Palo Alto Networks NG Firewalls Reviews

We use this solution as our central firewall, but not as a perimeter firewall. For our perimeter, we use another solution. 

Our organization consists of roughly 2,000 to 3,000 employees. 

Identifying applications is very easy with this solution.

I don't like the reporting. The reports it provides are not helpful. They should include more executive summaries and other important information — they're too technical.

I have been using this solution for three years. 

The stability is excellent. 

The technical support is good, but not excellent. Their responses can be quite vague and unhelpful at times. 

We used to use Checkpoint. We stopped using it because the price was too high. 

Considering our limited amount of experience, the initial setup was easy. Deployment took one month. 

A local reseller team of roughly three to five people implemented it for us — it was a great experience. 

We evaluated Palo Alto, Checkpoint, Fortinet, and Cisco Firepower. Overall, it came down to the price — that's why we went with Palo Alto Networks NG Firewalls.

This solution is very particular; it's only suited to specific companies — it's a commercial opportunity. 

Overall, on a scale from one to ten, I would give this solution a rating of eight. 

We resell products by Palo Alto and Cisco, and this next-generation firewall by Palo Alto is one of the products that we are familiar with.

The most valuable features are web filtering and application filtering.

The IPS functionality is very good.

The performance is good.

The price is expensive and should be reduced to make it more competitive.

Information about Palo Alto products is more restricted than some other vendors, such as Cisco, which means that getting training is important.

The traps should be improved.

I would like to see better integration with IoT technologies. Having a unified firewall for OT and IT would be very good.

We have been working with Palo Alto for about one year.

This is a stable firewall and you don't have a lot of surprises. The performance, throughput, and decryption are all good. It is important to remember that at the end of the day, it depends on the configuration.

For special functionality, you are going to have some exceptions. However, for the well-known functionality, it is stable.

It is scalable in that the performance is good and you don't need a large cluster to operate it.

The technical support is good. The team is responsive and they gave us the right information at the right time to solve the difficulties and complexities that we were experiencing.

We also sell products by Cisco and there are some differences between them. Palo Alto is more expensive and the performance is better. With Cisco, the documentation is better and it is easier to install. There is a lot more information available for Cisco products.

This is an expensive product, which is why some of our customers don't adopt it.

My advice for anyone who is implementing the Palo Alto Next-Generation firewall is to take the training that is available. This will allow them to better work with the technology.

This is an ambitious company with a good security roadmap. The product is being continuously developed and they are professionals who are focused in this area of technology. It is the firewall that I personally recommend.

I would rate this solution a seven out of ten.

We use these firewalls on-premise. We use them as a central gateway for internet security. We also use them for organizing access to the internet from organizations, and security access rules.

We have found the DPI ability to understand web applications and build access rules on web application categories first to be a great feature. The firewalls have good integration and good log journals' integration with Qradar. This is how the system produces user logs, how they build, how they structure the logs is stable to integrate with SIEM. For example, Check Point is not so good in this category.

They could improve their support and pricing and maybe integration. It's a little more expensive than Check Point but the quality is better. Integration with firewall endpoints could be better. Palo Alto does have very good malware or antivirus protection. I think they could improve on that front.

We have been using the Palo Alto Networks Next-Generation Firewalls for about 12 months. We are using the latest version.

We have found Palo Alto Networks Next-Generation Firewalls to be a very stable solution and very convenient solution.

We don't have any problems with the performance. It works very good. We have not had any problems. If we compare with Check Point, Check Point is not really good in stability, not for monitoring. That is why we didn't choose Check Point to move to Palo Alto.

We are satisfied with Palo Alto's support. We don't need to contact them frequently but when we do it is a good experience.

If we compare with Check Point, Check Point is not really good in stability, not for monitoring. That is why we didn't choose Check Point to move to Palo Alto. Compared with Check Point, it's excellent. It's very good. It's even better than Cisco also. So for this kind of usage scenario, it's very good. We don't use it as a regular firewall or perimeter firewall. We use it only as an internet gateway. But for an internet gateway, it's very good.

It was a very straightforward install and we were able to perform it from the Palo Alto books available. It only took one or two days for the installation. No problem with SIEM integrations or with the security policies. It's just worked as expected.

We performed the installation in house from the Palo Alto books available. 

I would give Palo Alto Networks Next-Generation Firewalls a rating of nine on a scale of ten.

We are a solution provider and this is one of the firewalls that we implement for our clients.

This is a difficult product to manage, so the administrator needs to have a good knowledge of it, otherwise, they will not be able to handle it properly.

The scalability is very good.

We have a small number of clients with this solution in place.

The support is good.

I have experience with multiple firewall vendors and I have seen that products from other vendors have bugs. My feeling is that Palo Alto does not have this problem.

Some of the vendors that I have worked with are Fortinet and Sophos. The setup and management of these products are easy compared to Palo Alto.

Implementing this product can be a little bit difficult. The configuration is difficult compared to other products, so it would be nice if there were videos are other instructions available. It can be very time consuming for the network administrator.

The pricing is very high.

My advice for anybody who is implementing this firewall is to follow the guide or instructions that are available. There are multiple resources and examples of use cases available on the Palo Alto website, and you can directly follow them.

I would rate this solution a nine out of ten.

We primarily use the solution for the firewalls. We're also using the next-gen features to shape what's going on. For example, to figure out what is allowed out and what isn't allowed out on a layer-7 application-aware firewall. We can block based on the application, as opposed to port access.

The solution helped us stop being policemen to our users. We don't have to run around telling people they can't do certain things. We can just not allow it and walk away from it. We're not out there seeing who is doing what, we just don't allow the what.

The solution allows us to set parameters on where our users can go. We can block certain sites or ads if we want to.

The firewall capabilities are very good.

We're working with the entry-level appliances, so I don't know what the higher-end ones are like, however, on the entry-level models I would say commit speeds need to be improved. 

The appliances I'm working on are relatively old now. We're talking five-year old hardware. That slow commit speed might be addressed with just the newer hardware. However, even though it is slow, the speed at which they do their job is very acceptable. The throughput even from a five-year-old appliance shocks me sometimes.

Currently, if I make changes on the firewall and I want to commit changes, that can take two or three minutes to commit those changes. It doesn't happen instantly.

The solution doesn't offer spam filtering. I don't know whether it's part of their plan to add something of that aspect in or not. I can always get spam filtering someplace else. It's not a deal-breaker for me. A lot of appliances do that, and there are just appliances that handle nothing but spam. 

I've been using the solution for five years.

The stability is awesome. I haven't had any issues with the solution stability-wise. I've got the same firewalls that have been out there for five years and they work great.

I don't work with enterprise-class products. I'm not in that environment. However, so as far as I know, Palo Alto has products that will go that large. Panorama may be able to scale quite well. You can manage all your appliances out of it. They are a very popular license.

Their GlobalProtect license is very much like Cisco's AnyConnect. It does the endpoint security checks. It makes sure they've got the latest patches on and the antivirus running and they've got the latest antivirus definitions and whatnot installed before they allow the VPN connection to happen. It's quite nice.

Their support is very good. I've never had any issues with their support. I would say that we've been satisfied with their level of service. 

Occasionally there may be a bit of a language issue based on where their support is located.

The initial setup is pretty typical. It's like any firewall. As long as you've worked with next-gen firewalls, it's just a matter of getting your head around the interface. It's the same sort of thing from one firewall to the other. It's just a matter of learning how Palo Alto does stuff. Palo Alto as a system, for me, makes a whole lot of sense in the way that they treat things. It makes sense and is easy to figure out. That's unlike, for example, the Cisco firewalls that seem to do everything backwards and in a complicated way to me. 

I haven't worked with enough Cisco due to the fact I don't really like the way they work. That isn't to say that Cisco firewalls are bad or anything. It's just that they don't operate the way I think. That might have changed since they acquired FireEye which they bought a couple of years back.

I know the solution is not inexpensive. It depends on what you ultimately sign up for or whether you just want the warranty on the hardware. 

I'm not really a customer. I'm like a consultant. I'm an introduction expert. If I think a client needs a certain technology I point them in the direction of whoever sells it. I do go in and configure it, so I do have experience actually using the product.

When I'm looking for something, I just find someone that sells Palo Alto and I redirect the client towards them. I'm not interested in being in a hardware vendor. There's no money in it. There's so much competition out there with people selling hardware. It doesn't matter where the client gets it from.

We tend to use the 200-series models of the solution.

I'd rate the solution eight out of ten. They do a very good job. The product works well.

We are using this firewall for security purposes.

The most valuable features are the IPS/IDS subscriptions.

The user interface is fine.

In the future, I would like to see more OTP features.

The price of this product should be reduced.

We have been using the Palo Alto Next-Generation Firewall for more than two years.

In terms of stability, we have had a very good experience with this product. I would say that it is excellent.

Scalability has not been an issue. It's good.

The technical support from Palo Alto is good.

I was not present for the initial setup and deployment. Prior to that, I was not part of the planning.

My experience with Palo Alto is good and I definitely recommend this product. That said, there is always room for improvement.

I would rate this solution a seven out of ten.

We're customer facing; each customer uses it for a different purpose. Some use NG Firewalls for IPS capability, some for application capabilities, these kinds of things.

The accessibility, antivirus, and stability features are the most valuable. It's so stable, the customer can use the decryption features without impacting performance.

Most customers ask about the choice of features. It's limited. It's not arranged well for users. Also, customers don't want to buy extra things for extra capabilities. I would like to implement individual profiles for each user. Capability, in general, is limited.

It's a very stable solution.

I am the customer's technical support. If a customer has issues, they would call me.

The initial setup was basic. It was very simple. The basic configuration will only take 15 minutes. Anyone can set it up. If a person has worked with a firewall before, they can do it themselves. You only need one person for deployment.

Licensing is on a three year basis. Customers prefer one to three years. Licencing is pretty expensive. Check Point is cheaper than Palo Alto. There's also an international license. If a customer wants to control different things, they will need an extra license. 

I've helped customers using Fortinet and Check Point. They are compromised. Their firewall is not stable. But for some features, for example, encryption, they want to use this feature, but the firewall feature isn't great. With Palo Alto, there isn't any problem, you can open any feature - IPS feature, data encryption feature - there isn't an issue.

Implementation is simple, the product is stable, but I advise if people get the firewall I strongly recommend the use of the API features. They may not be accustomed to using a next-generation firewall. If they want to use NG Firewalls, they need to use and implement the API features. They need to create uses based on the application.

My understanding is Version 9 will introduce some logic features.

I would rate this solution 9 out of 10.

I am a reseller of Palo Alto Networks.

The solution is user-friendly. It's secure and easy to understand your network visibility, control the network, and prevent attacks.

The pricing could be improved. They need to work on the setup over the firewall, VLAN, and PPPoE.

It's stable.

It's scalable.

I seldom call technical support because it's easy to understand and configure the solution.

It could be less expensive.

I would rate this solution 9 out of 10.

If you want to have a secure network, use Palo Alto.