Palo Alto Networks NG Firewalls Reviews

We mainly use the solution for traditional firewall boundaries.

The solution helped us meet our security requirements.

The fact that the Next-Gen firewalls are integrated with identity is the best. It gives us the ability to track what an individual is doing and helps us provide access to only what they need in order to do their job.

Because we want to free up our operators from the routine tasks of investigations, it's important to us that Palo Alto Networks NG Firewalls embed machine learning in the core of the firewall to provide inline, real-time attack prevention.

Technical support could be improved. Palo Alto's technical support used to be great. Whenever I had a problem, I could pick up the phone and call and get answers. That's not the case any longer.

Palo Alto Networks NG Firewalls don't provide a unified platform that natively integrates all security capabilities. It's missing some features for geofencing and understanding locations.

These firewalls are primarily used for edge defense. In terms of securing data centers consistently across all workplaces, that is, from the smallest office to the largest data centers, Palo Alto Networks NG Firewalls don't have a strong zero trust model.

NG Firewalls have not helped us reduce downtime in our organization. Because of technical support issues, we've taken some hits.

I've been using Palo Alto Networks NG Firewalls for 20 years.

It's always been a stable product.

This solution is a firewall that's a hardware appliance, and that's not the direction the industry is heading. Everybody is going toward a software-defined perimeter. Palo Alto doesn't have a strong say on it. They took what they had for their hardware and just put it in the cloud without understanding what being cloud-centric is all about.

I would rate the technical support a three out of ten.

Negative

Our ROI is that the firewalls have been used quite a few times for investigations. We've gathered the evidence we needed to act upon an issue.

These firewalls are not cheap, but they have a reasonable licensing model.

If you are considering attending an RSA Conference, note that you won't gain enough information by attending one conference. However, when you attend year after year, go through the expo, and talk to vendors, you will begin to see trends. You'll see that what's hype one year is no longer a reality another year. Thus, the experience with RSA is a multiple-year experience.

Attending RSAC has made an impact on our organization’s cybersecurity purchases. We've brought products back into our infrastructure based on what we discovered from talking to vendors at the RSAC.

Overall, I would rate Palo Alto Networks NG Firewalls a seven out of ten.

The product’s most valuable feature is security.

Palo Alto Networks NG Firewalls work slowly for vulnerability management. Its performance could be faster.

We have been using Palo Alto Networks NG Firewalls for five years.

The product is stable. I rate its stability a ten out of ten.

I rate the product’s scalability a nine out of ten.

The technical support services are good. They respond immediately.

Positive

We used FortiGate earlier. We plan to switch again to FortiGate as per our vendor’s preference.

The initial setup process is quite easy. It took less than a month to complete.

I rate the product’s pricing an eight out of ten.

We evaluated Check Point. We decided to go to Palo Alto for better pricing.

I rate Palo Alto Networks NG Firewalls a nine out of ten.

Palo Alto Networks NG Firewalls are being used for cloud security in our organization. Along with that, we have implemented SD-WAN, secure access, and XDR. These are the primary firewalls that we have in place.

Essentially, we have almost all of their products across their three suites.

The previous brand we used had a steeper learning curve for our engineers and analysts compared to Palo Alto, which is easier to use. 

We also have an excellent partner in Costa Rica who works with Palo Alto's team there, providing valuable support. Overall, our experience with Palo Alto has been very positive.

Some of Palo Alto Networks NG Firewalls' valuable features are their powerful capabilities and user-friendliness. 

Our security team has found it easy to learn and obtain the necessary certifications and training from Palo Alto.

Overall, we have had a very positive experience with this suite of solutions, including the training they have provided us.

We like the Palo Alto ecosystem and how its different suites of products integrate seamlessly. 

The sharing of information has enhanced our security posture as a company. Overall, our experience with Palo Alto has been very positive.

I believe that It is important that the firewall integrates machine learning to take advantage of all the information that is available, all the data that is available.

You have to integrate machine learning AI and things like that to be able to be a step ahead of the hackers.

Using Palo Alto Networks NG Firewalls, we have experienced zero downtime.

The solution is user-friendly, which is important as it allows us to concentrate on other essential aspects of the company rather than spending time and effort maintaining the solution.

The level of control and granularity in terms of rule customization could be enhanced. However, compared to our previous solution, Palo Alto provides much better drill-down capabilities.

It is a solid solution.

We have been using Palo Alto Networks NG Firewalls for six years.

It is a very solid, stable solution. We haven't had any issues with it, you know when we have to do updates there are no problems whatsoever. it's a very good solution.

Scalability is an important issue. It is very scalable.

We are currently protecting around 11,000 endpoints.

In my experience, I would rate the technical support a ten out of ten.

They are excellent.

Positive

Initially, I was involved in the setup, but then other team members took over and completed the work. In the end, we reviewed and went over the setup together.

We had a lot of support from their local partner So it was very straightforward at the time.

I didn't come across any significant issues, but as engineers, we are always prepared to face challenges. 

Nowadays, nothing works as simple as plug-and-play like it used to be. However, we try to reduce the likelihood of issues as much as possible by working closely with project managers and performing thorough preparations beforehand.

Before doing the implementation. It was okay.

I believe we have seen a return on investment.

The time we used to spend on various tasks previously has significantly reduced with the implementation of Palo Alto Networks. 

The system is very reliable with no downtime, providing us with a sense of security that is important in cybersecurity.

The price of Palo Alto Networks NG Firewalls is high, but it is worth it if you have the budget for it. 

Budget is always an important factor in decision-making, but it was within our budget, and we were impressed by what we heard, tested, and experienced with Palo Alto.

It is difficult to know and assume the thought process of others. If they have budget constraints, there may be other manufacturers with a lower price point that would be a good fit. We try to evaluate from different angles, not just the budget, but also the technology and how it will fit with our needs. We look for strong capabilities where necessary, such as with Sophos and WatchGuard for smaller companies.

It can be difficult to know the thought process behind a company's decision when it comes to choosing a firewall solution. Budget constraints may play a role, and there are other manufacturers that offer lower price points, which can be a good option. However, it's important to consider technology and how it fits with the company's needs, as well as the strength of the solution. 

Smaller companies like Sophos and WatchGuard also offer solid platforms, and they may be a good fit for those looking for a lower price point. Ultimately, it's important to assess what's important for the company and find a solution that fits those needs, both in terms of functionality and price.

Our process for evaluating firewall solutions usually involves consulting Gartner for their feedback, having sessions with our analysts, and focusing on the leading firewall manufacturers.

We evaluated several firewall manufacturers, including Check Point and Fortinet, but ultimately, we as a group decided that Palo Alto was the best fit for us. 

The decision was not solely mine but rather made by our managers based on the evaluations and presentations given by each vendor. 

We were particularly impressed with Palo Alto's presentation and even visited their headquarters located south of San Francisco. And we just felt comfortable, and it was a good decision.

The RSA sessions have been very informative and enjoyable. Today is actually my last day at the expo, and I've been visiting some of the manufacturers that we already work with as well as some that I want to learn more about. Overall, I think it's been a great experience.

From an engineering standpoint, the expo is a great opportunity to connect with knowledgeable people beyond the marketing façade. It's worth investing time to engage with them, learn about their products and solutions, and find out what they're working on and what's upcoming.

Attending RSA has had a significant impact on our company's cybersecurity purchases for the next year. In fact, I am here with two other colleagues who are actively researching and taking notes on various companies and their offerings. They are gathering valuable information to inform our future purchasing decisions.

We've been coming here for many years now, and we'll not come back. It's a good place to get up to date on what's happening.

I would rate Palo Alto Networks NG Firewalls a ten out of ten.

As a Security Engineer, I use this solution for protection. I put in additional rules and also use the solution for forensic investigations and to look at traffic logs.

I like that Palo Alto Networks does a good job of keeping the firewall updated with the latest threat signatures.

We use Panorama, so we're able to manage an entire array of firewalls in one console. It's really useful because we can make one change and deploy it to all of our firewalls.

Palo Alto Networks NG Firewalls do a great job at providing a unified platform that natively integrates all security capabilities. For example, we can easily export our firewall logs into our SIEM. We have so many tools to manage that having a unified platform makes our job easier.

This firewall is great at securing data centers consistently across all workplaces.

We have high availability, and Palo Alto Networks NG Firewalls helped reduce downtime.

The performance of the Panorama interface needs to be improved. It tends to be very sluggish at times.

I've been using Palo Alto Networks NG Firewalls for five years.

I have not heard of any complaints or issues regarding the stability of the firewalls.

We can easily add nodes into Panorama with no problem. As such, scalability is not an issue. We have an enterprise environment with approximately 15,000 users in multiple countries.

I haven't had to call technical support, but my colleagues have. They've always spoken positively about the experience and would probably rate the technical support an eight out of ten.

Positive

My organization used Cisco Secure Firewall ASA and switched to Palo Alto Networks NG Firewalls because Cisco was lagging behind in many features. For example, the management interface on the ASAs was awful compared to that in the NG Firewalls.

We have absolutely seen an ROI in the fact that we haven't ended up in the news. We can look at any time and see all the threats that have been stopped by Palo Alto Networks NG Firewalls.

If you are looking for the cheapest and fastest firewall, I would say that it's a risky angle to take. Security costs money, and you'll get what you pay for.

The benefits I receive from attending an RSA conference are networking, meeting people and having conversations face-to-face, making contacts in the industry, getting suggestions about products, and attending briefings about specific products.

Also, attending RSAC can have an impact on your organization’s cybersecurity purchases because you may find out about products that you hadn't heard of before.

Overall, I would rate Palo Alto Networks NG Firewalls an eight on a scale from one to ten.

We used the solution as an edge or internet firewall where we were running IPS/IDS and doing filtering on it, apart from the other security features. We are still using it for our users' VPN activity and to manage site-to-site VPN tunnels with other clouds, like AWS and Azure, so that there is connectivity back and forth between those cloud providers and our on-prem data center.

The features I like are the debugging and troubleshooting through package capture. It's easy to capture from the CLI and it's also easy to get logs from the CLI.

It's very important that Palo Alto NG Firewalls embed machine learning into the core of the firewall to provide inline, real-time attack prevention. That increases our security posture. It gives us real-time anti-cyber activity and enables us to look at it. The firewall is able to capture it and flag it and it is easy to mitigate as soon as we see something like that happening, to secure the environment more, in real time.

These firewalls have the zero-delay signatures feature, which is really important because you don't want to be lagging behind with any kind of security updates. It doesn't affect our security a lot, but without it, we could be compromised a little bit. If updates are delayed by a couple of hours, there's an opportunity for the bad actors to execute something in that time frame. It gives us a little bit more security, but it's not like it's a high-severity situation.

Overall, they're doing great with the features. They're improving them day by day and year by year, which is really good. They're making new products that are compact inside, which is also really good. Instead of a full rack, they have tiny devices that have the same or even better performance compared to the bigger ones. They are doing well in improving the units, features, and security.

I've been using Palo Alto Networks NG Firewalls for eight years.

They're very reliable and stable. Compared to some of the competitors, they're more reliable.

The scalability is also good. They provide good options for scaling. The only thing that I would think about is that, in the newer firewalls, they have increased the performance but decreased the number of concurrent VPN connections or users. The new, compact devices have better performance, but they have reduced the number of users that can connect. Maybe that's a marketing strategy to sell higher-end models.

In my organization, everybody is using the Palo Alto firewalls because they're connected to the VPN, but the management and operations aspects are limited to the folks in IT.

These firewalls used to bring a lot of value to us, but in my practical experience, in the last three years at least, they have been lagging behind their competitors. The main issue is the support that we can get.

For example, in the past, if something happened, we could just give them a call and open a ticket, and we would have technical support right away to help us. Whether it was a severity-one, critical incident, where we had no connectivity, or just a minor or medium-severity issue, we used to get support right away. But in the last three years, it has been really hard to get hold of an engineer. I have reached out a couple of times to give them a heads-up, "This is a ticket I opened three days ago. I'm trying to get a hold of anybody."

It's okay that they force us to open a ticket on the portal, but after opening a ticket, it's really hard to get support when you need it. You have to wait for them to get back to you and sometimes it's random. And the biggest problem I have is that you have to wait hours on the line when you're calling them to get a hold of the next available engineer.

They should make it easier to get in touch with their TAC. This is what they have called transforming the customer experience, but I believe it's getting worse. That's the only thing they have to improve. When you do get someone, the support from their end stands out, it's a nine out of 10. But getting a hold of an engineer is a two out of 10.

Neutral

The initial setup is very straightforward. You need to connect through the portal manager and to the IP that you want to access remotely. And pushing the configuration from other devices is very easy. They provide tools so that you can get the configuration from competitors' devices and convert that into the Palo Alto version. It's very easy to configure initially and to manage as well.

On the maintenance side, it's really good. We don't have to put a lot of effort into that.

The security and performance of the PA-400 series of Palo Alto NGFWs, versus its price, is really good. It's very inexpensive and has good performance compared to the previous higher-end 3000 models.

Palo Alto provides Panorama where you can manage a bunch of firewalls from a single pane of glass or just one device. It allows you to manage all of the firewalls in one, integrated location. You don't have to make a chain of 50 different firewalls. It will push what you need to be changed to all the other firewalls. We used to use it, but we got rid of it because we replaced all our Palo Altos with competitors' firewalls and we don't use Palo Alto anymore, other than for VPN. We have six firewalls in our organization right now, although we used to have 35 to 40. Because we no longer have a lot of firewalls, we got rid of Panorama. We don't want to pay for it to just manage six firewalls where we are not making any changes frequently. If we had 35 or 40 still, I would definitely recommend having Panorama.

Panorama is for managing the rules. It saves time on configuration, but it doesn't affect your security posture. Whether you're managing each firewall or using Panorama, it's exactly the same thing. But it helps you to execute changes in a very short period of time. It's a way of pushing the config to all your devices.

I use Palo Alto Networks NG Firewalls to handle my perimeter security, which is the most critical point of my network.

Layer 3 and Layer 4 are part of the core functionality of any firewall, but this firewall brings more information into the inspection via Layer 7. Thus, the entire threat landscape has changed for us as a company.

We can integrate all the Palo Alto firewalls to have a single insight experience across all firewalls.

On a major scale, Palo Alto NGFW can be helpful in eliminating some security tools. It doesn't eliminate all of our other security tools, but it does bring down the dependency on some tools.

Security and network performance are of equal importance to us. This solution doesn't compromise your network's performance for security, which is a good trade-off.

The most valuable features are application inspection and sandboxing. Application inspection decides where traffic is transmitted. If I have a perimeter report for a particular service, then other services or malicious services cannot use an open port. In this way, application inspection is doing a fantastic job. We also have a very good sandbox with almost no rate limit. It will inspect any file that comes in and goes out in a dedicated patch to identify malware. Therefore, these two things help me to protect our organization from any bad actors.

It is extremely important for me that Palo Alto Networks NG Firewalls embeds machine learning in the core of the firewall to provide inline, real-time attack prevention. The way that they handle the traffic is very useful for us. The firewall creates a benchmark of known traffic patterns that every endpoint would have using machine learning. Machine learning creates a baseline of how the traffic goes in and out. When there is a deviation in the normal behavior, it gives me a threat indication via a reporting feature that shows us how the current traffic has deviated from the usual traffic. This is a very good feature, which is important for my organization to have on a daily basis.

It gives me a better experience when handling security holes. 

Our upgrades brought some rule reviewing features by default, without having to depend on third-party tools to perform the rule reviewing. That has been a good feature.

I would like them to bring in some features that would encourage traffic shaping or bandwidth routing, like other UTM firewalls, because the solution should be capable of limiting the bandwidth for rules.

If Palo Alto Networks could bring in session tracking, like FortiGate, then we can remove another cybersecurity tool. If they could say "This is user-based, not IP-based," using user attribute-based rules, then that would be helpful for a small- or medium-scale company because they could use a single device instead of two or three devices.

I have been using it for four years.

The stability is very good. After the upgrade, every other process was smoother. We haven't often seen bugs or operational hazards in terms of the device. 

Scalability is always available. If you are ready to invest the money, then you can add another box. Every device has its limitations though. NGFW has its own limitations, where it cannot scale beyond a certain point. Those limitations have already been published and users need to be aware of them when they are planning to buy a firewall.

The size of my environment is 3,000 to 4,000 users. We are a larger organization with 60 to 80 VLANs. There are approximately 3,600 endpoints accessing them. Day in, day out, we have a lot of network access change requests coming in that need to be performed. 

In terms of maintaining the firewalls for our space and cost, there are about 15 team members. It is a huge environment with 10 different clusters of Palo Altos. From our operational perspective, we need 15 team members.

On a practical scale, it depends on the size of your organization. If it is a small organization, I think two to three members should be sufficient enough to handle the solution. When you have a smaller organization with a maximum of 20 different VLANs, where there is a size limit of 50 to 100 users/employees, then two or three members would be sufficient enough to handle it. However, it all depends upon the number of endpoints that are the nodes and how many nodes the firewall is protecting.

The technical support is good. I would rate them as 10 out of 10. 

They are able to support me and the issues that have arisen, which have been very minimal. For cases where we break something in the configuration or any bug that is out of control, they are good in understanding and analyzing our issues as well as providing a solution for them. That is why I rated them as 10.

Positive

The initial setup was straightforward, not complex. We migrated from a different vendor to this platform. We had our goals and objectives in front of us. So, we had a good project plan before migrating everything.

I have multiple clusters. For the largest cluster, the migration took three to four weeks.

We used an integrator for the deployment.

We are monitoring the metrics. We have certain metrics to find ROI, e.g., it could be zero-days, the number of inclusions that this solution has blocked successfully, or the amount of malware that it has stopped. We identify this information via the sandboxing feature, which determines what other normal firewalls would have let in. We consider the amount of data that we process and the regulatory fines that would have arisen, if not for this solution. That is how our return of investment is calculated.

If the cost is your main priority, Palo Alto would be a bit high. However, if you are ready to hear about return of investment, then I would convince you to go for Palo Alto.

I am using three or four firewalls from different vendors. I know their capabilities as well as the strengths and weaknesses of each vendor. 

We have evaluated different firewalls and found Palo Alto best suited for boundary networks. Fortinet handles our user-facing firewalls. Between FortiGate and Palo Alto, there is Cisco.

We did a SWOT analysis on all the firewalls. We determined the best firewalls based on their throughput and protection suites. For example, a user-facing firewall doesn't need to be jam-packed with security features. However, a perimeter firewall is between the trusted and untrusted networks, so more security features are needed.

We are using a different DNS Security solution, so we haven't used Palo Alto NGFW’s DNS Security.

Explore the features that the solution offers. There are a lot. If you can use the features to their fullest potential, that would be best. 

If you are just doing an L3 and L4 inspection, then Palo Alto Networks might not be best suited for that environment. If you are going to use the features of an NGFW, then I would tell you about the solution's features and return of investment based on what you are protecting. 

It is our main Internet firewall. It is used a lot for remote access users. We also use the site-to-site VPN instance of it, i.e., LSVPN. It is pretty much running everything. We have WildFire in the cloud, content filtering, and antivirus. It has pretty much all the features enabled.

We have a couple of virtual instances running in Azure to firewall our data center. Predominantly, it is all physical hardware.

I am part of the network team who does some work on Palo Alto Networks. There is actually a cybersecurity team who kind of controls the reins of it and does all the security configuration. I am not the administrator/manager in charge of the group that has the appliance.

With its single pane of glass, it makes monitoring and troubleshooting a bit more homogeneous. We are not looking at multiple platforms and monitoring management tools. It is more efficient from that perspective. It is more of a common monitoring and control system for multiple aspects of what used to be different systems. It provides efficiency and time savings.

It is fairly intuitive. 

The central management of Panorama actually works. It is what FortiManager aspires to be, but Panorama is usable. You can push config down, do backups, and use templates from other sites, copying them over. The reliability and throughput, plus Panorama's control features, are its main selling features.

It is a combined platform that has different features, like Internet security and the site-to-site VPN. Previously, there were different components that did this. If it was a remote access VPN client, then you would have to go onto one platform and troubleshoot. If it was a site-to-site, it was on a different platform so you would have to go onto that one. It would be different command sets and troubleshooting steps. From that perspective, having that combined and all visible through Panorama's centralized management is probably one of the better benefits.

We had a presentation on Palo Alto Networks NG Firewalls a few years ago. I know the number of CPU cores that they have inside the firewall is crazy, but it is because they have to pack all the performance and analysis in real-time. It is fast. I am always amazed at the small PA-220s and how much performance they have with their full antivirus on it. They can pass 300-megabits per second, and they are just about the size of a paperback book. As far as how that single-pass processing impacts it, I am always amazed at how fast and how much throughput it has.

Once in a while, they have new features being released that can be buggy. My criticism is more general to all sorts of network or security devices. In general, everybody is releasing less-tested software. Then, it usually ends up that the first few customers who get a new release need to end up troubleshooting it. That is one of my criticisms because we have been hit by this a few times. I shouldn't single Palo Alto out as any better or worse than anybody else because they are all doing it now.

It is not like we are getting singled out. In some cases, we are looking for a new feature that we want to use. So, we upgrade and use it, and others are too, but the first release will tend to be a little bit buggy. Some of the stuff works great, but it is the newer features that you are usually integrating into your Windows clients where weird stuff happens.

I use it every other day.

It is pretty reliable. All the services pretty much work. It is not too buggy. With any hardware/software manager these days, when you get new features, they tend to not be too thoroughly tested and can be buggy. We have been noticing this. For example, they had zero-touch deployment and the first few iterations just didn't work. While we have encountered a few bugs, I don't think they are any worse than anything else we get. The underlying hardware seems to be pretty reliable. You can do configuration changes, reboot and reload them, and they just keep coming back and work.

Our cybersecurity guys tend to do the patching and upgrades when they come around. When one of these things had a hard disk failure, they got that restored or replaced. For day-to-day maintenance, other than typical operational changes and troubleshooting, I don't think there is that much maintenance to be done. Every few weeks, there is probably somebody who goes for a few hours and checks the various patch levels and possibly does upgrades.

The upgrades are fairly easy to do. You just download the software, the central management system, and tick off the devices that you want to deploy it to. It will automatically download it. Then, you just sort of schedule a reboot. I don't know how many hours per week or month people put into it, but it is pretty reasonable.

We have about half a dozen core firewalls and 30 to 40 remote firewalls. We haven't hit any scaling limitations yet. What we have is functioning well. At some point, our main firewall in our data center might be overwhelmed, but it has pretty high throughput numbers on it. So far, we haven't hit any sort of limitations. So far, so good.

The physical appliances are sort of tiered. You have your entry-level, which is good for 300-megabits of threat detection. The next ones have 800-megabits of threat detection. So, if you have a site with around 50 people, you can get the entry-level. However, there is always a point that if you have too many users doing too many things then the physical appliance just can't handle it. Then, you need to upgrade to a higher-level appliance. This is expected. When that happens, we will just sort of get the higher-level model or plan for two years of growth to get the right size. Therefore, as far as scalability, it just comes down to planning. 

As far as the management platform, that would be more of a case of just adding CPU cores into your virtual machine as well as more memory. So far, we haven't had any scalability limitations. It is possible that we will see it at some point, but we haven't so far.

This is not Palo Alto-specific. It seems to be across all the different vendors that there is a little bit of a hit-and-miss on whether you get a tech person who knows what they are doing and are interested in your problem. When you call frontline support, you can get somebody who doesn't know what they are doing and puts you off. Or the next time you call, you can get a tech who is on the ball and super helpful. This is sort of a smaller problem. It is a bit of a crapshoot on how good the support will be. I would rate the frontline technical support as five or six out of 10.

If it tends to be more of a critical problem, and you involve the sales team, then you are forwarded onto somebody who really knows what they are doing. However, the frontline support can be hit-and-miss. Their second-tier support is really good. 

The top-tier support is 10 out of 10. We did have some more serious problems, then they put one of their engineers on it who has been amazing.

Overall, I would rate the technical support as eight out of 10.

Positive

I did work with Cisco ASA, prior to FireEye, where they purchased and integrated it as sort of the next generation part of their ASA. 

One of our remote access solutions for remote access clients was Cisco ASA. That was just getting to its end-of-life. It actually worked quite well. It was pretty hands-off and reliable, but the hardware was getting to end-of-life. Because we had the Palo Alto capable of doing similar functions, we just migrated it over. 

It was similar for our site-to-site VPN, which was Cisco DMVPN that we are still using, but we are migrating off it since its hardware is reaching end-of-life. By combining it into the Palo Alto umbrella, it makes the configuration and troubleshooting a bit easier and more homogenous. 

Before, it was just different platforms doing sort of similar but different functions. Now, we are using similar platforms and devices rather than having three different solutions. This solution is sort of homogenized; it is sort of all in one place. I suspect that makes security a bit more thorough. Whereas, we had three different platforms before. Some of the delineation isn't clear, as they sort of overlap in some respects to what they do, but having it in one location and system makes gaps or overlaps or inconsistencies easier to spot.

I was gone for a few years when they brought this in.

Adding additional appliances is very straightforward. 

Having one manager/system with a common interface and commands, rather than three or four, is more efficient.

It is expensive compared to some of the other stuff. However, the value you get out of it is sort of the central control and the ability to reuse templates.

It is a good product, but you pay for it. I think it is one of the more expensive products. So, if you are looking for a cheaper product, there are probably other options available. However, if you are looking for high performance, reliable devices, then it has kind of everything. Basically, you get what you pay for. You can get other firewalls for cheaper and some of the performance would probably be just as good, but some of the application awareness and different threat detections are probably superior on the Palo Alto Networks.

As far as a firewall solution, it is one of the best ones that I have seen. It is fairly expensive compared to some of the other ones, but if you have the money and are looking for a solid, reliable system, then Palo Alto is the way to go.

For what we use it for, the solution is good.

I am part of the network team. There is a cybersecurity team who has control of its reins and does all the security configuration. I am not the administrator of it or a manager in charge of the group with this appliance.

I find the whole machine learning and AI capabilities a bit overhyped. Everybody throws it in there, but I'm actually a little bit suspicious of what it is actually doing.

I don't follow or monitor some of the day-to-day or zero-day threat prevention protection abilities that it has. 

I would rate the solution as nine out of 10, as I am always hesitant to give perfect scores.

We use the solution to access clients.

I like the configuration of the product. The configuration is quite simple to understand. The product is easy to manage.

The solution has a lot of features. However, there are no deep configurations available. The functionalities are limited. Other products offer more customization.

I have been using the solution for the last five years.

The product is stable.

The product is currently being used by three of our customers. We provide them with dedicated VMs.

The local support is good. The response is slow when I try to reach out to technical support on the customer portal. It might be because the tickets I raised were P3 or P4 tickets. However, I do not get proper responses for P2 tickets either. I get a good response when I call support directly.

We also use FortiGate, Check Point, Forcepoint, and SonicWall. We use the tools based on our clients’ requirements.

The initial installation was easy. It was not difficult for me because I am familiar with many products.

The solution is worth the money. However, there are other tools that provide features similar to Palo Alto but are less expensive.

The solution’s cost is a little high compared to other products.

I will recommend the tool to others. It is a fine product. If someone is looking for DLP and other features, the product might not suit them. The product has good URL filtering features. Overall, I rate the solution a seven or eight out of ten.