Palo Alto Networks NG Firewalls Reviews

We use Palo Alto Networks NG Firewalls for our network security. We deployed the solution on both the cloud and on-prem.

Palo Alto Networks NG Firewalls machine learning secures our network against threats that evolve rapidly.

The DNS security feature is already commonly used for authentication by clients, with many threats being pushed from the inside to the outside. DNS security helps improve our network.

The DNS security feature is integral in protecting against DNS tunneling.

The solution provides a unified platform that natively integrates all security capabilities. Palo Alto Networks NG Firewalls' unified platform helps us eliminate security threats. We use all the Palo Alto Networks NG Firewalls' features including the UTM, WiFi, and VPN feature to protect our network. 

Both the network performance and security of the single-pass architecture are good. 

There are many valuable features, such as wireless cloud features. The IP and signals are updated regularly, and all UTM features provide good basic gateway-level security.

Palo Alto Networks NG Firewalls machine learning in the core of the firewall to provide real-time attack prevention is a basic requirement for our private security network.

The bugs can be improved.

I have been using the solution for eight years.

The solution is stable. We encounter small bugs sometimes but they are not a problem.

The solution is scalable.

The technical support is good.

Positive

For experienced people, the initial setup is straightforward. Cloud deployment can be challenging for someone new. The deployment takes around one hour.

We implement the solution for our clients.

I give the solution a nine out of ten.

Our clients are enterprise-level.

The PA400 series has good performance and security.

I recommend Palo Alto Networks NG Firewalls to others.

It is on-prem. We wanted to implement a multiple architecture for our network security. That is why we looked at the Palo Alto product. It is famous for its multi-layer security architecture and firewall.

There are five users: two senior expert administrators and one junior administrator from our data center team and two security engineers from our security team.

It has a solid network security with some robust tools. We can block unexpected attacks, especially zero-day attacks. Since they use the Pan-OS engine, they can collect attacks from all over the world and analyze them. They can then protect against zero-day attacks and unexpected attacks.

There are regular signature updates. You are filtering your objects from external sources. It has also helped to prevent external attacks more quickly. We have the solution enabled to prevent SQL injection attacks.

Palo Alto blocks loopholes where we cannot fix all our vulnerabilities, providing protection.

With secure application enablement, we can protect against application ID. 

Another feature is its malware detection and prevention. DNS Security filters URLs, blocks malicious domains, and provides signature-based protection. They also have Panorama security. We prefer Palo Alto Networks for our parameter security because of these features.

It is not like a traditional firewall. It has sophisticated technology that uses machine learning against cyber attacks, preventing them.

The DNS Security feature is capable of proactively detecting and blocking malicious domains, which are a headache because you can never filter enough. Malicious domains increase in number everyday. That is why using machine learning is a perfect solution for preventing these types of malicious domain attacks.

We don't have to use other advanced technologies due to the solution's UTM capabilities, such as antivirus, anti-spam, and anti-spyware.

With its single-pass technology, the firewalls are capable of analyzing SSL traffic using less CPU and memory.

I would like them to improve their GUI interface, making it more user-friendly.

I would like the dashboard to have real-time analytics.

We have been using it for almost three years.

Compared to other solutions, it is very stable.

The technical support is perfect. I would rate them as nine out of 10.

Positive

Before 2008, we used only core firewall architecture for our network. Then, we needed to enhance our security as we moved toward the cloud. We needed to protect our network from external threats so we decided to go with multi-layer architecture. 

We use several products: Palo Alto, Checkpoint, and three products. Among those products, Palo Alto's performance and product security features are very good. 

We only used Juniper firewalls for our core Firewall. We switched because we wanted to move to a multi-layer architecture.

The initial setup was straightforward. The initial configuration took one to two hours. You need to configure the policies and features. Since we had to do performance tuning, it took us two to three weeks.

It is very easy to deploy. It needs two network engineers.

It is a good investment with the five-year extended support. You don't have to pay any additional costs for five years. You also save on costs because you don't need to purchase other products or technology to manage attacks. That can all be done from Palo Alto. We have seen a 20% to 30% return on investment.

Compared to other products, the pricing is flexible and reasonable. 

We did a PoC with several products, then we selected Palo Alto for its enhanced security features and multi-layer aspects. We also selected it for its speed and performance. Performance doesn't slow down when analyzing SSL traffic.

We are currently using a single firewall architecture. Next year, we will probably move to a dual firewall architecture.

I would recommend Palo Alto Networks NGFW, especially for parameter-level security.

I would rate the product as 10 out of 10.

We use the solution for IPS. Palo Alto's firewall is really good compared to firewalls like FortiGate, Cisco, or any other competitor.

We're able to monitor traffic based on the source destination and geolocation. The firewall allows us to restrict user access. For example, we have restricted user access to the chat feature on Facebook.

There are about 170 total users on the client side. On the administrative side, we have two or three people.

We're using version PA-200. The solution is deployed on-premises.

We reduced access to unwanted websites by 80%. It allows us to optimize user efficiency. For example, I have restricted the calling feature on LinkedIn, so people can still use LinkedIn, but they aren't able to dial out or receive calls.

We restricted social media sites so that only basic features can be used. The monitoring functionality allows us to see which users are using which websites,  the frequency, and the level of usage. It improves the network monitoring in our organization and gives us the required control level to restrict user access.

Palo Alto Next-Gen Firewall has Panorama, which is a unified platform that natively integrates all security capabilities, but I haven't worked with it yet.

The unified platform gives us more visibility and restricts unwanted guests and unwanted traffic. It gives us more insight into network traffic so that we can analyze it.

It helps eliminate multiple network security tools and the effort needed to get them to work together. Previously, I used other network monitoring tools for bandwidth monitoring. Now, the security features and wireless detection are in a single platform, so it definitely reduces the need for multiple platforms.

It has affected our network operations and network-related costs, but it's not the main benefit. The main benefit is the visibility and not having to maintain or manage multiple platforms. It's a bit costly because it has a lot of features, and each feature has a cost. It's important to do a cost-benefit analysis and know the requirements of your organization. We don't have to manage five to seven platforms and we're getting all the information in a single platform, so we can compromise a little bit on the cost side.

The packet level inspection is the most valuable feature. The traffic restriction features allow us to restrict the sub-features of any platform.

I really like the security aspects. That's why it's highly rated on Gartner. The antivirus definitions, updates, and malware detection are pretty good.

It embeds machine learning in the core of the firewall to provide inline real-time attack prevention, which is a very nice feature. It's part of the add-on services subscription. The autonomous behavior toward malware and potential risk is pretty good. 

Machine learning is really good to have. We received some false positives with machine learning, which was the main problem we had with it.

It's very important to me that the solution integrates natively with security solutions. Inside attacks are very rare. Most attacks are generated from the outside or from a public site, so having Palo Alto is really important on a public site.

Palo Alto is like Microsoft. It has varied features, but it's too technical. A lot of the features could be simplified. The procedure, process, features, and usability could be more simple.

It's too complex and sometimes the process to implement a single thing is hectic.

I have been using this solution for about eight months.

The solution is stable.

It's scalable. If you use the virtual solution, you may need to change the subscription.

I haven't directly worked with Palo Alto's technical support, but their community logs have been really helpful and we can find the answer to almost anything. The documentation is good.

We previously used Fortinet and Cisco.

We switched to Palo Alto because it's an all-in-one solution. We were attracted by its level of detection, level of monitoring, and level of packageable inspection.

The setup is straightforward. Deployment took a week. 

I haven't used it inline directly. First, I did a port mirror. Once I was fully satisfied with the level of detection, I put all of my traffic through it.

We use two or three administrative staff for maintenance. 

The price is high.

We evaluated other features, but we chose Palo Alto early on in the process because of the features and usability.

I would rate this solution an eight out of ten. 

In terms of a trade-off between security and network performance, I would rate it more toward network security. We have a lot of other alternatives for monitoring but not for the security side or antivirus detection.

I would highly recommend Palo Alto. If you want a cheap solution, I would recommend Sophos. But if someone is looking for real-time protection, I would suggest that they go with the virtual instance of Palo Alto, which is PA-200 VM, because it simply fulfills our requirements.

For personal use or SMEs, the price of PA-400 is high, but the security and performance are worth it.

Generally, it is used for the main function of the firewall. It protects the applications and the servers of clients from attacks. We use it as a perimeter firewall for the traffic from the internet, and it is also being used because one of the customers needed a solution for PCI compliance. We have put the firewall between servers inside the network to do segmentation. So, with the firewalls, specific communication is open between the clients and the servers, between the servers, and between the servers, applications, and the database.

We have PA-5000 and PA-850 series firewalls. In terms of the version, we are using version 9.1, which is not the most recent version. It is the previous one. We manage all firewalls from Panorama.

The most important benefit is that we can manage VPNs inside this firewall. We have integrated it with Active Directory. We provide a certificate to a user, and the user of the certificate can connect with the GlobalProtect VPN, which is a Palo Alto solution. With this solution, we can easily manage about 1,000 VPNs daily. It supports integration with Active Directory, and it is very easy for us to manage the VPNs. Before using Palo Alto Next-Generation firewalls, there was another solution, and we had a lot of issues with that.

Palo Alto NGFW provides a unified platform that natively integrates all security capabilities. Our main customer is going for PCI certification, and a part of the certification requires the use of these kinds of firewalls to protect all the information that they have.

Palo Alto NGFW’s unified platform helped to eliminate security holes and protect from various threats. 

We have firewalls that automatically update the signatures every 15 minutes. It is very important for us because if something happens, we know that the threat will be eliminated because the firewall is updated to the latest signatures.

The trackability is most valuable. When a port is open for a protocol, such as port 443 for HTTPS, it can look inside the traffic and identify or verify the applications that are using the port, which was previously not possible with traditional firewalls.

It is very important that Palo Alto NGFW embeds machine learning in the core of the firewall to provide inline, real-time attack prevention. If something is different, the firewall identifies that based on the behavior of the traffic and alerts us. It can also block that so that nothing more happens.

We use Panorama to manage all firewalls. There is a dashboard, and there is a tab that shows you the real-time traffic that is passing through the firewall. We are able to get all the insights about the traffic.

We use ACC which is a tool for verifying the activity or traffic within your network. Currently, in ACC, the time of the samples that they offer is about five minutes. When you try to go down to a shorter duration, you can't. You only have five minutes. They can provide samples for shorter durations, such as one minute.

I have been using this solution for eight years.

In terms of usage, all the traffic is passing from these firewalls. In general, there are about 3,000 users and 1,000 servers. All the traffic travels through these firewalls. At this moment, there are no plans to increase its usage.

When we were migrating from one model to another, Palo Alto gave us a chance to replace the hardware because the previous model was old, and there was no support. We were able to acquire a new box at the same price that we would have had to pay to repair and maintain it. 

There is another person that is in charge of that. Their support is only in English, which has been challenging, but now, we have engineers who can talk in English.

It wasn't easy because we were migrating from Check Point to Palo Alto. It was difficult at the beginning, but after that it was easy. Overall, the implementation took us three months because we could only do it in certain time windows. It was implemented in phases.

There were some applications that didn't work fine in the beginning. We had to see what was happening and identified the issue.

In the beginning, we used Palo Alto, but after that, we did everything in-house. The support from Palo Alto was fine. Their support person helped us. We are in Mexico, and he helped in translating the support information from English to Spanish in the beginning. We had a few big issues, but in the end, we solved all of them. Now, I can operate these firewalls.

Its price is comparable to other companies. The license is on a one-year or three-year basis. It depends on the customers what they want to go for. There are some features that require an additional license, and there is also the cost of the support.

I would recommend this solution. It is a good solution. I would rate it a nine out of ten.

The primary use case for Palo Alto is to address traffic-related issues and manage configurations pushed from Panorama to Palo Alto Firewalls. Additionally, it handles GPU-related challenges, global protect, and IP internal problems.

Both FortiGate and Cisco firewalls process network traffic sequentially, meaning each packet passes through security engines, e.g., security profiles and URL filtering, one by one, which can be time-consuming. In contrast, Palo Alto Networks NG Firewalls utilize single-pass parallel processing. When a packet arrives on an interface, the firewall creates multiple copies and sends them to all relevant security engines simultaneously. This parallel approach significantly reduces processing time and increases overall efficiency.

Palo Alto Networks Next-Generation Firewalls offer a comprehensive platform that seamlessly integrates all essential security functions, eliminating the need for multiple platforms. With integrated routing, switching, threat prevention, SASE, and Prisma capabilities, Palo Alto provides a centralized solution. A notable feature is the active-passive router configuration, enabling one firewall to be active while another remains on standby. Additionally, these firewalls incorporate SD-WAN, IPsec, and VPNs for enhanced network security and connectivity.

Palo Alto Networks NG Firewalls effectively utilize embedded machine learning to provide real-time attack prevention. Upon receiving a packet, the firewall performs an initial ingress phase analysis before passing it to the fast path for routing, switching, and connection establishment. Simultaneously, the security policy is checked. If a threat is detected, the initial packet is allowed through for analysis, while subsequent traffic is automatically blocked without the need for manual security policy configuration.

Our organization benefited from the comprehensive feature set of Palo Alto Networks NG Firewalls, eliminating the need for separate purchases of web-based firewalls, load balancers, routers, switches, Prisma devices, and SD-WAN devices. This saves our organizational costs.

Palo Alto provides strong security in our data centers and across all our workplaces.

Palo Alto Networks NG Firewalls reduce downtime and enhance network reliability and security through active-passive setups, where a secondary firewall automatically takes over if the primary one fails, ensuring continuous operation. These firewalls provide a seamless and efficient environment by automatically capturing logs and managing known threats. Advanced features like App-ID and Content-ID inspection enable deep packet inspection, identifying and mitigating threats even within encrypted files or those disguised as legitimate data, such as a virus bound to an MPG file. This comprehensive approach ensures robust security and minimizes the impact of malicious activities, regardless of the attacker's techniques.

The most valuable features of Palo Alto Networks NG Firewalls are Threat Vault and AutoFocus. Threat Vault allows us access to a comprehensive threat database, enabling us to get detailed information on threats and how to mitigate them. AutoFocus provides sandboxing capabilities, automatically addressing global threats.

Palo Alto Firewalls could improve by introducing more features, particularly in load balancing. Enhancing this capability would be beneficial.

I have been working with Palo Alto NG Firewalls for six and a half years.

I would rate the stability of Palo Alto Networks NG Firewalls at eight and a half out of ten.

Palo Alto Networks NG Firewalls are scalable and reliable. I have not faced any limitations with its scalability, and it is suitable for environments ranging from small offices to large data centers.

Palo Alto provides good support.

Positive

I previously worked with Cisco and FortiGate devices. I switched to Palo Alto Firewalls because of the comprehensive features offered by Palo Alto, including better hardware, software, and support.

The initial setup was straightforward, taking about 20 to 30 minutes for one Palo Alto Network NG Firewall.

The level two team was responsible for the configuration and setup process for Palo Alto Network NG Firewalls.

I am not sure about the specific licensing costs of Palo Alto Networks NG Firewalls, but FortiGate and Palo Alto are generally cheaper than some high-end Cisco devices.

I would rate Palo Alto Networks NG Firewalls eight out of ten.

For colleagues seeking a cost-effective firewall, I recommend Palo Alto Networks NG Firewalls. Despite not being the absolute cheapest, their robust hardware and software, combined with excellent support and comprehensive features, make them a more efficient and reliable long-term investment.

Palo Alto Networks NG Firewalls require maintenance.

I recommend considering Palo Alto for small or medium-sized environments due to its cost-efficiency, reliability, ease of use, and extensive features.

As a reseller, our primary customers utilizing Palo Alto Networks NG Firewalls are in the financial services, government, and manufacturing sectors. They select Palo Alto Networks NG Firewalls due to their superior performance and security capabilities compared to alternative firewall solutions.

Palo Alto Networks NG Firewalls provides a unified platform that natively integrates all security capabilities for our customers.

Palo Alto Firewalls integrate machine learning into their core functionality to offer real-time, inline attack prevention that our customers rely on.

Palo Alto Networks NG Firewalls offer a variety of models designed to protect data centers in all work environments. These models share standard features.

Palo Alto Networks NG Firewalls can significantly reduce downtime, and replacing a firewall typically takes only one to two minutes.

Palo Alto Networks NG Firewalls' single-path architecture offers a valuable feature, ensuring stable performance for our customers.

Palo Alto Networks NG Firewalls pricing has room for improvement.

I would like Palo Alto Networks to provide a free virtual firewall.

I have been using Palo Alto Networks NG Firewalls for three years.

I have not encountered any stability issues using Palo Alto Networks NG Firewalls.

The scalability of Palo Alto Networks NG Firewalls is limited because of the lack of a virtual firewall.

The local support is better than the corporate support.

Neutral

Palo Alto Networks NG Firewalls are expensive compared to other solutions.

I would rate the price eight out of ten, with ten being the most costly.

I would rate Palo Alto Networks NG Firewalls eight out of ten.

Although Palo Alto Networks NG Firewalls are more expensive than other firewalls, they provide better protection and are a better value for your money.

The unified platform provided is very important to us as it allows us to manage all traffic and ensure security without using separate tools. It has AI and ML capabilities, which work well for real-time attack prevention.

Since implementing Palo Alto, we've seen an 80-90 percent reduction in issues. It handles ISP links, ensuring minimal downtime. Recently, we upgraded our secondary ISP to 3 Gbps, and when the primary link goes down, it automatically switches to the secondary. As a result, end users do not experience bandwidth shortages or interruptions in internet access.

One area for improvement with Palo Alto Networks NG Firewall would be customer support. Currently, in regions like India, customer support is handled by third-party partners. Unfortunately, the support provided by these partners has not been satisfactory. It would be beneficial if the tool handled customer support directly, similar to how Cisco maintains high-quality customer care. This would ensure that customers receive the level of support they expect.

Getting reliable service is important when you're a customer, especially with critical devices like firewalls. Firewalls are key parts of a network; if they fail, the whole network can become unstable. So, the support you get needs to be just as reliable as the device itself.

I have been working with the product for a year. 

I haven't experienced any downtime. 

We used Cisco ASA before. At that time, Cisco didn’t have a unified next-generation (NG) firewall, and I’m unsure if they offer one now. The main reason we decided to switch was that we needed a unified NG firewall. Besides the unified features that NG firewalls provide, there were other differences between Cisco and Palo Alto Networks NG Firewalls, particularly in terms of features and price. However, the features are mostly similar across different firewalls; it depends on how they’re implemented, how effective they are for end users, and how well they handle security. This varies from company to company and firewall to firewall because each has its architecture, data plan, processing, control, and so on. So, it depends on the original equipment manufacturer.

The tool's deployment is complex and takes seven to eight days to complete. 

The tool's pricing is similar to that of Cisco. It's a security appliance; the cost depends on your network topology and specific requirements. The suitability of NG firewalls should be chosen based on your network and what you need. If a colleague from a different company asked for the cheapest and fastest firewall, I suggest they consider options like Sophos. Sophos took over Cyberoam, which was previously a leader in NG firewalls

I work with the product, and we purchased our box after a demo. We also have IoT security, but I don't personally handle that. I rate the overall product a nine out of ten. 

We use Palo Alto Networks NG Firewalls in our offices and data centers.

Embedded machine learning within our firewall core has enhanced our business performance by enabling us to process higher volumes of data more efficiently. Single-pass parallel processing and machine learning provide real-time insights, allowing us to maintain a strong security posture.

There is no trade-off for the single-pass architecture. The firewall meets the standards and expectations.

The most valuable features are Wildfire, URL filtering, and IPS.

Palo Alto's support could be improved. Compared to Cisco's community portal, its support resources appear lacking.

I have been using Palo Alto Networks NG Firewalls for over three years.

Palo Alto Networks NG Firewalls are stable.

Palo Alto Networks NG Firewalls are scalable.

We previously used Cisco but found it not on par with Palo Alto, especially with throughput. Performance is essential, and Cisco was lacking in this area.

From a technical standpoint, our engineers have significantly reduced labor hours by utilizing Palo Alto, resulting in a substantial return on investment.

I would rate Palo Alto Networks NG Firewalls nine out of ten.

We have a large number of users within our organization.

We have a maintenance team for Palo Alto.

For organizations with budget constraints, Fortinet is a viable alternative; however, if budgetary limitations are not a concern, the Palo Alto PA-440 Firewall is recommended.