Palo Alto Networks NG Firewalls Reviews

The solution has many great features. I don't know if there's one single one that stands above and beyond everything, however.

The application visibility is excellent. There is no other solution that does it quite as well. Palo Alto definitely has an edge in that sense.

The ability of the security features to adapt is also very good. They offer great DNS protection.

They include everything from a network point of view and a security perspective. For the most part, the endpoints are great.

The interface and dashboards are good.

The GSW needs some improvements right now.

The endpoints could use improvement. The solution is mostly a cloud solution now, and there are a lot of competing solutions that are playing in the space and may be doing things a bit better.

The pricing could be improved upon.

We've been dealing with the solution for the last four or five years at least.

The stability of the solution is good. It's quite reliable. I haven't experienced bugs or glitches that affect its performance. It doesn't crash.

If you size everything appropriately, you shouldn't have any issues with scaling. It's quite good. Users can scale it up if they need to.

I'd say that technical support is excellent. They are very helpful. We've quite satisfied with the level of support we got from the company.

I've never dealt with Huawei, however, our company has worked with Cisco, Dell, and HP among other solutions.

The pricing of the solution is quite high. It's too expensive, considering there's so much competition in the space.

There aren't extra costs on top of the standard licensing policy. Still, Palo Alto seems to be adding some premium costs that competitors just don't have.

While we mainly deal with on-premises deployment models, occasionally we also do hybrid deployments.

We're not a customer. We're a systems integrator. We're a reseller. We sell solutions to our clients.

Palo Alto is very good at policymaking. It's like they have a single policy that you can use. Other solutions don't have single policy use, which means you have to configure everything. There may be many consoles or many tasks that you'll have to worry about other solutions. Multiple task configuration should not be there, and yet, for many companies, it is. This isn't the case with Palo Alto. Palo Alto is easy compared to Fortinet. 

It's overall a very solid solution. I would rate it nine out of ten.

We use this solution for Zero Trust Data Center Segmentation with layer 2 Palo Alto firewalls. Segmentation has allowed us to put servers into Zones based off VLAN tags applied at the Nutanix level and can change "personalities" with the change of a VLAN tag. Palo Alto calls the "Layer 2 rewrite". By default, all traffic runs through a pair of 5000 series PAs and nothing is trusted. All North and South, East and West traffic is untrusted. No traffic is passed unless it matched a rule in the firewalls. There is a lot of upfront work to get this solution to work but once implemented adds/moves/changes are easy.

This solution not only provides better security than flat VLAN segments but allows easy movement throughout the lifecycle of the server.

The most valuable feature is the ease of use of the central Panorama to control all firewalls as one unit for baseline rules and then treat each firewall separately when needed.

I wish that the Palos had better system logging for the hardware itself.

We have been using this solution for four years.

We use them to do quite a bit of URL filtering, threat prevention, and we also use GlobalProtect. And application visibility is huge for us. Rather than having to do port-based firewalling, we're able to take it to an application level.

We have quite a number of security pieces that are implemented for our network, such as a DNS piece, although we're not using Palo Alto for that purpose. But with that, in line with our seam, we're able to better distinguish what normal traffic looks like versus what a potential threat would look like. That's how we're leveraging the NG Firewalls. Also, we have separated the network for our databases and we only allow specific users or specific applications to communicate with them. They're not using the traditional port base, they're using application-aware ports to make sure that the traffic that has come in is what it says it is.

Machine learning in Palo Alto's firewalls, for securing networks against threats that are able to evolve and morph rapidly, has helped us out significantly, in implementation with different security software and processes. The combination allows our security analysts to determine the type of traffic that is flowing through our network and to our devices. We're able to collect the logs that Palo Alto generates to determine if there's any type of intrusion in our network.

The machine learning in the core of the firewalls, for inline, real-time attack prevention, is very important to us. With the malware and ransomware threats that are out there, to keep abreast of and ahead of those types of attacks, it's important for our devices to be able to use AI to distinguish when there is malicious traffic or abnormal traffic within our environment, and then notify us.

The fact that in the NSS Labs Test Report from July 2019 about Palo Alto NG Firewalls, 100 percent of the evasions were blocked, is very important to us. 

The SD-WAN product is fairly new. They could probably improve that in terms of customizing it and making the configuration a little bit easier.

I've been using Palo Alto NG Firewalls for about five years.

The firewalls are very stable. We've had no issues with downtime.

They're very scalable. Because we use Panorama, we're able to have global firewall rules for areas that we want to block, across the network, for security reasons. We just push those down to all the devices in one shot.

Our corporate site has about 500 users, and our 14 remote sites, because they're retail, usually have anywhere from five to 10 users each.

Their support is generally very knowledgeable. Sometimes it depends though on who you get, but they've always addressed our issues in a timely manner.

We were using older versions of Palo Alto's firewalls and we also had Cisco firewalls in our environment.

For our remote stores we're able to use Panorama, along with Palo Alto's Zero Touch Provisioning hardware. Once a device is connected to the internet and can communicate back to our Panorama, it just pulls the configurations. That means it's very easy to deploy.

It took about two to three months to deploy about 14 sites. That wasn't because we were having issues, it was just the way we scheduled the deployment, because we had to bring down different entities and had to schedule them accordingly with a maintenance window. But if it wasn't for that scheduling, within a week we could have deployed all of the remote sites.

For our implementation strategy, at our corporate site we had both old and new firewalls sitting side by side on the network. As we went to a remote site we would take them from their legacy Cisco and cut them over to the new firewall. Once that was done, we moved all of the firewall rules that were on the old firewall over to the new one.

When it comes to maintenance and administration of the firewalls, my team of five people is responsible. We have a network architect, a network specialist, two senior network specialists, and a security manager.

We did it by ourselves. We have a certified Palo Alto engineer on staff and he did all the installation.

Definitely look into a multi-year license, as opposed to a single-year. That will definitely be more beneficial in terms of cost. We went with five-year licenses. After looking at the overall costs, we calculate that we're only paying for four years, because it works out such that the last year is negligible. If we were to be billed yearly, the last year's costs would be a lot more. With the five-year plan we're saving about a year's worth of licenses.

Based on the quantity of devices we purchased, we found that the hardware price was actually cheaper than most of the other vendors out there.

If a colleague at another company were to say, "We are just looking for the cheapest and fastest firewall," given my experience with Palo Alto's NG Firewalls, my answer would depend on the size of the company and how much traffic they're going to be generating. Palo Alto is definitely not the cheapest, but if you scale it the right way it will be very comparable to what's out there.

One of the things we like about Palo Alto is the fact that the hardware appliances we have are not impacted in terms of resources. The CPU and memory stay low, so we don't have a bottleneck where it's trying to process a whole bunch of traffic and things are slow. We were looking at various brands because we were going from older hardware to newer, and we wanted to evaluate what the other vendors were doing. After that evaluation, we were comfortable that Palo Alto would be able to handle all of our network traffic without impacting performance.

We looked at Fortinet and Cisco. Cisco is a bit pricey when compared to our Palo Altos. Fortinet was definitely cheaper, but we were skeptical about their performance when we bundled all of the features that we wanted. We didn't think it was going to be fast enough to handle the network traffic that we were generating across the board. We believe Cisco would have handled our traffic, but their next-gen platform, along with SD-WAN, required us to have two separate devices. It wasn't something that would have been on one platform. That's probably why we didn't go down that road.

Part of what we considered when we were looking around was how familiar we were with the technology. That was also a big area for us. Most of the guys on our team were pretty familiar with Cisco and Palo Alto devices. They weren't too familiar with Fortinet or Check Point. We narrowed it down based on if we had a security breach, how easy would it be for us to start gathering information, remediating and troubleshooting, and looking at the origin of the threat. We looked at that versus having to call support because we weren't too familiar with a particular product. That was huge for us when we were doing the evaluation of these products.

Other than the SD-WAN, everything else has been functioning like our previous setup because it's a pretty similar license. The way that the new hardware handles URL filtering, threat protection, and GlobalProtect has been pretty solid. I don't have any issues with those.

Overall, I would rate Palo Alto NG Firewalls at nine out of 10. It's definitely not the cheapest product out there. Cost is the main reason I wouldn't put it at a 10.

We are working on creating security policies on the firewall. We have just put GlobalProtect VPN in our company. We also have Prisma Access.

We have on-prem and hybrid cloud deployments.

It has strengthened our security policies and made our environment more secure. It has provided us more security features. Due to the rules that we have created on Palo Alto Firewall, all the malicious things have been stopped from coming into our environment.

The App-ID feature is the coolest feature because you don't need to open a new port. Apps are directly linked to the port. It provides one of the best ways to lock down the additional port switch.

Its software updates can be improved. It sometimes becomes very slow with the software updates for different features.

It should have an External Dynamic List of data. The malicious IP is not frequently getting updated in Palo Alto, and this should be done.

I have been using this solution for six years.

Its stability is good.

Its scalability is also good.

We were using Cisco ASA previously. Palo Alto has strengthened our security policies. It has also made our environment more secure than Cisco ASA.

Its initial setup is straightforward.

I would rate Palo Alto Networks NG Firewall an eight out of ten. It has been working very well.

Normally, we use our firewall at the perimeter level. We are using Palo Alto Networks NG Firewalls as a firewall as well as using a few of their functionalities like the Vulnerability Protection, its IPS module. Additionally, we have remote VPN's on those firewalls, like GlobalProtect. So we are using all the features which are provided by Palo Alto.

The feature that I like the most is its IPS model, the WildFire model. I really like how the whole threat protection model functions, including the vulnerability and anti-spyware aspects. That is really awesome.

In terms of what could be improved, comparatively the price is very high. That would be the one thing. But technically-speaking, it's perfect.

I have been working with Palo Alto Networks NG Firewalls for around five years.

In terms of scalability, normally, we procure the devices based on the future perspective, so there should be a lot of scalability. We never face scalability issues with Next Generation Palo Alto Firewall - it comes with the scalability.

We have around 11,000 to 12,000 users across the globe.

Technical support is pretty good. We get a timely response. There will be plus/minus where we do not getting a response, but not regularly, just one or two cases among, let's say, 20 or 30. As far as my experiences with the tech support go, it's pretty good, very straightforward support. It's not like they're playing on the call and taking their time. It is really straightforward.

The initial setup depends on the office locations of the data center. If that particular firewall is part of the data center, then yes, it is a complex design as well as a complex traffic flow. But for normal office locations, it is pretty straightforward. So it is a mix depending on the location of where the particular firewall is going to be put.

I would recommend Palo Alto Networks NG Firewalls. If a company has the budget and wants to have the next generation of firewalls then they should go for the Palo Alto, because whatever state of features they provide, it's pretty awesome. But if there is a budget constraint there are several other products which give you similar kinds of features but with less cost.

On a scale of one to ten, I would give Palo Alto Networks NG Firewalls an 8.

Nothing is perfect. There are features that they should add. One of the features that I'm looking at is when it comes to the Vulnerability Protection. We are blocking the threats which are, by default, updated by the Palo Alto Threat Engine. Currently, there is no scope of manually adding the external database to the firewall so the firewall will convert that database to their own. This is currently not functional with the current version. There are a few functions that they could add that are available with other vendors. That's why I am giving the 8.

We use it to control what users may access internally and externally, which covers everything. We are using its latest version. The model that we are using is 3220.

Its flexibility is the most valuable.

Its price can be better. They should also provide some more examples of configurations online.

I have been using this solution for one and a half years.

It is very stable.

We haven't scaled it because if you want to scale it upwards, you have to change the firewall.

I have sometimes used the local support here in Norway. That has been okay. There are no problems.

I have tried Sophos, Cisco, and FortiGate. This is the best firewall.

The initial setup is easy. There is good documentation for this.

Its price can be better. Licensing is on a yearly basis.

I would rate Palo Alto Networks NG Firewalls a ten out of ten. It is the best solution I have tried. I am happy with this solution.

Our solution is now based on clustering and load balancing. We can add more nodes to our environment to accommodate the new load within our company.

We have about 2,000 to 2,300 users on Palo Alto NG firewall support.

Palo Alto has a line of products for different customers. If you do the sizing it from the beginning, considering that you are a growing company, it is fine.

You need to plan for the future, which means that you have to pay in advance through investment. With Palo Alto NG Firewalls, the cost will be higher.

We would like to have the processing power to be enhanced with every new CPU so that we are getting more cores. Palo Alto is incorporating this. 

We are requesting now a new firewall that will come in with higher power, i.e. the 5220.

I found Palo Alto NG firewalls more intuitive compared to other products. I value the capability to identify a cloud solution.

Palo Alto has a good product and end-user experience. It's great. They can maybe add more processing power to their hardware. That's it. 

Sometimes it's stuck and you need to restart it. They have been adding a lot of things, so we need to upgrade for the new features.

Palo Alto NG is a stable product as long as it's working. It does what it expected to do. But sometimes for some reason the hardware resources spike, so it stops responding. 

The only fix is to restart the firewall,i.e. a  hardware restart. This is one of the issues. It's not related to the software because of the troubleshooting that we did. 

It's about resource consumption. Some hardware and software issues Palo Alto needs to work on. They released their Palo Alto Operating System which enhanced their product suite.

The scalability compared to other products is not good. You need to change the box whenever you want your number of connection sessions to increase. 

You can't just upgrade the parts with a software key or with adding additional hardware. You need to replace the entire box. It's not scalable. 

The solution's technical support is responsive. They are good.

We previously used a different solution that was Fortinet. I'm still using it. There's another area in the network where we use Fortinet.

We shifted from Fortinet to Palo Alto. It's just mapping the network from the available firewall to another firewall. It wasn't complex. 

Between deployment and stabilization, the product was completed in two weeks, i.e. 10 working days.

One of my team did the installation under my supervision.

You have to do proper network design from the beginning. You have to look into future expansion. Otherwise, after a year, you have to replace the entire box.

On a scale from 1 to 10, I would rate this product a seven because the point of scalability within their product is a big issue. 

If you have to put a huge investment in front to accommodate future expansion, it is fine. 

It requires forecasting. If your forecast is not correct and you are not growing to that point, then all your investments will be a waste. 

If you're adding a block so that it can accommodate your user traffic demand, then that would be perfect. 

I buy one block at a time now. I can't buy two blocks at the same time. That's a waste of money with Palo Alto NG firewalls.

I use the PA-220 to protect the LAN at my small-ish (about twenty people) office. We have several remote users who use the GlobalProtect VPN. As we move into a data center for hosting, I'll buy a second PA-220 to set up a site-to-site VPN. We also have a VM-50 for internal testing and lab use. 

I'm writing this review because it's a great product and I think it's ranked much too low on the review ratings. One of the things I really like about it is that we have the same features and functions available on the entry-level device (PA-220), as do large corporations with much more costly appliances.

With all the bells and whistles turned on, I can block access to websites based on their location (country), content, or other criteria. The reporting is really useful and shows me the most frequently used applications, and provides me with great visibility as to what my network users are doing on the internet. With this firewall in place, I can finally enforce the variety of acceptable use policies which have existed only on paper. 

The most valuable features are blocking traffic by country, and URL filtering to improve policy compliance and our overall cybersecurity posture. The ad blocker is also pretty handy. Moreover, the VPN client has turned out to be more useful than I initially thought, and the users love the 'one-click' connect. 

The initial configuration is complicated to set up. You really have to know what you're doing. I attribute that to all of the features and functions that are built into the product. Luckily, Palo Alto has a great support site and you can find contractors who are knowledgeable in the technology.

Technical support for this solution is great.

Previously we used a pfSense firewall. I was very unhappy with it, as it had a limited feature set and was not intuitive to configure. 

The initial setup is complex, due to all the features offered. You really have to know what you're doing.

Implemented through a vendor who was knowledgeable with the product. It took at least a few months of tweaking before we got the firewall to the point it's currently at. 

It will be worth your time to hire a contractor to set it up and configure it for you, especially if you are not very knowledgeable with PA firewalls. 

We looked at Cisco Meraki, but I wasn't really all that happy with it. 

I've used it and I'm very happy. Frankly, I think this site under-rates the technology, as it should be in at least the top three.