Palo Alto Networks NG Firewalls Reviews

We use the solution to protect our network environment. We use three versions: 230, 440, and 820. 

Palo Alto Networks NG Firewalls embed machine learning into the core of the firewall to provide real-time attack prevention, which is wonderful.

We check the machine learning logs to secure our networks against threats that are able to evolve more rapidly. 

I find the solution to be comfortable and easy to use. While I cannot completely authenticate my devices, I am able to distinguish between private devices and use them for authentication in some way, which is very helpful. The URL filtering feature is also helpful and I am very satisfied with the firewall delivery.

Palo Alto Networks NG Firewalls provide a unified platform that natively integrates all our security capabilities through Cortex XDR.

I give the solution's single-pass architecture for performance and security an eight out of ten.

There are many valuable features within the solution. This includes security, a user-friendly firewall, antivirus, and global protection.

Palo Alto Networks NG Firewalls' documentation, features, and user-friendliness are excellent.

The VPN has room for improvement.

I have been using the solution for two and a half years.

For the most part, the stability is good but we sometimes face problems with the VPN connections.

The solution is scalable. We have 150 people that use the solution.

We often don't have to open a ticket as the documentation provided is usually comprehensive, and we can usually resolve most issues on our own. The one time I submitted a ticket, the technical support was not able to resolve the issue.

Positive

I previously used Forcepoint Next-Generation Firewall which is cheaper than Palo Alto Networks NG Firewalls but I prefer Palo Alto because it is user-friendly and supports more devices and features. 

I was not involved in the initial setup but I did migrate the 820 to the 440 and it was straightforward. The migration took a few hours.

Palo Alto Networks NG Firewalls are expensive.

There is an additional cost for support.

I give the solution nine out of ten.

The maintenance consists of regular updates only.

Currently, we do not use Palo Alto Networks NG Firewalls across our entire network but we have plans to extend them in the future.

I recommend Palo Alto Networks NG Firewalls to others.

We use it to segregate traffic between different tenant instances and to manage secure access to environments, DMZ zones, and to communicate what the firewall is doing.

With Palo Alto NG Firewalls, we can pass all compliance requirements. We trust it and we are building the security of our environment based on it. We feel that we are secure in our network.

It also provides a unified platform that natively integrates all security capabilities. It's very important because it gives us one solution that covers all aspects of security. The unified platform helps to eliminate security holes by enabling detection. It helps us to manage edge access to our network from outside sources on the internet and we can do so per application. It also provides URL filtering. The unified platform has helped to eliminate multiple network security tools and the effort needed to get them to work together with each other. In one appliance it combines URL filtering, intrusion prevention and detection, general firewall rules, and reporting. It combines all of those tools in one appliance. As a result, our network operations are better because we have a single point of view for our firewall and all related security issues. It's definitely a benefit that we don't need different appliances, different interfaces, and different configurations. Everything is managed from one place.

The most valuable features include the different security zones and the ability to identify applications not only by port numbers but by the applications themselves.

The DNS Security with predictive analytics and machine learning for instantly blocking DNS-related attacks works fine. We are happy with it.

And with the single-pass architecture, it provides a good trade-off between security and network performance. It provides good security and good network throughput.

The machine learning in Palo Alto NG Firewalls for securing networks against threats that are able to evolve and morph rapidly is good, in general. But there have been some cases where we get false positives and Palo Alto has denied traffic when there have been new updates and signature releases. Valid traffic gets blocked. We have had some bad experiences with this. If there were an ability, before it denies traffic, to get some kind of notification that some traffic is going to be blocked, that would be good.

In addition, there is room for improvement with the troubleshooting tools and packet simulator. It would help to be able to see how packets traverse the firewall and, if it's denied, at what level it is denied. We would like to see this information if we simulate traffic so we can predict behavior of the traffic flow, and not just see that information on real traffic.

I have been using Palo Alto Networks NG Firewalls for about three years.

The solution is pretty stable.

The scalability is good.

In terms of the extensiveness of use, it depends on business needs. Every communication from the company is going through this solution, so it's highly used and we are highly dependent on the solution. 

In terms of increasing our use of the solution, it all comes down to business needs. If the business needs it, and we get to the limit of the current appliance, we will consider updating it or adding more appliances. At this point, we're good.

We previously used Cisco. The switch was a business decision and may have had to do with cost savings, but I'm not sure what the driver was.

The initial setup was a little bit complex, but not terrible. The complexity was not related to the product. It was more to do with needing to prepare and plan things properly so that in the future the solution will be scalable. If there were some predefined templates for different use cases, that would help. Maybe it has that feature, but I'm not familiar with it.

The time needed for deployment depends on the requirements. We also continuously optimized it, so we didn't just deploy it and forget it.

Our implementation strategy was to start with allowing less access and then allowing more and more as needed. We made the first configuration more restrictive to collect data on denied traffic, and then we analyzed the traffic and allowed it as needed.

We have less than 10 users and their roles are security engineers and network engineers. We have three to four people for deployment and maintenance and for coordinating with the business, including things such as downtime and a cut-over. The network and security engineers work to confirm that the configuration of the solution is meeting our requirements.

We did it ourselves.

I'm not sure about pricing. I don't know if Palo Alto NG Firewalls are cheaper or not, but I would definitely recommend Palo Alto as an option.

If you need additional features, you need additional licenses, but I'm not aware of the cost details.

We evaluated Cisco, Sophos, Dell EMC SonicWall, and FortiGate. Cost and reputation were some of the key factors we looked at, as well as the flexibility of configuration. Another factor was how many users could comfortably work on the solution when publicly deployed.

The fact that Palo Alto NG Firewalls embed machine learning in the core of the firewall to provide inline, real-time attack prevention is important, but I still don't completely trust it. I haven't really seen this feature. Maybe it's somewhere in the background, but I haven't gotten any notifications that something was found or prevented. At this point, we still use traditional approaches with human interaction.

Overall, what I have learned from using Palo Alto is that you need to be very detailed in  your requirements.

Upstream and data center NGFW.

Security, visibility and control, you can secure your environment from many types of attacks such as virus, malware, DoS attacks, intrusions, bad URLs, bad domains with basic DNS security which it an awesome feature.Visibility, that you will be aware of the is going on inside your network, such as malicious activities, decrypt the encrypted packets, as well as policy audit review.

This solution has really helped the technical engineers to deliver the implementation faster than the before.

All of the features are good. The new release of the new basic platform provides you with a huge number of features, such as policy review, DNS security, Machine learning, Network traffic profiling, Bare metal analysis

(Malware) On-prime scanning should be considered.

Endpoint management (traps) better to be on-prime than cloud.

QoS, It should be more sophisticated than it is now.

TAC support should cover meddle east area by Arabic support, such as in France, Germany, Italy and Japanese.

I like the stability of the solution. From a stability perspective, all of them are stable. Sometimes Cisco's older versions, maybe from two years ago, were not as stable. Now, Cisco has improved its firewall and security products.

In terms of scalability, no security products are scalable to upgrade. Not ever. While assuming you are dealing with scalability, you have room to increase or to have room to expand, but actually, you don't because there is limited support. Even if you bring in the highest model, it's still limited.

Their support is very limited. It's limited compared to the competitors. They need multi-language support. Now, they provide support in English only. 

If anyone in the Middle East opens a ticket, they have to do it in Arabic but they get support in English, not in Arabic. The communication between the technical people or the campus sites to the vendors now is in English.

The initial setup was very easy. All the initial setups have become very easy. Before, the setup used to take a week to implement a firewall. Now it's a couple of minutes or one day maximum for fine-tuning. To fine-tune the firewall it can take one day, two days if you are junior. In terms of how many people you will need to deploy the solution, it depends because the firewall is not a straightforward technology like any security program. 

We used on-site security advisors.

7 years

In terms of pricing, every model has a license. For example a small model, the license around 1,000 USD. The next one around 2,000 USD. The next range is 11,000 USD to 13,000 USD. It's expensive compared to PaloAlto competitors.

Yes, was fortinet

Palo Alto's firewall protects your network against attacks, threats, and many other things. Networking can be more advanced. You can upgrade the edition of Palo Alto. There's competition between Palo Alto and Fortinet firewalls. Most IT security people don't know which to pick. For a basic firewall, I recommend Fortinet because it has two or three basic firewalls. I personally need a data center firewall. Datacenter firewalls I would recommend FortiGate because of the support. It provides a high level of support.

The latest Palo Alto release has many new features. It can provide you with audits, and policy auditing for a policy review. This allows you to know what's going on inside the network from a quality perspective because sometimes you can create new policies - up to one million policies. You can choose policies, and sometimes you get something by mistake. It provides you with an ability to view or do a policy review or policy audit. This is a major feature. It's a very important feature because before it was impossible to bring the visibility to the policy audits to let me know what's going on inside my policies. Now Palo Alto has provided this feature. 

In terms of advice I'd give to someone considering this solution, I'd say they should read more before going to the implementation phase. They have to read the administrative guides, and product guides before going to implementation. They have to check the platform because different versions of the platform have some new features. The technical people have to review before going to implement it because sometimes they don't need to upgrade this platform or this version. It is not a stable version. You have to read more before going to do the implementation. Ask an advisor, the vendors or call Palo Alto. You can call them, they have great coverage in any country in the world. You can ask the technical engineers what is the best design, their recommended design.

I would rate this solution an eight out of 10. 

We use Palo Alto Networks NG Firewalls for cybersecurity and network security for our infrastructure for our districts, worldwide. 

The SIM's ability to analyze traffic and take appropriate action is the most valuable feature of this solution.

It is an extremely powerful solution as it provides visibility into all the network traffic, and offers a range of actions such as blocking websites or graphics, as well as load balancing. It's a great tool.

The solution's user-friendly interface and clear network visibility are highly valuable to us. It makes management easier, especially for those without extensive technical knowledge.

The benefit we derive from this solution is not only its ease of use but also how it enables collaboration among our team for special activities in our network.

Additionally, the reports that we can generate from the software are very valuable.

Using Palo Alto Networks NG Firewalls has helped us reduce downtime.

Compared to our previous solution, I believe it was Fortinet. It saves a lot of time, you know, especially running your reports and analyzing the traffic. I believe we save thirty to forty percent.

It provides a unified platform that natively integrates all security capabilities.

It has seamless integration with all our devices, including Mac and Windows, and also with our secret server. Moreover, it is even integrated with the Microsoft streaming application that we use.

The embedded machine learning functions seamlessly and can be easily accessed through the dashboard's dedicated tools. Its ease of use is impressive.

I believe it would be beneficial if the solution could integrate with Google Chrome, especially for students who use Chromebooks. However, as far as I know, the solution currently does not support Google Chrome.

I have been using Palo Alto Networks NG Firewalls for five years.

The solution is incredibly stable. 

We have installed patches and updates, and they have all gone smoothly without any issues.

We haven't fully used the capabilities of the firewall, but we purchased a larger scale to prepare for potential future growth.

The firewall is deployed across all six schools and the district office, protecting the entire infrastructure, including switches, access points, and other devices.

This is approximately 3,500 to 4,000 devices.

The technical support team is readily available and very helpful. They provide great assistance whenever we encounter any issues.

There are delays at times, but overall, they are great. I would rate them a nine out of ten.

Positive

Previously, we used Fortinet.

I was involved in the deployment.

We received assistance from the technical support team who helped us implement the project.

We have seen a return on our investment.

As previously mentioned, the firewall is easy to use and has helped us save a significant amount of time, approximately thirty to forty percent.

The cost is quite high.

We evaluated Fortinet as well as Cisco.

The firewall we use is recommended by our county office of education, which also uses the same application. 

This makes it easier for us to collaborate with the county and share reports between different departments.

I'm thoroughly impressed during my inaugural visit here. The array of products and the advanced technology showcased are truly exceptional. It's a great experience.

I plan to revisit it in the future.

Certainly, my attendance would have a significant impact on my cybersecurity-related buying choices as I would gain better insights into various vendors and their products available in the market. It would provide me with increased visibility and enable me to make informed purchasing decisions.

By attending the event and gaining insights into the different vendors and products available in the market, we can make informed decisions about which route to take in the future.

I would rate Palo Alto Networks NG Firewalls a nine out of ten.

I primarily help users migrate from traditional firewalls to Palo Alto NG Firewalls. This involves troubleshooting, assisting with application control and backup configuration, and teaching users how to optimize the firewall for their needs. Additionally, I guide users through the process of redesigning their firewalls and migrating their servers, which often includes helping them understand and manage the vast number of applications they have. Sometimes, the firewall cannot identify specific applications, requiring customization to ensure accurate recognition and security. Currently, I am working on a management query language, which involves collaborating with other teams to assess the necessity of specific applications and connections between the firewall and various assets. This ensures optimal security and network efficiency.

Although Palo Alto Networks NG Firewalls now utilize machine learning, its significance wasn't initially apparent to me. My first experience with Palo Alto revealed the power of their machine learning through features like WildFire, which uses real-time analysis to understand and combat hacker attacks. While early versions had tools like Power Tool that hinted at machine learning capabilities, Palo Alto didn't explicitly promote this functionality until version 10, likely in response to increasing market competition and the growing prominence of machine learning in firewalls. The embedded machine learning is helpful.

Palo Alto NG Firewalls has improved our organization's security by providing strong protection through network segmentation and XDR. The firewall has proven effective in reducing security risks and monitoring endpoint activity. It offers excellent application recognition and thorough threat analysis, boosting overall network security.

Palo Alto NG Firewalls have reduced over 90 percent of our network downtime.

Palo Alto NG Firewalls offer an efficient interface that simplifies log checking, troubleshooting connection issues, and firewall policy configuration. The process is user-friendly, guiding users through network infrastructure setup, interface creation, settings application, and policy configuration in a clear and intuitive manner.

Palo Alto Firewalls can improve their support structure, especially concerning longer working hours for engineers. Enhancing support teams' capability to handle cases without much delay would be beneficial. Additionally, the high cost of the product could be re-evaluated.

I have been using Palo Alto Next Generation Firewalls for over ten years.

Palo Alto NG Firewalls are stable. On a scale of one to ten, I would rate them around seven or eight for stability.

I find Palo Alto NG Firewalls to be highly scalable, and would rate their scalability as eight out of ten.

Customer support's effectiveness depends on the clarity and completeness of information provided by users.

Neutral

I've used Check Point and Fortinet in addition to Palo Alto, but I prefer Palo Alto's interface and performance.

The initial setup for Palo Alto NG Firewalls is clear and instructive, detailing network infrastructure setup before advancing to policy configuration.

A fresh deployment of Palo Alto NG Firewalls can be completed in three days, followed by a two-day handover session to train users. This totals five days for deployment and training. However, migrations for companies with over 10,000 users and 20 subnets can take up to a month, potentially involving additional user requests or a phased approach.

I have vast experience deploying these firewalls on-premises within our team, making use of the intuitive interface provided by Palo Alto for implementation.

Although Palo Alto is expensive, its superior security functions, application identification, and overall performance justify the cost and make it stand out from the competition.

I would rate Palo Alto NG Firewalls nine out of ten. The Palo Alto NG Firewalls are great, but they are expensive.

I'm most interested in Palo Alto NG Firewalls, specifically how to improve their efficiency and application identification capabilities. Sometimes applications have unique requirements or behave differently, making accurate identification crucial. Palo Alto NG Firewalls excel at application-level security because they can block traffic, prevent attacks, and identify potentially compromised applications. Unlike traditional firewalls, Palo Alto NG Firewalls go beyond basic policy enforcement and traffic filtering by incorporating intrusion prevention systems and antivirus functionality. This allows them to analyze internal traffic for risks, similar to how antivirus software protects endpoints.

Future users need to appreciate the costs involved in using Palo Alto, and the manual configuration required is beneficial because it ensures clarity and control over what is being configured. To enhance your organization's security posture and management, I recommend implementing Palo Alto Networks NG Firewalls.

Three people in our organization are directly using the Palo Alto NG Firewalls.

Upgrading Palo Alto Next-Generation Firewalls requires some maintenance.

We use Palo Alto Networks Next-Generation Firewalls daily to create firewall rules that permit network traffic for specific applications and end users.

We use various models, including the 800, 400, and 3200 series. The specific model required depends on the size of the remote site where it will be deployed.

Embedded machine learning is crucial because hackers increasingly leverage AI to develop innovative methods of infiltrating networks. AI enables them to create more sophisticated malware and threats, intensifying the arms race between defenders and attackers. To counter this evolving threat landscape, next-generation firewalls must incorporate AI and machine learning capabilities to analyze and mitigate threats effectively.

AI and machine learning are valuable aspects.

UTM solutions like those offered by CheckPoint and Fortinet all offer a single pane of glass for managing security. Palo Alto is the same, but as a newcomer to Palo Alto, I've found its management, particularly with Panorama overseeing our hundred firewalls, challenging. Pushing changes, especially to individual firewalls, often results in failures, requiring full system updates. This inconsistency creates significant hurdles. While I suspect similar complexities exist in Cisco Firepower and potentially Fortinet, Palo Alto's implementation seems unnecessarily convoluted.

Palo Alto claims their NG Firewalls are highly customizable, but this isn't always true. We've encountered an issue where changes to a firewall cannot be reverted. Unlike Cisco Firepower or ASA, where changes are only committed after saving, Palo Alto commits changes immediately and places them in a queue. This prevents reverting changes, even accidentally made ones. For instance, today I was testing firewall rules without intending to push them, but the changes were already committed to the locally managed Panorama server. This lack of control is a significant drawback compared to vendors like Cisco or Checkpoint, where uncommitted changes are not saved.

Executives often praise Palo Alto firewalls, but these same executives rarely have hands-on experience managing them. Unlike them, I deal with the daily complexities of firewall operations. While every firewall has its shortcomings, Palo Alto is no exception. Cisco's ASA, for instance, was frustrating to manage through its ASDM interface, but the CLI configuration was reliable. Unfortunately, other vendors like Checkpoint and Fortinet heavily rely on management servers, limiting CLI options. Pushing changes can be a nightmare with any firewall, often involving unnecessary whole pushes due to errors or version mismatches. Palo Alto is no different; it's prone to bugs and challenges like any other product. Contrary to popular belief, executives who lack firsthand experience with firewall management often exaggerate Palo Alto's strengths.

Palo Alto Networks NG Firewalls have been problematic. Due to failed configuration pushes, I've encountered issues requiring Palo Alto Technical Assistance Center involvement. Based on DNS hostnames, objects are supposed to be automatically resolved by Palo Alto, but this functionality proved unreliable, necessitating a firewall upgrade and patch to correct a bug. Contrary to claims, Palo Alto has not exceeded expectations; managing as other firewall brands has been as frustrating. Each firewall platform has complexities, but I don't believe Palo Alto surpasses Check Point, Fortinet, or Cisco Firepower. While it might have advantages over Cisco Firepower, when compared to Check Point or Fortinet, Palo Alto does not offer greater performance.

I have been using Palo Alto Networks NG Firewalls for nine months.

When installing a Palo Alto Networks NG Firewall, we connect it to the network via a management interface and configure basic settings. Next, we register the firewall with Panorama, its management server, and then plan the network transition.

Palo Alto Networks NG Firewalls are overpriced. While Fortinet offers a more affordable option, Palo Alto commands premium prices due to its strong brand reputation among CISOs and security executives. Despite this, I believe Palo Alto firewalls are overhyped and underperform expectations. Many of these executives, who lack hands-on firewall management experience, base their decisions on marketing claims rather than practical knowledge. In contrast, Check Point pioneered next-generation firewalls, offering advanced features before competitors. However, its reliance on a centralized management system limited flexibility. Cisco, while improving, has also moved towards centralized management, restricting CLI access. Ultimately, I prefer the balance of features and flexibility Check Point offers.

I would rate Palo Alto Networks NG Firewalls eight out of ten.

We use it for security purposes.

Palo Alto Networks NG Firewalls enable efficient application search, viewing, and configuration access across various services for different user groups within our company.     

The only downside of Palo Alto Networks NG Firewalls, in my opinion, is the relatively higher price compared to Cisco FortiGate. This is especially noticeable when deploying basic configurations and considering the cost of licenses.

I have used the solution for the past few years.

In terms of stability, the user rates it a nine out of ten.

I would rate it 10 out of 10. The current user base for Palo Alto Networks NG Firewalls in the environment is one thousand users. Plans are in place to increase usage in the future, particularly with the intention to upgrade for higher speed.

The experience with tech support is positiveand they have found support helpful in addressing network issues.

Positive

Before adopting Palo Alto NG Firewalls, no other tools were used.

I cannot rate the ease of configuration on a scale from one to ten for Palo Alto Networks NG Firewalls. The configurations are diverse, and it's challenging to determine a specific rating, but I find them somewhat similar and not particularly helpful.So, the deployment process for Palo Alto NG Firewalls takes about one month. This duration is due to the various steps involved in the deployment, each of which can be completed within a business day. The complexity arises from the need to connect with numerous clients and services, considering the continuous operation of the business.

In terms of price, the user finds it expensive, rating it around nine.

The overall recommendation is positive, emphasizing ease of deployment, understanding features, and suitability for the company's needs. I give Palo Alto Networks NG Firewalls a perfect rating of ten.

We mainly use the solution for traditional firewall boundaries.

The solution helped us meet our security requirements.

The fact that the Next-Gen firewalls are integrated with identity is the best. It gives us the ability to track what an individual is doing and helps us provide access to only what they need in order to do their job.

Because we want to free up our operators from the routine tasks of investigations, it's important to us that Palo Alto Networks NG Firewalls embed machine learning in the core of the firewall to provide inline, real-time attack prevention.

Technical support could be improved. Palo Alto's technical support used to be great. Whenever I had a problem, I could pick up the phone and call and get answers. That's not the case any longer.

Palo Alto Networks NG Firewalls don't provide a unified platform that natively integrates all security capabilities. It's missing some features for geofencing and understanding locations.

These firewalls are primarily used for edge defense. In terms of securing data centers consistently across all workplaces, that is, from the smallest office to the largest data centers, Palo Alto Networks NG Firewalls don't have a strong zero trust model.

NG Firewalls have not helped us reduce downtime in our organization. Because of technical support issues, we've taken some hits.

I've been using Palo Alto Networks NG Firewalls for 20 years.

It's always been a stable product.

This solution is a firewall that's a hardware appliance, and that's not the direction the industry is heading. Everybody is going toward a software-defined perimeter. Palo Alto doesn't have a strong say on it. They took what they had for their hardware and just put it in the cloud without understanding what being cloud-centric is all about.

I would rate the technical support a three out of ten.

Negative

Our ROI is that the firewalls have been used quite a few times for investigations. We've gathered the evidence we needed to act upon an issue.

These firewalls are not cheap, but they have a reasonable licensing model.

If you are considering attending an RSA Conference, note that you won't gain enough information by attending one conference. However, when you attend year after year, go through the expo, and talk to vendors, you will begin to see trends. You'll see that what's hype one year is no longer a reality another year. Thus, the experience with RSA is a multiple-year experience.

Attending RSAC has made an impact on our organization’s cybersecurity purchases. We've brought products back into our infrastructure based on what we discovered from talking to vendors at the RSAC.

Overall, I would rate Palo Alto Networks NG Firewalls a seven out of ten.