Palo Alto Networks NG Firewalls Reviews

We use it for perimeter security because it gives application layer security and we also use it for VPN access.

We use the PA-3200 and PA-200 models. In terms of the version, we are one version behind the latest one. The latest version is 11, and we are still on version 10.

The biggest benefit we have seen from it is the ability to identify the traffic of our networks based on the application ID that Palo Alto can provide. Palo Alto firewalls have the most extensive App-ID library, so we are able to identify which applications are necessary for business and which ones are not. We can then block those that are not crucial for business at the firewall itself, so App-ID in the firewall was the biggest benefit to us.

Palo Alto NGFW embeds machine learning in the core of the firewall to provide inline, real-time attack prevention, which is important and very helpful. I wouldn't be able to compare it to any other product because we have used Palo Alto for eight years, but the machine learning that they have embedded into their OS has been very helpful. Based on the learning that they have done, they have been able to analyze the traffic and coordinate traffic patterns to alert us about possible malware and even block it.

It provides a unified platform that natively integrates all security capabilities. Palo Alto NGFW has been able to give us all that we need from one particular appliance itself. If we wanted, we could have also used the DNS feature, and in that case, one device could have met all our needs.

Because it's a unified platform, management is easy. You have to learn only one particular management interface. Once our IT team gets familiar with the management interface, it's easier for them to apply security policies, monitor the traffic, and manage the plans using the same GUI. There are no learning curves for different products.

We try to keep our security fairly tight. The policies that we have created on the Palo Alto NGFW have been based on security requirements. As of now, we haven't detected anything that would point to a hole in our environment, so it is very hard to say whether Palo Alto NGFW’s unified platform helped to eliminate any security holes.

It has helped to eliminate multiple network security tools and the effort needed to get them to work together with each other. It has helped us consolidate into one vendor. Earlier, we used to have an appliance for the firewall, and then we had an appliance for VPN. We had a separate appliance for the collection and correlation of data. We have eliminated all of those. They are now in one box. The same firewall gives us security policies and lets us collect all the data about the traffic flowing in and out of the network and correlate events. It has helped us eliminate the VPN appliances that we were using in the past. It has helped us to eliminate two other vendors and bring all the services into one.

The single-pass architecture is good. Everything is analyzed just once, so it improves the performance. 

Application layer firewalling has been the most valuable feature because it gives thousands of application IDs that we can use to control traffic into and out of our environment. The second most important feature has been the GlobalProtect VPN feature.

The only problem that I see with the Palo Alto NGFW being an all-in-one appliance is that because of the different features that are being put into a single appliance, the OS tends to be beefier. Over the eight years, we have seen that the number of features or analyses being put into the appliance itself has a tendency to slow down the appliance, especially at the time of bootup. So, any time we are doing maintenance work, the time required for the appliance to boot up and be fully functional again is significantly longer than eight years ago. They could find a way to make this all-in-one appliance faster.

They should also make the documentation much easier to understand. Given all the features that they have built into the firewalls, it should be easier for the end users to understand the product and all the features available on the product. They should be able to utilize the product to the maximum capabilities. The documentation and the tech support available need to improve. The tech support of Palo Alto has deteriorated over the past few years, especially after our pandemic. Getting tech support on our issues is very difficult. They could definitely improve on that.

I've been using it for about eight years.

It's very stable. We have had no issues. There are only two issues that I recall ever happening on our firewalls. The first one was when they released an application ID that caused a problem on the network, but they were able to resolve it quickly within a matter of hours. The second issue was also because of the change in the OS. In both cases, the resolution was quick.

In terms of scalability, they have a huge range of models, so depending on what your requirements are, you can scale up from the very base model that goes from 100 megabits per second to the largest one that goes to 10 gigs per second. They have a wide range of appliances that you can upgrade to based on your needs.

In terms of the traffic that can pass through the firewall, it has been fairly good for us. We have not had to upgrade our network. Being a small company, we don't have too many users. In the past eight years, we have not had to change our bandwidth for the increase in traffic. Whatever we selected four years ago, they remain the same. We have not had to upgrade the hardware capabilities just because our traffic is increasing, but in terms of feature sets, we have added more and more features to the appliances. When we started off with Palo Alto, we were only using the firewall features, and then slowly, we added a VPN for mobile users. We added a VPN for site-to-site connectivity, and the scalability has been good. We have not had to upgrade the hardware. We have just been adding features to the existing hardware, and it has not caused any deterioration in the performance.

We have about fifty users that are split between the East Coast and the West Coast. Each coast has only about twenty-five users. All in all, we have about fifty users using these products.

It used to be good in the past, but over the last few years, it has been very bad. You open a case, and you expect somebody to get back to you and help you out with the issue. They say that based on the SLAs, somebody will get back to you within a certain number of hours for the priority ticket that you created, but that getting back actually includes the initial response where somebody is just acknowledging that they have the ticket. That does not mean that somebody provides me with the solution or takes action on it. If I open a priority one case, which means my network is down, somebody will get back to me within two hours based on the SLA, but that response only includes the acknowledgment mentioning that your case has been received. That's it. It's a different question whether someone is going to get on the phone with you or give you an email about how to troubleshoot the issue and fix that issue.

I'd rate them a six out of ten based on the response time and the quality of the responses received over the last three or four years.

Neutral

We were using Cisco's router-based firewalls. They had some advantages, but they did not have a graphical interface for configuration, which was the weakest point. Getting team members on the team who were not familiar with the command line configurations for our Cisco firewalls made us select a product that provides a graphical interface for configuration, and that was a reason for moving to Palo Alto.

It has been fairly easy to set up. The initial setup is good. The migration to a new box can also be pretty straightforward.

I have had experience with setting it up from scratch, and it has been good. It's more on the simpler side. The initial setup to get the firewall in place with basic security principles is straightforward. When you go to the advanced features, it gets trickier.

The deployment duration depends on the complexity of the network and the kind of rules that you want to implement. The physical appliances are relatively straightforward to set up. For the base security, it doesn't take more than a couple of hours to set it up, but it can take a relatively long time to set up and configure the firewalls that sit in the cloud.

We use physical appliances and virtual appliances. The physical appliances are in our on-prem environment, and the virtual appliances are in our cloud environment. It took about four hours to set up the physical appliances from scratch, whereas the virtual or VMCD ones took a lot longer. It took two to three days to set them up.

For the VMCD ones, we had to get help from their pre-sales support team, but for the on-prem physical appliances, we did the implementation ourselves.

It isn't cheap. It's cheaper to replace the equipment every three years than to upgrade. We have done two refreshes of their appliances. What I have seen is that the initial hardware cost is low, but you need a subscription and you need maintenance plans. After every three years, if you're trying to renew your maintenance or subscription, that can be very costly. It's cheaper to just get a newer solution with a three-year subscription and maintenance. It's cheaper to replace your hardware completely with a new subscription plan and a new maintenance plan than to renew the maintenance subscription on existing hardware. That's the reality of the Palo Alto pricing that gets to us.

You pay for the initial hardware, and then you have to pay the subscription cost for the features that you want to use. Every feature has an extra price. Your firewall features are included with the appliance, but the antivirus feature, DNS security feature, VPN feature, URL filtering, and file monitoring features are additional features that you need to pay for. So, you pay extra for every feature that you add, and then based on the features you purchase, you have to pay the maintenance plan pricing too.

Before moving to Palo Alto, we did evaluate other options. In those days, we tried out the Check Point firewall. We tried out Fortinet, but Palo Alto was the one that met our needs in terms of the features available and the ease of learning its features and configuration. We went for it also because of the price comparisons.

Try to get hold of a presales engineer and do a PoC with all the features that you're looking at before you make a purchase decision.

It isn't cheap. It's definitely the faster one. It meets all the needs. If you're looking for an all-in-one solution, Palo Alto NGFW would definitely meet your needs, but it isn't the cheapest one.

We have not used their DNS security feature because we use a competitor's product. We use Cisco Umbrella for that. The reason is that for the DNS security to work, the traffic from those endpoints needs to flow through the firewalls, but we have a lot of mobile user devices whose traffic does not flow through the firewall and we'd like them to have DNS security. We use Cisco Umbrella because that's an endpoint application that protects the endpoints from vulnerabilities based on the DNS reputation, and all the traffic from those endpoints does not necessarily need to go through a central endpoint, like a firewall.

Overall, I would rate Palo Alto NGFW an eight out of ten. 

We use Palo Alto Networks NG Firewalls for our network security. We deployed the solution on both the cloud and on-prem.

Palo Alto Networks NG Firewalls machine learning secures our network against threats that evolve rapidly.

The DNS security feature is already commonly used for authentication by clients, with many threats being pushed from the inside to the outside. DNS security helps improve our network.

The DNS security feature is integral in protecting against DNS tunneling.

The solution provides a unified platform that natively integrates all security capabilities. Palo Alto Networks NG Firewalls' unified platform helps us eliminate security threats. We use all the Palo Alto Networks NG Firewalls' features including the UTM, WiFi, and VPN feature to protect our network. 

Both the network performance and security of the single-pass architecture are good. 

There are many valuable features, such as wireless cloud features. The IP and signals are updated regularly, and all UTM features provide good basic gateway-level security.

Palo Alto Networks NG Firewalls machine learning in the core of the firewall to provide real-time attack prevention is a basic requirement for our private security network.

The bugs can be improved.

I have been using the solution for eight years.

The solution is stable. We encounter small bugs sometimes but they are not a problem.

The solution is scalable.

The technical support is good.

Positive

For experienced people, the initial setup is straightforward. Cloud deployment can be challenging for someone new. The deployment takes around one hour.

We implement the solution for our clients.

I give the solution a nine out of ten.

Our clients are enterprise-level.

The PA400 series has good performance and security.

I recommend Palo Alto Networks NG Firewalls to others.

We use these firewalls to manage wastewater systems for over a hundred municipalities across the country. As a result, we exclusively use them in the operational technology (OT) space.

One of the key benefits is that it enables us to secure environments that may pose more significant security challenges.

The centralization capability is the most valuable feature of this solution as it enables us to monitor our systems efficiently. Additionally, the firewalls are excellent, with straightforward configuration and comprehensible interfaces that our engineers can set up with ease.

The cloud firewall solution offers a unified platform that integrates social security capabilities, but it comes at an additional cost.

I think having the ability to see the big picture is important for us, and that's not always easy to achieve. 

As for how important it is for us to have Palo Alto NG Firewalls and defense machine learning at the core of the firewall for real-time attack prevention, I think it's a bit premature to say. There are many players in that field currently, and I would prefer to see them get it right before jumping in just for the sake of being there.

A major concern is making the licensing more accessible to enable small municipalities to afford and manage their own systems independently.

I have had experience working with Palo Alto Networks NG Firewalls for a minimum of three to four years.

I would rate the stability of Palo Alto Networks NG Firewalls a nine or ten out of ten.

Palo Alto Networks NG Firewalls are very scalable.

As far as I know, the technical support for this solution is excellent. 

My team has used it a few times and has always been satisfied with the service. I have never received any negative feedback regarding the support lines.

I would rate the technical support an eight or nine out of ten.

Positive

A lot of the municipality's systems rely on Palo Alto Networks NG Firewalls to stay online, and we've found that they provide better uptime compared to most other solutions.

Our downtime has been reduced by 80 to 90% with the implementation of Palo Alto Networks NG Firewalls.

I was not involved in the deployment process.

We have seen a return on investment. By centralizing our monitoring of systems, we have been able to make our lives easier.

The licensing leaves a lot to be desired. 

We buy the license and then we can't transfer the license without paying an exorbitant fee to our client if they leave us, and that just seems to be a bit of a pain point for us, and there's really no way to partner effectively to make that more reasonable.

We continuously review firewalls, whether it's Check Point or Fortinet, or Cisco. But Palo Alto has been the best for us.

As most of our environments are in the cloud, we don't have a lot of experience in securing data centers.

If a colleague at another company is only looking for the cheapest and fastest firewall, I would advise them that Palo Alto Networks is not the right solution for them. 

While it may not be the most affordable or the quickest to set up, the investment in Palo Alto Networks NG Firewalls is well worth it in terms of reliability and security. 

Choosing a firewall based solely on cost and speed may result in a false sense of security and leave the organization vulnerable to breaches and downtime.

I would rate Palo Alto Networks NG Firewalls an eight out of ten.

We use the solution for IPS. Palo Alto's firewall is really good compared to firewalls like FortiGate, Cisco, or any other competitor.

We're able to monitor traffic based on the source destination and geolocation. The firewall allows us to restrict user access. For example, we have restricted user access to the chat feature on Facebook.

There are about 170 total users on the client side. On the administrative side, we have two or three people.

We're using version PA-200. The solution is deployed on-premises.

We reduced access to unwanted websites by 80%. It allows us to optimize user efficiency. For example, I have restricted the calling feature on LinkedIn, so people can still use LinkedIn, but they aren't able to dial out or receive calls.

We restricted social media sites so that only basic features can be used. The monitoring functionality allows us to see which users are using which websites,  the frequency, and the level of usage. It improves the network monitoring in our organization and gives us the required control level to restrict user access.

Palo Alto Next-Gen Firewall has Panorama, which is a unified platform that natively integrates all security capabilities, but I haven't worked with it yet.

The unified platform gives us more visibility and restricts unwanted guests and unwanted traffic. It gives us more insight into network traffic so that we can analyze it.

It helps eliminate multiple network security tools and the effort needed to get them to work together. Previously, I used other network monitoring tools for bandwidth monitoring. Now, the security features and wireless detection are in a single platform, so it definitely reduces the need for multiple platforms.

It has affected our network operations and network-related costs, but it's not the main benefit. The main benefit is the visibility and not having to maintain or manage multiple platforms. It's a bit costly because it has a lot of features, and each feature has a cost. It's important to do a cost-benefit analysis and know the requirements of your organization. We don't have to manage five to seven platforms and we're getting all the information in a single platform, so we can compromise a little bit on the cost side.

The packet level inspection is the most valuable feature. The traffic restriction features allow us to restrict the sub-features of any platform.

I really like the security aspects. That's why it's highly rated on Gartner. The antivirus definitions, updates, and malware detection are pretty good.

It embeds machine learning in the core of the firewall to provide inline real-time attack prevention, which is a very nice feature. It's part of the add-on services subscription. The autonomous behavior toward malware and potential risk is pretty good. 

Machine learning is really good to have. We received some false positives with machine learning, which was the main problem we had with it.

It's very important to me that the solution integrates natively with security solutions. Inside attacks are very rare. Most attacks are generated from the outside or from a public site, so having Palo Alto is really important on a public site.

Palo Alto is like Microsoft. It has varied features, but it's too technical. A lot of the features could be simplified. The procedure, process, features, and usability could be more simple.

It's too complex and sometimes the process to implement a single thing is hectic.

I have been using this solution for about eight months.

The solution is stable.

It's scalable. If you use the virtual solution, you may need to change the subscription.

I haven't directly worked with Palo Alto's technical support, but their community logs have been really helpful and we can find the answer to almost anything. The documentation is good.

We previously used Fortinet and Cisco.

We switched to Palo Alto because it's an all-in-one solution. We were attracted by its level of detection, level of monitoring, and level of packageable inspection.

The setup is straightforward. Deployment took a week. 

I haven't used it inline directly. First, I did a port mirror. Once I was fully satisfied with the level of detection, I put all of my traffic through it.

We use two or three administrative staff for maintenance. 

The price is high.

We evaluated other features, but we chose Palo Alto early on in the process because of the features and usability.

I would rate this solution an eight out of ten. 

In terms of a trade-off between security and network performance, I would rate it more toward network security. We have a lot of other alternatives for monitoring but not for the security side or antivirus detection.

I would highly recommend Palo Alto. If you want a cheap solution, I would recommend Sophos. But if someone is looking for real-time protection, I would suggest that they go with the virtual instance of Palo Alto, which is PA-200 VM, because it simply fulfills our requirements.

For personal use or SMEs, the price of PA-400 is high, but the security and performance are worth it.

We have deployed Palo Alto Networks NG Firewalls and every web filter security available. So, we came to know each website user who got blocked and the "not required" categories. These categories are permanently blocked, and if any changes are required in these categories, we will first get approval from management. 

I like the sandbox feature, and it's very good. It kills each malware deployment in the sense of signatures within five minutes. So, we can secure our network and infrastructure very well within the stipulated time.

The WildFire functionality is very good because a few files are also getting blocked. It's critical as malware attacks are also getting ignored, and the logging is very well maintained in this firewall.

The most valuable solutions in this field are application-based firewalls. That is the main criteria of the firewall and functionality. We can get all the logs related to this and each and every packet. I like that the firewall is working as an application. The application-based entity we have deployed is well maintained and working very well.

We were able to find lots of vulnerabilities when we deployed it, but we could not disclose all. But there were vulnerabilities we could block by updating the firewall and taking actions on clientside machines. So, we got to know that we have lots of vulnerabilities inside the organization too, and we took lots of steps and resolved the number of vulnerabilities.

Palo Alto Networks NG Firewalls is an all-in-one solution. It provides every entity log, which is a very good functionality of this firewall. It gives every packet and aspect that the firewall is performing through its logs, and it does it very well.

This firewall's unified platform helped eliminate multiple network security tools. If anyone uses P2P sites, cryptocurrency websites, or any illegal sites, we can block it easily. It gives us a proper alert for these kinds of sites, and it properly secures our network. Monitoring is the best thing we are doing here, and we can block this kind of vulnerability as soon as it comes to us.

We are not happy with Palo Alto at all. It would be better if they provided more support for the firewall. We have a few pending issues with the configuration for each application. We cannot deploy them yet due to some support-related problems in the firewall.

We have deployed a few policies for DNS spoofing and DNS attacks, but we could only block a few IP addresses through the policy. That's DNS security, and we have configured a few policies for DNS spoofing and more.

URL categorization and URL filtering are not yet adequately maintained. For example, if you created a few rules in the rule-based configuration and made some rules downstairs, you will lose some of them if you give access upstairs. It's not giving us a proper solution for which route it is using. We need to apply the application-based policies and URL filtering-based policies. It creates more issues because we are not getting good support from the team.

I have been using Palo Alto Networks NG Firewalls for the last three or four years.

Stability in the sense of security and alerts, this solution is very good, and we have not had had any issues. However, web filtering and application-based approach are very poor.

Palo Alto Networks NG Firewalls is a scalable solution.

Palo Alto Networks support could be better. We bought this solution for security purposes, and we asked the support team to convert each and every entity. They have not been able to convert this New Generation Firewall to date. 

Their name suggests that the product will use every application and work as a New-Generation Firewall. Yet, it's not configured, and we can only configure 30% to 40% of the applications. That is also giving us some problems sometimes.

On a scale from one to ten, I would give Palo Alto Networks support a three.

We have a policy in our organization to change the firewall every five years. So, I have experience working on FortiGate, SonicWall, and WatchGuard over the last 20 years.

WatchGuard is very good at web filtering. FortiGate is also very good, and they have their own application to manage the firewall, and SonicWall is also very good. 

Palo Alto is a web-based firewall, and there are no applications to deploy and support. I mean, I take all the logs and all things from the client-side. As it's web-based, it's extremely slow. 

When you click on a particular log, it will take a lot of time because it generates lots of logs. That is a good thing, but performance is a little slow. Both WatchGuard and FortiGate are very good for this kind of thing. Also, WatchGuard is application-based, and I didn't have to deploy it. I came to know about Palo Alto from my friends who said it was very good for application-based security. 

The initial setup and deployment are straightforward. We did not have any issues at all. It took us about 15 to 20 days to implement this solution. 

The policies we have with Atelier and WatchGuard were exported, and we tried to deploy these policies on the new firewall. The reseller helped us configure it but without our concession or permission and could not deploy the firewall. We later had more problems, and the reseller helped us with that as well.

Video Import Solutions is our local reseller in Pune, India. In our experience, not every engineer knew the firewall concept. I mean, not at all. If we wanted something new or had to deal with this application-related issue, they always told us they would log a case and resolve it. But they did not support us at all and did not give us any reason why they could not do it.

I am a technical guy, and I would say that you will not get a return on your investment. Even FortiGate and WatchGuard will offer next-generation solutions that perform better than Palo Alto Networks.

The price could be better. Pricing is very different compared to WatchGuard, which costs around 60 lakhs, and FortiGate, which costs approximately 40 lakhs. Palo Alto Networks costs about a crore which is very high pricing.

We bought this firewall, and our organization did not want to pay so much. We spent around one crore rupees which is not within our budget at all, and we are unhappy with them.

This firewall provides a unified platform that natively integrates all security
capabilities. It will queue all functionalities like firewall protection and alerts and track all DDoS attacks. It shares all the information with us, and we can monitor and take immediate action on the other alerts we receive.

I would advise potential users to only go for this solution if they have the budget and don't require any support. Only buy this firewall if you can install, configure, and solve potential problems on your own. If not, FortiGate and WatchGuard are much better options.

On a scale from one to ten, I would give Palo Alto Networks NG Firewalls a five.

I have deployed it as my internal firewall in the cloud. I also have it on-premises as my perimeter firewall. I am also running Palo Alto in my DMZ. 

I'm using the PA-5532 Series. We have cloud and on-premises deployments. The cloud deployment is on the Azure public cloud.

We are using it on Azure Cloud as an internal firewall for filtering the east-west traffic. At the same time, we are using this firewall as a second-layer firewall in our perimeter for filtering the application URL and other things for the users. We are using another firewall as a perimeter for the DMZ. So, all internal applications that are connecting users are connecting through this firewall. We have other vendors as well, but the main applications are going through the Palo Alto firewall.

Its predictive analytics work very well for blocking DNS-related attacks. We are moving malicious URLs to the unknown IP in the network. They are reconfigured.

Its DNS security for protection against sneakier attack techniques, such as DNS tunneling, is good.

I'm using most of its features such as antivirus, anti-spam, and WAF. I'm also using its DNS Security and DNS sinkhole features, as well as the URL filtering and application security features.

In terms of application filtering and threat analysis, it's a little bit better as compared to the other UTM boxes, such as Sophos or other brands. It is secure and good in terms of application classification and signatures. It is a trustable solution.

In terms of the network performance, I am not very happy with Palo Alto. Other solutions, such as Fortinet, have better throughput and network performance.

I am in GCC in the Middle East. The support that we are getting from Palo Alto is disastrous. The problem is that the support ticket is opened through the distributor channel. Before opening a ticket, we already do a lot of troubleshooting, and when we open a ticket, it goes to a distributor channel. They end up wasting our time again doing what we have already done. They execute the same things and waste time. The distributor channel's engineer tries to troubleshoot, and after spending hours, they forward the ticket to Palo Alto. It is a very time-consuming process. The distributor channels also do not operate 24/7, and they are very lazy in responding to the calls.

It is expensive as compared to other brands. Its pricing can be improved.

I have been using this solution for more than four years.

Its stability is fine. I'm happy with it.

It is scalable. Its usage is extensive. We are using it daily. It is our core device.

Their support is very bad as compared to the other vendors. The support ticket is opened only through the distributor channel, and it takes a lot of time to get a solution for the issue. I'm not happy with their technical support. I would rate them a four out of ten.

Neutral

Palo Alto is the main core product in our case, but we also have Fortinet, Check Point, and Cisco ASA firewalls. Fortinet is one of the key products in our network.

The process of configuring Palo Alto devices is very easy. There is not much in it, but if we want to add or remove a device in Panorama, it is a very complicated setup. Adding, deleting, and updating a device from Panorama is very difficult. The interaction between Panorama and Palo Alto devices isn't good. They need to improve that. FortiManager works very well in terms of device interaction and other things.

The deployment duration depends on the customer infrastructure and where they want to deploy the box, such as in the data center or at the perimeter, but for me, generally, two days are enough for the setup. I provide customers the ways to design a secure network, and they can choose whatever is convenient for them based on their existing network.

In my environment, there are the four network security engineers who are the owners of these devices. We take care of the deployment and management of security devices.

Its price is higher than other vendors. They need to re-think its pricing. 

With Fortinet, the SD-WAN feature is totally free, whereas, with Palo Alto, I need to pay for this feature. With Fortinet, there is one licensing, and I can get many things, whereas, with Palo Alto, I need to go for individual licensing.

I'm working in a systems and data company, and I recommend Palo Alto and other firewalls to many people. The users can choose one based on their budgeting because Palo Alto is expensive as compared to other brands.

Palo Alto NGFW’s unified platform hasn't 100% helped to eliminate security holes. In some cases, we are using other products. I'm mainly using it for WAF and securing my DMZ infrastructure. It is working well in terms of the functionalities in layer 3 and layer 4.

I would rate this solution a seven out of ten.

We use this solution as a firewall. We use it for VPN setup, threat protection, and for internet breakout also. We actually deploy several different versions. We have a TA200, a PA820, and a PA3200 series.

The most valuable features are the threat prevention and policy-based routing features. 

I think they need to have a proper hardware version for a smaller enterprise. We had to go to a very high-end version which is very expensive. If we chose the lower-end version, it would not meet our goals. A middle-end is missing in its portfolio.

For example, there's the PA820 and the PA220, but there's nothing between. So they are really missing some kind of small-size or medium-size usage. Right now, you have to choose either a big one or you have a very small one, which is not really good.

In the next release, it would be helpful if there was some kind of a visualized feature that showed the traffic flow, or something like that, to be able to simulate. When we define something if we could see a simulation of how the flow will be treated that would be great. Because today everything is done by experts by checking logs, but it's very time-consuming. If there's also a simulator to use when you apply some configuration, you can also apply on the simulator, to copy the configuration. So, you can see maybe to generate some traffic and to see how it will be treated. That will be very good.

The solution is pretty stable. Once you have it configured, normally it shouldn't have any issues. It does sometimes impact the metric flow, but that's natural because it filters everything going through, so it slows down the speed.

I don't think that product is really scalable. You have to either replace it with a higher version or use what you have. I think that's the only way. You cannot add something to increase its capacity, so you have to replace the current equipment to a new version or a new, higher version.

For technical support, we have a contract with some local suppliers. It depends on our partner, so it's probably different from location to location, but as long as they are certified with Palo Alto, normally they should have a one or two experts in their organization. So you just need to find a good person to work with.

We did previously have a different kind of a firewall. We used Check Point before. We also used NetScreen and Cisco. But in the end, we defined our standard and now use Palo Alto.

Firewalls are never easy. You have to have very good network expertise to set it up, so it's not about the product being easy to use or not. It's because of the nature of the firewall. You have to understand how it works, how it should be set up, and to understand your data flows and things like that. 

I'm not really the person who does the hands-on setup and integration. I'm the guy who monitors the global deployment. I'm in charge of defining the standard, to deploy the standard to the site, but there's an operational team to do the final installation, configuration, and those types of things.

On the one side, it will take maybe two or three days to enable the firewall, but if you are talking about the global deployment, that depends on the budget, and the resources that will take different time periods to deploy worldwide, so we are still not finished for all the locations. So we are still doing it.

Globally we have around 100 locations. We have two major network engineers who manage the firewall, but to deploy it you also need a local IT because they have to physically be on site. And the two experts remotely control the equipment, configuration, and upgrades, etc. So it's very hard to say how many people you need. It depends on your company size and where your locations are based. For us, we have two dedicated people, but we also have the local IT when we need them to physically help in the integration. 

We do use external partners for the setup. We use also our internal teams as well.

It's a bit pricey.

Once you install it, you use it every day. You can't stop because it's a security feature and a precaution. Also, we are using it to do some local breakouts, so we use utilize the local internet to carry some business traffic, to ensure there's no interruption. You have to let it run 24/7.

I would suggest you be careful when choosing your model. Consider your bandwidth as well as how you want to run the local area network because the throughput of the firewall has to be well designed.

I would rate this solution a nine out of10.

We use Palo Alto Networks NG Firewalls to protect our end-to-end environment.

Palo Alto Networks NG Firewalls use machine learning embedded in the core of the firewall to provide in-line, real-time attack prevention.

Palo Alto Networks NG Firewalls use predictive analytics and machine learning to instantly block DNS-related attacks. The data for attacks or prevention is based on a segmented mask. Palo Alto Networks also keeps signatures updated on a holiday and on the Palo Alto Network and cloud. This helps to prevent signature leaks and secures dynamic web applications.

The solution is able to detect and resolve the initial tunneling attack.

Palo Alto Networks NG Firewalls are constantly being updated with new feature packages, and the improvements are the best we have seen compared to any other product in the industry. This is due to the company's deep knowledge of technology and the field.

The solution provides a unified platform that natively integrates all security capabilities. The ability to integrate all of the capabilities is good because it is ready to use right out of the box. Additionally, it is an ECPU. The security is quite robust.

The unified platform helps to eliminate security holes in our organization by providing multiple layers of security. This is important because it can help to prevent any attack.

The unified platform helps eliminate the need for multiple network security tools and the effort required to get them working together. If we are filtering traffic using any other firewall, we will be using different processing methods. However, when we use a firewall or a third-party tool, it then has access to the restriction using the firewall. We can then use this feature to centralize and combine with this.

The zero-delay signature feature handles Wi-Fi. It analyzes each file type that is downloaded during a session and then sends the file analysis signature to the file cloud. This has made our network more secure.

Palo Alto Networks NG Firewalls' single pass architecture provides greater security and performance because all security functions are consolidated into a single device.

I like the remote access and URL filtering features that are available on global products. There are also other features, such as application-based access, that allow us to provide user IDs based on the type of access needed.

The analysis of the ITS ID by Palo Alto Networks NG Firewalls could be improved.

I have been using Palo Alto Networks NG Firewalls for six years.

Palo Alto Networks NG Firewalls are stable.

Palo Alto Networks NG Firewalls are scalable. We have around 10,000 users.

The technical support is generally good, but it can be difficult to get the right person on the phone.

Positive

The initial setup is moderate. We can deploy within an hour or two. The deployment requires two people. Four to five people can handle the maintenance.

We implement the solution for our clients. 

Our clients have seen a return on investment with the solution.

Palo Alto Networks NG Firewalls are expensive compared to other firewalls such as FortiGate Next-Generation Firewall.

I give Palo Alto Networks NG Firewalls a nine out of ten.

Organizations that require network security should not choose a firewall based on cost. I recommend Palo Alto Networks NG Firewalls to harden security posture.

I definitely recommend Palo Alto Networks NG Firewalls for medium and large organizations.