Palo Alto Networks NG Firewalls Reviews

It is our edge appliance. We use it for our edge security, and we also use it for our VPN termination.

We're using an old version of this solution. At this moment, I'm looking at migrating away from Palo Alto.

The ease of use and the ease of configuration of our policies are the most valuable features.

Palo Alto could do better with integrating the Palo Alto Next-Gen Firewall with SD-WAN.

The biggest issue with Palo Alto is that they are expensive. They are very expensive for what they offer. They should improve their pricing.

I have been using this solution for six or seven years.

We have about a thousand users.

We have third-party support.

I used Cisco ASA.

Its installation was pretty straightforward. There were no problems there.

Deployment duration is difficult to tell because there is a whole world of planning and other things. It probably took a couple of days. You are, of course, always tweaking these things.

I haven't installed it here, but where I was before, we had two people doing it. I and a colleague did it ourselves.

It is expensive.

There are multiple firewalls out there. I am moving away from them because they are expensive, and they don't do what I want to do with them. I have plans of getting FortiGate instead.

I would rate Palo Alto Networks NG Firewalls a six out of ten.

We use a very basic model with a small installation to secure a small office segment with 50 users.

Operationally, it is easier, and the manageability and their security features are good. Vendor support is also good.

When it comes to their support, we have to select every single component that we want to include in a particular bundle. That is a very tedious process. The vendor will help us identify the product and the features, but it could be better. The price could also be better.

We have been using Palo Alto Networks NG Firewalls for about four years.

Vendor support is good.

Compared to other solutions, it's very expensive to set up and maintain.

I would tell potential users that Palo Alto is the best, even compared to Cisco or any other competitor. 

On a scale from one to ten, I would give Palo Alto Networks NG Firewalls a nine.

We're basically an MSSP service provider. We use this solution as a network firewall for URL filtering, IPS, and IDS proxy services.

The Unified Threat Management (UTM) module, which consists of the basic firewall and IPS services, is what the majority of our customers use in Palo Alto Firewall.

Its scalability for on-prem deployments can be better. For an on-prem deployment, the hardware has to be replaced if the volume goes up to a certain level.

We have been using this solution for a couple of years.

It is stable.

It is much more scalable in a cloud deployment, but for an on-prem deployment, the hardware has to be replaced if the volume goes up to a certain level.

We have very few customers of this solution. We probably have five to ten customers.

Their technical support is very good. It is more often the AMC support that we have to take. 

It is fairly easy. We're not seeing many challenges in these installations. The complete installation can take a lot of time because we have to configure all the policies and other things. After the hardware is installed and the network is connected, you need one or two people for configuring the policies for use cases.

After the hardware and software are procured, it is the AMC support that has to be renewed yearly.

We plan to keep using this solution depending on the customers' needs. We also have a cloud-based platform on Fortinet, and we provide it as a service.

I would rate Palo Alto Networks NG Firewalls an eight out of ten.

In manufacture, we use this solution as a firewall and an internal gateway. Additionally, we use it for traffic control which keeps strategic traffic separate from production traffic.

The technology's very good. We have had a lot of good experience with this solution. We have done a lot of implementation for our clients and we have not had a lot of problems with this solution.

For an upcoming release, they could improve on the way to build security rules per user. Palo Alto has this functionality but in implementation, we had some problem. This functionality should be better in our opinion.

I have been using the solution for more than seven years.

In my experience, the stability is very good. 

We have more than 700 people using the solution in my company.

We have had a good experience with technical support.

We have used FortiGate in the past and we prefer this one.

The setup was complex.

Depending on the project, specific environment, and performance the deployment could take some time.

With the licensing we pay for it annually, the price could be cheaper.

If someone looking for stability and the leader in next-generation firewall technology, I would choose this solution.

I would recommend this solution to others.

I rate Palo Alto Networks NG Firewalls a ten out of ten.

We use it for LAN users, internet access, and more. The NG Firewall has many functions like user control, access control for servers, natural controls based on applications, schedules, ports, RTs, and IPS functionality with antivirus or security functionality. We also use it to control internet access, traffic shaping for bandwidth control, and fraud prevention.

I like all the functions and features.

I think automation and machine learning can be improved to make bulk configurations simpler, easier, and faster. Scalability can also be better.

I've been working with NG Firewalls for six years.

Palo Alto Networks NG Firewalls is a stable solution.

I don't think Palo Alto and Fortinet firewalls are scalable. Only Cisco is scalable. For clustering, Cisco activity models like the 4000 model are better. For example, if the firewall is undersized due to expansion, you can cluster and add more appliances to the system.

I think Palo Alto has good support. Technical support helped me solve most of my issues very quickly. 

The initial setup depends on the client's infrastructure and the project's scope. 

If it's migration, Palo Alto has a great tool called the Expedition tool. It helps to migrate any firewall to the Palo Alto firewall. This process takes about a day, and it's very simple.

If it's a fresh installation, it depends on the number of policies you need to apply and the number of metrics. You can do it using the command line. You can do it easily and quickly, but it depends on how much the customers prepare. Sometimes the customer has no information to provide, and you struggle to get this information. Sometimes this process can take two to five days or take weeks. 

We implement and maintain Palo Alto Networks NG Firewalls for our customers.

Paul Alto is the most expensive solution in this category. The subscriptions and support are also expensive, but everything is included in the hardware, including the subscriptions.

If a customer is price-sensitive, I will go for Fortinet without a second thought. If customers are willing to invest in their data centers, I might go with Palo Alto and Cisco.

On a scale from one to ten, I would give Palo Alto Networks NG Firewalls a ten.

We mainly use it for perimeter protection between the internet and the local network. We are using it for application control. We exploit the applications with some policies about how the network traffic is going to be from the local LAN to the external network and vice versa. We are protecting our network from outsiders and stopping them from getting into the network.

I love the Policy Optimizer feature. I am also completely happy with its stability.

Its reporting can definitely be improved. I would like to have better graphical dashboards and more widgets for more clarity in the reporting area. In a third-generation firewall, you can generate some dashboards. It provides the information that we need, but from the C-level or a higher-level perspective, it is kind of rough and incomplete.

Its data loss prevention (DLP) feature is not good enough. Currently, this feature is very basic and not suitable for enterprises. It would be nice if they can include a better DLP feature like Fortinet.

We would like to have a local depot of Palo Alto in Latin America. Competitors such as Cisco and Check Point have a local depot here. If there is an issue with their hardware, you can go to the depot, and in about four hours, you can get a replacement device, but that's not the case with Palo Alto Networks because we need to import from Miami. It takes about two to three weeks.

I have been using this solution for about three years.

I am completely happy with its stability. I have no issues with its stability.

I don't need more scalability. I can use the new features without changing the hardware. The features are completely inside the hardware, so I have no issue with the scalability. Most of our customers are big businesses.

I didn't have a very complex call with their technical support.

It depends. It can be complex when we are replacing a solution with Palo Alto Networks and the customer doesn't know how the policy is going to be implemented in the solution. If that is not the case and it is a clean installation, it is very straightforward. It is not at all complex.

The deployment generally takes a whole week. This includes the planning stage and doing the initial setup. It takes about two days to set up a device, power it on, and turn on the policies.

It is an expensive solution.

Our clients compare it with Check Point. Palo Alto Network has the application granularity. It enables you to handle the applications, policies, and Policy Optimizer. There is no need for splitting the management plane and the processing plane. In Check Point, you need two devices. You need one device for the management and one for the gateway. Palo Alto has both in one, which is a good feature.

Check Point is a kind of cheaper solution, and we can deploy that application on open servers. The open servers option in Check Point has a huge cost-saving. In terms of performance, I will always choose Palo Alto Network because its IPS feature is superior to Check Point. It is much better than Check Point.

First of all, I would say that the engineer who is going to deploy the solution has to know how the network policy is going to be introduced into the firewall. It is very important for deployment because it is a new concept that Palo Alto introduced in the market. The second thing is to know the policies, not on the layer-4 basis, but in terms of policies, such as SMB, DSTP, and other such things.

I would rate Palo Alto Networks NG Firewalls a nine out of ten.

Normally, we use our firewall at the perimeter level. We are using Palo Alto Networks NG Firewalls as a firewall as well as using a few of their functionalities like the Vulnerability Protection, its IPS module. Additionally, we have remote VPN's on those firewalls, like GlobalProtect. So we are using all the features which are provided by Palo Alto.

The feature that I like the most is its IPS model, the WildFire model. I really like how the whole threat protection model functions, including the vulnerability and anti-spyware aspects. That is really awesome.

In terms of what could be improved, comparatively the price is very high. That would be the one thing. But technically-speaking, it's perfect.

I have been working with Palo Alto Networks NG Firewalls for around five years.

In terms of scalability, normally, we procure the devices based on the future perspective, so there should be a lot of scalability. We never face scalability issues with Next Generation Palo Alto Firewall - it comes with the scalability.

We have around 11,000 to 12,000 users across the globe.

Technical support is pretty good. We get a timely response. There will be plus/minus where we do not getting a response, but not regularly, just one or two cases among, let's say, 20 or 30. As far as my experiences with the tech support go, it's pretty good, very straightforward support. It's not like they're playing on the call and taking their time. It is really straightforward.

The initial setup depends on the office locations of the data center. If that particular firewall is part of the data center, then yes, it is a complex design as well as a complex traffic flow. But for normal office locations, it is pretty straightforward. So it is a mix depending on the location of where the particular firewall is going to be put.

I would recommend Palo Alto Networks NG Firewalls. If a company has the budget and wants to have the next generation of firewalls then they should go for the Palo Alto, because whatever state of features they provide, it's pretty awesome. But if there is a budget constraint there are several other products which give you similar kinds of features but with less cost.

On a scale of one to ten, I would give Palo Alto Networks NG Firewalls an 8.

Nothing is perfect. There are features that they should add. One of the features that I'm looking at is when it comes to the Vulnerability Protection. We are blocking the threats which are, by default, updated by the Palo Alto Threat Engine. Currently, there is no scope of manually adding the external database to the firewall so the firewall will convert that database to their own. This is currently not functional with the current version. There are a few functions that they could add that are available with other vendors. That's why I am giving the 8.

The solution is typically used for antivirus and antimalware purposes, to help protect an organization against attacks.

The solution offers many different capabilities.

It's one of the best products I've worked with. It's typically a market leader on Gartner. It's a very respected brand.

The solution offers very good security, especially in relation to antivirus activities.

The initial setup is pretty straightforward.

The product is extremely reliable.

The pricing of the solution is quite high. It's one of the most expensive firewall solutions on the market.

Clients are typically looking for a solution that's more aggressive in the market.

For example, with Fortinet, they have an SD-WAN that really has many capabilities. For example, it can inject a GSL SIM card along with the MPLS connection. It connects the system within one product. Palo Alto doesn't offer this. This is one area that will need to improve. In Indonesia, the market is growing strategically. Palo Alto has this one product, however, with the limitation of the GSM sim card they are getting left behind. 

I started using the solution around 2012 or 2013. It may have been eight years or so. Sometimes I am doing a POC or implementing the solution, so it has been on and off.

While the solution itself is okay in terms of stability, there could be issues if the hardware is affected. We have hardware that gets affected by humidity, for example, which can end up affecting a wide range of infrastructure. If the environment is good, the solution will be okay. If we talking about Palo Alto's series starting from the 3,000 to 5,000 or 7,000, Palo Alto has a really stable product.

We set up this solution for companies of all sizes, from small to large enterprises. One of our clients is a telecom, which is quite sizable. They have the most complex configuration. The solution, however, is able to work for any company, no matter what the size. In that sense, it's a scalable option.

That said, the NG firewall is not a typical product that we can scale up on a whim. If we want to scale up in this product, we need to buy a higher series. We have to replace it. If we want to scale out this product, we can do a roll out in another location. Therefore, you can expand it out, however, you do need to change the sizing, which means getting a size or two up.

I haven't contacted technical support recently. The last time I spoke to the tech support team was five years ago or maybe as an Operation Engineer three or five years ago. Generally, I found that they were really good at understanding the product. In my experience, they were really helpful. I'd say I was satisfied with their support.

I've also used Juniper, however, that may have been three or four years ago or so.

In my case, I have a lot of experience with Palo Alto and the implementation process. Therefore, I don't find it too complex. It's rather straightforward for me. However, I have a long history with the solution. I find the hierarchy of the configuration fairly easy to understand, especially if you compare it to a solution such as Juniper. Juniper is a bit more complex to set up. Whereas, Palo Alto is a bit more straightforward.

How long deployment takes can vary. It really depends on the complexity of the configuration and the environment.

If a client only buys the implementation, they will have to handle the maintenance of the product. It's a good idea to have that type of person in-house.

We find the cost of the solution to be very high. It's quite expensive, and one of the most expensive on the market.

The pricing is related to the complexity of the environment. The more complex the company's requirements, the more it will cost.

We have a partnership with Palo Alto.

I am in pre-sales and often do POCs or do some aspect of evaluating the solution for clients to help them understand the usefulness.

Overall, I really do prefer Palo Alto to other options. I'm the most comfortable with it and I understand it the best out of other solutions such as Juniper or Fortinet.

I'd suggest organizations consider the solution. Yes, it is quite expensive. However, it is also very reliable and is always marked highly in Gartner due to its feature set and usability. It's easy to configure and it's very easy to add more features into your roadmap if you need to. It can easily integrate into a larger holistic security system to help keep a company safe.

In general, I would rate the solution at a nine out of ten.

I like the architecture because it separates the management plan process and the data plan process. When I perform something CPU-intensive on management configurations, it doesn't disturb the data plan.

On the data plan, it uses parallel processing. This makes the security process and network process is more efficient.

I think visibility can be improved. If I use the Panorama monitoring dashboard, it's still the same with or without Panorama. Even with monitoring, we don't get any valuable information. 

If I am a customer, I will take many variables into considerations. If I choose to use Panorama, there should be a difference between when I use it and when I'm not. If I'm a customer who paid for Panorama even when I have many firewalls, I won't get good visibility of the information I need to easily monitor our security environment.

My customers have been attacked by ransomware. It's difficult to understand how the ransomware got through Palo Alto Panorama and Palo Alto dashboard monitoring from reporting. It makes it difficult to conclude what happened on the traffic which passed through Palo Alto. As such, I have to generate an all block report CSV file and analyze it through Excel.

I've been using Palo Alto Networks NG Firewalls for about two years.

On performance and stability, I've never heard any complaints. The product is running well and easily maintained by an admin.

I think scalability's the same as any other firewall. If we look to scale five years later, it will be scalable to perform the change. This model on Palo Alto makes it easy to add a new network, so Palo Alto offers more scalability.

Technical support is still not good for me.

The initial setup is so simple. We just needed to make a password and make it a point to point connection. I think it's that simple; make a point to point connection, access the web UI, perform initial configuration so the firewall can be managed through the network, and then we can manage everything through the web UI.

The device is very expensive compared to Cisco and Fortinet. But many of my customers use Palo Alto as Palo Alto is the standard of their organization.

I'd tell potential users of Palo Alto Networks NG Firewalls that their decision depends on their budget. If you have an adequate budget, then I recommend Palo Alto. If you have a limited budget, you need to consider your needs and look at Cisco ASA's price and Fortinet's price.

On a scale from one to ten, I would give Palo Alto Networks NG Firewalls an eight.

We are a solution provider and this is one of the firewalls that we implement for our clients.

This is a difficult product to manage, so the administrator needs to have a good knowledge of it, otherwise, they will not be able to handle it properly.

The scalability is very good.

We have a small number of clients with this solution in place.

The support is good.

I have experience with multiple firewall vendors and I have seen that products from other vendors have bugs. My feeling is that Palo Alto does not have this problem.

Some of the vendors that I have worked with are Fortinet and Sophos. The setup and management of these products are easy compared to Palo Alto.

Implementing this product can be a little bit difficult. The configuration is difficult compared to other products, so it would be nice if there were videos are other instructions available. It can be very time consuming for the network administrator.

The pricing is very high.

My advice for anybody who is implementing this firewall is to follow the guide or instructions that are available. There are multiple resources and examples of use cases available on the Palo Alto website, and you can directly follow them.

I would rate this solution a nine out of ten.