Palo Alto Networks NG Firewalls Reviews

It is our main firewall. It has performed well. It meets our expectations.

It has the typical features of a next-generation firewall. It can do application control, antivirus, content filtering, etc. And in terms of performance, the value for money of the model that we bought is sufficient for our size.

I would like to see more in terms of reporting tools and the threat analysis capabilities.

It's very stable.

For our current size and our projected growth, it is sufficient. We are expecting to grow to about 1000 users. This is the type of bandwidth we need, based on our typical usage. The specific model we bought can scale up to that number. We built in that room for growth.

In addition, we can expand the scope not just as a firewall but also by doing some sandboxing and through integration with endpoint security solutions.

I don't believe we have used any support directly from Palo Alto itself because we bought it through a local reseller. We engaged them to help us configure it and to put up some of the firewall rules that we need. So we work with a local vendor.

We had another box before and it wasn't a next-generation firewall. We needed to change to a next-generation firewall so we compared a few of the top players in the market and Palo Alto was the right one, in terms of the features that we need.

We were using an outdated firewall and, because of the growing threats, things were getting through. We were not able to filter some of the traffic the way we wanted. It was high time that we went with a next-generation firewall.

In terms of a vendor, in my case, I was referred to the local vendor, the one that we would be deploying and working with on the implementation. We definitely look for the competency, their knowledge of the subject matter, in this case, firewall technology, networks, etc., and their knowledge of the product. And, of course, the other factor is their commitment and their value-added solutions because sometimes we need them to go beyond to address a certain problem that we may have.

I don't think setup is that complicated. There was just a bit of a learning curve because none of us had any experience with Palo Alto. But we know firewalls and it worked. It wasn't that difficult.

We called in proposals for different products, bigger players, like Check Point, Fortinet, Cisco. We set the criteria we need and had them make proposals. We found, based on the submissions, that Palo Alto seemed to be the one that had the most complete solution. We did a proof of concept to prove that whatever they said they can do, they can do. Once we passed that stage we proceeded with the purchase of the Palo Alto unit.

It came down to the technical evaluation we did. They did well in terms of performance. In addition, we liked the support terms that were proposed by the reseller. We also looked at certifications and reviews, at the NSS Labs reports, and other industry ratings. Palo Alto seemed to be up there. Also, looking toward the future, we can actually subscribe to sandboxing services in the cloud. There are also options for us to integrate with endpoint security solutions.

List your requirements, give them the proper weighting, and look at what future options are available if you stick with the solution. Then do your evaluation. And don't forget the vendor, the local support, their competency and their commitment. You can have the best product in the world but if you don't get the right person to support you, it's a waste. You would probably better off with a second- or a third-tier product if you have an excellent, competent, and committed vendor to support you.

I would rate Palo Alto at eight out of 10 because of the performance, the security features, and policy management, the reporting capabilities, and the optional upgrades or extensions that we can do, like sandboxing. It also offers an option for our integration with our endpoint security.

We are going to revamp our endpoint security architecture. One of the options we're looking at is how we can integrate that with solutions from Palo Alto, because then we can have a more consolidated view, instead of using a third-party solution as the endpoint security. Finally, the local support is important.

It is used for protection against attacks and it is very fast and reliable. We have a lot of use cases for it.

We are an implementation partner for Palo Alto. One of the companies we implemented its Next-Generation Firewalls for was previously using Barracuda. A ransomware attack happened and they lost all their backup data, and their configuration. Once we implemented Palo Alto for them, there were similar attacks but they were blocked.

Along with Prisma, it helps in preventing a lot of attacks, especially Zero-day attacks.

The sandboxing is valuable and they are frequently updating their signature database. We get new updates every five minutes. That makes it easy to detect new and unknown attacks.

The configuration part could be improved. It's very difficult to configure. It doesn't have a user-friendly interface. You have to know Palo Alto deeply to use it.

Also, it doesn't support open-source protocols like EIGRP. We had to find another solution for that.

I've been using Palo Alto Networks NG Firewalls for the last six years.

Palo Alto suggests version 9.1.7 for stability. When new features come out, things are not as stable.

It's scalable. I recommend it for its scalability.

We generally deploy these firewalls into larger environments, but the PA-400 series is affordable.

There are problems with the technical support. When we are facing an attack, it's very difficult to get a hold of people from the TAC. It's not like Cisco, especially in India. There are very few members of Palo Alto TAC in India. Sometimes we get support from people in other countries.

Neutral

The initial deployment of these firewalls is very complex. The registration is a very difficult task. You have to go to the partner portal to register and it's not user-friendly. All the other solutions are not like that. With Juniper, for example, it's very easy to handle their portal.

The deployment time depends on the customer environment but it normally takes around three weeks. Our implementation strategy is to first understand the network we are dealing with and how we can deploy Palo Alto.

The pricing for Palo Alto is very high. The price difference with other vendors is huge because Palo Alto has been the market leader for the last five or six years, and they have a reliable product. Everybody knows Palo Alto, like Cisco routing and switching. It's likely that only enterprise-level customers can afford this kind of firewall.

Palos Alto's firewalls have machine learning software and sandboxing. Everything is one step ahead of all the competitors.

Still, almost all vendors provide the same things. They call their technologies by different names, but that's the only big difference in features.

According to the industry reviews Palo Alto has been the market leader for the last five or six years. They have better technology and the hardware is also good. It's the pricing and user interface where there are issues. Apart from them, everything is fine.

We use these firewalls on-premise. We use them as a central gateway for internet security. We also use them for organizing access to the internet from organizations, and security access rules.

We have found the DPI ability to understand web applications and build access rules on web application categories first to be a great feature. The firewalls have good integration and good log journals' integration with Qradar. This is how the system produces user logs, how they build, how they structure the logs is stable to integrate with SIEM. For example, Check Point is not so good in this category.

They could improve their support and pricing and maybe integration. It's a little more expensive than Check Point but the quality is better. Integration with firewall endpoints could be better. Palo Alto does have very good malware or antivirus protection. I think they could improve on that front.

We have been using the Palo Alto Networks Next-Generation Firewalls for about 12 months. We are using the latest version.

We have found Palo Alto Networks Next-Generation Firewalls to be a very stable solution and very convenient solution.

We don't have any problems with the performance. It works very good. We have not had any problems. If we compare with Check Point, Check Point is not really good in stability, not for monitoring. That is why we didn't choose Check Point to move to Palo Alto.

We are satisfied with Palo Alto's support. We don't need to contact them frequently but when we do it is a good experience.

If we compare with Check Point, Check Point is not really good in stability, not for monitoring. That is why we didn't choose Check Point to move to Palo Alto. Compared with Check Point, it's excellent. It's very good. It's even better than Cisco also. So for this kind of usage scenario, it's very good. We don't use it as a regular firewall or perimeter firewall. We use it only as an internet gateway. But for an internet gateway, it's very good.

It was a very straightforward install and we were able to perform it from the Palo Alto books available. It only took one or two days for the installation. No problem with SIEM integrations or with the security policies. It's just worked as expected.

We performed the installation in house from the Palo Alto books available. 

I would give Palo Alto Networks Next-Generation Firewalls a rating of nine on a scale of ten.

We mainly use it for perimeter protection between the internet and the local network. We are using it for application control. We exploit the applications with some policies about how the network traffic is going to be from the local LAN to the external network and vice versa. We are protecting our network from outsiders and stopping them from getting into the network.

I love the Policy Optimizer feature. I am also completely happy with its stability.

Its reporting can definitely be improved. I would like to have better graphical dashboards and more widgets for more clarity in the reporting area. In a third-generation firewall, you can generate some dashboards. It provides the information that we need, but from the C-level or a higher-level perspective, it is kind of rough and incomplete.

Its data loss prevention (DLP) feature is not good enough. Currently, this feature is very basic and not suitable for enterprises. It would be nice if they can include a better DLP feature like Fortinet.

We would like to have a local depot of Palo Alto in Latin America. Competitors such as Cisco and Check Point have a local depot here. If there is an issue with their hardware, you can go to the depot, and in about four hours, you can get a replacement device, but that's not the case with Palo Alto Networks because we need to import from Miami. It takes about two to three weeks.

I have been using this solution for about three years.

I am completely happy with its stability. I have no issues with its stability.

I don't need more scalability. I can use the new features without changing the hardware. The features are completely inside the hardware, so I have no issue with the scalability. Most of our customers are big businesses.

I didn't have a very complex call with their technical support.

It depends. It can be complex when we are replacing a solution with Palo Alto Networks and the customer doesn't know how the policy is going to be implemented in the solution. If that is not the case and it is a clean installation, it is very straightforward. It is not at all complex.

The deployment generally takes a whole week. This includes the planning stage and doing the initial setup. It takes about two days to set up a device, power it on, and turn on the policies.

It is an expensive solution.

Our clients compare it with Check Point. Palo Alto Network has the application granularity. It enables you to handle the applications, policies, and Policy Optimizer. There is no need for splitting the management plane and the processing plane. In Check Point, you need two devices. You need one device for the management and one for the gateway. Palo Alto has both in one, which is a good feature.

Check Point is a kind of cheaper solution, and we can deploy that application on open servers. The open servers option in Check Point has a huge cost-saving. In terms of performance, I will always choose Palo Alto Network because its IPS feature is superior to Check Point. It is much better than Check Point.

First of all, I would say that the engineer who is going to deploy the solution has to know how the network policy is going to be introduced into the firewall. It is very important for deployment because it is a new concept that Palo Alto introduced in the market. The second thing is to know the policies, not on the layer-4 basis, but in terms of policies, such as SMB, DSTP, and other such things.

I would rate Palo Alto Networks NG Firewalls a nine out of ten.

The solution can be used in the data center it can be used as perimeter firewalls and gateways as well. It can be used anywhere. From the systems side, the data center side, or I typically recommend that it be deployed in a VM, as it may be able to see the internet traffic and specifically it would basically look into the details of a virtualized environment as well.

It's a next-generation firewall and it's pretty stable. You don't have to worry about if you restart it for some maintenance. It will just come back. Basically, it would come back in a straightforward manner. There are no stability issues.

The one thing that I like about Palo Alto is it's throughput is pretty straightforward. It supports bandwidth and offers throughput for the firewall.  The throughput basically decreases.

Palo Alto actually provides two throughput values. One is for firewall throughput and other is with all features. Whether you use one or all features, its throughput will be the same.

It's performance is better than other firewalls. That is due to the fact that it is based on SPD architecture, not FX. It basically provides you with the SB3 technology, a single path parallel processing. What other brands do is they have multiple engines, like an application engine and IPS engine and other even outside management engines. This isn't like that.

With other solutions, the traffic basically passes from those firewalls one after the other engine. In Palo Alto networks, the traffic basically passes simultaneously on all the engines. It basically improves the throughput and performance of the firewall. There's no reconfiguration required.

Palo Alto has all the features that any firewall should have. Other firewalls should actually copy Palo Alto so that they can provide better stability, performance, and protection - at levels that are at least at Palo-Alto's.

This isn't necessarily an issue with the product per se, however, sometimes basically there are some features, depending on the customer environment, do not work as well. Sometimes some of the applications the customer has do not respond as they normally should. Palo Alto support needs to understand the customer requirements and details so that they can resolve customer queries more effectively.

I've been using the solution for the past six years at this point.

The solution offers very good stability. I don't have issues with bugs or glitches. It's reliable.

We have a variety of customers ad they all have a different amount of users. Some have 50 users. Some have 100 users. Some have 1,000 users as well. It varies quite a bit. In that sense, it scales to meet the customer's needs.

I've dealt with technical support in the past. Sometimes it is good and sometimes it's not as good. It depends on the complexity of the deployment. Overall, however, I would say that I have been satisfied with the level of service provided.

There are multiple products from different vendors, and I basically deploy different firewalls from different vendors for the customers based on their needs. The solutions I work with include Cisco, Fortinet, and WatchGuard. There are a few others as well.

The initial setup isn't too complex. It's pretty straightforward.

The deployment time basically depends on the deployment model. If it's a VMware model, it's pretty straightforward and you can basically deploy it in half an hour to one hour.

If it is in another deployment model, for example, if it's in Layer 3, it depends on the subnet environment, how many subnets they have, or how the traffic is routing from one end to the other end, etc. 

I'm involved in system integration, so I basically deploy and manage the solution for the other customers.

I'm an integrator. I work with many clients. My clients use both the cloud and on-premises deployment models.

I would recommend the solution to other organizations.

Overall, I would rate it at a nine out of ten.

We resell products by Palo Alto and Cisco, and this next-generation firewall by Palo Alto is one of the products that we are familiar with.

The most valuable features are web filtering and application filtering.

The IPS functionality is very good.

The performance is good.

The price is expensive and should be reduced to make it more competitive.

Information about Palo Alto products is more restricted than some other vendors, such as Cisco, which means that getting training is important.

The traps should be improved.

I would like to see better integration with IoT technologies. Having a unified firewall for OT and IT would be very good.

We have been working with Palo Alto for about one year.

This is a stable firewall and you don't have a lot of surprises. The performance, throughput, and decryption are all good. It is important to remember that at the end of the day, it depends on the configuration.

For special functionality, you are going to have some exceptions. However, for the well-known functionality, it is stable.

It is scalable in that the performance is good and you don't need a large cluster to operate it.

The technical support is good. The team is responsive and they gave us the right information at the right time to solve the difficulties and complexities that we were experiencing.

We also sell products by Cisco and there are some differences between them. Palo Alto is more expensive and the performance is better. With Cisco, the documentation is better and it is easier to install. There is a lot more information available for Cisco products.

This is an expensive product, which is why some of our customers don't adopt it.

My advice for anyone who is implementing the Palo Alto Next-Generation firewall is to take the training that is available. This will allow them to better work with the technology.

This is an ambitious company with a good security roadmap. The product is being continuously developed and they are professionals who are focused in this area of technology. It is the firewall that I personally recommend.

I would rate this solution a seven out of ten.

Our primary use case was to configure our PSAs for our customized configuration. 

I like that it has high security. 

The whole performance takes a long time. It takes a long time to configure. 

I have been using Palo Alto for six years. 

I contact Palo Alto by email or by phone. Their support is good. 

I have previously worked with Cisco ASA. Palo Alto is a lot easier especially in regards to security. It is a well-integrated software.

The difficulty of the deployment depends on our clients' environment and their requests.

We require a two-member team for support. 

In terms of how long it takes to deploy, again, it depends on the customers' environment. If the request is easy, it can take around two weeks.

I would rate Palo Alto a nine out of ten. 

In the next release, they should simplify the deployment process. 

Our main use of this solution is to create micro segmentations only in the public cloud, and use the data we receive to see threats passing through the Vnets.

We have found that this solution has improved not only the level of security that is in place, but also reduced the amount of operational time needed for us to handle cloud-based security.

We have found the SSL decryption within this solution to be great; you can enable this feature and have the ability to see more of what is happening across your network.

We also really like the Wi-Fi service feature of this solution.  It has a great base of information, and uses machine learning to improve recognition of issues and threats.

We would like to see improvement in the web interface for this solution, so that it can handle updates without manual intervention to put the data in order.

We have been working with this solution for two years.

We have found this to be a stable solution during our time working with it.

As it is cloud-based, the solution is easily scalable.

We have found the technical support for this solution to be very good; we just open a support chat window and we have assistance when we need it.

Positive

We previously used Fortinet, and changed to this solution because of the superior performance.

The initial setup of this solution was very easy, and the deployment took just under two weeks to complete.

We used a consultancy team from Add Valley Services for our implementation of this solution, and their service was great.

We would advise that this solution has a higher price point than other comparable products, however, the license fee covers all the features that the solution can provide and there are not extra costs involved.

We would recommend that organizations implementing this solution use a good consulting service and plan extensively up front, before implementation, in order to ensure a smooth deployment with no issues.

We would rate this solution as 10 out of 10.