Palo Alto Networks Panorama Reviews

Panorama is a management server that is used to manage the Palo Alto firewalls.

We have almost 20 firewalls in our environment managed by this particular server. Panorama is an appliance, it's not a firewall. It is a management server, which is used to manage or push the policies. If you want to install a policy on the firewall, or you want to allow legitimate traffic, then you leverage this management server.

It's helped with the centralization of policies and installation. It's helped us do everything in one place instead of one at a time. 

In Panorama, installing the policy, and pushing the policy, it's quite seamless. 

It is a centralized management tool. Instead of logging into each firewall and configuring it or deploying the policies, it's quite easy as everything is in one place. We can push the policy and install the policies centrally instead of individually on each firewall. 

In order to push a policy via Panorama, we need to ensure that the firewall is syncing with the management server. I have hardly found any post-upgrade issue with the Panorama management server or the Palo Alto firewall. They are never out of sync.

The initial setup is straightforward. 

It's scalable.

The solution is stable. 

The inbuilt RAM is quite low. If you are increasing the number of firewalls and you want to get this managed via this management server, there are some performance issues. The cost of this product is more. However, the resources they have provided, the inbuilt resources, are less. 

The pricing is quite high.

I've been using the solution for more than ten years. 

It is a stable solution. There are no bugs or glitches. It doesn't crash or freeze. It is reliable. 

We have approximately 20 firewalls, which is integrated with Panorama, and it's doing pretty good.

This solution is like the backbone of inbound and outbound services. 

We have found the solution to be scalable. 

In terms of scalability, it should be able to manage all the firewalls. That said, you need to consider capacity planning down the line for the number of resources, like the CPU memory, if it is low. How many resources are required to be increased to manage these number of firewalls is determined. Capacity planning definitely is required if you're looking for a scalable solution.

Right now, we have no plans to increase usage. We might not look at any increase until five or six years later. 

Technical support has been very good. 

Positive

Cisco does have this centralized management feature as well. They have an ASDM in the Cisco firewall, which is nothing more than a centralized management server. Even Nokia and Check Point have management servers.

Palo Alto is never out of sync with Panorama. However, I find I have issues with Check Point and syncing. We often need to troubleshoot in those scenarios. 

We have Fortinet firewalls. Fortinet is a market leader in terms of Gartner metrics. We have Check Point firewalls as well. That said, Palo Alto is more into the cyber security solution. Everyone is following the footprints of Palo Alto as they were the first to imagine the industry, provide the necessary cybersecurity solutions and next-generation firewalls, and innovate on everything.

The setup itself is very simple and straightforward. It's not overly complex. 

In terms of maintenance, in terms of security, we do require additional resources. Once the security infrastructure is compromised, it'll need a business outage. So we require additional resources in the firewall technology.

The deployment was handled in-house. 

We have definitely seen an ROI. 

When it comes to pricing, compared to the OTC and MRC values, it's really high. They are the market leaders and due to their monopoly, whatever they will demand, we have to pay.

I would rate it five out of five in terms of value for money, however.

I've looked at almost every other product over the last 15 years. However, Palo Alto offers the best cybersecurity solutions. 

Palo Alto definitely a market leader in terms of firewall technology. 

They have good features.

I'd rate the solution ten out of ten. 

We have multiple firewalls in our infrastructure. Palo Alto Networks Panorama serves as the management interface for all our Palo Alto firewalls. As our organization has grown, there has been one company initially, but now three companies have merged into one, and we have increased the number of firewalls. For instance, we have a Palo Alto firewall in our Azure stack and a core firewall from another company that we’ve integrated into our data center. We use Palo Alto Panorama to manage all our Palo Alto firewalls across our infrastructure.

We have centralized management for all Palo Alto firewalls. With the merger of three companies, each previously operating their own Palo Alto firewalls, we can now manage them efficiently through our operations using Panorama. Our network has become more complex as we run various services, including SD-WAN, across three sites. While the SD-WAN operates through a separate firewall, our core firewall remains Palo Alto. Additionally, we use Palo Alto as a perimeter firewall for our Azure stack. In total, we manage four firewalls with Panorama. We monitor various traffic types, including FTP, browser traffic, applications, and unified threat management. We also have SSL inspection enabled and are actively managing and monitoring SSL tunnels and threat management.

Palo Alto Panorama offers robust logging and reporting capabilities, allowing us to extract reports in a user-friendly GUI format with graphical representations. For example, we can track bytes sent and received for specific applications and users since we use Palo Alto XDR for analysis, reporting, and forensics.

We benefit from a certain level of customization in our reports, utilizing predefined templates and tailored reports. This includes user activity reports, application reports, and SaaS platform reports. We forward logs to a separate SIEM solution, enabling us to monitor TCP and inspect SSL traffic.

The logs from our virtual appliances show potential for improvement, particularly regarding their deployment in hypervisors like VMware, Proxmox, or Azure Stack. Monitoring the internal traffic between hosts with these hypervisors could be enhanced. While predefined reports are available, we often require customized reports tailored to the specific areas involving hypervisors. 

I have been using Palo Alto Networks Panorama for five years.

We use Palo Alto as a perimeter firewall for our public network, which can support nearly 40,000 users daily. About 7,000 to 10,000 users connect to the Internet through this firewall.

In addition, we utilize Palo Alto Global VPN for remote access. We have around 869 VPN users, primarily for remote work or when a government advisory requires the entire staff to connect. This solution integrates seamlessly with our Palo Alto firewall.

I rate the stability an eight out of ten.

It's important to reference authoritative sources like Gartner. We selected the product based on their ratings and assessments. In terms of capability, Palo Alto remains one of the top solutions for on-premises security, XDRs, and cloud security posture management. 

I rate the scalability a nine out of ten.

The support team is very knowledgeable. We only contact them when our partner support or integrated support cannot resolve an issue. They respond quickly, joining within an hour if there’s a critical situation.

Positive

We deployed our Palo Alto solution four years ago for the Azure Stack implementation. The complete deployment took around three months, as it's a comprehensive cloud solution similar to Azure or AWS.

If I were to replace my Palo Alto firewall today, I estimate it would take at least seven days to implement. Given our complex infrastructure, which includes SD-WANs and connections between three different data centers into one main center, this timeframe excludes the planning phase.

We are aligned with Palo Alto, as they are our partners. At times, we need to engage Palo Alto support directly due to our subscription with them, which was also established during the initial deployment.

Managing multiple firewalls across three large identities was becoming quite challenging. To address this, we implemented Palo Alto Panorama, which allows us to manage all our firewalls from a single interface. This has significantly improved our efficiency and manageability. It also helps us better use our current human resources; otherwise, we would need to hire several experts in Palo Alto to oversee the three data centers, which would be a cumbersome task.

Palo Alto solutions are more expensive than other products, but this often depends on an organization’s specific requirements. The level of security and features needed will influence the decision. For example, VPN access is essential for our corporate users and consultants, as company policy mandates that they connect via VPN to access the corporate network. When purchasing bulk licenses, we receive discounts, which makes the cost comparison with other solutions more favorable.

When it comes to security, complexity often accompanies it. With advancements over time and the integration of AI and new technologies, we're seeing improved features in the GUI compared to some online solutions. 

The ongoing improvements with the latest firmware updates are a positive sign. Still, virtual firewalls or appliances face a challenge: They could provide more comprehensive information than what is currently available in the reports.

We also use the VPN functionality, which became crucial during COVID-19. Initially, we had around 610 users, and now that number has risen to about 890 users who connect remotely through Palo Alto GlobalProtect VPN. We've never considered switching to another solution because it is stable and reliable for our needs.

You encounter news about zero-day vulnerabilities and firewall firmware updates when browsing the internet. We've been using our Palo Alto solution for the past four years, and during this time, some devices were procured five years ago, while others, including our Palo Alto firewall, were acquired around three years ago. Each identity had IT staff coordinating individual updates, which was inefficient. Now, with a unified approach through Panorama, we can monitor and manage zero-day vulnerabilities more effectively. Panorama plays a crucial role in ensuring timely updates. The features we utilize depend on the complexity of our network and the number of applications hosted in our environment.

Suppose your infrastructure is extensive, and you need a reliable, secure SDR, UTM, and firewall solution. In that case, choosing a product with comprehensive capabilities that you can rely on for at least the next five years is crucial. Proper planning is essential; if you purchase something that isn’t reliable or only plan for six months to a year, it may not be appropriate for your needs. Palo Alto is one of the best secure solutions for organizations with complex infrastructures, such as multiple sites in different regions.

Overall, I rate the solution a nine-point five out of ten.

Palo Alto Networks Panorama is essential for those adopting a centralized landing zone firewall approach as it provides a unified management point for enforcing security policies. It becomes particularly crucial in multicast strategies and cloud environments, streamlining configuration and monitoring across multiple firewalls.

Using Palo Alto Networks has brought numerous benefits to our organization. It effectively addresses security vulnerabilities, incorporates advanced AI technology, ensures reliability, and continually innovates with a demand-driven approach to security features.

The most valuable feature of Palo Alto Networks Panorama is its innovation and impressive capacity to handle network traffic efficiently.

A potential improvement for Palo Alto Networks Panorama could be a more competitive pricing structure.

I have been working with Palo Alto Networks Panorama for three years.

It is a fairly stable solution.

I would rate the scalability of the product as an eight out of ten. We have approximately 30 to 40 customers using it.

The technical support is good.

The setup of Palo Alto Networks Panorama is moderately complex. In my experience, the deployment of Palo Alto Networks Panorama involves considering accessibility, and if it's on-premises, it may face challenges like procurement delays. The cloud version tends to be smoother and more straightforward for deployment.

The pricing structure could use some improvement.

I highly recommend Palo Alto Networks Panorama. It is a mature, solid, and innovative technology. Overall, I would rate it as a ten out of ten.

We use this solution because it provides us with a consistent security profile no matter the location. Regardless of users, we use the same configuration. 

We also use Panorama for management. Currently, all of our users are working from home — this solution has helped us manage everything. 

Over the next four years, we are planning on moving all of our data centers onto the cloud.  

Before I joined this organization, they experienced some issues when trying to set up zone protection parameters. Last week I applied a zone protection profile; for each and every branch, I had to apply a zone protection profile or modify existing metrics — I needed to physically go to each branch. When we originally deployed Panorama, we were managing the firewalls individually. After implementing all those firewalls and changing all of the templates, it's really hard to modify them. 

You can't just modify them with a single click, you need to physically go to each individual branch and make the changes yourself — we can't directly seal all of the fireworks. This needs to be improved. 

With version 9.1, when configuring it, if something goes wrong, then it reverts back to your original settings automatically. This is a nice feature but it's not available on the standard firewalls. If we didn't have Panorama and I was setting up some remote Palo Alto firewalls, after implementing my configurations, if I were to lose the configurations then I would lose firewall access. This isn't the case with other firewalls like Cisco and Juniper SRX where you can just put in a reminder in the last 10 minutes. 

I have been using Palo Alto Networks Panorama for the past five years.

Besides the odd bug, Panorama is stable. From a management point of view, it's good. Even though we now have 25 firewalls, with a single click, we can add and submit a request. With a single click, we can apply changes to all 25 firewalls. Upgrading our remote locations, the firewalls, logs, and the reporting is all very easy. We can easily add more power and stability, it's nice.

GlobalProtect is a great extension that you can add on. If something goes wrong with our cloud solution, then it will automatically fall back to our local physical firewalls across the globe. We have four different locations that GlobalProtect automatically connects to. At the moment, our company is expanding so we are adding more clients. 

The technical support is pretty good. The best part about Palo Alto is that you can find answers with a simple Google search. Compared to other vendors, all of their technical data is online — for all of their solutions. Still, sometimes we prefer to use support. Sometimes it takes time as their technical team has to regenerate our issues in their lab, etc. 

The initial setup can be complex. As I mentioned before, making modifications is very difficult. Before implementing, you need to plan carefully.

Our engineer made some mistakes when he was setting it up; we still experience some complications due to that as everything is already in place and we can't change it. 

Licenses are available on a one to three-year basis. If you go for a one-year license, you won't get much of a discount. We have a three-year license for all of our firewalls. Currently, we have 25 firewall licenses.

Currently, we have around 20 TB of data. We are in the process of upgrading our licenses because we are adding more and more files.

The price of the licenses could be lower. Still, because we have Panorama with 25 firewalls, Palo Alto gives us a good discount. 

I would definitely recommend Panorama to others. Compared to all of the other firewall vendors, Palo Alto is very secure. Personally, I'd say it's the best firewall vendor on the market. When combined with WildFire, it's highly secure; just make sure you configure it properly as there are a lot of viruses out there. 

Overall, on a scale from one to ten, I would give Panorama a rating of nine. 

We are using Palo Alto Networks Panorama for a single pane of glass view of our network. 

Palo Alto Networks Panorama provides many features, such as alerts, traffic monitoring, and logs.

Sometimes in Palo Alto Networks Panorama, we receive issues where it is overloaded and unresponsive. We have issues with accessing the devices due to a slow response from Panorama.

Palo Alto Networks Panorama should be more robust and resilient. 

I have been using Palo Alto Networks Panorama for approximately two years.

The stability of Palo Alto Networks Panorama is good.

Palo Alto Networks Panorama is scalable.

We have approximately 250,000 users using this solution.

We have a technical support manager from Palo Alto Networks Panorama but their response time could be faster.

We previously used Cisco ASA and we switched to Palo Alto Networks Panorama because it is a superior solution.

The initial installation of Palo Alto Networks Panorama is straightforward and the process takes a couple of hours.

We used an integrator to do the implementation of Palo Alto Networks Panorama.

We have four to five engineers that support the solution.

There is a license required to use this solution and it is paid annually.

I would recommend this solution to others.

I rate Palo Alto Networks Panorama an eight out of ten 

We use the solution for segregation. We also use it as a gateway in order to do URL filtering on the DNI as a security measure. We use the product's global protective VPN as well. 

The application ID, this kind of technology, has a very high-level check. It makes everything more secure for your enterprise network. Otherwise, fake applications can sneak in. 

If you're using application ID, they check the high side, the traffic, and they analyze everything. They see if it's a normal application. They're working closely with each vendor, to make it easy to identify applications. For the hackers or malicious traffic, they can see it and block it. 

I like the user ID and the application ID as it's easy to identify the popular applications and the EZT does the security checking in regards to the user and the application ID.

The initial setup is very easy.

The solution is easy to manage. It has a good interface as well.

The solution is stable.

The product can scale.

The solution offers good integration potential.

While Palo Alto is the leading firewall worldwide, it's so pricey. Other products like Checkpoint still do the job, and yet it's way cheaper than Palo Alto. The solution is extremely expensive. You can integrate it with other Palo Alto products, however, it ends up being too much.

Palo Alto prefers the VM version. However, for the VM level, often we have a migration from one host, VM host, to another host, and then the network jobs. And they're not fully redundant. With VM, the purpose is easy migration from one host to another one. That's the purpose of VM in play, however, if you want to have high availability or redundancy, you have to purchase two licenses - one on one host, another one on another host - and it costs a lot of money to do that. 

Technical support could be better.

I've used the solution for about five to seven years at this point.

It is a stable solution. With the cloud, you don't even touch the physical box at all. However, for the traditional network guests, I like my stuff to be reliable. That's why I don't like the VM migrating from one host to another host. That's why I'm in the process of converting the VM back to the physical box using redundancy. That will be the network solution. I want my network available 24/7. 

The solution is quite scalable.

We have about 150 people using the product currently.

Support is awesome. However, it can depend. When you get a ticket and you take it to the proper person, they can give you a solution really quick, and the support is really good. That said, sometimes, if you are not lucky, you create a ticket and a salesperson or specialist runs it to a different person. Sometimes it takes a long time. Sometimes they make you do a lot of the work and ask you to send them reports or check certain things. If they run the ticket to the proper person, I can resolve the problem in 10 minutes. If they run my ticket to some other person, maybe it takes a whole day or two and I don't have time to play around.

I'd rate it as average, at maybe a five out of ten in terms of the service level you get in general.

I previously used Juniper. I have experience with Cisco ASA as well. 

Currently, I use Microsoft Defender for my endpoint protection.

I switched when Palo Alto turned into the top firewall management solution. I did do research.

From the GRI management port, it's easier than Cisco ASA. 

The solution is very easy to set up. I've been working for many years on this. I know the whole process is easy to start with some simple logarithmic management It's easy to manage. 

The deployment is fast. It usually takes about a day. On the first day, you get the management running on the UI. On the second day you need to get the traffic going through the certificate, and to do some proper security policies. That's all. Yes. To do it in one day is just a one-man job.

I manage the solution myself and maintain it every two months or so. Of course, if there are any issues in between these maintenance events, I also work on them.

I did the implementation myself, however, five or seven years ago, I used a consultant and learned from him. I've likely done 20 or so firewalls myself at this point.

The issue with Palo Alto is that the price is almost double other products such as Checkpoint, or Fortinet. There's no reason you price yourself to be double other brands.

I just did a call for renewing my license. I requested two redundancy units. The price, which was all-inclusive with WiFi, a VPN solution, a global VPN, et cetera - all of them bundled together, for two units, over three years, was $81,000.

You can buy the hardware only and each box is not even $10,000. It's only $8,000 for the unit itself. However, then you are charged a three-year license at $81,000.

I'm just a customer.

I'm using the latest version of the solution.

I would rate the solution at an eight out of ten.

Our firewall uses IPS and other features. We have some firewall rules using the IPS feature. For the VPN users using the MFA authentication protocol, we are using the SAML protocol.

The application ID or App-ID feature is a good feature for us. We are also using IPS and content inspection features. The firewall can inspect the packages that are passing through my network.

It should have more connection with Threat Intelligence Cloud. They can also include features related to SecOps and automation API.

I have been using Palo Alto Networks Panorama for two years. 

It is awesome in terms of stability.

In terms of scalability, it is complicated because you have to scale up. Its scalability could be better. It would be great if you could scale out by integrating another node, and you are good to go. 

Currently, you have to buy new hardware with more power in terms of CPU and memory. You cannot simply increase the nodes in a cluster. In the last five months, we had to acquire new hardware because we are facing some higher usage in the Palo Alto hardware. We have about 15,000 users.

They provide good support. I would rate them an eight out of ten. 

They can increase the SOA time. When dealing with your case, sometimes, they take time. In the queue, you need to pass through one analyst and then go to the next level, which takes some time.

It was quite straightforward. In terms of technology, it was okay. As our environment is quite complicated, we had to deal with several phases of the implementation because we don't have only one appliance installed. We have implemented four Palo Altos. That's why it took some time, but it was just because of the complexity of our environment, not because of the solution itself. The whole project took one year.

We did some POCs to understand this solution. We had a lot of discussions in terms of the best way to implement this solution in our environment. It took the effort that this kind of solution normally takes.

It is not a cheap solution.

I would advise studying and understanding the best factors for implementing Palo Alto Networks Panorama and creating a roadmap to use all the features because it is not a cheap solution. Understand the possible ways to implement Palo Alto Networks Panorama and create a roadmap that implements all the features.

Palo Alto is constantly improving its solutions. They have been doing a great job and putting a great effort into their products. I would rate Palo Alto Networks Panorama a nine out of ten. We are satisfied with the solution.

We primarily use the solution for automation purposes and for security.

The underlying technology is very good, considering that we are moving to a work-from-home environment.

Panorama is a straightforward tool. Palo Alto is comparative to other firewalls. Some firewall tools are more user friendly, and, from a technical perspective, it is very user friendly as well. It's not like Check Point. We use a setup for offshore development centers. For all those ODCs, we usually use a Palo Alto device. We have few perimeter firewalls which are Palo Alto but for the perimeter predominantly we use Check Point.

You don't need an overly experienced workforce to handle Palo Alto. It's very easy to use.

The solution if extremely flexible and scalable.

There are too many OS upgrades. We've had six new versions in the past six months. Even if they are updating it to fix bugs, it's hard to keep pace with the change when you have 800 or more Palo Alto devices that you now need to update and upgrade.

We try to follow version minus one or two for security reasons. To keep pace with the changes, it takes us nearly six months as we have to check with the business, arrange downtime, and count and cover all devices.

These upgrades aren't just little fixes either. Whenever there is a new release, it requires an OS upgrade. It would be nice if there was some automation on the upgrades of the devices.

They need to do less bug-related releases and create versions that are stable for at least six months at a time. I don't find this issue in other solutions like Cisco, Check Point, FortiGate, or others. Those just provide a patch if there is a bug and we don't have to worry about downtime.

We've been using the solution for close to seven years at this point. It's definitely been about six years.

The solution is very, very stable. There aren't too many issues on it once you get it up and running. We consider it reliable.

The solution is very scalable. If a company needs to expand its services, it can do so rather easily.

We have different businesses running inside the organization. We have close to 800 devices, so it means about 800 different projects are using those devices. Each project has a firewall, so most of these, 80%, are on Palo Alto.

We use Check Point as well, however, we don't really like it as much. It's not as user friendly.

Prior to this solution, we were using the ASA products and then Check Point. Check Point is a little complicated. I can use Check Point on my perimeter firewall, but not on my overseas businesses. That's what makes Palo Alto is more user friendly. I can use the GUI to do everything due to the fact that I don't need a skilled person to work on the Palo Alto. On Check Point, I have to go to CLA and do all the changes. 

 It's easy to upgrade or to do anything with the Palo Alto. Technically it's quite sound. It's dynamic, scalable, and there's a lot of things that can be done easily. Plus, I don't need an extremely experienced person to work on Palo Alto. Anybody with two or three years of experience can easily work on a Palo Alto device.

The initial setup is not complex. It's pretty straightforward.

The deployment is easy and uncomplicated. It takes about an hour or so, if not less than an hour. It's pretty quick.

However, we have 800 or more devices. It takes about six months to deploy everything, especially if I have to do everything manually.

We have eight to ten people who manage deployment and maintenance.

We haven't used an integrator or reseller. We handled the implementation ourselves in-house.

In terms of licensing for Panorama and Palo Alto products, we have only the DMC cost and we are billed every year.

It's not overly expensive. It is comparatively okay if you look at other devices. Compared to the top three devices, pricing is okay due to the fact that you have multiple vendors who are selling firewalls and competing with each other for the same clients. 

We're just a customer. We don't have a business relationship with the company.

We have multiple variants of the solution's model. Currently, we are using 8.1.15-H. We also have some virtual firewalls that are recently in Tokyo. We are using close to around 800+ Palo Alto firewalls. 

We're currently developing our virtual firewalls and have them in different locations. 

It is not just Palo Alto. We have other devices as well, so we have close to around 1300 plus firewall devices.

I would recommend the solution to others.

I'd rate the solution eight out of ten. If you need a perimeter type of device, Check Point may be a better option. However, for my businesses, I would choose Palo Alto due to its scalability and user-friendliness. It also has great security features. That said, if it didn't release so many new updates, I would rate it higher, simply due to the fact that so many upgrades requires a lot of work on our part.