Palo Alto Networks NG Firewalls Reviews

These are gateway firewalls to the Internet for every site. At a majority of the sites, we use the firewall as our gateway for the network below.

Previously, we used them just for the Internet firewall and Internet security side. However, in the last year or two, we have started to migrate them as the gateway routers, e.g., as gateways for the networks below. They are doing Internet firewalling as well as firewalling for the networks below.

We are using the PA-220s, PA-440s, PA-820s, PA-3250s, and PA-5250s. We are using all of those hardware models. Then, we are running the PAN-OS 10.1.3 on those.

We have around 40 locations worldwide. At minimum, we have one Palo Alto Networks NG Firewall at each location. At some of the larger sites, we have two Palo Alto Networks NG Firewalls in HA configuration. Then, at our headquarters and disaster recovery site, we have two at each site.

The WildFire feature that they offer is very nice to have. The URL filtering that they offer has been a great help to us as well. We have found with the URL filtering that they offer that we are able to categorize what traffic can go outbound to the Internet from our internal network. By doing the URL filtering, we are able to say that we are not allowing gambling, adult content, or certain URL categories that we just don't want to allow. Then, with WildFire, that helps detect any viruses coming inbound or on east-west traffic inside of our network.

Palo Alto Networks NG Firewalls embeds machine learning in the core of the firewall to provide inline, real-time attack prevention, which is very important. I got an email saying that there was going to be a new 400 series firewall, and it was talking about the ML and AI features that it is offering. That is very exciting to see coming for all our firewalls.

We have the Palo Alto Next-Gen firewalls as well as Cortex XDR for the antivirus side. We are making use of Cortex XDR and Data Lake to correlate the data. We definitely see the benefits of having all that in one unified platform. Some of my colleagues are able to see how certain malware security incidents can correlate to how the virus or malware came into the network, then how it traversed our network based on the XDR information.

I can manage 1,000 firewalls from a single pane of glass.

I am looking to have the machine learning see how a virus or malware will morph, then prevent that from happening. That seems invaluable at this point.

We have a lot of the older firewall models, i.e., the PA-220. It seems that with newer operating systems the PA-220 is becoming slower than when I first bought it. It is not really an issue for users who are passing traffic through the firewall, but more from the management access of it.

We have had them for about three years.

I have had some issues here recently, but it has been more operating system issues. As far as the hardware goes, they have been very solid. Out of the last three or four years that we have utilized Palo Alto Network NG Firewalls. I have only had one time where I had a hardware failure on it that had to get a replacement.

It is very scalable. The Panorama management tool makes it very easy to add a new firewall. You can add one, 10, or 100 firewalls, deploying them quickly and keeping the same security posture that you had in place previously with other devices.

I have not noticed any trade-offs from security versus network performance at all. I think they are both running very well. We haven't lost network performance with an increase in security or vice versa.

The entire company is using the solution. We are a manufacturing company who manufactures electronic interconnects. We have our own marketing department, engineering, learning development, HR, accounting, and IT. Thus, we have a broad spectrum of users who are using the solution.

We actually have a very small staff. There are only five of us who are actively administering the Palo Alto environment. We have around 40 locations worldwide with just over 8,000 users globally.

We are using it at every facility. We are using it as a gateway router as well as our next-gen firewall. We have no plans to change all that. We are pretty happy with how we are configured. So, I think we will keep that trajectory.

The technical support is very good. I am very happy with the tech engineers. They have always been quick to respond and very knowledgeable about the issues that I have had. They help me get those issues resolved quickly. I would give them 10 out of 10.                                

Positive

It gives us added security compared to our previous firewalls. They were very cumbersome to manage, and they had no central management. By switching to Palo Alto Networks NG Firewalls, we made use of the Panorama management tool to manage all our firewalls. The management side is much easier. Also, it provides visibility from their monitoring to be able to see the traffic. Whereas, I was not able to see that before with our previous firewall manufacturer.

With our previous firewall vendor, the maintenance was running to the end of its contracts. Therefore, we were looking to switch anyway because we just weren't happy with that hardware. Our implementation strategy was basically to replace all the old firewall hardware with something new. At the time, we were pretty happy with what Palo Alto Networks was offering.

The setup is very straightforward. I am familiar with other firewalls and the configurations for them. Switching to the Palo Alto Networks NG Firewalls was pretty seamless.

The initial deployment of the first site, switching from the old firewalls to the Palo Alto Network NG Firewalls, took about two to three days configuration-wise. Actually switching over from the old firewall to the new firewall was pretty seamless because we can preconfigure the firewall and then replace the old firewall with it. There were no issues.

Our VAR helped us do some research on what firewalls would be the best for us. We did our own testing, and we liked this solution. That is why we ended up going with it.

We do have other tools that we are phasing into the Palo Alto unified platform environment, bringing in Cortex XDR as well as looking at SIEM products. So, we definitely see the benefit of the unified platform. We have been able to cut down on some of our other hardware. So, it is definitely saving us costs as far as combining different hardware into one hardware device.

We have not had to replace hardware routers nor purchase additional hardware. So, that has provided a little bit of an ROI.

The Palo Alto solution is actually not expensive. It was comparable to the old firewall manufacturers that we were using. From the benefits that we have gotten out of the Palo Alto products, it is well worth the difference in cost, even though the difference in cost is not much at all. I would highly recommend Palo Alto products to anyone.

I just started getting in some of the PA-400 series a couple weeks ago. As far as pricing goes, it was not that much more than the existing hardware platform or the existing firewall that we had in there, i.e., the PA-220. It was not much more expensive and the performance was way better, as far as the management of the firewall itself. The management of those firewalls has greatly been increased.

When we were looking to switch, we narrowed it down to two or three. Then, we obviously decided to go with the Palo Alto product. Palo Alto had better specifications for their hardware.

I would highly recommend the solution as well as looking at the new PA-400 series product line with the machine learning and AI. That is a very good feature that is now available.

The biggest lesson for me was to not skimp out on hardware based on pricing.

I would give this solution 10 out of 10. I am very happy with the product.

We use the solution to access clients.

I like the configuration of the product. The configuration is quite simple to understand. The product is easy to manage.

The solution has a lot of features. However, there are no deep configurations available. The functionalities are limited. Other products offer more customization.

I have been using the solution for the last five years.

The product is stable.

The product is currently being used by three of our customers. We provide them with dedicated VMs.

The local support is good. The response is slow when I try to reach out to technical support on the customer portal. It might be because the tickets I raised were P3 or P4 tickets. However, I do not get proper responses for P2 tickets either. I get a good response when I call support directly.

We also use FortiGate, Check Point, Forcepoint, and SonicWall. We use the tools based on our clients’ requirements.

The initial installation was easy. It was not difficult for me because I am familiar with many products.

The solution is worth the money. However, there are other tools that provide features similar to Palo Alto but are less expensive.

The solution’s cost is a little high compared to other products.

I will recommend the tool to others. It is a fine product. If someone is looking for DLP and other features, the product might not suit them. The product has good URL filtering features. Overall, I rate the solution a seven or eight out of ten.

We use Palo Alto Networks NG Firewalls to protect our end-to-end environment.

Palo Alto Networks NG Firewalls use machine learning embedded in the core of the firewall to provide in-line, real-time attack prevention.

Palo Alto Networks NG Firewalls use predictive analytics and machine learning to instantly block DNS-related attacks. The data for attacks or prevention is based on a segmented mask. Palo Alto Networks also keeps signatures updated on a holiday and on the Palo Alto Network and cloud. This helps to prevent signature leaks and secures dynamic web applications.

The solution is able to detect and resolve the initial tunneling attack.

Palo Alto Networks NG Firewalls are constantly being updated with new feature packages, and the improvements are the best we have seen compared to any other product in the industry. This is due to the company's deep knowledge of technology and the field.

The solution provides a unified platform that natively integrates all security capabilities. The ability to integrate all of the capabilities is good because it is ready to use right out of the box. Additionally, it is an ECPU. The security is quite robust.

The unified platform helps to eliminate security holes in our organization by providing multiple layers of security. This is important because it can help to prevent any attack.

The unified platform helps eliminate the need for multiple network security tools and the effort required to get them working together. If we are filtering traffic using any other firewall, we will be using different processing methods. However, when we use a firewall or a third-party tool, it then has access to the restriction using the firewall. We can then use this feature to centralize and combine with this.

The zero-delay signature feature handles Wi-Fi. It analyzes each file type that is downloaded during a session and then sends the file analysis signature to the file cloud. This has made our network more secure.

Palo Alto Networks NG Firewalls' single pass architecture provides greater security and performance because all security functions are consolidated into a single device.

I like the remote access and URL filtering features that are available on global products. There are also other features, such as application-based access, that allow us to provide user IDs based on the type of access needed.

The analysis of the ITS ID by Palo Alto Networks NG Firewalls could be improved.

I have been using Palo Alto Networks NG Firewalls for six years.

Palo Alto Networks NG Firewalls are stable.

Palo Alto Networks NG Firewalls are scalable. We have around 10,000 users.

The technical support is generally good, but it can be difficult to get the right person on the phone.

Positive

The initial setup is moderate. We can deploy within an hour or two. The deployment requires two people. Four to five people can handle the maintenance.

We implement the solution for our clients. 

Our clients have seen a return on investment with the solution.

Palo Alto Networks NG Firewalls are expensive compared to other firewalls such as FortiGate Next-Generation Firewall.

I give Palo Alto Networks NG Firewalls a nine out of ten.

Organizations that require network security should not choose a firewall based on cost. I recommend Palo Alto Networks NG Firewalls to harden security posture.

I definitely recommend Palo Alto Networks NG Firewalls for medium and large organizations.

We use Palo Alto Networks NG Firewalls for our network security. We deployed the solution on both the cloud and on-prem.

Palo Alto Networks NG Firewalls machine learning secures our network against threats that evolve rapidly.

The DNS security feature is already commonly used for authentication by clients, with many threats being pushed from the inside to the outside. DNS security helps improve our network.

The DNS security feature is integral in protecting against DNS tunneling.

The solution provides a unified platform that natively integrates all security capabilities. Palo Alto Networks NG Firewalls' unified platform helps us eliminate security threats. We use all the Palo Alto Networks NG Firewalls' features including the UTM, WiFi, and VPN feature to protect our network. 

Both the network performance and security of the single-pass architecture are good. 

There are many valuable features, such as wireless cloud features. The IP and signals are updated regularly, and all UTM features provide good basic gateway-level security.

Palo Alto Networks NG Firewalls machine learning in the core of the firewall to provide real-time attack prevention is a basic requirement for our private security network.

The bugs can be improved.

I have been using the solution for eight years.

The solution is stable. We encounter small bugs sometimes but they are not a problem.

The solution is scalable.

The technical support is good.

Positive

For experienced people, the initial setup is straightforward. Cloud deployment can be challenging for someone new. The deployment takes around one hour.

We implement the solution for our clients.

I give the solution a nine out of ten.

Our clients are enterprise-level.

The PA400 series has good performance and security.

I recommend Palo Alto Networks NG Firewalls to others.

We use this solution as our external firewall and VPN.

The fact that I can perform several security functions in one device at wire speed is a valuable feature. I don't have to slow down my business transactions, and I don't have to inconvenience my users with 16 different solutions. I can have it all in one box, and it protects my organization at wire speed.

Palo Alto Networks NG Firewalls catch a lot of things that other firewalls may not catch and support more current security practices. We get updates several times a day from WildFire, and the firewalls do a great job of keeping us protected.

Within their domain, Palo Alto Networks NG Firewalls provide a unified platform that natively integrates all security capabilities. This is critical because I don't want to deal with multiple devices. I want to do it all with as few devices as possible and have it all work successfully.

It's very important that these firewalls embed machine learning into their core because the only way to keep up with the changing threat environment is to keep learning about it.

Palo Alto Networks NG Firewalls are the gold standard right now for securing data centers consistently across all workplaces, and I'm using them across all of my locations. They provide a consistent experience for the management team as well as the end user.

Surfacing actionable intelligence right away could be better. You have to dig far to get some of the information. If the solution could surface the two or three things out of the 10,000 a day that we really need to deal with, it would be helpful.

I've been working with Palo Alto Networks NG Firewalls for about 20 years.

It is a rock-solid solution in terms of stability. You very rarely have to worry about it. If there's a problem, it's usually because a rule got configured incorrectly.

Across the product line, the NG firewalls scale very well. Within the individual units, however, there are some limitations. It's not always clear to resellers as to what those limitations are. Therefore, as your organization grows you may start to bump into those limitations unexpectedly.

Palo Alto's technical support is pretty good and is among the best. We have called them several times, and they've been on it. Sometimes, it can take a bit longer for them to understand an issue, but overall, I would rate technical support at eight.

Positive

We have used several firewalls including Cisco, Fortinet, and Check Point. We chose Palo Alto because it's the only one that brings it all together in one platform and lets me manage it. It also removes the complexity of what I have to manage and deal with.

The initial setup is fairly straightforward. You put the firewall in with whatever might be there right now in learning mode, and then you can figure out where the holes are.

Palo Alto Networks NG Firewalls have prevented a number of things from happening. We would not have been able to prevent those things from happening had we had other firewalls.

Palo Alto Networks NG Firewalls are the Cadillac standard, and you do pay Cadillac pricing. However, the protection is worth the steep price. 

If you're looking for the fastest firewall, Palo Alto needs to be on your list. They seem to be the only ones that perform at wire speed right now. If you want the cheapest firewall, you will be able to find cheaper options, but you won't find better options than Palo Alto Networks NG Firewalls.

Overall, I would rate Palo Alto Networks NG Firewalls a nine on a scale from one to ten.

The biggest value of RSAC is being able to see everything I don't know anything about. It helps me keep up with where the industry is going.

Also, attending RSAC impacts our organization’s cybersecurity purchases made throughout the year. I chat with my existing vendors when I attend and have conversations with those my team recommends. We then make purchasing decisions based on what I see at RSAC.

We started using this solution as a basic firewall, and then, we ended up with URL filtering, IPS, and decryption.

It increased visibility, and we can see things that we couldn't see before and are able to decrypt as well. We can actually see what's going on in our network.

Decryption is one of Palo Alto Networks NG Firewalls' best features because we can decrypt by category. For instance, we can decrypt everything except for bank traffic so that we don't interfere with the passwords and two-factor authentication of those checking their bank accounts at work. We can still monitor for malware and other threats that come through a secure channel. It's seamless for users. The URL filtering and IPS are both great as well.

Palo Alto Networks NG Firewalls provide a unified platform that natively integrates all security capabilities. WildFire stops a lot of viruses and malware that come in from the outside. In addition, when you decrypt the traffic you'll be able to see a lot that you couldn't before. You can then integrate that into a SIEM and have visibility into all the different things that are going on. Integration with WildFire provides sandboxing and tells you if it's malicious content or not. Then, you can do URL filtering for the endpoints. All of this data goes into the SIEM. Thus, it's a really good, well-integrated software.

This native integration is very important to us because of the cost. When we get an enterprise license and get all these features on one device, we don't have to buy five devices or virtuals or set up a virtual or cloud farm to do the five things that the solution will do automatically, natively out of the box. We have been able to save money because we are able to get rid of our decryption software and are getting close to letting go of our filtering software.

It's important to us that Palo Alto Networks NG Firewalls embed machine learning in the core of the firewall to provide inline, real-time attack prevention. This is important because those who exploit us daily use new tactics that are not seen at all times. They employ tactics that use applications that we currently use, such as PowerShell. If a PowerShell script comes in and it's decrypted, launched in WildFire in a sandbox, and blocked, it cuts our threat vector down tremendously.

When we go across all the workspaces, it's simple. The web-facing servers are protected with IPS, and the endpoints are protected with URL filtering in the sandbox and decryption. We log all of the MAC addresses, so we block hackers from getting into different websites when staff use a Wi-Fi connection off-site. In terms of securing data centers consistently across all workspaces, our whole ecosystem depends on having Palo Alto so that we can have one centralized SIEM where all the data is. Our SOC can investigate all the alerts that we get from all of these different areas.

Palo Alto Networks NG Firewalls need better training modules. You have to do a lot of reading prior to watching the training videos, and it's good for people who are really into it. However, often you want to use a video for a TID. You want to see how to do something rather than spend 30 minutes reading and then another 30 minutes watching the class. As a result, I take third-party training classes rather than Palo Alto's training because they are a lot better.

The training should be more accessible because if everybody has to pay for training, it makes it harder for us to get in techs who are qualified to do the work. If there are clear levels and schemes for certification, it would be great.

I've been using this solution for probably five years now.

The firewalls are always on, and we haven't had any stability problems. We haven't even had any hardware failures, and the perishables are great.

The firewall's scalability is nice because you can take a VM and put more memory in it. If you virtualize, then you can scale it out. With an enterprise license, you can load several to get all different points of your internet access. For example, one could do URL filtering just for the desktop, and another one could be an IPS in front of something else.

It's very flexible, and you can use these virtuals to contain all these different situations from an architectural standpoint without having to buy other software.

Palo Alto's technical support is great, and I'd give them a ten out of ten.

Positive

The initial setup is straightforward in the sense that when you put it in it starts doing what it's supposed to do. Then, you have to turn on all the features that you want.

We mainly worked with Palo Alto Networks. They taught us a lot and have been very helpful in getting us onboarded with all of the different features.

We see a return on our investment every day. We have threat hunters who go through the data and tell other state agencies where the problems are or what we were able to stop.

We haven't had a problem with pricing or licensing because we consolidated other software to make Palo Alto more affordable.

If you're just looking for the cheapest and fastest firewall, remember that you'll get what you pay for. Check if the company is able to support its product 24/7. You have to be able to get technical support on the phone at any time of the day or night. In addition, the company has to be able to do training on its firewall, and there has to be a job market for it so that there's an employee pool from which you can pick someone who knows the software. If it's an obscure software company, and they only have two or three people in the country who are certified on it, then it would hurt you a lot because you won't be able to call these two or three people in the middle of the night and expect them to always be there. Palo Alto has a very deep bench, so they can go globally and get you tech support at any time. That's very helpful.

The price is dependent upon how many features you use. If you have a Palo Alto ecosystem where you use Prisma, IPS, URL filtering, and decryption, it's going to be affordable because you will be able to eliminate other software. However, if you're looking to use Palo Alto as just a firewall, it may not help you that much because everybody out there competes to provide a firewall experience.

On a scale from one to ten, I would rate Palo Alto Networks NG Firewalls a ten.

The value I get by attending an RSA Conference is being able to see new up-and-coming software. Some products are new to the market, and others are trying to get their product to market. A lot of times, these products have key features that others don't.

Attending RSAC helps to influence cybersecurity purchases throughout the year because we are able to see a product that we didn't know was available. We learn that there is software that does certain functions that we didn't even know we needed. There are some products at RSAC that may be too expensive, but there are others that we would consider because they are cost-effective and have feature sets that we didn't know about.

We used the solution as an edge or internet firewall where we were running IPS/IDS and doing filtering on it, apart from the other security features. We are still using it for our users' VPN activity and to manage site-to-site VPN tunnels with other clouds, like AWS and Azure, so that there is connectivity back and forth between those cloud providers and our on-prem data center.

The features I like are the debugging and troubleshooting through package capture. It's easy to capture from the CLI and it's also easy to get logs from the CLI.

It's very important that Palo Alto NG Firewalls embed machine learning into the core of the firewall to provide inline, real-time attack prevention. That increases our security posture. It gives us real-time anti-cyber activity and enables us to look at it. The firewall is able to capture it and flag it and it is easy to mitigate as soon as we see something like that happening, to secure the environment more, in real time.

These firewalls have the zero-delay signatures feature, which is really important because you don't want to be lagging behind with any kind of security updates. It doesn't affect our security a lot, but without it, we could be compromised a little bit. If updates are delayed by a couple of hours, there's an opportunity for the bad actors to execute something in that time frame. It gives us a little bit more security, but it's not like it's a high-severity situation.

Overall, they're doing great with the features. They're improving them day by day and year by year, which is really good. They're making new products that are compact inside, which is also really good. Instead of a full rack, they have tiny devices that have the same or even better performance compared to the bigger ones. They are doing well in improving the units, features, and security.

I've been using Palo Alto Networks NG Firewalls for eight years.

They're very reliable and stable. Compared to some of the competitors, they're more reliable.

The scalability is also good. They provide good options for scaling. The only thing that I would think about is that, in the newer firewalls, they have increased the performance but decreased the number of concurrent VPN connections or users. The new, compact devices have better performance, but they have reduced the number of users that can connect. Maybe that's a marketing strategy to sell higher-end models.

In my organization, everybody is using the Palo Alto firewalls because they're connected to the VPN, but the management and operations aspects are limited to the folks in IT.

These firewalls used to bring a lot of value to us, but in my practical experience, in the last three years at least, they have been lagging behind their competitors. The main issue is the support that we can get.

For example, in the past, if something happened, we could just give them a call and open a ticket, and we would have technical support right away to help us. Whether it was a severity-one, critical incident, where we had no connectivity, or just a minor or medium-severity issue, we used to get support right away. But in the last three years, it has been really hard to get hold of an engineer. I have reached out a couple of times to give them a heads-up, "This is a ticket I opened three days ago. I'm trying to get a hold of anybody."

It's okay that they force us to open a ticket on the portal, but after opening a ticket, it's really hard to get support when you need it. You have to wait for them to get back to you and sometimes it's random. And the biggest problem I have is that you have to wait hours on the line when you're calling them to get a hold of the next available engineer.

They should make it easier to get in touch with their TAC. This is what they have called transforming the customer experience, but I believe it's getting worse. That's the only thing they have to improve. When you do get someone, the support from their end stands out, it's a nine out of 10. But getting a hold of an engineer is a two out of 10.

Neutral

The initial setup is very straightforward. You need to connect through the portal manager and to the IP that you want to access remotely. And pushing the configuration from other devices is very easy. They provide tools so that you can get the configuration from competitors' devices and convert that into the Palo Alto version. It's very easy to configure initially and to manage as well.

On the maintenance side, it's really good. We don't have to put a lot of effort into that.

The security and performance of the PA-400 series of Palo Alto NGFWs, versus its price, is really good. It's very inexpensive and has good performance compared to the previous higher-end 3000 models.

Palo Alto provides Panorama where you can manage a bunch of firewalls from a single pane of glass or just one device. It allows you to manage all of the firewalls in one, integrated location. You don't have to make a chain of 50 different firewalls. It will push what you need to be changed to all the other firewalls. We used to use it, but we got rid of it because we replaced all our Palo Altos with competitors' firewalls and we don't use Palo Alto anymore, other than for VPN. We have six firewalls in our organization right now, although we used to have 35 to 40. Because we no longer have a lot of firewalls, we got rid of Panorama. We don't want to pay for it to just manage six firewalls where we are not making any changes frequently. If we had 35 or 40 still, I would definitely recommend having Panorama.

Panorama is for managing the rules. It saves time on configuration, but it doesn't affect your security posture. Whether you're managing each firewall or using Panorama, it's exactly the same thing. But it helps you to execute changes in a very short period of time. It's a way of pushing the config to all your devices.

I design networks for our customers; I always use a high-speed packet filter upfront because I work for a Juniper partner company. This is usually a Juniper SRX series firewall and it does most of the easy work. Behind that, I add a more intelligent firewall, Palo Alto NGFW. We are partnered with Palo Alto, but that's not the main reason we use their solution. I worked with Check Point products for four years, and the Palo Alto alternative seriously impressed me. Here in Hungary, Palo Alto is considered the de facto intelligent firewall, for good reason.

I work for an integrator and support company, and I support our customer's security platforms; we have many customers with Palo Alto Networks NG Firewalls.

The firewalls improved our organization. Creating firewall rules is much simpler. The solution is so straightforward that customers can configure it themselves, and they rarely call us for that, which is great for us as a support company. It makes our job much easier as Palo Alto NGFWs don't require a security specialist to configure; it can be done by systems engineers or IT support staff. 

All the features are valuable, but my main one is the straightforward and well-designed GUI. I'm over 50 and have been in this business since the internet started. I'm not a GUI guy; I prefer using the command line. The product's GUI is excellent, and so is the threat intelligence. It's also straightforward to configure and flexible. The solution even has good networking, such as VLAN and subinterfaces, which is great because, in my experience, if the firewall is good, then the router usually isn't and vice-versa, but Palo Alto has both.

We use the on-premises solution, and it's very impressive; both flexible and intelligent. The machine learning functionality is excellent, and I love the product as a support guy because it makes my job much easier. I have very little troubleshooting, and our customers haven't had a single security incident since implementing Palo Alto. I'm deeply impressed with this solution.

The machine learning against evolving threats works well. The best thing I can say is that none of our customers have had any security issues; I can't find any problems with the solution.

The support is outstanding; we are always alerted about potential issues such as bugs in advance, so we have time to adapt and prepare. Palo Alto has grown more effective; most importantly, there haven't been any security issues. I would give the product a 10 out of 10 for flexibility and at least a seven for security. I can't say precisely what security threats our customers face, but nothing has gotten through.

The solution provides a unified platform, which is essential because there is a significant shortage of experienced IT specialists in Hungary and elsewhere. Their effectiveness is amplified by the quality and straightforward nature of the solution, and the result is more robust security.

I don't have a direct view of our customer's security threats as it is privileged information, but I can say that there have been no security breaches. I would say the solution does eliminate security holes. 

Our Palo Alto firewalls have the zero-delay signature feature implemented, and it works fine. There haven't been any issues with us or any of our customers. This feature makes the whole security system more efficient. 

The network performance is top-notch; I would give it a 10 out of 10. Intelligent firewalls tend to be slower, but this solution is fast. Previously, I used a simple packet filter or zone-based packet filter in conjunction with an intelligent firewall, but Palo Alto is fast and secure enough for standalone use. I've been familiar with the solution's architecture from the beginning, and it's a very nice platform.

I recommend this solution to any engineer; technically speaking, it's the best product on the market. I know it isn't the cheapest, and decisions are often made on a financial level, but Palo Alto in Hungary always gives us a good deal. 

The solution's VPN, called GlobalProtect, could be improved as I've had a few issues with that. 

It can be challenging to migrate configurations between Palo Alto firewalls or restart with a backup configuration using the CLI. That could be improved. I think I'm one of the only people still using the CLI over the GUI, so that's just a personal issue.

I have been working with the solution for four years.

The solution is incredibly stable.

We work with hardware platforms, and they are usually slightly over designed to be on the safe side. The virtual firewall is highly customizable, but I have experience with the hardware platforms, and there is an upper limit on those, but I haven't had any scaling issues thus far.

In Hungary, where I live, the population is 10 million, similar to London. When I say we have 1000 end-users, it may seem like a small number, but that's relatively high for Hungary. Other vendors also supply the solution here, so 1000 is just our customers.

I mostly do deployments and maintenance alone. There are three systems engineers at our company.

The customer service and support are good. I have full support when I have a problem, and they can even do remote assistance. We had a big power failure, and the firewall didn't restart; they provided a hardware expert over the phone to solve the problem. They are very impressive. I would say Juniper offers the best support, but Palo Alto is almost as good, if not just as good for me.

Positive

I have been in this business from the beginning, so I used most firewall solutions. I focused on Cisco for 15 years, but that changed due to license-based selling in a very price-sensitive market. Cisco is not as viable an option as it used to be as customers consider it too expensive. I also used a Check Point solution, which was regarded as the go-to intelligent firewall five years ago, but now Palo Alto has taken that top spot. 

We are partners with several providers, including Juniper, Palo Alto, and a few others, but I always go with Palo Alto because it's a straightforward solution with easy installation.

The setup is easy; it's straightforward for anyone with basic networking and security knowledge. It's comparable to setting up a firewall at home, which is very impressive. It's still easy with very complex network setups, only the VPN concentrator, GlobalProtect, is more challenging, as it requires two-factor authentication, but it's still straightforward.

Initial setup time depends on the specific implementation, but we can do a new deployment in one or two days. It is more complicated when migrating from other platforms because the customer expects the same logic and features in the new platform. Palo Alto has an excellent marketing strategy, so their customers know their product uses a unique logic. This helps keep the implementation straightforward and shorter compared to other solutions. 

My implementation strategy begins with a plan for the customer's network based on their needs. Then I set up all the networking parameters and configure the solution in my lab device, so I can export it and import it on-site. Every setup begins in our lab, as it's more impressive to go to the customer and import the configuration right away. 

I don't know about the price of the platform or the license fees, as the finance department deals with that. I only bill for the materials involved in the design.

I don't know about the price. When there's a new project, I go to the meeting, but after a point, all the engineers leave when it comes to money because it's not our business. I know Palo Alto offers good discounts for the partners, and the solutions are good. They offer free trials and win many customers because it allows them to test products and see how well they perform.

The only thing I can say is it's a top technology. 

I would rate this solution a nine out of ten.

Cloud-based solutions are very unpopular in Eastern Europe, only private clouds are used, but on-premises is the favored deployment method. We use cloud solutions at home and for small companies or companies with particular use cases. I implemented the solution for a customer, and my first task was to disable all cloud-related features. It's exceedingly difficult to find a financial or government institution using a cloud-based platform; this market segment tends to have a more conservative mentality.

I don't use the solution personally, but I'm the first-level troubleshooter. If I can't solve a problem, I open a ticket to Palo Alto's customer support.

I have clients who used separate firewalls and VPN concentrators, but after switching to this solution, they now use the Palo Alto firewall and its VPN, GlobalProtect. I don't think it's the best VPN concentrator, it's an excellent firewall, but the weak point is the VPN.

I advise reading the documentation before configuring, which goes for any platform.