Palo Alto Networks NG Firewalls Reviews

In my previous company, we used Palo Alto Networks NG Firewalls for the government, specifically for the Security Operation Center (SOC). We used it not only for on-premises but also for the cloud infrastructure in AWS. Instead of using the cloud-native firewall, we implemented Palo Alto Networks NG Firewalls to inspect the traffic.

The version we work with varies based on the customer.

Palo Alto Networks NG Firewalls reduced the downtime. We upgraded the primary and then failed over to the secondary, so there was no impact on the customer. There was just one ICMP packet drop.

The IPS with firewalls is very important. We do not have to buy a separate appliance. We have just one firewall. We have the single-plane and parallel processing. The traffic is spread from layer 2 to layer 3 to layer 4 to layer 7, including the applications. There are also antivirus, spyware, and vulnerability checks. It is very important to inspect the traffic.

I find Palo Alto Networks NG Firewalls to be a stable product and very easy to manage from layer 4 to layer 7. They are also seamless for environments with high availability. During upgrades, there is a seamless failover to the secondary firewalls. It is very reliable. I have upgraded these firewalls a lot, and I do not see any issues or failures on the firewall or the hardware. It also depends on whether you have a higher-end or a lower-end model, such as the 800 series or the 220 series, which can be very slow, but eventually, it manages to come up. 

It is very easy to learn and user-friendly. The integration is also easy.

When the primary Palo Alto Networks firewall fails over to the secondary, it requires manual intervention to bounce the IPsec for it to work properly. Unlike BGP peering, which automatically changes from idle to established, this process needs automation. In Cisco, there is no need to bounce the IPsec traffic during failover, and I suggest automation for Palo Alto Networks in that process.

I have been using Palo Alto Networks NG Firewalls since 2017.

I find Palo Alto Networks NG Firewalls to be very reliable. 

I do not see any trouble with the scalability of Palo Alto Networks NG Firewalls. They are able to secure data centers consistently across all workplaces, from the smallest office to the largest data centers.

Palo Alto is one of the leaders. Fortigate is pretty close, but no one can beat Palo Alto in the data center environment. Most of the customers prefer to use Palo Alto Networks NG Firewalls.

I am satisfied with their support. Even if a support engineer is not immediately helpful, I can escalate very quickly and get assistance.

I also use Cisco firewalls. With Cisco firewalls, there is no need to bounce the IPsec traffic during failover, but Cisco only supports up to layer 4. Palo Alto Networks offers better features up to layer 7. Palo Alto wins in terms of new features, but for traditional and IPSec features, Cisco is better. 

Configuration-wise, Palo Alto has a granular control, which is not there with Cisco. We can even choose a specific policy group. For configuration flexibility, I prefer Palo Alto.

The initial setup of Palo Alto Networks NG Firewalls is straightforward for me. 

The implementation usually takes two to four weeks. If we start from scratch and also do the documentation, it would take about one to two months to complete the project.

For deployment, we typically need two engineers and sometimes a professional service engineer from Palo Alto Networks. For a Telco deployment, we needed a professional service engineer from Palo Alto Networks. Overall, three engineers are enough for a big deployment. 

I do not know the price, but if the price is not that different, I will definitely recommend Palo Alto Firewalls over other vendors.

Palo Alto Networks offers a stable product with a user-friendly UI. It integrates well into existing systems and is future-proof, especially as we are moving towards cloud-based security products like Prisma. I would recommend it to everyone if affordability is not an issue. 

I would rate Palo Alto Networks NG Firewalls a nine out of ten.

We use Palo Alto Networks Next-Generation Firewalls in our data center to manage security for both east-west and north-south traffic. These firewalls provide comprehensive protection for various traffic types, ensuring secure communication within the data center and between the data center and external networks.

Palo Alto Networks Next-Generation Firewalls provide a unified threat management solution with various security features, including threat prevention, URL filtering, security policies, and zone protection. These features are crucial for internet-level protection, enabling URL filtering, threat prevention, security policies, user identification, and a comprehensive VPN solution for site-to-site and remote access connections.

Palo Alto Networks Next-Generation Firewalls include WildFire, which uses machine learning for inline, real-time threat prevention.

It effectively secures our data centers with their application-based approach. Unlike traditional firewalls that solely rely on port numbers and IP addresses, these firewalls identify applications to determine whether to allow or block traffic. This enhanced inspection ensures only legitimate applications access the network, providing robust security.

It has also helped us reduce downtime because the failover is very swift and the performance is good. This offers us good throughput and parallel processing.

Palo Alto Networks NG Firewalls are highly valued for their performance and parallel processing architecture. Unlike traditional firewalls that operate based on ports, these next-generation firewalls are application-centric, identifying specific applications to provide enhanced security against a wider range of attacks.

Palo Alto recently introduced a security analyzer in version ten, but this feature could be enhanced, and the URL filtering improved.

I have been using Palo Alto Networks NG Firewalls for almost eight years.

Palo Alto Networks NG Firewalls are stable and reliable when deployed and configured correctly.

Palo Alto Networks Next-Generation Firewalls offer scalability both in the cloud and on-premises, but the methods differ. Cloud deployments benefit from auto-scaling, allowing for automatic adjustments to firewall capacity based on demand. On-premises solutions require manual provisioning of new hardware and subscriptions to achieve scalability.

Palo Alto offers multiple tiers of support, including basic, premium, and premium plus. Overall, the technical support is good.

Neutral

I have experience with both Check Point and Palo Alto firewalls. In a previous role, I worked with Check Point firewalls, while my current client utilizes Palo Alto firewalls.

The initial deployment, while challenging, successfully validated Palo Alto's claims regarding throughput, session count, and parallel processing capabilities. Their assertion that enabling all engines does not cause packet rebuffering proved accurate, resulting in impressive performance. With a strong design and skilled architects, the deployment process ultimately proved efficient and successful.

The migration tool assists in transferring configurations from systems like Cisco or Check Point, eliminating the need for manual migration.

The return on investment from Palo Alto Networks NG Firewalls is excellent. Their user-friendly interface and Panorama central management, which provides a comprehensive overview, make them an ideal investment.

While Palo Alto Networks Next-Generation Firewalls may be considered expensive, their quality justifies the cost. They offer various support levels, including basic, premium, and premium plus, to cater to different needs.

I would recommend Cisco firewalls for those seeking the cheapest firewall.

I would rate Palo Alto Networks NG Firewalls eight out of ten.

Palo Alto Networks NG Firewalls require maintenance due to the ongoing creation of new rules and policies, configuration changes, and necessary upgrades. For example, the operating system version is frequently updated, necessitating regular maintenance to ensure optimal performance and security.

The staffing needs for maintaining Palo Alto Networks NG Firewalls vary based on several factors, including the size and complexity of the organization. Key considerations include the number of data centers, hosted applications, users, and remote locations. Essentially, larger organizations with more users, devices, and network activity will require more personnel to effectively manage and maintain their firewall infrastructure.

Admins should be knowledgeable and should take proper training. It's essential to follow the correct configurations to avoid inconsistencies that may require significant maintenance.

The primary use case is enterprise-level security. Our organization utilizes Palo Alto Networks Next-Generation Firewalls for internal security measures, including SD-WAN and SSL authentication configurations to establish secure network connections through the firewall.

Palo Alto Networks NG Firewalls provides a unified platform that natively integrates all security capabilities. The integration of machine learning in the core of the firewall that provides inline real-time attack prevention is crucial.

Palo Alto Networks NG firewalls embed machine learning in their core, which aids in preventing real-time attacks. The effectiveness of this technology improves with each release, bolstering confidence in the product's ability to provide robust security.

When we identify a vulnerability, we use Palo Alto Networks Next-Generation Firewalls to mitigate the threat.

We experienced no downtime in the past two and a half years while using Palo Alto Networks Next-Generation firewalls.

The most valuable features include the usual firewall functionalities, such as IPS and antivirus, which are effective. 

The configuration framework for Palo Alto Networks Next-Generation firewalls should be simplified, particularly for applications like ASG authentication. Technical support needs improvement, as issue resolution takes a significant amount of time. Furthermore, vulnerabilities in Palo Alto releases require prompt attention.

I have worked with Palo Alto Networks NG Firewalls for more than ten years, and our company has used them for three years.

The overall stability of Palo Alto Networks NG firewall is good. I would rate it nine out of ten.

The scalability of Palo Alto Networks NG Firewalls is good. I can comfortably rate it as an eight out of ten.

Palo Alto Networks' technical support is generally good. However, some non-popular issues take longer to address.

Neutral

Our organization initially utilized FortiGate firewalls. However, as we grew, we transitioned to Palo Alto Networks NG Firewalls due to their better performance in enterprise-level evaluations.

Standard security configurations were straightforward to set up initially. However, adding portal security and application customizations posed challenges.

The deployment was small and required two to three people.

Our experience with the integrator was mixed. While they provided some assistance, our team faced challenges configuring certain features, requiring additional support from Palo Alto and their partners.

The pricing, setup cost, and licensing depend on the model. Overall, it is commercially competitive compared to Cisco and Fortinet. We paid less than $18,000.

Colleagues looking for the cheapest and fastest firewall can still use Palo Alto Networks NG Firewalls because they are affordable.

We evaluated several top products, including Fortinet, SonicWall, Sophos, and Cisco, before choosing Palo Alto Networks NG Firewalls.

I rate Palo Alto Networks NG Firewalls a seven out of ten. While the features are satisfactory, improving the configuration framework and enhancing technical support would improve the product.

Palo Alto Networks NG Firewalls do not require maintenance.

We have 500 users in our organization.

The primary use case for Palo Alto is to address traffic-related issues and manage configurations pushed from Panorama to Palo Alto Firewalls. Additionally, it handles GPU-related challenges, global protect, and IP internal problems.

Both FortiGate and Cisco firewalls process network traffic sequentially, meaning each packet passes through security engines, e.g., security profiles and URL filtering, one by one, which can be time-consuming. In contrast, Palo Alto Networks NG Firewalls utilize single-pass parallel processing. When a packet arrives on an interface, the firewall creates multiple copies and sends them to all relevant security engines simultaneously. This parallel approach significantly reduces processing time and increases overall efficiency.

Palo Alto Networks Next-Generation Firewalls offer a comprehensive platform that seamlessly integrates all essential security functions, eliminating the need for multiple platforms. With integrated routing, switching, threat prevention, SASE, and Prisma capabilities, Palo Alto provides a centralized solution. A notable feature is the active-passive router configuration, enabling one firewall to be active while another remains on standby. Additionally, these firewalls incorporate SD-WAN, IPsec, and VPNs for enhanced network security and connectivity.

Palo Alto Networks NG Firewalls effectively utilize embedded machine learning to provide real-time attack prevention. Upon receiving a packet, the firewall performs an initial ingress phase analysis before passing it to the fast path for routing, switching, and connection establishment. Simultaneously, the security policy is checked. If a threat is detected, the initial packet is allowed through for analysis, while subsequent traffic is automatically blocked without the need for manual security policy configuration.

Our organization benefited from the comprehensive feature set of Palo Alto Networks NG Firewalls, eliminating the need for separate purchases of web-based firewalls, load balancers, routers, switches, Prisma devices, and SD-WAN devices. This saves our organizational costs.

Palo Alto provides strong security in our data centers and across all our workplaces.

Palo Alto Networks NG Firewalls reduce downtime and enhance network reliability and security through active-passive setups, where a secondary firewall automatically takes over if the primary one fails, ensuring continuous operation. These firewalls provide a seamless and efficient environment by automatically capturing logs and managing known threats. Advanced features like App-ID and Content-ID inspection enable deep packet inspection, identifying and mitigating threats even within encrypted files or those disguised as legitimate data, such as a virus bound to an MPG file. This comprehensive approach ensures robust security and minimizes the impact of malicious activities, regardless of the attacker's techniques.

The most valuable features of Palo Alto Networks NG Firewalls are Threat Vault and AutoFocus. Threat Vault allows us access to a comprehensive threat database, enabling us to get detailed information on threats and how to mitigate them. AutoFocus provides sandboxing capabilities, automatically addressing global threats.

Palo Alto Firewalls could improve by introducing more features, particularly in load balancing. Enhancing this capability would be beneficial.

I have been working with Palo Alto NG Firewalls for six and a half years.

I would rate the stability of Palo Alto Networks NG Firewalls at eight and a half out of ten.

Palo Alto Networks NG Firewalls are scalable and reliable. I have not faced any limitations with its scalability, and it is suitable for environments ranging from small offices to large data centers.

Palo Alto provides good support.

Positive

I previously worked with Cisco and FortiGate devices. I switched to Palo Alto Firewalls because of the comprehensive features offered by Palo Alto, including better hardware, software, and support.

The initial setup was straightforward, taking about 20 to 30 minutes for one Palo Alto Network NG Firewall.

The level two team was responsible for the configuration and setup process for Palo Alto Network NG Firewalls.

I am not sure about the specific licensing costs of Palo Alto Networks NG Firewalls, but FortiGate and Palo Alto are generally cheaper than some high-end Cisco devices.

I would rate Palo Alto Networks NG Firewalls eight out of ten.

For colleagues seeking a cost-effective firewall, I recommend Palo Alto Networks NG Firewalls. Despite not being the absolute cheapest, their robust hardware and software, combined with excellent support and comprehensive features, make them a more efficient and reliable long-term investment.

Palo Alto Networks NG Firewalls require maintenance.

I recommend considering Palo Alto for small or medium-sized environments due to its cost-efficiency, reliability, ease of use, and extensive features.

We use Palo Alto firewalls to secure the enterprise network and connect our branch offices with our data centers.

A lot of Palo Alto's attack mitigation is automatic. It's nice that you can define security policies and profiles, and the firewall can automatically take action to mitigate attacks as they occur.

We can avoid downtime because Palo Alto supports high-availability firewalls, which usually enable us to do maintenance without interruption to the enterprise. We also have redundancy in our wide area, so we are not dependent on one internet provider. If it fails, we can route across an alternate provider through our VPN tunnels. 

Palo Alto solutions are scalable and highly capable. NG firewalls offer a complete solution that's reliable, consistent, easy to manage, and full of rich security features. They're easier than other firewalls and certainly more effective.

NG Firewalls provide a unified platform that natively integrates all security capabilities. It's critical to have a cohesive system that works across the entire organization. Palo Alto embeds machine learning into the firewall's core, which is necessary to keep up with the threat landscape. 

Palo Alto could improve its machine-learning capabilities. That's all new. They integrate the telemetry data and analytics up to the cloud, where they can analyze security policies and best practices like DNS Security. It uses AI tools to sort through all the massive logs and highlight where you can take action or be aware of what's happening. If you don't have many tools in your organization, it's nice to have one tool that does an excellent job across the board. 

I have used Palo Alto NG Firewalls for five and a half years. 

Palo Alto firewalls have excellent scalability. The same techniques and configuration scale from a small branch office to larger data centers. They're consistent in terms of configuration. You have centralized administration through Panorama to manage all of them easily and have global visibility with both configuration and logging.

I rate Palo Alto support seven out of 10. Palo Alto has some excellent engineers, but recently, I've had difficulty finding a technician who can solve the problem quickly.  They're easy to reach, but it's sometimes harder to communicate with the support engineers. Some are more effective, but other engineers take a couple of days to analyze the issue. The support is not as good as it used to be.

Neutral

I've used other brands of firewalls in another company, and this company has used some older firewalls. I have used Juniper SRX and NetScreen firewalls. I've also worked with Cisco ASA and SonicWall firewalls.

Palo Alto firewalls provide better visibility into the data and excellent logging that enables you to track all threats and activity. They seem to be more resilient to attacks. Other brands get overwhelmed by DDOS attacks, whereas Palo Alto has multiple levels of security that can head off some of those floods. They act almost like an intrusion detection system and some form of DDoS protection. They do a good job if you can't afford a separate product.

I rate Palo Alto NG firewalls nine out of 10 for ease of setup. They're easier to set up than Juniper SRX or NetScreen. When I arrived, they had already installed a few firewalls, but they weren't working well. The failover and high availability were not set up properly. 

They were new to Palo Alto. They started deploying a few in their branch offices and configuring them with Panorama, so they're all registered and centrally administered. There are consistent policies and shared objects across your organization for filtering geographic regions and things like that. 

The IT VP administered some of the network after their other engineer left. They had previously used Fortinet and only recently purchased Palo Altos, but they were trying to get them deployed. As a senior network engineer, I deployed it with the IT VP, and the IT manager made some operational changes. I and a member of my team maintain the firewalls. 

Palo Alto enables you to support an extensive, busy network with fewer people. You can centrally administer the solution and apply automated content updates for virus and threat prevention. Once you get these things set up, they do a lot of it independently. You only need to keep a close watch on them. 

Palo Alto can be priced higher than some less capable firewalls. However, they are exceptional when you consider the completeness of the solution and its ability to handle threats. Palo Alto is better than other solutions, which justifies a slightly higher price point. You have other tools that are easier to deploy, reducing your total cost of ownership. The newer models are faster, making the pricing more attractive.

A cheaper solution might be better if you have a small or home business that doesn't have many security requirements. Palo Alto scales down to small offices and larger data centers and enterprises. Their product scales to a wide range of use cases. 

I rate Palo Alto NG Firewalls 10 out of 10. I recommend spending time with Palo Alto and other support partners planning and understanding your network before you deploy. You can simplify many capabilities into common rules that you can apply consistently across the organization to save time. Planning can help you build consistency in naming address objects, VLANs, and network resources.

Palo Alto Networks NG Firewalls are our perimeter firewalls that protect the network from external attackers. They provide visibility into network activity, from layer four to layer seven, including application visibility, user awareness, and content awareness. These features are crucial for any network and organization, regardless of size, whether it's 20 users or two million users – they all need a firewall.

It's crucial that the entire cybersecurity landscape shifts from traditional methods to artificial intelligence and machine learning. When vendors stay current with emerging and future technologies, they're better positioned for success. This proactive approach ensures they remain relevant and effective in the ever-evolving cybersecurity space.

Palo Alto Networks NG Firewalls helped reduce our downtime.

The most valuable features of Palo Alto Networks NG Firewalls are DNS sync calls, enabled security features, and Wildfire.

The machine learning component on the firewall level requires more computing power to perform at the full production level. Therefore, the ML is currently providing partial real-time attack prevention.

In large data centers, enabling multiple features, such as SSL decryption, can lead to performance degradation. This is especially noticeable in Palo Alto firewalls when SSL inspection is enabled. Ideally, this shouldn't happen. To address this, enterprises are often forced to upgrade to higher-end models, which is unnecessary. Palo Alto needs to address this issue. When performance degrades due to full packet inspection, the solution should be to increase the computing power within the same firewall, not to recommend upgrading to a larger, more expensive model. Performance issues during full inspection need to be resolved without requiring hardware upgrades.

The technical support has room for improvement.

I have been using Palo Alto Networks NG Firewalls for five years.

I would rate the stability of Palo Alto Networks NG Firewalls six out of ten. After the upgrade, we are experiencing performance issues. Occasionally, we need to reboot the firewalls to refresh and recreate sessions. Gradually, performance returns to normal. Immediately following the upgrades, performance and utilization spike significantly.

I would rate the scalability of Palo Alto Networks NG Firewalls eight out of ten.

We previously used Checkpoint firewalls, but the performance was subpar and lacked an available interface. In contrast, Palo Alto Networks NG Firewalls offered more interfaces.

The initial deployment was not complex but we did face some issues with respect to dynamic routing configurations.

We used a third-party for the deployment.

We have observed an average return on investment from Palo Alto Networks NG Firewalls.

Palo Alto Networks NG Firewalls are expensive. The total cost of ownership is high.

I would rate Palo Alto Networks NG Firewalls six out of ten.

For those looking for the cheapest NG firewall, I would recommend Fortinet.

We deployed a total of four Palo Alto Networks NG Firewalls, two in the data center and two in the data recovery center. We have a total of 1,800 endpoints in our organization.

Frequent updates necessitate regular maintenance, which requires a team of four people.

Before purchasing, conduct a proof of concept to verify functionality, alignment with use cases and organizational requirements. Validate hardware compatibility and ensure correct sizing. Opt for direct Palo Alto OEM support instead of partner-enabled support.

I mainly use Palo Alto Networks NG Firewalls as the firewall device, and I deploy it at the perimeter of the networks to secure our infrastructure.

By implementing Palo Alto Networks NG Firewalls, we mainly wanted web security and protection from DDoS and other attacks. We also wanted to provide a VPN solution so that mobile users could work from anywhere.

Palo Alto Networks NG Firewalls provide a unified platform that natively integrates all security capabilities. This is very important because with a single box, we can enable multiple security features and have web security, application security, and network security. It works on OSI model layers one to seven. It provides end-user security and enables us to allow any URL, website, or application for a user.

Palo Alto Networks NG Firewalls provide VPN solutions. With site-to-site or remote VPN, anyone from the organization can work from anywhere in the world. They only need Internet connectivity on their devices to connect to our enterprise network and access the required resources. It supports secure remote work through VPN connectivity.

Palo Alto Networks NG Firewalls are effective in preventing attacks by blocking abnormal behaviors. It detects any anomalies using signature-based detection and automatically alerts administrators. Palo Alto Networks NG Firewalls have machine learning embedded in the core to provide inline, real-time attack prevention.

We can use Palo Alto Networks NG Firewalls for securing data centers consistently across all workplaces, from the smallest office to the largest data centers. We can deploy the firewall anywhere based on business requirements. We can use Palo Alto Networks NG Firewalls at a broad level to secure our data center. Within the data center, we can also segment the network and deploy the perimeter firewalls between different departments. For example, if a salesperson is communicating with the database team or marketing team, the traffic has to pass through the firewall. The firewall inspects the behavior. If an internal employee is trying to delete a database file, the action will be prevented at the application level.

The solution provides web security, application security, and network security. We have app security, app gateway, and app ID. There are multiple models.

Palo Alto Networks NG Firewalls should be more flexible and user-friendly. 

There should be more comprehensive documentation, case histories, and technical training on new technologies available on their portal. It will help us with troubleshooting.

I have been using Palo Alto Networks NG Firewalls for ten years.

Palo Alto Networks NG Firewalls are very stable. I would rate Palo Alto Networks NG Firewalls a nine out of ten for stability.

Palo Alto Networks NG Firewalls are highly scalable, allowing deployment in various modes, including virtualized, cloud, and bare metal. We are using it at multiple locations.

I would rate Palo Alto Networks NG Firewalls a nine out of ten for scalability.

Palo Alto's tech support is fine. They are proactive, responsive, and effective in logging cases and troubleshooting.

Positive

We previously used Cisco ASA and switched to Palo Alto Networks NG Firewalls. It is very fast. We are not getting any latency. Palo Alto Networks NG Firewalls have a unique vertical packet inspection feature. It checks all parameters in a single shot, which makes it fast. Other firewalls, such as Check Point and Cisco, do the inspection horizontally, so there is a delay.

We have on-prem, hybrid, and cloud deployments. We have deployed Palo Alto Networks NG Firewalls on the AWS platform.

The initial setup was a bit complex initially, but with experience, it has become straightforward.

It does require maintenance. There could be a hardware fault. This is why we recommend deploying them in an HA environment.

I did the implementation myself. We have a team of five people.

For maintenance, one person is usually enough, but if you have multiple firewalls, you might require more people.

Everyone has different requirements. Palo Alto Networks NG Firewalls are a good and stable choice. They also have solutions for medium-sized enterprises. I would recommend trying Palo Alto Networks NG Firewalls.

Overall, I would rate Palo Alto Networks NG Firewalls an eight out of ten.

In our country, there are multiple use cases. Usually, it is for virtual cases or virtual environments and source areas.

The most valuable feature is threat prevention. SSL VPN is also very valuable. These are essential for our clients, especially for access to local infrastructure while preventing Internet threats.

Our clients can have a unified cybersecurity system if they subscribe to it. This firewall is an important part of access to any data center or branch office. They have site-to-site connectivity.

It is a good product, but they can add some functions for port scanning and network scanning. More network functionality would be beneficial.

I have been working with the new generation firewall from Palo Alto Networks for two years.

The solution is very stable and reliable. I have not experienced any outages or issues. I would rate it a ten out of ten for stability.

The solution is scalable if the right model is purchased. It is important to assess the infrastructure size before choosing a model.

The technical support is very good. They offer fast and competent assistance. I would rate them a ten out of ten.

Positive

Its deployment is easy. It takes two to three days.

The initial setup process involves basic and network configuration, security and policy configuration, and then getting the device to the client.

It does not require much maintenance. One person is enough for it.

Its price is quite high but is justified for the features and capabilities provided, although I would prefer a lower price.

If you have the budget, I would recommend using Palo Alto Networks NG Firewalls instead of other brands because they offer the greatest functionality.

I would rate Palo Alto Networks NG Firewalls a ten out of ten.