Palo Alto Networks NG Firewalls Reviews

We plan to continue using this solution. Within our organization, there are roughly 1,000 employees using this solution.

We chose Palo Alto for its security features. It's quite nice. It's very user-friendly, powerful, and there are barely any bugs. 

We have been using this solution for roughly two years.

This solution is very stable.

The scalability of the firewalls could be improved. You can't scale the physical firewalls because Palo Alto doesn't support clustering. 

The support could be improved. They could be faster.

They have a multi-layer model of support. If we're experiencing any issues, we have to go to our local partner. If our local partner can't help, then we have to go through a distribution layer that's certified from Palo Alto. If our issues can't be fixed, they will escalate them to the vendor. This can be quite annoying, to be honest.

With Cisco, for example, you can open a ticket directly with the vendors themselves, and they can escalate it internally, which is much faster.

We used to use Juniper Firewalls.

The initial setup is quite straightforward. 

We deployed this solution with some help from our local partners. Overall, deployment took a couple of days. A team of three deployed this solution.

This solution is quite expensive.

I would absolutely recommend this solution to others. Overall, on a scale from one to ten, I would give this solution a rating of nine.

It is our edge appliance. We use it for our edge security, and we also use it for our VPN termination.

We're using an old version of this solution. At this moment, I'm looking at migrating away from Palo Alto.

The ease of use and the ease of configuration of our policies are the most valuable features.

Palo Alto could do better with integrating the Palo Alto Next-Gen Firewall with SD-WAN.

The biggest issue with Palo Alto is that they are expensive. They are very expensive for what they offer. They should improve their pricing.

I have been using this solution for six or seven years.

We have about a thousand users.

We have third-party support.

I used Cisco ASA.

Its installation was pretty straightforward. There were no problems there.

Deployment duration is difficult to tell because there is a whole world of planning and other things. It probably took a couple of days. You are, of course, always tweaking these things.

I haven't installed it here, but where I was before, we had two people doing it. I and a colleague did it ourselves.

It is expensive.

There are multiple firewalls out there. I am moving away from them because they are expensive, and they don't do what I want to do with them. I have plans of getting FortiGate instead.

I would rate Palo Alto Networks NG Firewalls a six out of ten.

We're basically an MSSP service provider. We use this solution as a network firewall for URL filtering, IPS, and IDS proxy services.

The Unified Threat Management (UTM) module, which consists of the basic firewall and IPS services, is what the majority of our customers use in Palo Alto Firewall.

Its scalability for on-prem deployments can be better. For an on-prem deployment, the hardware has to be replaced if the volume goes up to a certain level.

We have been using this solution for a couple of years.

It is stable.

It is much more scalable in a cloud deployment, but for an on-prem deployment, the hardware has to be replaced if the volume goes up to a certain level.

We have very few customers of this solution. We probably have five to ten customers.

Their technical support is very good. It is more often the AMC support that we have to take. 

It is fairly easy. We're not seeing many challenges in these installations. The complete installation can take a lot of time because we have to configure all the policies and other things. After the hardware is installed and the network is connected, you need one or two people for configuring the policies for use cases.

After the hardware and software are procured, it is the AMC support that has to be renewed yearly.

We plan to keep using this solution depending on the customers' needs. We also have a cloud-based platform on Fortinet, and we provide it as a service.

I would rate Palo Alto Networks NG Firewalls an eight out of ten.

We deploy and provide support for this solution to our customers. The use case depends on customer requirements because Palo Alto Next Generation Firewall can be used as a data center firewall, perimeter firewall or on the cloud for a perimeter firewall or used with communications. Some customers use it for global protect connectivity. I am a senior network engineer and we are partners with Palo Alto Networks. 

The best feature of this solution is the GlobalProtect, followed by the App-ID feature which is very good. I also like the VMS feature. 

They've improved a lot of things but we'd like to see more mobility between on-prem and cloud based. I'd also like to see security synchronization between the firewalls. Managing can be difficult. 

I've been providing this solution for over two years. 

There are occasionally issues with reporting, otherwise stability is fine. 

The scalability of this solution is fine. 

Technical support is fine, although sometimes there have been delays. From a technical perspective, they are knowledgeable. 

Now that I have some experience with it, the initial setup is simple. If it's being deployed on-prem, deployment takes a couple of days. But if it's a cloud deployment, we can complete deployment in a day. 

Palo Alto is more expensive in comparison to Fortinet and other firewalls. It's okay because they do provide quality. 

I would recommend this firewall still. Our system integrates well but it depends on customer requirements so we sometimes choose to go with an alternative firewall.

I would rate this solution an eight out of 10. 

The solution has many great features. I don't know if there's one single one that stands above and beyond everything, however.

The application visibility is excellent. There is no other solution that does it quite as well. Palo Alto definitely has an edge in that sense.

The ability of the security features to adapt is also very good. They offer great DNS protection.

They include everything from a network point of view and a security perspective. For the most part, the endpoints are great.

The interface and dashboards are good.

The GSW needs some improvements right now.

The endpoints could use improvement. The solution is mostly a cloud solution now, and there are a lot of competing solutions that are playing in the space and may be doing things a bit better.

The pricing could be improved upon.

We've been dealing with the solution for the last four or five years at least.

The stability of the solution is good. It's quite reliable. I haven't experienced bugs or glitches that affect its performance. It doesn't crash.

If you size everything appropriately, you shouldn't have any issues with scaling. It's quite good. Users can scale it up if they need to.

I'd say that technical support is excellent. They are very helpful. We've quite satisfied with the level of support we got from the company.

I've never dealt with Huawei, however, our company has worked with Cisco, Dell, and HP among other solutions.

The pricing of the solution is quite high. It's too expensive, considering there's so much competition in the space.

There aren't extra costs on top of the standard licensing policy. Still, Palo Alto seems to be adding some premium costs that competitors just don't have.

While we mainly deal with on-premises deployment models, occasionally we also do hybrid deployments.

We're not a customer. We're a systems integrator. We're a reseller. We sell solutions to our clients.

Palo Alto is very good at policymaking. It's like they have a single policy that you can use. Other solutions don't have single policy use, which means you have to configure everything. There may be many consoles or many tasks that you'll have to worry about other solutions. Multiple task configuration should not be there, and yet, for many companies, it is. This isn't the case with Palo Alto. Palo Alto is easy compared to Fortinet. 

It's overall a very solid solution. I would rate it nine out of ten.

We use this solution for Zero Trust Data Center Segmentation with layer 2 Palo Alto firewalls. Segmentation has allowed us to put servers into Zones based off VLAN tags applied at the Nutanix level and can change "personalities" with the change of a VLAN tag. Palo Alto calls the "Layer 2 rewrite". By default, all traffic runs through a pair of 5000 series PAs and nothing is trusted. All North and South, East and West traffic is untrusted. No traffic is passed unless it matched a rule in the firewalls. There is a lot of upfront work to get this solution to work but once implemented adds/moves/changes are easy.

This solution not only provides better security than flat VLAN segments but allows easy movement throughout the lifecycle of the server.

The most valuable feature is the ease of use of the central Panorama to control all firewalls as one unit for baseline rules and then treat each firewall separately when needed.

I wish that the Palos had better system logging for the hardware itself.

We have been using this solution for four years.

We use them to do quite a bit of URL filtering, threat prevention, and we also use GlobalProtect. And application visibility is huge for us. Rather than having to do port-based firewalling, we're able to take it to an application level.

We have quite a number of security pieces that are implemented for our network, such as a DNS piece, although we're not using Palo Alto for that purpose. But with that, in line with our seam, we're able to better distinguish what normal traffic looks like versus what a potential threat would look like. That's how we're leveraging the NG Firewalls. Also, we have separated the network for our databases and we only allow specific users or specific applications to communicate with them. They're not using the traditional port base, they're using application-aware ports to make sure that the traffic that has come in is what it says it is.

Machine learning in Palo Alto's firewalls, for securing networks against threats that are able to evolve and morph rapidly, has helped us out significantly, in implementation with different security software and processes. The combination allows our security analysts to determine the type of traffic that is flowing through our network and to our devices. We're able to collect the logs that Palo Alto generates to determine if there's any type of intrusion in our network.

The machine learning in the core of the firewalls, for inline, real-time attack prevention, is very important to us. With the malware and ransomware threats that are out there, to keep abreast of and ahead of those types of attacks, it's important for our devices to be able to use AI to distinguish when there is malicious traffic or abnormal traffic within our environment, and then notify us.

The fact that in the NSS Labs Test Report from July 2019 about Palo Alto NG Firewalls, 100 percent of the evasions were blocked, is very important to us. 

The SD-WAN product is fairly new. They could probably improve that in terms of customizing it and making the configuration a little bit easier.

I've been using Palo Alto NG Firewalls for about five years.

The firewalls are very stable. We've had no issues with downtime.

They're very scalable. Because we use Panorama, we're able to have global firewall rules for areas that we want to block, across the network, for security reasons. We just push those down to all the devices in one shot.

Our corporate site has about 500 users, and our 14 remote sites, because they're retail, usually have anywhere from five to 10 users each.

Their support is generally very knowledgeable. Sometimes it depends though on who you get, but they've always addressed our issues in a timely manner.

We were using older versions of Palo Alto's firewalls and we also had Cisco firewalls in our environment.

For our remote stores we're able to use Panorama, along with Palo Alto's Zero Touch Provisioning hardware. Once a device is connected to the internet and can communicate back to our Panorama, it just pulls the configurations. That means it's very easy to deploy.

It took about two to three months to deploy about 14 sites. That wasn't because we were having issues, it was just the way we scheduled the deployment, because we had to bring down different entities and had to schedule them accordingly with a maintenance window. But if it wasn't for that scheduling, within a week we could have deployed all of the remote sites.

For our implementation strategy, at our corporate site we had both old and new firewalls sitting side by side on the network. As we went to a remote site we would take them from their legacy Cisco and cut them over to the new firewall. Once that was done, we moved all of the firewall rules that were on the old firewall over to the new one.

When it comes to maintenance and administration of the firewalls, my team of five people is responsible. We have a network architect, a network specialist, two senior network specialists, and a security manager.

We did it by ourselves. We have a certified Palo Alto engineer on staff and he did all the installation.

Definitely look into a multi-year license, as opposed to a single-year. That will definitely be more beneficial in terms of cost. We went with five-year licenses. After looking at the overall costs, we calculate that we're only paying for four years, because it works out such that the last year is negligible. If we were to be billed yearly, the last year's costs would be a lot more. With the five-year plan we're saving about a year's worth of licenses.

Based on the quantity of devices we purchased, we found that the hardware price was actually cheaper than most of the other vendors out there.

If a colleague at another company were to say, "We are just looking for the cheapest and fastest firewall," given my experience with Palo Alto's NG Firewalls, my answer would depend on the size of the company and how much traffic they're going to be generating. Palo Alto is definitely not the cheapest, but if you scale it the right way it will be very comparable to what's out there.

One of the things we like about Palo Alto is the fact that the hardware appliances we have are not impacted in terms of resources. The CPU and memory stay low, so we don't have a bottleneck where it's trying to process a whole bunch of traffic and things are slow. We were looking at various brands because we were going from older hardware to newer, and we wanted to evaluate what the other vendors were doing. After that evaluation, we were comfortable that Palo Alto would be able to handle all of our network traffic without impacting performance.

We looked at Fortinet and Cisco. Cisco is a bit pricey when compared to our Palo Altos. Fortinet was definitely cheaper, but we were skeptical about their performance when we bundled all of the features that we wanted. We didn't think it was going to be fast enough to handle the network traffic that we were generating across the board. We believe Cisco would have handled our traffic, but their next-gen platform, along with SD-WAN, required us to have two separate devices. It wasn't something that would have been on one platform. That's probably why we didn't go down that road.

Part of what we considered when we were looking around was how familiar we were with the technology. That was also a big area for us. Most of the guys on our team were pretty familiar with Cisco and Palo Alto devices. They weren't too familiar with Fortinet or Check Point. We narrowed it down based on if we had a security breach, how easy would it be for us to start gathering information, remediating and troubleshooting, and looking at the origin of the threat. We looked at that versus having to call support because we weren't too familiar with a particular product. That was huge for us when we were doing the evaluation of these products.

Other than the SD-WAN, everything else has been functioning like our previous setup because it's a pretty similar license. The way that the new hardware handles URL filtering, threat protection, and GlobalProtect has been pretty solid. I don't have any issues with those.

Overall, I would rate Palo Alto NG Firewalls at nine out of 10. It's definitely not the cheapest product out there. Cost is the main reason I wouldn't put it at a 10.

Normally, we use our firewall at the perimeter level. We are using Palo Alto Networks NG Firewalls as a firewall as well as using a few of their functionalities like the Vulnerability Protection, its IPS module. Additionally, we have remote VPN's on those firewalls, like GlobalProtect. So we are using all the features which are provided by Palo Alto.

The feature that I like the most is its IPS model, the WildFire model. I really like how the whole threat protection model functions, including the vulnerability and anti-spyware aspects. That is really awesome.

In terms of what could be improved, comparatively the price is very high. That would be the one thing. But technically-speaking, it's perfect.

I have been working with Palo Alto Networks NG Firewalls for around five years.

In terms of scalability, normally, we procure the devices based on the future perspective, so there should be a lot of scalability. We never face scalability issues with Next Generation Palo Alto Firewall - it comes with the scalability.

We have around 11,000 to 12,000 users across the globe.

Technical support is pretty good. We get a timely response. There will be plus/minus where we do not getting a response, but not regularly, just one or two cases among, let's say, 20 or 30. As far as my experiences with the tech support go, it's pretty good, very straightforward support. It's not like they're playing on the call and taking their time. It is really straightforward.

The initial setup depends on the office locations of the data center. If that particular firewall is part of the data center, then yes, it is a complex design as well as a complex traffic flow. But for normal office locations, it is pretty straightforward. So it is a mix depending on the location of where the particular firewall is going to be put.

I would recommend Palo Alto Networks NG Firewalls. If a company has the budget and wants to have the next generation of firewalls then they should go for the Palo Alto, because whatever state of features they provide, it's pretty awesome. But if there is a budget constraint there are several other products which give you similar kinds of features but with less cost.

On a scale of one to ten, I would give Palo Alto Networks NG Firewalls an 8.

Nothing is perfect. There are features that they should add. One of the features that I'm looking at is when it comes to the Vulnerability Protection. We are blocking the threats which are, by default, updated by the Palo Alto Threat Engine. Currently, there is no scope of manually adding the external database to the firewall so the firewall will convert that database to their own. This is currently not functional with the current version. There are a few functions that they could add that are available with other vendors. That's why I am giving the 8.