Palo Alto Networks NG Firewalls Reviews

We use this solution as our central firewall, but not as a perimeter firewall. For our perimeter, we use another solution. 

Our organization consists of roughly 2,000 to 3,000 employees. 

Identifying applications is very easy with this solution.

I don't like the reporting. The reports it provides are not helpful. They should include more executive summaries and other important information — they're too technical.

I have been using this solution for three years. 

The stability is excellent. 

The technical support is good, but not excellent. Their responses can be quite vague and unhelpful at times. 

We used to use Checkpoint. We stopped using it because the price was too high. 

Considering our limited amount of experience, the initial setup was easy. Deployment took one month. 

A local reseller team of roughly three to five people implemented it for us — it was a great experience. 

We evaluated Palo Alto, Checkpoint, Fortinet, and Cisco Firepower. Overall, it came down to the price — that's why we went with Palo Alto Networks NG Firewalls.

This solution is very particular; it's only suited to specific companies — it's a commercial opportunity. 

Overall, on a scale from one to ten, I would give this solution a rating of eight. 

We primarily use the solution for traditional firewalling. We use it for VPN connections -  especially now that people are doing work from home. This solution is our VPN gateway.

The solution has a lot more features than other firewall solutions, including Cisco, which we also use. It's very rich. There's so much there and we don't use a lot of it, although it is nice to have the option.

The solution itself is very user-friendly and quite easy to use.

You just need a web browser to manage it, unlike Cisco, which requires another management system.

The solution is quite stable.

The initial setup is pretty straightforward.

The scalability is limited and depends on the size of the firewall that you will buy. 

The solution is very expensive. There are cheaper options on the market.

I've been using the solution for three years at this point. It's been a while. I have some good experience with it at this point.

The solution has proven itself to be quite stable. There are no bugs or glitches. It doesn't crash or freeze. It's reliable in terms of performance.

The solution can only scale according to the sizing that a company has purchased. It depends on the size of the firewall that you will buy. For example, right now, we have this firewall with 24, which means our scalability is limited to 24.

They do have higher-end models for companies that have planned for bigger deployments.

At this point, we have about 200 users and three admins.

We're happy to use it for our perimeter firewall and so we are not planning to change it anytime soon.

Technical support is okay. We have local vendor support. Whenever we have an issue, we contact them and they help us open a ticket with Palo Alto.

We use both Palo Alto and Cisco as our firewalls. We use them both at the same time.

The initial setup has the same amount of difficulty as, for example, a Cisco setup. Regardless of if it's Cisco or Palo Alto, it will all the same level of effort. However, the use cases will be different from one another.

That said, the whole process is pretty straightforward.

We have three admins on our team that can handle setup and maintenance responsibilities. 

The price of the solution is quite high, especially if you compare it to Cisco or Juniper.

The solution is subscription-based. Users can pay monthly or yearly. We pay on a yearly basis.

We are Palo Alto customers and end-users. We don't have a business relationship with the company.

We work with the 3000-series and tend to use the latest version of the product.

I would recommend the solution to other organizations if their budget supported buying it. Cost-wise, they are on the high side. 

Overall, on a scale from one to ten, I'd rate the solution at an eight. We've largely been satisfied with its capabilities. 

In manufacture, we use this solution as a firewall and an internal gateway. Additionally, we use it for traffic control which keeps strategic traffic separate from production traffic.

The technology's very good. We have had a lot of good experience with this solution. We have done a lot of implementation for our clients and we have not had a lot of problems with this solution.

For an upcoming release, they could improve on the way to build security rules per user. Palo Alto has this functionality but in implementation, we had some problem. This functionality should be better in our opinion.

I have been using the solution for more than seven years.

In my experience, the stability is very good. 

We have more than 700 people using the solution in my company.

We have had a good experience with technical support.

We have used FortiGate in the past and we prefer this one.

The setup was complex.

Depending on the project, specific environment, and performance the deployment could take some time.

With the licensing we pay for it annually, the price could be cheaper.

If someone looking for stability and the leader in next-generation firewall technology, I would choose this solution.

I would recommend this solution to others.

I rate Palo Alto Networks NG Firewalls a ten out of ten.

We use the firewall for securing the data center. We have designed it to be a two-stage firewall. We have a perimeter firewall which is not Palo Alto, and then the Palo Alto firewall which is acting as a data center firewall. We are securing our internal network, so we have created different security zones. And we assign each zone a particular task.

We have found the application control to be the most valuable feature. Also, Layer 7, because all other products are working up to the maximum capacity. But Palo Alto is benefiting us, especially in application control management. We are able to differentiate between Oracle traffic and SQL traffic.

The solution needs some management tool enhancements. It could also use more reporting tools. And if the solution could enhance the VPN capabilities, that would be good.

The solution is very stable, but I think the local providers have no sufficient products. We are looking for more support. 

The solution is very scalable. We are trying to increase usage. We are planning already to increase our internet center. We are planning to extend our users to around 1,500. Currently, we have about 700 users.

The local consultant support needs some improvement. External support is sufficient for us.

The initial setup was easy for us to implement.

We used a consultant for the deployment portion.

I would rate this solution 7 out of 10.

The primary use for this product is for security as a firewall by a sales engineer for the guest environment.

It allowed us to evaluate traffic in the customer environment by providing detailed reporting on the traffic and applications.

The WildFire feature is one of the best features in this firewall. WildFire extends the capabilities of Palo Alto firewalls to block malware. The best feature for the reseller is Service Lifecycle Reviewer, SLR. You deploy Palo Alto Network Firewall to the customer environment and it collects data about customer environment, customer traffic. After a week, Palo Alto generates a report to review the traffic. The report tells what applications were touched and how users used these applications in the environment, as well as additional details. So for resellers, you just go to the customer, deploy the Palo Alto in the basic mode so the customer doesn't need to customize anything in their environment because Palo Alto works to meter traffic out of the box.

Of course, the reports register app ID, user ID, the space of the app IDs, the database of these app IDs and other common data. It is a great feature in the Palo Alto product.

The manufacturer can improve the product by improving the configuration. Some of the menus are difficult to navigate when trying to find particular features. It is not entirely intuitive or convenient. You might need to configure a feature in one menu and next you need to go to another tab and configure another part of the feature in another tab. It's not very user-friendly in that way. On the other hand, it's still more user-friendly than using the console. But this is certainly one feature they can improve.

It's a great firewall, really one of the best in the market. It is one of few firewalls that can claim to be better than Cisco. It functions well, is very stable, and its reputation is known in the market.

I think that the product is very customizable. If you don't need to protect a lot of assets, you can buy a small firewall at a low price for small needs, but if you need you can buy a bigger solution with more features. Scalability is very easy with Palo Alto Networks.

Actually, I have moved away from using this product because of changes in duties.

Installation is really very straightforward. You just need to plug it in and connect to the environment and that's all. Deployment time depends on the size of the environment and customer needs. Some customers just need two or three policies and that's all. But some customers need more policies designed to cover the needs of specific departments. So deployment depends on the size of your environment. If it's a small company, it's not very hard to deploy the main features of Palo Alto, it may take an hour but not more than a day. It depends on the customer needs and size of the environment.

I work as the system integrator, so I install instances of Palo Alto myself. It was the first security product that I learned to work with.

It is our main firewall. It has performed well. It meets our expectations.

It has the typical features of a next-generation firewall. It can do application control, antivirus, content filtering, etc. And in terms of performance, the value for money of the model that we bought is sufficient for our size.

I would like to see more in terms of reporting tools and the threat analysis capabilities.

It's very stable.

For our current size and our projected growth, it is sufficient. We are expecting to grow to about 1000 users. This is the type of bandwidth we need, based on our typical usage. The specific model we bought can scale up to that number. We built in that room for growth.

In addition, we can expand the scope not just as a firewall but also by doing some sandboxing and through integration with endpoint security solutions.

I don't believe we have used any support directly from Palo Alto itself because we bought it through a local reseller. We engaged them to help us configure it and to put up some of the firewall rules that we need. So we work with a local vendor.

We had another box before and it wasn't a next-generation firewall. We needed to change to a next-generation firewall so we compared a few of the top players in the market and Palo Alto was the right one, in terms of the features that we need.

We were using an outdated firewall and, because of the growing threats, things were getting through. We were not able to filter some of the traffic the way we wanted. It was high time that we went with a next-generation firewall.

In terms of a vendor, in my case, I was referred to the local vendor, the one that we would be deploying and working with on the implementation. We definitely look for the competency, their knowledge of the subject matter, in this case, firewall technology, networks, etc., and their knowledge of the product. And, of course, the other factor is their commitment and their value-added solutions because sometimes we need them to go beyond to address a certain problem that we may have.

I don't think setup is that complicated. There was just a bit of a learning curve because none of us had any experience with Palo Alto. But we know firewalls and it worked. It wasn't that difficult.

We called in proposals for different products, bigger players, like Check Point, Fortinet, Cisco. We set the criteria we need and had them make proposals. We found, based on the submissions, that Palo Alto seemed to be the one that had the most complete solution. We did a proof of concept to prove that whatever they said they can do, they can do. Once we passed that stage we proceeded with the purchase of the Palo Alto unit.

It came down to the technical evaluation we did. They did well in terms of performance. In addition, we liked the support terms that were proposed by the reseller. We also looked at certifications and reviews, at the NSS Labs reports, and other industry ratings. Palo Alto seemed to be up there. Also, looking toward the future, we can actually subscribe to sandboxing services in the cloud. There are also options for us to integrate with endpoint security solutions.

List your requirements, give them the proper weighting, and look at what future options are available if you stick with the solution. Then do your evaluation. And don't forget the vendor, the local support, their competency and their commitment. You can have the best product in the world but if you don't get the right person to support you, it's a waste. You would probably better off with a second- or a third-tier product if you have an excellent, competent, and committed vendor to support you.

I would rate Palo Alto at eight out of 10 because of the performance, the security features, and policy management, the reporting capabilities, and the optional upgrades or extensions that we can do, like sandboxing. It also offers an option for our integration with our endpoint security.

We are going to revamp our endpoint security architecture. One of the options we're looking at is how we can integrate that with solutions from Palo Alto, because then we can have a more consolidated view, instead of using a third-party solution as the endpoint security. Finally, the local support is important.

It is used for protection against attacks and it is very fast and reliable. We have a lot of use cases for it.

We are an implementation partner for Palo Alto. One of the companies we implemented its Next-Generation Firewalls for was previously using Barracuda. A ransomware attack happened and they lost all their backup data, and their configuration. Once we implemented Palo Alto for them, there were similar attacks but they were blocked.

Along with Prisma, it helps in preventing a lot of attacks, especially Zero-day attacks.

The sandboxing is valuable and they are frequently updating their signature database. We get new updates every five minutes. That makes it easy to detect new and unknown attacks.

The configuration part could be improved. It's very difficult to configure. It doesn't have a user-friendly interface. You have to know Palo Alto deeply to use it.

Also, it doesn't support open-source protocols like EIGRP. We had to find another solution for that.

I've been using Palo Alto Networks NG Firewalls for the last six years.

Palo Alto suggests version 9.1.7 for stability. When new features come out, things are not as stable.

It's scalable. I recommend it for its scalability.

We generally deploy these firewalls into larger environments, but the PA-400 series is affordable.

There are problems with the technical support. When we are facing an attack, it's very difficult to get a hold of people from the TAC. It's not like Cisco, especially in India. There are very few members of Palo Alto TAC in India. Sometimes we get support from people in other countries.

Neutral

The initial deployment of these firewalls is very complex. The registration is a very difficult task. You have to go to the partner portal to register and it's not user-friendly. All the other solutions are not like that. With Juniper, for example, it's very easy to handle their portal.

The deployment time depends on the customer environment but it normally takes around three weeks. Our implementation strategy is to first understand the network we are dealing with and how we can deploy Palo Alto.

The pricing for Palo Alto is very high. The price difference with other vendors is huge because Palo Alto has been the market leader for the last five or six years, and they have a reliable product. Everybody knows Palo Alto, like Cisco routing and switching. It's likely that only enterprise-level customers can afford this kind of firewall.

Palos Alto's firewalls have machine learning software and sandboxing. Everything is one step ahead of all the competitors.

Still, almost all vendors provide the same things. They call their technologies by different names, but that's the only big difference in features.

According to the industry reviews Palo Alto has been the market leader for the last five or six years. They have better technology and the hardware is also good. It's the pricing and user interface where there are issues. Apart from them, everything is fine.

We use these firewalls on-premise. We use them as a central gateway for internet security. We also use them for organizing access to the internet from organizations, and security access rules.

We have found the DPI ability to understand web applications and build access rules on web application categories first to be a great feature. The firewalls have good integration and good log journals' integration with Qradar. This is how the system produces user logs, how they build, how they structure the logs is stable to integrate with SIEM. For example, Check Point is not so good in this category.

They could improve their support and pricing and maybe integration. It's a little more expensive than Check Point but the quality is better. Integration with firewall endpoints could be better. Palo Alto does have very good malware or antivirus protection. I think they could improve on that front.

We have been using the Palo Alto Networks Next-Generation Firewalls for about 12 months. We are using the latest version.

We have found Palo Alto Networks Next-Generation Firewalls to be a very stable solution and very convenient solution.

We don't have any problems with the performance. It works very good. We have not had any problems. If we compare with Check Point, Check Point is not really good in stability, not for monitoring. That is why we didn't choose Check Point to move to Palo Alto.

We are satisfied with Palo Alto's support. We don't need to contact them frequently but when we do it is a good experience.

If we compare with Check Point, Check Point is not really good in stability, not for monitoring. That is why we didn't choose Check Point to move to Palo Alto. Compared with Check Point, it's excellent. It's very good. It's even better than Cisco also. So for this kind of usage scenario, it's very good. We don't use it as a regular firewall or perimeter firewall. We use it only as an internet gateway. But for an internet gateway, it's very good.

It was a very straightforward install and we were able to perform it from the Palo Alto books available. It only took one or two days for the installation. No problem with SIEM integrations or with the security policies. It's just worked as expected.

We performed the installation in house from the Palo Alto books available. 

I would give Palo Alto Networks Next-Generation Firewalls a rating of nine on a scale of ten.