Palo Alto Networks NG Firewalls Reviews

We primarily use the product for web browsing and in order to protect some sites that we are publishing to the web internet.

The solution is very helpful in controlling spam.

The product offers very good web content control and various aspects of security.

The stability of the product has been good over the years.

The initial setup is very easy. Compared to Cisco or other solutions, Palo Alto is very easy to implement and administer. They are both very easy.

I can't recall a feature that was missing. It's a pretty complete solution.

The cost of the device is very high.

To buy license support is very slow. For renewing devices and products, it's slow in terms of contacting and activating upgraded devices.

I've been using the solution for four years at this point. It's been a while. We've been using it over the last 12 months as well.

The stability is excellent. It's reliable. We don't deal with bugs or glitches. It doesn't crash or freeze. Overall, it's been very good in terms of performance.

We have not proven the scalability yet. We're planning to extend our office within the next year or six months to eight months. We are buying some appliances for the process of extending our office.

Currently, around 1,000 people use this solution.

We've never been in touch with technical support. Having never dealt with them, I wouldn't be able to speak to how they are in terms of services.

We also use Barracuda and Cisco for certain aspects of security.

The initial setup is pretty straightforward. It's quite easy to implement.

The deployment takes about one week, or maybe a bit less, depending on the requirements. That includes both implementing and training.

Currently, two people are required for deployment and maintenance of the product

We implement the solution with our network team. We implement the solution ourselves. We don't need the help of integrators or consultants.

The pricing is quite high on Palo Alto.

On the lower end, it's likely to cost $15,000 for renovation and support.

We evaluated Cisco, Juniper, and Dell among other solutions before ultimately choosing this solution. Cisco can be complex in terms of device management compared to other options, for example. Cisco can be cheaper than Palo Alto, but that is not always the case.

I'm not sure which version of the solution we're using. We use a physical appliance.

We're using three different models, for the most part.

My company is an outsourcing company that deploys software and testing.

The solution is very user-friendly and easy to manage and administrate. For that reason, I would rate the product at a nine out of ten.

The most valuable features of this solution are all of the services it provides. 

The application layer to the hardware Layer is good, as are all layers it offers.

It's a very comprehensive solution.

The features should be built into the system. For example, it generates many logs with a lot of information that can be converted into security and business information and shown to the user. This is a time-consuming job.

I would like to see it provide us with intelligent information from the data that it captures, within the same cost.

I have been using this solution for two years.

It's a very stable product, so far.

It's very scalable. We have 300 users in our company.

Technical support is very good.

We have worked with various firewalls such as Check Point, Sophos, Cisco, and some unknown product names as well.

There are several things to consider before recommending a solution. It depends on the business requirements, the budget, and the complexity of the security needs.

I believe that Palo Alto is the best one, then Check Point and Sophos. Those are my three preferences.

Palo Alto and Check Point would be rated an eight out of ten and the others would be a seven out of ten.

The initial setup is complex, but it can be done.

The rollout takes a couple of weeks but you have to keep improving it every day.

Part of the setup was completed by me, with some help externally.

We have a subcontractor for maintenance.

This is an expensive product, as are the others of this type.

Know your business requirements, the features, the ease of use, and know what type of budget you have. These are the types of requirements to know before you use this product.

I would rate this solution an eight out of ten.

The solution can be used in the data center it can be used as perimeter firewalls and gateways as well. It can be used anywhere. From the systems side, the data center side, or I typically recommend that it be deployed in a VM, as it may be able to see the internet traffic and specifically it would basically look into the details of a virtualized environment as well.

It's a next-generation firewall and it's pretty stable. You don't have to worry about if you restart it for some maintenance. It will just come back. Basically, it would come back in a straightforward manner. There are no stability issues.

The one thing that I like about Palo Alto is it's throughput is pretty straightforward. It supports bandwidth and offers throughput for the firewall.  The throughput basically decreases.

Palo Alto actually provides two throughput values. One is for firewall throughput and other is with all features. Whether you use one or all features, its throughput will be the same.

It's performance is better than other firewalls. That is due to the fact that it is based on SPD architecture, not FX. It basically provides you with the SB3 technology, a single path parallel processing. What other brands do is they have multiple engines, like an application engine and IPS engine and other even outside management engines. This isn't like that.

With other solutions, the traffic basically passes from those firewalls one after the other engine. In Palo Alto networks, the traffic basically passes simultaneously on all the engines. It basically improves the throughput and performance of the firewall. There's no reconfiguration required.

Palo Alto has all the features that any firewall should have. Other firewalls should actually copy Palo Alto so that they can provide better stability, performance, and protection - at levels that are at least at Palo-Alto's.

This isn't necessarily an issue with the product per se, however, sometimes basically there are some features, depending on the customer environment, do not work as well. Sometimes some of the applications the customer has do not respond as they normally should. Palo Alto support needs to understand the customer requirements and details so that they can resolve customer queries more effectively.

I've been using the solution for the past six years at this point.

The solution offers very good stability. I don't have issues with bugs or glitches. It's reliable.

We have a variety of customers ad they all have a different amount of users. Some have 50 users. Some have 100 users. Some have 1,000 users as well. It varies quite a bit. In that sense, it scales to meet the customer's needs.

I've dealt with technical support in the past. Sometimes it is good and sometimes it's not as good. It depends on the complexity of the deployment. Overall, however, I would say that I have been satisfied with the level of service provided.

There are multiple products from different vendors, and I basically deploy different firewalls from different vendors for the customers based on their needs. The solutions I work with include Cisco, Fortinet, and WatchGuard. There are a few others as well.

The initial setup isn't too complex. It's pretty straightforward.

The deployment time basically depends on the deployment model. If it's a VMware model, it's pretty straightforward and you can basically deploy it in half an hour to one hour.

If it is in another deployment model, for example, if it's in Layer 3, it depends on the subnet environment, how many subnets they have, or how the traffic is routing from one end to the other end, etc. 

I'm involved in system integration, so I basically deploy and manage the solution for the other customers.

I'm an integrator. I work with many clients. My clients use both the cloud and on-premises deployment models.

I would recommend the solution to other organizations.

Overall, I would rate it at a nine out of ten.

Our primary use case is for the perimeter connection of our clients in the network. Our client brings their services to their clients, and they have the option to connect to a webpage. With Palo Alto Networks NG Firewalls they can safely provide a username and password to their clients.

It is mainly on-premise, because the majority of the clients at this point want that kind of option. But many of them are already asking for the cloud option, like Prisma, for example.

It has improved our clients' organizations because previously the clients did not have the option to fully connect. In this solution, they have the opportunity to add services to their web page and book clients.

The feature that I have found most valuable is the connection. It's very easy for the clients to connect to their information. They use an SSL connection by BPM.

We work very closely with the vendors here and at this point they use external support.

Maybe they could add some tools and more competing services, like servers, but that would increase the cost of the solution.

My company has been using Palo Alto Networks NG Firewalls for almost one year. It is new for us. We have more experience with Cisco and Fortinet.

In my company, I am responsible for the development of the proposal that we give to the client. We develop the spectrum and the pricing. We make presentations to the customer to explain the solution and answer questions about it.

The scalability is very strong. The vendor provides has high availability.

Our clients are medium sized businesses.

Palo Alto is not a cheap solution. It is expensive. But because of its technology it pays itself back. In each case we work with the vendor to obtain a major discount for their business. I give that discount to our customer, who benefit from the services that we can bring them.

This is our first dealing with Palo Alto. With other vendors we have more experience, like with Cisco and Fortinet.

Palo Alto's documentation and manuals are very complete. It's very easy to obtain the information that way.

The client still uses Cisco, Fortinet, and Checkpoint. Palo Alto has very good administration tools which is not the case with the others. You can't compare all vendors. Also, the granularity of the information that they can obtain from the firewalls is better.

The initial setup depends. In the case of one client, for example, they have a very complex connection of networks, which is architectural. It is integrated and we need to pick it out and include all the rules that they have and to put in the firewalls which they want to buy in the next month. That kind of job is not easy for us, not just regarding Palo Alto but for other vendors, too.

On a scale of one to ten, I would give Palo Alto Networks NG Firewalls a nine.

I would recommend this product to others.

In terms of what advice I would give to future customers looking into implementing Palo Alto Firewalls, I would tell them that they have a good system operator in the firewalls and that it provides many tools that they can use to protect their networks. You don't find that in the other vendors.

We deploy and provide support for this solution to our customers. The use case depends on customer requirements because Palo Alto Next Generation Firewall can be used as a data center firewall, perimeter firewall or on the cloud for a perimeter firewall or used with communications. Some customers use it for global protect connectivity. I am a senior network engineer and we are partners with Palo Alto Networks. 

The best feature of this solution is the GlobalProtect, followed by the App-ID feature which is very good. I also like the VMS feature. 

They've improved a lot of things but we'd like to see more mobility between on-prem and cloud based. I'd also like to see security synchronization between the firewalls. Managing can be difficult. 

I've been providing this solution for over two years. 

There are occasionally issues with reporting, otherwise stability is fine. 

The scalability of this solution is fine. 

Technical support is fine, although sometimes there have been delays. From a technical perspective, they are knowledgeable. 

Now that I have some experience with it, the initial setup is simple. If it's being deployed on-prem, deployment takes a couple of days. But if it's a cloud deployment, we can complete deployment in a day. 

Palo Alto is more expensive in comparison to Fortinet and other firewalls. It's okay because they do provide quality. 

I would recommend this firewall still. Our system integrates well but it depends on customer requirements so we sometimes choose to go with an alternative firewall.

I would rate this solution an eight out of 10. 

We use this firewall as part of our overall security solution. It is used to protect our perimeter on the internet side. We have the on-premises version installed for our offices and the cloud-based version for our cloud offerings. For our cloud setup, we use both Azure and AWS.

The most valuable feature is the security provided by the ATP. It is definitely better than the security provided by other firewalls.

The API is available for integration with tools for automation and AI, which is very good.

The interface contains some decentralized tools, so simplifying it would be an improvement.

I would like the option to be able to block the traffic from a specific country in a few clicks.

Some of the implements under artificial intelligence should provide better visibility in terms of my traffic, such as where it originates and where it is going.

Better integration with industry tools would allow me to do quicker automation and reduce my operational costs.

We have been using the Palo Alto Next-Generation firewall for almost five years.

This solution is definitely not scalable. Although it is a next-generation firewall, it has its limitations in terms of policies. At one point in time, it becomes the bottleneck, which is something that we have to optimize.

We are using this firewall at between 10 and 15 locations.

We have been in contact with technical support and we are satisfied with the service.

We also use FortiGate VDOM, although this is for internal protection. The FortiGate interface is simpler in design than Palo Alto.

Prior to Palo Alto, we were using the Cisco ASA platform. When it was through with its lifecycle, we switched. Seeing the next-generation firewall competition in the market, Cisco definitely has a larger portfolio, but it is not as competitive in the security domain. Solutions from Palo Alto and Fortinet are better in this space.

It is easy to install and we did not find the initial setup complex at all. The basic firewall can be set up, and then it takes a little time for the hardening. In total, the deployment can usually be completed within two or three hours.

The pricing is competitive in the market.

Palo Alto NG is definitely a firewall that I recommend for the right size of deployment.

I would rate this solution an eight out of ten.

We are basically using a double protection layer in which we take care of all our DMV, VPN, tunnels, and internal network. We are basically using it for application based configuration  controlling our traffic on applications with layers four to seven. We are customers of Palo Alto and I'm an information security specialist. 

I like the training material they provide and the reporting is very good. The solution is very easy to configure, and very easy to understand and explain. Compared to firewalls offered by their competitors, I find it easier to use and more thorough. The most important thing the solution provides is, of course, the firewalling up to the application level.

There could be improvement with their logs, especially their CLI. When you go to the command line to understand the command line interface it's tricky and requires a deep understanding of the product. We recently faced one issue where the server side configuration changed and it wasn't replicated at the firewall. It required us to tweak things and now it is working fine. Finally, the HIPS and audio call features could be improved. 

I've been using this solution for two years. 

In the past two years I haven't had any issues with the stability. That applies to the hardware, software, upgrades, updates, new feeds. I haven't faced any big issue, you can say that. 

We are using their big boxes, like the 7,000 series. So it's already at that level. We're already using 120 GB, like three 40 gigs and it's working fine for us. You can scale as you wish.
We have over 10,000 people using the service through this firewall. It's working 24/7 and it's been that way for the past two and a half years. 

The initial setup is not complex. It took us 15 to 20 days because we were migrating from the other firewall. The strategy was to take the backup and simultaneously create a leg and transfer to that. The first time we deployed, we used the integrator recommended by the vendor. That worked very well. Our team worked with the integrator. We planned everything and they supervised us. 

We currently have four people helping with maintenance. They are security admins and their job is with the firewalls, like configuring and maintaining and upgrading all those things. 

Yes, we evaluated other options. Cisco was there, as was FortiGate. We were using Juniper at that time, and then Palo Alto came into picture. We carried out a comparison of pricing, support, features, etc. and then we made our choice. It was really the next generation features and application level security that were key to our decision. 

The advice I can give is that this is a good solution: Easy to deploy, easy to manage, easy to understand, reporting is very good, and it will give you the full picture up to the layer seven. Their VPN service is very good. 

The good thing is that whenever you need to train anyone on these devices, it's very easy to explain. Previous firewalls I've used, required a lot more work before you could configure. This isn't like that, it takes maybe 30 minutes and it's done. 

We use this solution as a firewall. We use it for VPN setup, threat protection, and for internet breakout also. We actually deploy several different versions. We have a TA200, a PA820, and a PA3200 series.

The most valuable features are the threat prevention and policy-based routing features. 

I think they need to have a proper hardware version for a smaller enterprise. We had to go to a very high-end version which is very expensive. If we chose the lower-end version, it would not meet our goals. A middle-end is missing in its portfolio.

For example, there's the PA820 and the PA220, but there's nothing between. So they are really missing some kind of small-size or medium-size usage. Right now, you have to choose either a big one or you have a very small one, which is not really good.

In the next release, it would be helpful if there was some kind of a visualized feature that showed the traffic flow, or something like that, to be able to simulate. When we define something if we could see a simulation of how the flow will be treated that would be great. Because today everything is done by experts by checking logs, but it's very time-consuming. If there's also a simulator to use when you apply some configuration, you can also apply on the simulator, to copy the configuration. So, you can see maybe to generate some traffic and to see how it will be treated. That will be very good.

The solution is pretty stable. Once you have it configured, normally it shouldn't have any issues. It does sometimes impact the metric flow, but that's natural because it filters everything going through, so it slows down the speed.

I don't think that product is really scalable. You have to either replace it with a higher version or use what you have. I think that's the only way. You cannot add something to increase its capacity, so you have to replace the current equipment to a new version or a new, higher version.

For technical support, we have a contract with some local suppliers. It depends on our partner, so it's probably different from location to location, but as long as they are certified with Palo Alto, normally they should have a one or two experts in their organization. So you just need to find a good person to work with.

We did previously have a different kind of a firewall. We used Check Point before. We also used NetScreen and Cisco. But in the end, we defined our standard and now use Palo Alto.

Firewalls are never easy. You have to have very good network expertise to set it up, so it's not about the product being easy to use or not. It's because of the nature of the firewall. You have to understand how it works, how it should be set up, and to understand your data flows and things like that. 

I'm not really the person who does the hands-on setup and integration. I'm the guy who monitors the global deployment. I'm in charge of defining the standard, to deploy the standard to the site, but there's an operational team to do the final installation, configuration, and those types of things.

On the one side, it will take maybe two or three days to enable the firewall, but if you are talking about the global deployment, that depends on the budget, and the resources that will take different time periods to deploy worldwide, so we are still not finished for all the locations. So we are still doing it.

Globally we have around 100 locations. We have two major network engineers who manage the firewall, but to deploy it you also need a local IT because they have to physically be on site. And the two experts remotely control the equipment, configuration, and upgrades, etc. So it's very hard to say how many people you need. It depends on your company size and where your locations are based. For us, we have two dedicated people, but we also have the local IT when we need them to physically help in the integration. 

We do use external partners for the setup. We use also our internal teams as well.

It's a bit pricey.

Once you install it, you use it every day. You can't stop because it's a security feature and a precaution. Also, we are using it to do some local breakouts, so we use utilize the local internet to carry some business traffic, to ensure there's no interruption. You have to let it run 24/7.

I would suggest you be careful when choosing your model. Consider your bandwidth as well as how you want to run the local area network because the throughput of the firewall has to be well designed.

I would rate this solution a nine out of10.