Palo Alto Networks NG Firewalls Reviews

We primarily use the solution as a datacenter firewall for 0 trust security model

From my experience, comparing it to other products, the granularity you can have in the application is very good. The application detection is excellent. It's certainly one of the best. 

The engine detector application is usually one of the best compared to any other firewall on the market, in my opinion.  With it, I can do a lot of rules based on the application. If you have multiple internet links, you can have an application export from one link, and an application wire from another link. You can have security on the application. The security, for example, can have different functionalities. Basically, the granularity of rules is amazing in Palo Alto.

They have a good reputation for their antivirus capabilities.

The solution offers a strong URL based system or detection for malicious URL or malicious files. 

They even have a machine learning algorithm. They do a lot of very advanced detection for files and URLs. 

Once you deploy the product, you can basically forget about it. It has high customer satisfaction because it's always just working.

The solution would benefit from having a dashboard.

From a normal IPS after attack, routine attack and threat detection attack, in other words, the standard IPS detection attack, I don't see Palo Alto as very good compared to others. The standard network IPS functionality could be better. It's there in solutions like McAfee or Tipping Point, however, I don't see it here in this solution.

We've been working with Palo Alto for about six years now.

From my experience, it's the best hardware compared to other NG firewalls from the perspective of performance stability. While the other firewalls lose 50 or 60% of performance when enabling all policies, Palo Alto loses 10 to 20% maximum, even with enabled IPS and fire detection and all. From our experience performance-wise, it's one of the best hardware solutions for firewalls. 

We haven't lost performance really, so I would describe it as very stable. There are not any issues.

Since the solution is hardware, there are some limitations in terms of scalability.

Usually, in hardware, you can't say it's scalable or not due to the fact that you have the limitations built-in related to the size of the box. The box has a maximum number that it can reach. You can add more hardware, however, the hardware itself is finite.

We usually do a POC first so we can get the figures for performance and we can put in a box that can support 20 or 30 people extra for future expansion.

In general technical support is very good. That said, usually, when we face an issue, we try to solve it ourselves internally before going to level one support. 

In general, we never have had a big issue with support. I don't have much experience with the support team to tell you if they're really good or not. Usually 80% of the cases we open, we talk with the distributor and finish the operation case directly with Palo Alto. It's more like a backend request and therefore I don't have much input that would be objective.

As resellers, we also work with Cisco and some Forcepoint solutions.

I like that in Cisco there's more security parts, like IPS, and a Demandware engine.

I like Cisco, in general, more than Palo Alto if I'm comparing the two. However, from an application perspective, our application's usability and detection and firewall control using an application, it's Palo Alto that's the best on the market. That's, of course, purely from a  firewall point of view. Even in terms of detection of the applications, it has the best system.

The deployment depends on the client's environment as well as how they are using it. For example, an internet NG firewall on the internet, it takes, on average, a week between installation, integration, and tuning. Usually we don't do all the policies because we are system integrator. We do the main policies and we teach the customer and then do a handover to the user for tuning and all the installation extras.

If it's a data center project, it takes more time and effort. It takes a month sometimes due to the fact that we'll be dealing with a lot of traffic. The application and server are usually harder to control than internet applications like Facebook and other standard applications, and easier on the internet. Then there's also internal applications, custom applications, migrating applications, finance education applications, etc., which are not always direct from the customer or directly known.

In short, the implementation isn't always straightforward. There can be quite a bit of complexity, depending on the company.

In general, I prefer hardware, and Palo Alto's is quite good. However, we have a couple of virtual deployments for cases as well.

I would definitely recommend the solution. It's one of the best firewalls on the market. I've worked with four different vendors in the past, and some of the most mature NG firewalls are Palo Alto's. It's their main business, so they are able to really focus on the tech. They spend a lot of time on R&D. They're always leading the way with new technologies. 

While Cisco has more main products, Palo Alto really does focus in on NG firewalls. That's why I always see them as a leader in the space.

I'd rate the solution nine out of ten.

We have two 3000 Series Firewalls placed in our primary location. We have two sites and the secondary site uses the primary site for internet access. All traffic to the secondary location goes through a VPN tunnel. I'm a network administrator. 

The value of this solution for me is the protection from a single packet and ease of making security rules. It also doesn't require a special dedicated network team, I'm able to do it myself. It's a time saver for me and now in this pandemic period, users have access from home.  

I'd like to see some changes to the licensing policies and, on the technical side, improvement in scalability. It's not so easy to scale out your security capabilities. With the situation in business today, everybody lacks money and if you have to increase your resources and to constantly pay more for that, it becomes a problem. 

I've been using this solution for 10 years. 

It's been 10 years and I don't remember any outages because of a hardware failure or a logical error in configuration. We had problems with servers or switches initially but it works like a charm now. 

Scalability is the main disadvantage of Palo Alto. They call themselves a firewall with router capabilities but it's not a router and it requires a good bandwidth in VPN which could become a problem because you have to scale to really big hardware. We can solve the issue with other solutions, but for me the idea is to have less devices in your environment.
It's all about the hardware.  

The support is quite good. A couple of months ago, I sent an email with an issue and we got an answer in 15-20 minutes. In my experience, Palo Alto support is one of the best, maybe the best support available.

We previously used Juniper which is currently called Net Screen. I also looked at Sonic Wall. We carried out a proof of concept five years ago and they had to decide whether to go with Palo Alto or another vendor. 

For me, the initial setup is very easy. To get the device running with some capabilities but maybe not all security rules takes about an hour and it's the same for any upgrades. We have around 900 users and one admin person from our organization who deals with any issues. 

Palo Alto is an expensive solution, we currently have a three year contract. I'm not sure what our terms are. People always want cheaper, nobody wants to pay more. In our region, I think if Palo Alto was cheaper, more companies would buy the solution. 

I would absolutely recommend this product, it's expensive but I trust it. There is always room for improvement such as with scalability capabilities in Palo Alto. I know I'm not the only one who thinks this is an issue. It's possible that next time we will try virtualized firewalls, it may be a little cheaper for us. We would consider switching to something else but it would be a big move and quite complicated. Moving to a different vendor is a whole other story.

I rate this solution a nine out of 10. 

The solution can be used in the data center it can be used as perimeter firewalls and gateways as well. It can be used anywhere. From the systems side, the data center side, or I typically recommend that it be deployed in a VM, as it may be able to see the internet traffic and specifically it would basically look into the details of a virtualized environment as well.

It's a next-generation firewall and it's pretty stable. You don't have to worry about if you restart it for some maintenance. It will just come back. Basically, it would come back in a straightforward manner. There are no stability issues.

The one thing that I like about Palo Alto is it's throughput is pretty straightforward. It supports bandwidth and offers throughput for the firewall.  The throughput basically decreases.

Palo Alto actually provides two throughput values. One is for firewall throughput and other is with all features. Whether you use one or all features, its throughput will be the same.

It's performance is better than other firewalls. That is due to the fact that it is based on SPD architecture, not FX. It basically provides you with the SB3 technology, a single path parallel processing. What other brands do is they have multiple engines, like an application engine and IPS engine and other even outside management engines. This isn't like that.

With other solutions, the traffic basically passes from those firewalls one after the other engine. In Palo Alto networks, the traffic basically passes simultaneously on all the engines. It basically improves the throughput and performance of the firewall. There's no reconfiguration required.

Palo Alto has all the features that any firewall should have. Other firewalls should actually copy Palo Alto so that they can provide better stability, performance, and protection - at levels that are at least at Palo-Alto's.

This isn't necessarily an issue with the product per se, however, sometimes basically there are some features, depending on the customer environment, do not work as well. Sometimes some of the applications the customer has do not respond as they normally should. Palo Alto support needs to understand the customer requirements and details so that they can resolve customer queries more effectively.

I've been using the solution for the past six years at this point.

The solution offers very good stability. I don't have issues with bugs or glitches. It's reliable.

We have a variety of customers ad they all have a different amount of users. Some have 50 users. Some have 100 users. Some have 1,000 users as well. It varies quite a bit. In that sense, it scales to meet the customer's needs.

I've dealt with technical support in the past. Sometimes it is good and sometimes it's not as good. It depends on the complexity of the deployment. Overall, however, I would say that I have been satisfied with the level of service provided.

There are multiple products from different vendors, and I basically deploy different firewalls from different vendors for the customers based on their needs. The solutions I work with include Cisco, Fortinet, and WatchGuard. There are a few others as well.

The initial setup isn't too complex. It's pretty straightforward.

The deployment time basically depends on the deployment model. If it's a VMware model, it's pretty straightforward and you can basically deploy it in half an hour to one hour.

If it is in another deployment model, for example, if it's in Layer 3, it depends on the subnet environment, how many subnets they have, or how the traffic is routing from one end to the other end, etc. 

I'm involved in system integration, so I basically deploy and manage the solution for the other customers.

I'm an integrator. I work with many clients. My clients use both the cloud and on-premises deployment models.

I would recommend the solution to other organizations.

Overall, I would rate it at a nine out of ten.

We utilize advanced threat prevention features like web filtering and SSL decryption, which haven't caused any issues.

The tool's central management system is complicated, making it challenging to manage multiple devices centrally. Individually, the firewalls are easy to use and manage.

I'd like to see better central management features in the next release. They've introduced some, but I haven't tried them yet, so I can't say how effective they are. However, having a single management interface would be a big improvement.

I have been working with the product for six years. 

The product is scalable. 

The tool is stable. 

The tool's technical support is good compared to other vendors. 

Positive

Setting up the tool can be challenging, especially if configuring them individually. There's an option for zero-touch configuration, but it still involves managing Palo Alto Networks NG Firewalls, which adds complexity and doesn't always justify the cost. If you're experienced with the technology and starting from scratch, expect a steep learning curve.

The tool is expensive, especially considering all the necessary licenses for centrally managing firewalls. For medium-sized companies like ours, it's often not feasible within our budget constraints.

We pay around €200k yearly for all our firewalls. Additionally, we received a quote of over 1 million per year for Prisma Access. There is a significant cost difference compared to other options, where it's around €200k per year.

We have to pay a license for support. 

We started with on-premise infrastructure, including domain controllers. Still, as we moved to the cloud, there was a gap in group membership management until Palo Alto came up with a solution. We have multiple firewalls, about 50 of which are difficult to manage. However, the features offered by the firewalls themselves are really good.

In the future, we might consider switching from Palo Alto Networks NG Firewalls. We're currently evaluating a new solution. However, cost is a concern, as it seems more expensive than other products and SaaS solutions.

Integration with Palo Alto Networks NG Firewalls and other security tools or IT infrastructure is not entirely straightforward but manageable. It's easier compared to some other vendors but still requires effort. I have tried to integrate it with Cisco ISE. 

I recommend Palo Alto NG Firewalls for large enterprises. However, due to their high price, I wouldn't recommend them for small—to medium-sized companies, especially those with limited IT budgets.

We've found that Palo Alto NG Firewalls are particularly good at stopping zero-day attacks. Compared to other companies like Fortinet, we've had fewer security breaches with it.

I rate the overall solution a seven out of ten. 

I am a customer of Palo Alto Networks. If any issue arises, I raise a ticket with Palo Alto.

We are currently using Palo Alto in our national data center, which is a large Tier Three data center. As all communication is now going through APIs, it would be beneficial to improve Palo Alto by adding an API scanner in the future.

The most valuable feature of the solution is the network protection.

We decided to use Palo Alto because they are the leader in the market.

Palo Alto does provide a unified platform that natively integrates all security capabilities.

These days, DDoS attacks are becoming more frequent, especially in external data centers. Therefore, we need to enhance the DDoS attack block list and update patches in our national data center.

The API scanner could be improved.

The support could be improved. 

Palo Alto does not have a support team located in Bangladesh, and their support team operates from another location. Therefore, when we raise a ticket, it takes some time for them to respond, which can be problematic for us.

I have been working with Palo Alto Networks NG Firewalls for seven years.

Since we have definitely used Palo Alto Networks NG Firewalls, it's not possible to compare them with any other product.

The stability of Palo Alto Networks NG Firewalls is good.

The current solution is satisfactory, but we require more scalability from Palo Alto.

Technical support is good.

I would rate the technical support a nine out of ten.

Positive

Previously, we did not use another solution.

The initial setup was straightforward, as we prioritize quality over price for our federal work. Our main concern is protection, as we need to safeguard national assets.

I am the consultant.

We have observed a positive return on investment because if a DDoS attack were to occur, it would result in a loss of business and other adverse effects.

By using Palo Alto to protect our data, we can prevent such attacks and ensure that our business runs smoothly.

We always aim to reduce the pricing, as it is currently a bit high and needs to be lowered.

Before my organization purchases any product, they must obtain my permission and also conduct an evaluation.

From the very beginning, we have been using Palo Alto Networks NG Firewalls, I cannot make a comparison with other firewall solutions.

Palo Alto is the market leader in firewall technology, and we also use their firewall. However, we have been experiencing DDoS attacks and are using Palo Alto to protect against them. 

In some cases, we may need to increase the DDoS block list and update patches through Palo Alto.

As someone who works in the national data center, we always strive to use the very best, not the cheapest.

I would rate Palo Alto Networks NG Firewalls a nine out of ten.

We primarily use the solution for our internal network.

The active features on the solution are excellent.

The dashboard and management console are both very user-friendly. Everything is easy to navigate.

The interface is very nice. We generally like the UI the product offers.

The ability to check cases could be improved upon. We find that most of the packets we have to directly open with the PA. Until then, it's possible that there cannot be any support.

Take, for example, the XDR. The XDR is the real power to all our solutions from PA, however, when we are using their XDR, we have directly to contact PA. It's like this for the licensing or for any technical issues.

The solution could offer better pricing. We'd like it if it could be a bit more affordable for us.

The solution should offer SD-WAN.

We've been using the solution since 2016. It's been quite a few years now, at this point.

The solution is quite stable. We don't have bugs or glitches. It doesn't crash or freeze. It's quite good and we've been happy with it.

We haven't tried to expand the solution or to scale it up. It's not an aspect of the solution our company has explored just yet. Therefore, I can't speak to its capabilities in this aspect. I'm not sure what exactly is possible.

I don't have any experience with technical support. I've never had to contact them. Other colleagues would be the ones that deal with this aspect. I wouldn't be able to comment on their level of knowledge of responsiveness.

We're also using Check Point as a firewall.

The initials setup was pretty straightforward. It was not complex at all for us. We didn't run into any issues during the implementation.

The licensing is paid on a yearly basis. 

The pricing could be better, however, the cost depends on the sizing of the product. The pricing, therefore, varies from company to company for the most part.

We have a partnership with Palo Alto.

We're using the 5000 series of Palo Alto. It's a next-generation firewall. We're currently using the Management Gateway and Virtual Firewall. Also, the Endpoint Solution.

I'd recommend the solution to other organizations. We've been pretty happy with it so far.

I'd rate the solution at an eight out of ten.

We use the firewall for securing the data center. We have designed it to be a two-stage firewall. We have a perimeter firewall which is not Palo Alto, and then the Palo Alto firewall which is acting as a data center firewall. We are securing our internal network, so we have created different security zones. And we assign each zone a particular task.

We have found the application control to be the most valuable feature. Also, Layer 7, because all other products are working up to the maximum capacity. But Palo Alto is benefiting us, especially in application control management. We are able to differentiate between Oracle traffic and SQL traffic.

The solution needs some management tool enhancements. It could also use more reporting tools. And if the solution could enhance the VPN capabilities, that would be good.

The solution is very stable, but I think the local providers have no sufficient products. We are looking for more support. 

The solution is very scalable. We are trying to increase usage. We are planning already to increase our internet center. We are planning to extend our users to around 1,500. Currently, we have about 700 users.

The local consultant support needs some improvement. External support is sufficient for us.

The initial setup was easy for us to implement.

We used a consultant for the deployment portion.

I would rate this solution 7 out of 10.

It is our edge appliance. We use it for our edge security, and we also use it for our VPN termination.

We're using an old version of this solution. At this moment, I'm looking at migrating away from Palo Alto.

The ease of use and the ease of configuration of our policies are the most valuable features.

Palo Alto could do better with integrating the Palo Alto Next-Gen Firewall with SD-WAN.

The biggest issue with Palo Alto is that they are expensive. They are very expensive for what they offer. They should improve their pricing.

I have been using this solution for six or seven years.

We have about a thousand users.

We have third-party support.

I used Cisco ASA.

Its installation was pretty straightforward. There were no problems there.

Deployment duration is difficult to tell because there is a whole world of planning and other things. It probably took a couple of days. You are, of course, always tweaking these things.

I haven't installed it here, but where I was before, we had two people doing it. I and a colleague did it ourselves.

It is expensive.

There are multiple firewalls out there. I am moving away from them because they are expensive, and they don't do what I want to do with them. I have plans of getting FortiGate instead.

I would rate Palo Alto Networks NG Firewalls a six out of ten.