Palo Alto Networks NG Firewalls Reviews

We shifted an existing network from Cisco to Palo Alto. It was like a branch to head office network.

We have done public and private cloud deployments as well as on-prem deployments. We are using versions 8, 9, and 10.

IoT security is most valuable in the current version. Content IDs, DDoS protection, zone protection, and DLP are the most prominent features in Palo Alto Networks NG Firewall. It is easier to configure than other solutions.

People sometimes find it more expensive as compared to other solutions. There are also fewer training opportunities for Palo Alto than Cisco and other vendors.

I have been using this solution for the last four or five years.

It is working fine.

Its scalability has been fine for our use cases. It is good for large-scale environments, and there are no problems.

Their technical support is excellent. 

It is very straightforward. They also have a very good script, so it runs very smoothly.

It is expensive as compared to other brands.

If we are comparing firewalls, this is the best firewall. I would rate Palo Alto Networks NG Firewall a nine out of ten.

We were mainly using it because we had two ISP links, so it was a kind of gateway device. Whenever a link went down, the firewall used to automatically switch over to the secondary link so that the internet connectivity is kind of highly available.

It worked fine normally.

The VPN connectors should be better. We had some challenges in terms of the VPN with Palo Alto Networks NG Firewall, and that's one of the main reasons why we moved to Sophos.

Its load handling can also be improved. There were challenges when traffic was high. During peak business hours, it did not function very well. There was a lot of slowness, and the users used to complain, especially when they were connecting from outside. We even reported this to the support team.

Their support should also be improved. Technical support was a bit of a concern while using this solution. We didn't get very good support from the Palo Alto team.

I have been using this solution for almost two to three years.

It was fine normally, but during peak business hours, it used to have challenges. We faced this issue at least two to three times a month.

It is not very scalable. We had around 100 users. We had around ten people in our IT team.

Support was a bit of a concern while using this solution. The support that we received was not too great, which caused a lot of issues. They were not very customer friendly.

This was the first firewall that we used. 

I didn't do the installation.

I would not recommend this solution. I am sure they will come up with better models to overcome some of the challenges that we faced, but I would definitely not recommend this particular model.

I would rate Palo Alto Networks NG Firewalls a six out of ten.

Our primary use case of the Palo Alto firewall is to control incoming and outgoing traffic as the firewall is deployed at the perimeter. Also we have used a VPN in that device so remote users can access the internal networks. We are partners with Palo Alto and I'm from the implementation team and work as a technology consultant. 

The GUI is very simple in Palo Alto and I like that. We rarely have any issues but when we do, the stability of the solution is very good. All the options they offer; creating objects, configuring VPN, it's all pretty simple and straightforward. The solution is continuously in use in our company. 

The support could definitely be improved. Whenever I call the tech engineers, there's a long wait time. For an additional feature, I'd like to see the segmentation in policy. Check Point has a good feature for segmenting policies that I'd like to see implemented in Palo Alto. It would make things easier for the operation team to create & identify particular policies, or to place a policy in that segment. Finally, there are limitions to the hardware in the number of objects & policy we can create is limited which is not the case with Check Point or FortiGate.

The stability is good in the Palo Alto firewall.

The Palo Alto firewall cannot increase the RAM and we can't do that either. We're unable to increase any physical boundaries of the firewall. That is one of the cons of Palo Alto. Our organization is pretty large and I am currently working on Palo Alto for three clients. I have a total of about 10 clients who are using the Palo Alto firewall. 

The initial setup is pretty straightforward. We just had to do the initial configuration of hardware, deploy our Panorama VM and integrate with hardware firewall, and it is pretty simple. It's also quite self-explanatory. 

We have five-year contracts with Palo Alto. I know the solution is on the expensive side but I'm not involved in licensing and don't have the numbers. 

I have also worked on Check Point and FortiGate, the hardware firewall. The Check Point Firewall has three-tier architecture where one security gateway & management server is there & smart dashboard is deployed on Windows. The application is required to control the Gateways. On other hand In Palo Alto, we just take GUI access of the firewall or Panorama to deploy any security policies and the architecture is very simple. As mentioned, the downside of Palo Alto is that there is a limitation to the number of objects that can be created. 

I would 100% recommend this solution and they have provided pretty good documentation on their website, so it's easy for operations as well.

I rate this solution a nine out of 10. 

We are a solution provider and this is one of the firewall solutions that we implement for our customers. We present this product to customers and also handle the onsite installation.

Our clients use it to secure their network infrastructure.

The most valuable feature is WildFire, which blocks sophisticated attacks and distinguishes it from other traditional firewall functions.

I would like to see better third-party orchestration so that it is easier for the team to work with different products. 

Improvements should be made in the Cortex module.

I worked with this next-generation firewall for about four months as I rotated between departments.

We have had no complaints about stability.

Scalability has not been a problem. Our customers for this firewall are large companies in industries such as banking.

I have not been in contact with technical support.

The initial setup is quite straightforward compared to other brands of firewalls. The deployment takes about one month.

Our in-house team handles the deployment and maintenance for our customers.

My advice for anybody who is considering this product is that it is a useful firewall and high-ranking compared to others.

I would rate this solution an eight out of ten.

We are using this firewall for security purposes.

The most valuable features are the IPS/IDS subscriptions.

The user interface is fine.

In the future, I would like to see more OTP features.

The price of this product should be reduced.

We have been using the Palo Alto Next-Generation Firewall for more than two years.

In terms of stability, we have had a very good experience with this product. I would say that it is excellent.

Scalability has not been an issue. It's good.

The technical support from Palo Alto is good.

I was not present for the initial setup and deployment. Prior to that, I was not part of the planning.

My experience with Palo Alto is good and I definitely recommend this product. That said, there is always room for improvement.

I would rate this solution a seven out of ten.

I'm a network security engineer and we are platinum partners with Palo Alto. 

Initially, there were no application controls offered in the legacy firewall. Now you can log each and every application. It provides valuable control and is the main feature in addition to the security features they're currently offering. All the firewalls - Fortinet, Cisco, Palo Alto -  provide complete visibility and control over your network which you didn't previously have. Now you have user ID and you can implement URL filtering as well, there is control over your network. End user logging is far better with Palo Alto than Fortinet or Cisco, and it helps you to troubleshoot. I'd rate Palo Alto on top. It's comfortable and that's my experience. Cisco and Fortinet provide good services, but Palo Alto offers a very good product.

There will always be room for improvement. On a daily basis you get patches for everything. They build new features, apply new technologies and new applications which need to be integrated and with that you get bugs. There are always issues, whether it's hardware or software. 

I've been using this solution for five years. 

The product is generally stable but with each new update you need to get the OS bug fix. Any security device has a vulnerability which a hacker can exploit and you have to keep on patching.

I work on the system integrator side and work with multiple customers, and this is a scalable solution. 

The support level is good, but it depends on the region you're working from. In some countries, the support flexibility is very good. For others, you have different strategies. I'm in Pakistan and Palo Alto has a different strategy here in that they don't directly provide support. You have to add another vendor in between and open a case with them and if they can't resolve your query they activate to Palo Alto. In some countries, Palo Alto directly provides support and in others they can't be contacted directly. In a couple of scenarios, we got involved with an R&D team and told them there was a bug for our end users. Palo Alto escalated that case to an R&D team and they got it fixed in the following patches.

The initial setup is a very smooth process integrated with initial configuration. It's very easy. 

You could say that the cost is higher for Palo Alto, but they are a better product compared to the other principals. 

I work with Fortinet as well as Palo Alto. Palo Alto has very extensive logging that Fortinet doesn't offer. To get that with Fortinet you need to purchase FortiAnalyzer for reporting. The logging is so extensive in Palo Alto that you can generate a report and get an analysis on the same firewall. You don't need to procure anything else. The documentation of both Fortinet and Palo Alto is up to standard. They both have very extensive documentation for their products. Both of them offer the same level of knowledge base for their customers and are up to the mark. In terms of support, Fortinet and Cisco allow you to directly open a case and get an engineer on the line. Cisco follows the same model. I'm unable to do that with Palo Alto from Pakistan. 

I would rate this solution an eight out of 10.

We use this product as our perimeter firewall.

We have a lot of confidence in this solution.

The management options are good.

There are some options available in other firewall products that are not supported, so there is room for improvement in that regard.

Technical support could be faster.

The cost of this firewall could be cheaper.

We have been using the Palo Alto Networks NG Firewall for the past five years.

This is a stable product.

This next-generation firewall solution is scalable. We have more than 500 users and we plan to continue using it.

We have had experience with technical support and it is good, although they could be faster.

Our previous firewall did not have the next-generation capability.

The initial setup is straightforward. A typical installation takes one or two days.

We deployed this product on our own and one person is suitable for the deployment.

This is an expensive product and there is a subscription cost.

This is a good product and I recommend it.

I would rate this solution a nine out of ten.

We are a system and development company, and we sell this solution and many other solutions to our customers. 

We work on all the models, not a specific one. The model depends on the sizing. We also consider future expansion of a customer's environment for deploying a model.

In general, its performance and ease of use are the most valuable. Its performance is good, stable, and reliable. The user interface is friendly and easy to use. Customers find it easy to work with and easy to learn.

They can work on the price. They are a little bit expensive, and not all customers are able to afford this solution. Taking into consideration that there is huge competition in the market and there are multiple firewall companies that are much cheaper than them and offer almost the same features, it would be good to improve the price.

I have been using this solution for three to four years.

It is stable.

It is scalable. They offer multiple platforms, such as hardware appliances as well as virtual appliances. You can deploy as many virtual appliances as you want. Palo Alto supports the latest technologies, such as micro-segmentation, and NSX integration with Nutanix Acropolis Hypervisor. They offer multiple options to cover almost every deployment scenario and architecture for most of the customers.

I don't deal with the technical support team because I am a presales person. Our technical support team handles the tickets and open tickets for support.

The initial setup is not that easy. Deployment duration depends on the complexity of the solution, that is, how many firewalls will be installed, and are there any sorts of integrations or any other solution. It also depends if it is just a single box deployment or there is an extra box or two boxes. It might take one week to two weeks depending on the environment, the complexity of the data center, and the complexity of the integration with other technologies. It may take one month or more if the implementation is huge, and there are multiple boxes to be implemented and to be integrated with other solutions.

It is a little bit expensive.

I would recommend this solution based on a customer's requirements. I sell solutions from a lot of firewall vendors. I have the flexibility to recommend based on the budget of a project. I would recommend Palo Alto or any other vendor if the environment and all the conditions are available and suitable for that deployment. A lot of times, we make POC or proof of concepts to show the customer the value of the products and how to deal with them to convince them to buy it.

I would rate Palo Alto Networks NG Firewalls an eight out of ten.