may need to increase the DDoS block list and update patches through Palo Alto.
As someone who works in the national data center, we always strive to use the very best, not the cheapest.
I would rate Palo Alto Networks NG Firewalls a nine out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Presales Specialist at a tech services company with 1-10 employees
Embedded machine learning reduces manual work of having to search for attacks in a SIEM
Pros and Cons
- "DNS Security is a good feature because, in the real world with web threats, you can block all web threats and bad sites. DNS Security helps to prevent those threats. It's also very helpful with Zero-day attacks because DNS Security blocks all DNS requests before any antivirus would know that such requests contain a virus or a threat to your PC or your network."
- "The only area I can see for improvement is that Palo Alto should do more marketing."
What is our primary use case?
We have had a couple of big projects with government companies here in Ukraine. One of those projects involved three data centers with a lot of security and network requirements, and we implemented Palo Alto as part of this project.
The use case was to build the new data centers with a firewall that would not only work on the perimeter but also for internal traffic. We deployed eight PA-5200 Series firewalls and integrated them with VMware NSX, and they're working together.
How has it helped my organization?
One of the points that helped us win the tender is that Palo Alto NG Firewalls embed machine learning in the core of the firewall to provide inline, real-time attack prevention. The customer's security team was asking for this feature from the firewalls because machine learning makes things much easier than manually sitting there with some kind of SIEM and searching for all kinds of attacks and critical issues. The machine learning is really helpful because it's doing the work automatically.
What is most valuable?
We had a small project with the PA-800 Series appliance where we implemented DNS Security. DNS Security is a good feature because, in the real world with web threats, you can block all web threats and bad sites. DNS Security helps to prevent those threats. It's also very helpful with Zero-day attacks because DNS Security blocks all DNS requests before any antivirus would know that such requests contain a virus or a threat to your PC or your network.
In general, Palo Alto NG Firewalls are
- easy to manage
- good, reliable appliances
- easy to configure.
They also have a good balance between security and traffic. They have good hardware and, for management, they have their own data plane. If traffic is really overloading the data plane, you still have the ability to get into the management tools to see what's going on. You can reset or block some traffic. Not all firewalls have that feature.
They have really good clients, such as a VPN client. You can also enforce security standards on workers in the field. It's a really good product. And now, for endpoint security, they have Cortex XDR. You use the same client, but with additional licenses that enable more features.
What needs improvement?
The only area I can see for improvement is that Palo Alto should do more marketing.
For how long have I used the solution?
We work with customers, but we are not using the solution ourselves.
What do I think about the scalability of the solution?
The scalability is really good because they have a chassis version of appliances. They plan to build new chassis. But for the really big projects here in Ukraine, we can easily cover what we need with the PA-8000 Series with Palo Alto chassis appliances.
In our project with the three data centers, each data center was able to process 40 gigs.
How are customer service and support?
First-level support is provided by our distributor Bakotech. They are technical guys and they really know the product. Unlike some support providers who just send you manuals to ready, they're really helpful. You can call them at any time and they get back to you shortly and help.
How was the initial setup?
The initial setup is really easy. If you're working with Palo Alto Panorama, which is their management server, it's very easy to deploy a lot of appliances in a couple of days, because you're just sending out the configuration and templates on a blind device. In a couple of hours that device is working like the rest.
Which other solutions did I evaluate?
Another valuable aspect of Palo Alto NG Firewalls is that the appliances and software are really reliable in terms of stability and performance. Some firewall vendors don't write real information on their datasheets and, after implementing them, you see that the reality is not the way it was described. For example, when it comes to threat prevention and how much traffic appliances can handle, there was a project where we beat another vendor's firewall because Palo Alto has the real information on its datasheets.
I have some experience with Cisco, on a small project but there was a somewhat older software version, and there was a lot of lag. When changing something in the configuration, once you pushed "commit" you could go have a coffee or do other stuff for 20 minutes or more, because it took a really long time to push that configuration to the device.
What other advice do I have?
If a colleague at another company said to me, "We're just looking for the cheapest and fastest firewall," I would tell them that the cheapest is not the best. If you need really reliable hardware and software, and don't want headaches after the implementation, just buy Palo Alto.
The PA-400 is really strong and not only for SOHO or SMB companies. They have a really big throughput with Threat Prevention and DNS Security enabled. It's a really good appliance in a small size. But it's not only for small companies. The PA-460 can easily handle the traffic of a midsize company, one with 100 or 200 employees, and maybe even a little more. The PA-460 can handle about 5 gigs of traffic. With Threat Prevention, they can handle 2.5 gigabytes of traffic. For a regular office, that's good. It might be a little small for big companies.
Regarding DS tunneling, it is mostly peer-type attacks. With tunneling, it depends on what type of tunneling is used. You need to look at the specific case, at things like whether it was an internal DNS tunnel or one from the outside to the inside between branches. Most of the time, you can see that kind of traffic with a firewall if you have enabled full logging and you drop the logs into a good SIEM, like ArcSight or others. You will see the anomaly traffic via tunnels. You can also switch on decryption so you can decrypt a tunnel and see what is going on inside.
We have had no issues from our customers who are working with Palo Alto NG Firewalls. They fully cover all our customers' needs.
Disclosure: My company has a business relationship with this vendor other than being a customer: Integrator
Server Administrator and Operation Manager at a computer software company with 501-1,000 employees
Good security with very good web content control and capable of scaling
Pros and Cons
- "The stability of the product has been good over the years."
- "The cost of the device is very high."
What is our primary use case?
We primarily use the product for web browsing and in order to protect some sites that we are publishing to the web internet.
What is most valuable?
The solution is very helpful in controlling spam.
The product offers very good web content control and various aspects of security.
The stability of the product has been good over the years.
The initial setup is very easy. Compared to Cisco or other solutions, Palo Alto is very easy to implement and administer. They are both very easy.
What needs improvement?
I can't recall a feature that was missing. It's a pretty complete solution.
The cost of the device is very high.
To buy license support is very slow. For renewing devices and products, it's slow in terms of contacting and activating upgraded devices.
For how long have I used the solution?
I've been using the solution for four years at this point. It's been a while. We've been using it over the last 12 months as well.
What do I think about the stability of the solution?
The stability is excellent. It's reliable. We don't deal with bugs or glitches. It doesn't crash or freeze. Overall, it's been very good in terms of performance.
What do I think about the scalability of the solution?
We have not proven the scalability yet. We're planning to extend our office within the next year or six months to eight months. We are buying some appliances for the process of extending our office.
Currently, around 1,000 people use this solution.
How are customer service and technical support?
We've never been in touch with technical support. Having never dealt with them, I wouldn't be able to speak to how they are in terms of services.
Which solution did I use previously and why did I switch?
We also use Barracuda and Cisco for certain aspects of security.
How was the initial setup?
The initial setup is pretty straightforward. It's quite easy to implement.
The deployment takes about one week, or maybe a bit less, depending on the requirements. That includes both implementing and training.
Currently, two people are required for deployment and maintenance of the product
What about the implementation team?
We implement the solution with our network team. We implement the solution ourselves. We don't need the help of integrators or consultants.
What's my experience with pricing, setup cost, and licensing?
The pricing is quite high on Palo Alto.
On the lower end, it's likely to cost $15,000 for renovation and support.
Which other solutions did I evaluate?
We evaluated Cisco, Juniper, and Dell among other solutions before ultimately choosing this solution. Cisco can be complex in terms of device management compared to other options, for example. Cisco can be cheaper than Palo Alto, but that is not always the case.
What other advice do I have?
I'm not sure which version of the solution we're using. We use a physical appliance.
We're using three different models, for the most part.
My company is an outsourcing company that deploys software and testing.
The solution is very user-friendly and easy to manage and administrate. For that reason, I would rate the product at a nine out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior Network & Security Administrator at a consultancy with 1,001-5,000 employees
I like how the threat protection model functions, including the vulnerability and anti-spyware aspects
Pros and Cons
- "The feature that I like the most is its IPS model, the WildFire model. I really like how the whole threat protection model functions, including the vulnerability and anti-spyware aspects. That is really awesome."
- "In terms of what could be improved, comparatively the price is very high. That would be the one thing."
What is our primary use case?
Normally, we use our firewall at the perimeter level. We are using Palo Alto Networks NG Firewalls as a firewall as well as using a few of their functionalities like the Vulnerability Protection, its IPS module. Additionally, we have remote VPN's on those firewalls, like GlobalProtect. So we are using all the features which are provided by Palo Alto.
What is most valuable?
The feature that I like the most is its IPS model, the WildFire model. I really like how the whole threat protection model functions, including the vulnerability and anti-spyware aspects. That is really awesome.
What needs improvement?
In terms of what could be improved, comparatively the price is very high. That would be the one thing. But technically-speaking, it's perfect.
For how long have I used the solution?
I have been working with Palo Alto Networks NG Firewalls for around five years.
What do I think about the scalability of the solution?
In terms of scalability, normally, we procure the devices based on the future perspective, so there should be a lot of scalability. We never face scalability issues with Next Generation Palo Alto Firewall - it comes with the scalability.
We have around 11,000 to 12,000 users across the globe.
How are customer service and technical support?
Technical support is pretty good. We get a timely response. There will be plus/minus where we do not getting a response, but not regularly, just one or two cases among, let's say, 20 or 30. As far as my experiences with the tech support go, it's pretty good, very straightforward support. It's not like they're playing on the call and taking their time. It is really straightforward.
How was the initial setup?
The initial setup depends on the office locations of the data center. If that particular firewall is part of the data center, then yes, it is a complex design as well as a complex traffic flow. But for normal office locations, it is pretty straightforward. So it is a mix depending on the location of where the particular firewall is going to be put.
What other advice do I have?
I would recommend Palo Alto Networks NG Firewalls. If a company has the budget and wants to have the next generation of firewalls then they should go for the Palo Alto, because whatever state of features they provide, it's pretty awesome. But if there is a budget constraint there are several other products which give you similar kinds of features but with less cost.
On a scale of one to ten, I would give Palo Alto Networks NG Firewalls an 8.
Nothing is perfect. There are features that they should add. One of the features that I'm looking at is when it comes to the Vulnerability Protection. We are blocking the threats which are, by default, updated by the Palo Alto Threat Engine. Currently, there is no scope of manually adding the external database to the firewall so the firewall will convert that database to their own. This is currently not functional with the current version. There are a few functions that they could add that are available with other vendors. That's why I am giving the 8.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Palo Alto Networks NG Firewalls Report and get advice and tips from experienced pros
sharing their opinions.
Updated: January 2025
Product Categories
FirewallsPopular Comparisons
Fortinet FortiGate
Netgate pfSense
Cisco Secure Firewall
Azure Firewall
Check Point NGFW
WatchGuard Firebox
SonicWall TZ
Juniper SRX Series Firewall
Fortinet FortiGate-VM
Untangle NG Firewall
SonicWall NSa
KerioControl
Buyer's Guide
Download our free Palo Alto Networks NG Firewalls Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Is Palo Alto the best firewall for an on-premise/cloud hybrid IT network?
- What are the main differences between Palo Alto and Cisco firewalls ?
- Expert Opinion on Palo-Alto Required.
- Which is the best IPS - Cisco Firepower or Palo Alto?
- Features comparison between Palo Alto and Fortinet firewalls
- Is Palo Alto Networks NG Firewalls better than Check Point NGFW?
- Which is better - Palo Alto Networks NG Firewalls or Sophos XG?
- What are the main differences between Palo Alto firewalls and Cisco Secure Firepower?
- What is a better choice, Azure Firewall or Palo Alto Networks NG Firewalls?
- Which Palo Alto Networks NG Firewalls model is recommended for 1200 users?