Palo Alto Networks NG Firewalls Reviews

We primarily use Palo Alto Networks NG Firewalls as Foundry Network devices, but we also use them to filter internal network traffic.

I don't believe there is a significant difference. It is similar to any Google firewall product in that it works as long as they are reliable.

The most important part of this solution is its reliability, as it just works without any fancy features. Users are mainly concerned about their ability to function consistently and dependably.

I believe that companies could potentially gain an advantage by leveraging their engineers' familiarity with certain interfaces. Typically, the familiarity factor plays a significant role in product selection, and if they have experience using certain interfaces, they are more likely to opt for those products.

In terms of the interface, I don't feel there is any distinction between this vendor and others. I believe that familiarity with the products itself is an important consideration.

With the use cases that I am familiar with, I don't believe that additional features would be of any benefit. 

Adding more features generally causes more issues. I would prefer they focus on improving reliability rather than adding new features.

My preference would be to exclude machine learning since it must be capable of explanation. This is really important to us, and the performance must also be highly predictable. If it is implemented, at the very least, the option to disable it completely must be available.

In my view, machine learning is often a bothersome addition that can potentially compromise security by allowing unauthorized traffic to pass through undetected. 

From my experience, this tends to occur in networks where all the traffic is clearly defined.

Enhancements could potentially be made to the firmware to improve its inspectability.

In my current job, I have been using Palo Alto Networks NG Firewalls for three years.

In my experience, Palo Alto Networks NG Firewalls have been a stable solution.

It has been as scalable as you would expect.

I have experience working on both small office networks as well as larger ones spanning multiple locations, typically around three to five locations.

I have worked with a range from small office setups with around fifty devices to larger ones with a scale of maybe a thousand, two thousand, or even five thousand devices.

I have experience with quite a lot of other vendors.

In my opinion, I find the configuration of this product more appealing than that of Cisco, but ultimately, it comes down to the preference of the organization's administrators. In terms of features, I don't see a significant difference between them; they all seem pretty standard to me.

I find their syntax more appealing, especially for the command line.

 I am rarely involved in the deployment.

When assessing firewalls for securing data centers consistently and across all workspaces or places, Palo Alto Networks NG Firewalls are suitable products. 

From my experience, they have demonstrated excellent performance.

While it may not necessarily decrease downtime, it also doesn't cause any increase in downtime.

Attending events like RSA has proven to be quite beneficial for me in terms of meeting new people and discovering interesting products. These events generated new contacts and partnerships for my organization.

I believe that we will likely evaluate and purchase at least one of the products in the near future.

It's a decent product, I would rate Palo Alto Networks NG Firewalls an eight out of ten.

We primarily use the solution as a datacenter firewall for 0 trust security model

From my experience, comparing it to other products, the granularity you can have in the application is very good. The application detection is excellent. It's certainly one of the best. 

The engine detector application is usually one of the best compared to any other firewall on the market, in my opinion.  With it, I can do a lot of rules based on the application. If you have multiple internet links, you can have an application export from one link, and an application wire from another link. You can have security on the application. The security, for example, can have different functionalities. Basically, the granularity of rules is amazing in Palo Alto.

They have a good reputation for their antivirus capabilities.

The solution offers a strong URL based system or detection for malicious URL or malicious files. 

They even have a machine learning algorithm. They do a lot of very advanced detection for files and URLs. 

Once you deploy the product, you can basically forget about it. It has high customer satisfaction because it's always just working.

The solution would benefit from having a dashboard.

From a normal IPS after attack, routine attack and threat detection attack, in other words, the standard IPS detection attack, I don't see Palo Alto as very good compared to others. The standard network IPS functionality could be better. It's there in solutions like McAfee or Tipping Point, however, I don't see it here in this solution.

We've been working with Palo Alto for about six years now.

From my experience, it's the best hardware compared to other NG firewalls from the perspective of performance stability. While the other firewalls lose 50 or 60% of performance when enabling all policies, Palo Alto loses 10 to 20% maximum, even with enabled IPS and fire detection and all. From our experience performance-wise, it's one of the best hardware solutions for firewalls. 

We haven't lost performance really, so I would describe it as very stable. There are not any issues.

Since the solution is hardware, there are some limitations in terms of scalability.

Usually, in hardware, you can't say it's scalable or not due to the fact that you have the limitations built-in related to the size of the box. The box has a maximum number that it can reach. You can add more hardware, however, the hardware itself is finite.

We usually do a POC first so we can get the figures for performance and we can put in a box that can support 20 or 30 people extra for future expansion.

In general technical support is very good. That said, usually, when we face an issue, we try to solve it ourselves internally before going to level one support. 

In general, we never have had a big issue with support. I don't have much experience with the support team to tell you if they're really good or not. Usually 80% of the cases we open, we talk with the distributor and finish the operation case directly with Palo Alto. It's more like a backend request and therefore I don't have much input that would be objective.

As resellers, we also work with Cisco and some Forcepoint solutions.

I like that in Cisco there's more security parts, like IPS, and a Demandware engine.

I like Cisco, in general, more than Palo Alto if I'm comparing the two. However, from an application perspective, our application's usability and detection and firewall control using an application, it's Palo Alto that's the best on the market. That's, of course, purely from a  firewall point of view. Even in terms of detection of the applications, it has the best system.

The deployment depends on the client's environment as well as how they are using it. For example, an internet NG firewall on the internet, it takes, on average, a week between installation, integration, and tuning. Usually we don't do all the policies because we are system integrator. We do the main policies and we teach the customer and then do a handover to the user for tuning and all the installation extras.

If it's a data center project, it takes more time and effort. It takes a month sometimes due to the fact that we'll be dealing with a lot of traffic. The application and server are usually harder to control than internet applications like Facebook and other standard applications, and easier on the internet. Then there's also internal applications, custom applications, migrating applications, finance education applications, etc., which are not always direct from the customer or directly known.

In short, the implementation isn't always straightforward. There can be quite a bit of complexity, depending on the company.

In general, I prefer hardware, and Palo Alto's is quite good. However, we have a couple of virtual deployments for cases as well.

I would definitely recommend the solution. It's one of the best firewalls on the market. I've worked with four different vendors in the past, and some of the most mature NG firewalls are Palo Alto's. It's their main business, so they are able to really focus on the tech. They spend a lot of time on R&D. They're always leading the way with new technologies. 

While Cisco has more main products, Palo Alto really does focus in on NG firewalls. That's why I always see them as a leader in the space.

I'd rate the solution nine out of ten.

We have two 3000 Series Firewalls placed in our primary location. We have two sites and the secondary site uses the primary site for internet access. All traffic to the secondary location goes through a VPN tunnel. I'm a network administrator. 

The value of this solution for me is the protection from a single packet and ease of making security rules. It also doesn't require a special dedicated network team, I'm able to do it myself. It's a time saver for me and now in this pandemic period, users have access from home.  

I'd like to see some changes to the licensing policies and, on the technical side, improvement in scalability. It's not so easy to scale out your security capabilities. With the situation in business today, everybody lacks money and if you have to increase your resources and to constantly pay more for that, it becomes a problem. 

I've been using this solution for 10 years. 

It's been 10 years and I don't remember any outages because of a hardware failure or a logical error in configuration. We had problems with servers or switches initially but it works like a charm now. 

Scalability is the main disadvantage of Palo Alto. They call themselves a firewall with router capabilities but it's not a router and it requires a good bandwidth in VPN which could become a problem because you have to scale to really big hardware. We can solve the issue with other solutions, but for me the idea is to have less devices in your environment.
It's all about the hardware.  

The support is quite good. A couple of months ago, I sent an email with an issue and we got an answer in 15-20 minutes. In my experience, Palo Alto support is one of the best, maybe the best support available.

We previously used Juniper which is currently called Net Screen. I also looked at Sonic Wall. We carried out a proof of concept five years ago and they had to decide whether to go with Palo Alto or another vendor. 

For me, the initial setup is very easy. To get the device running with some capabilities but maybe not all security rules takes about an hour and it's the same for any upgrades. We have around 900 users and one admin person from our organization who deals with any issues. 

Palo Alto is an expensive solution, we currently have a three year contract. I'm not sure what our terms are. People always want cheaper, nobody wants to pay more. In our region, I think if Palo Alto was cheaper, more companies would buy the solution. 

I would absolutely recommend this product, it's expensive but I trust it. There is always room for improvement such as with scalability capabilities in Palo Alto. I know I'm not the only one who thinks this is an issue. It's possible that next time we will try virtualized firewalls, it may be a little cheaper for us. We would consider switching to something else but it would be a big move and quite complicated. Moving to a different vendor is a whole other story.

I rate this solution a nine out of 10. 

In manufacture, we use this solution as a firewall and an internal gateway. Additionally, we use it for traffic control which keeps strategic traffic separate from production traffic.

The technology's very good. We have had a lot of good experience with this solution. We have done a lot of implementation for our clients and we have not had a lot of problems with this solution.

For an upcoming release, they could improve on the way to build security rules per user. Palo Alto has this functionality but in implementation, we had some problem. This functionality should be better in our opinion.

I have been using the solution for more than seven years.

In my experience, the stability is very good. 

We have more than 700 people using the solution in my company.

We have had a good experience with technical support.

We have used FortiGate in the past and we prefer this one.

The setup was complex.

Depending on the project, specific environment, and performance the deployment could take some time.

With the licensing we pay for it annually, the price could be cheaper.

If someone looking for stability and the leader in next-generation firewall technology, I would choose this solution.

I would recommend this solution to others.

I rate Palo Alto Networks NG Firewalls a ten out of ten.

The solution can be used in the data center it can be used as perimeter firewalls and gateways as well. It can be used anywhere. From the systems side, the data center side, or I typically recommend that it be deployed in a VM, as it may be able to see the internet traffic and specifically it would basically look into the details of a virtualized environment as well.

It's a next-generation firewall and it's pretty stable. You don't have to worry about if you restart it for some maintenance. It will just come back. Basically, it would come back in a straightforward manner. There are no stability issues.

The one thing that I like about Palo Alto is it's throughput is pretty straightforward. It supports bandwidth and offers throughput for the firewall.  The throughput basically decreases.

Palo Alto actually provides two throughput values. One is for firewall throughput and other is with all features. Whether you use one or all features, its throughput will be the same.

It's performance is better than other firewalls. That is due to the fact that it is based on SPD architecture, not FX. It basically provides you with the SB3 technology, a single path parallel processing. What other brands do is they have multiple engines, like an application engine and IPS engine and other even outside management engines. This isn't like that.

With other solutions, the traffic basically passes from those firewalls one after the other engine. In Palo Alto networks, the traffic basically passes simultaneously on all the engines. It basically improves the throughput and performance of the firewall. There's no reconfiguration required.

Palo Alto has all the features that any firewall should have. Other firewalls should actually copy Palo Alto so that they can provide better stability, performance, and protection - at levels that are at least at Palo-Alto's.

This isn't necessarily an issue with the product per se, however, sometimes basically there are some features, depending on the customer environment, do not work as well. Sometimes some of the applications the customer has do not respond as they normally should. Palo Alto support needs to understand the customer requirements and details so that they can resolve customer queries more effectively.

I've been using the solution for the past six years at this point.

The solution offers very good stability. I don't have issues with bugs or glitches. It's reliable.

We have a variety of customers ad they all have a different amount of users. Some have 50 users. Some have 100 users. Some have 1,000 users as well. It varies quite a bit. In that sense, it scales to meet the customer's needs.

I've dealt with technical support in the past. Sometimes it is good and sometimes it's not as good. It depends on the complexity of the deployment. Overall, however, I would say that I have been satisfied with the level of service provided.

There are multiple products from different vendors, and I basically deploy different firewalls from different vendors for the customers based on their needs. The solutions I work with include Cisco, Fortinet, and WatchGuard. There are a few others as well.

The initial setup isn't too complex. It's pretty straightforward.

The deployment time basically depends on the deployment model. If it's a VMware model, it's pretty straightforward and you can basically deploy it in half an hour to one hour.

If it is in another deployment model, for example, if it's in Layer 3, it depends on the subnet environment, how many subnets they have, or how the traffic is routing from one end to the other end, etc. 

I'm involved in system integration, so I basically deploy and manage the solution for the other customers.

I'm an integrator. I work with many clients. My clients use both the cloud and on-premises deployment models.

I would recommend the solution to other organizations.

Overall, I would rate it at a nine out of ten.

We utilize advanced threat prevention features like web filtering and SSL decryption, which haven't caused any issues.

The tool's central management system is complicated, making it challenging to manage multiple devices centrally. Individually, the firewalls are easy to use and manage.

I'd like to see better central management features in the next release. They've introduced some, but I haven't tried them yet, so I can't say how effective they are. However, having a single management interface would be a big improvement.

I have been working with the product for six years. 

The product is scalable. 

The tool is stable. 

The tool's technical support is good compared to other vendors. 

Positive

Setting up the tool can be challenging, especially if configuring them individually. There's an option for zero-touch configuration, but it still involves managing Palo Alto Networks NG Firewalls, which adds complexity and doesn't always justify the cost. If you're experienced with the technology and starting from scratch, expect a steep learning curve.

The tool is expensive, especially considering all the necessary licenses for centrally managing firewalls. For medium-sized companies like ours, it's often not feasible within our budget constraints.

We pay around €200k yearly for all our firewalls. Additionally, we received a quote of over 1 million per year for Prisma Access. There is a significant cost difference compared to other options, where it's around €200k per year.

We have to pay a license for support. 

We started with on-premise infrastructure, including domain controllers. Still, as we moved to the cloud, there was a gap in group membership management until Palo Alto came up with a solution. We have multiple firewalls, about 50 of which are difficult to manage. However, the features offered by the firewalls themselves are really good.

In the future, we might consider switching from Palo Alto Networks NG Firewalls. We're currently evaluating a new solution. However, cost is a concern, as it seems more expensive than other products and SaaS solutions.

Integration with Palo Alto Networks NG Firewalls and other security tools or IT infrastructure is not entirely straightforward but manageable. It's easier compared to some other vendors but still requires effort. I have tried to integrate it with Cisco ISE. 

I recommend Palo Alto NG Firewalls for large enterprises. However, due to their high price, I wouldn't recommend them for small—to medium-sized companies, especially those with limited IT budgets.

We've found that Palo Alto NG Firewalls are particularly good at stopping zero-day attacks. Compared to other companies like Fortinet, we've had fewer security breaches with it.

I rate the overall solution a seven out of ten. 

We primarily use the solution for traditional firewalling. We use it for VPN connections -  especially now that people are doing work from home. This solution is our VPN gateway.

The solution has a lot more features than other firewall solutions, including Cisco, which we also use. It's very rich. There's so much there and we don't use a lot of it, although it is nice to have the option.

The solution itself is very user-friendly and quite easy to use.

You just need a web browser to manage it, unlike Cisco, which requires another management system.

The solution is quite stable.

The initial setup is pretty straightforward.

The scalability is limited and depends on the size of the firewall that you will buy. 

The solution is very expensive. There are cheaper options on the market.

I've been using the solution for three years at this point. It's been a while. I have some good experience with it at this point.

The solution has proven itself to be quite stable. There are no bugs or glitches. It doesn't crash or freeze. It's reliable in terms of performance.

The solution can only scale according to the sizing that a company has purchased. It depends on the size of the firewall that you will buy. For example, right now, we have this firewall with 24, which means our scalability is limited to 24.

They do have higher-end models for companies that have planned for bigger deployments.

At this point, we have about 200 users and three admins.

We're happy to use it for our perimeter firewall and so we are not planning to change it anytime soon.

Technical support is okay. We have local vendor support. Whenever we have an issue, we contact them and they help us open a ticket with Palo Alto.

We use both Palo Alto and Cisco as our firewalls. We use them both at the same time.

The initial setup has the same amount of difficulty as, for example, a Cisco setup. Regardless of if it's Cisco or Palo Alto, it will all the same level of effort. However, the use cases will be different from one another.

That said, the whole process is pretty straightforward.

We have three admins on our team that can handle setup and maintenance responsibilities. 

The price of the solution is quite high, especially if you compare it to Cisco or Juniper.

The solution is subscription-based. Users can pay monthly or yearly. We pay on a yearly basis.

We are Palo Alto customers and end-users. We don't have a business relationship with the company.

We work with the 3000-series and tend to use the latest version of the product.

I would recommend the solution to other organizations if their budget supported buying it. Cost-wise, they are on the high side. 

Overall, on a scale from one to ten, I'd rate the solution at an eight. We've largely been satisfied with its capabilities. 

We primarily use the solution for our internal network.

The active features on the solution are excellent.

The dashboard and management console are both very user-friendly. Everything is easy to navigate.

The interface is very nice. We generally like the UI the product offers.

The ability to check cases could be improved upon. We find that most of the packets we have to directly open with the PA. Until then, it's possible that there cannot be any support.

Take, for example, the XDR. The XDR is the real power to all our solutions from PA, however, when we are using their XDR, we have directly to contact PA. It's like this for the licensing or for any technical issues.

The solution could offer better pricing. We'd like it if it could be a bit more affordable for us.

The solution should offer SD-WAN.

We've been using the solution since 2016. It's been quite a few years now, at this point.

The solution is quite stable. We don't have bugs or glitches. It doesn't crash or freeze. It's quite good and we've been happy with it.

We haven't tried to expand the solution or to scale it up. It's not an aspect of the solution our company has explored just yet. Therefore, I can't speak to its capabilities in this aspect. I'm not sure what exactly is possible.

I don't have any experience with technical support. I've never had to contact them. Other colleagues would be the ones that deal with this aspect. I wouldn't be able to comment on their level of knowledge of responsiveness.

We're also using Check Point as a firewall.

The initials setup was pretty straightforward. It was not complex at all for us. We didn't run into any issues during the implementation.

The licensing is paid on a yearly basis. 

The pricing could be better, however, the cost depends on the sizing of the product. The pricing, therefore, varies from company to company for the most part.

We have a partnership with Palo Alto.

We're using the 5000 series of Palo Alto. It's a next-generation firewall. We're currently using the Management Gateway and Virtual Firewall. Also, the Endpoint Solution.

I'd recommend the solution to other organizations. We've been pretty happy with it so far.

I'd rate the solution at an eight out of ten.