Palo Alto Networks Panorama Reviews

This is a solution that we implement for our customers.

It allows our customers to manage several firewalls from a central location. Some examples are securing the internet edge, data centers, micro-segmentation within the data centers, and securing their campuses.

The majority of the deployments are on-premises, however, we have more and more customers that are moving to the cloud. This solution is helping them to secure their cloud, as well.

Using this solution means that you can store logs for longer periods, up to perhaps two years, depending on your attached storage.

The most valuable feature is the ease of use that comes from the GUI. I have found that you can do almost everything from the GUI. You rarely have to log into the CLI, at perhaps once in six months or a year.

This solution offers a lot of advanced functionality that is easy to deploy and not available from other vendors. An example of this is credential theft. Credentials are sometimes collected through phishing emails or websites, and this solution helps to reduce that type of attack. Every five minutes, Palo Alto updates the list of phishing websites. You can set up a profile to ensure that if anybody tries to access such a website, whether it be Http or https, then the attempt will be blocked.

Palo Alto will automatically monitor the contents of POST messages and check to see if they contain credentials such as a username and password. If they do then it may indicate an attempt to steal credentials by an external site. The traffic will be blocked, the incident will be reported, and the admin will be notified.

This solution makes the lives of security admins very easy in cases, as an example, for configuring IPS. If you want to secure traffic between any two zones, we need to make sure that the applications are identified, the users are identified, and all of the security profiles are applied. These including antivirus, anti-spyware, and IPS. This solution makes the configuration very easy.

Each firewall is treated as a security sensor where the firewall talks to the cloud and a machine running artificial intelligence helps to detect malware or other threats. This is an important step in the protection that this solution offers.

The dual WAN functionality is missing in this solution.

This solution is very stable. It is a mature solution with a mature operating system. I have one firewall that has been running since 2010, and it is still upgrading to the latest software and still working.

This solution scales well.

We have many more than forty customers who are using this solution. One is a university with twenty thousand students, and we have deployments in large banks, different branches of government, etc. There are many thousands and thousands of users who are being secured.

The demand is very high and the standards are improving. Data centers are booming, and customers are looking for more enhancement in their platforms.

Technical support for this solution is awesome. However, I rarely open a case because their platform is very stable. Most of the cases are related to basic support, such as an RMA. I have seen other vendors like Fortinet or Cisco, where the enabling of a function means that you have to deal with support, and there are issues that come from that.

The initial setup of this solution is very easy. The length of time for deployment depends on how many policies you have, but the basic configuration should not take more than one hour.

For policy tuning, you need to review and tune the devices. Palo Alto has several tools to help with migration from the legacy approach of port-based policies to application-based policies.

Initially, Palo Alto looks expensive, but if you dig deeper then you will find that it is very comparable, or even cheaper than other solutions. For example, if you are looking for a one-gig next-generation firewall then you will start looking at the Palo Alto 850. If you compare the price of this to Fortinet, Worksense, Forcepoint, or Sophos, then you will see that they offer three or four gig performance at half the price. However, it is not true.

The reason for this is that not all of the security features are enabled. When you enable them, the performance degrades by more than ninety percent, and I have seen this happen in many different scenarios. This means that for the Palo Alto 1GB, it actually means 1GB with all of the functionality enabled. For the other vendors, you will never see their datasheet with all of the functionality enabled for a real environment with real traffic. It is based on lab traffic. Because the reality is that the performance of Palo Alto is better, it means that the price is better. When you compare models using real performance, and you do the calculation, you will see that Palo Alto is very comparable.

We have worked with many, many vendors, and this is the most mature next-generation firewall in the market. The performance of Palo Alto is very predictable, unlike other vendors who are faking their datasheet in terms of high-performance numbers that are unrelated to a real network, or real traffic.

Palo Alto provides numbers that reflect what is happening when all of the security functions are enabled, whereas other vendors do not show their performance will all of the functionality enabled. In reality, they are better than others. At the end of the day you are buying a security device, and you don't want to turn off any of the functionality to enhance your performance. Palo Alto is designed from day zero for performance and security.

This is the most mature next-generation firewall in the market and a solution that I strongly recommend.

The biggest lesson that I have learned from this solution is not to trust internet users. Whether it is regular users or employees, they do not like to be detected. They keep trying to work around the policies using different applications and peer-to-peer functionality. I have learned this because Palo Alto has full visibility to all types of traffic, and we're able to catch these scenarios and put security policies int place.

Palo Alto has done a lot towards closing gaps in security. Cloud security is not their only focus. It is concerned with the flows between VMs, storage, and containers. They are concerned with PCI requirements and compliance. They have also launched Cortex Analytics to help close gaps further. They are in a very good position to lead the future.

At the end of the day, everything is relative, and I would rate this solution a ten out of ten compared to other products. However, there is room for improvement.

Overall, I would rate this solution a nine out of ten.

We are a cybersecurity business, so we are a Palo Alto reseller and integrator. We also use Palo Alto to run our firewalls in our own environment. 

It's really the central management component that helps us. From a configuration point of view, when we are implementing it for large organizations where the customer owns a hundred firewalls, it's just easy to manage them all at one central location. I think that's probably one of the best features from a visibility component.

Price is probably one of the biggest things that we struggle with, specifically with Palo, and that's across their whole portfolio. Also, the tech support could be better.

I have been working with this solution for about five years.

The solution is very stable.

The solution is easy to scale.

On a scale of one to five, I would rate the technical support as a four. 

Positive

The setup process is simple and straightforward. 

If I were to rate the pricing of Palo on a scale of one to five, with one being really high and five being a good, reasonable price, I would rate Palo as a three.

We generally compare Palo Alto with the offerings from Check Point because they both seem to have the majority of the market share here in my region.
From a stability point of view, I think Panorama is better. Check Point is struggling with their current software releases along those lines, and Panorama is very good at releasing new features along those lines. Palo is a lot faster than a lot of the competitors on the market.

I would rate Panorama as an eight out of ten.

We primarily use it for firewall monitoring, reviews, and policy-level monitoring.

Threat prevention and traffic monitoring are the most valuable features for us. We use them the most.

There is room for improvement in response time for tech support.

I have been using this solution for three years. 

The stability is good, so I would rate it around nine.

I would rate the scalability an eight out of ten. 

The customer service and support team is okay because the response time depends on the case. For example, it can take a lot of time if they don't have a readily available solution.

If compared with Cisco, I find Panorama is better and easier to use.

Our technical team did the setup for us.

Overall, I would rate the solution a seven out of ten. 

We use Panorama in order to centrally manage our firewall.

Basically, in my firewalls, I usually create new signatures and deploy them for each endpoint firewall in each region. It's great for creating signatures and activating activities.

It's pretty user-friendly. The user interface is good. 

The product has been stable. 

It's not part of my role to connect other devices to Panorama, so I don't know how the integration works. I maybe need a better understanding of how the policies of the signature work. For example, what does it mean to exclude an IP, and what are the policy rules and priorities? I need more knowledge about the signature policy and priorities.

Instead of searching their knowledge base in their website, maybe they can interact with us in the user interface to explain things better. If they had pop-ups to help guide us, we might get fewer failures along the way. Small notifications would be quite helpful. 

I've been working with the solution for one year. 

It is very stable, from my experience, at least. There are no bugs or glitches. It doesn't crash or freeze. It is reliable. I'd rate it an eight or nine out of ten in terms of stability.

I don't deal with scaling the solution. I am not sure what is possible. 

We have about five to ten users on the solution right now. 

I had some interactions with the technical support of Palo Alto.

They have been pretty good overall. We are mostly satisfied. 

Positive

We are using Aqua Sec. 

I did not handle the initial setup process. I can't speak to how it went. 

Our technical team manages the initial implementation process. 

In my experience in general, Palo Alto is very expensive.

We tested Palo Alto solution for Kubernetes, and the Aqua Sec and Aqua Sec was much cheaper than Palo Alto. If Palo Alto were less expensive like them, maybe we would've chosen them over Aqua Sec.

I've never compared the solution to other options. The company uses it and therefore I do too. 

We are working with version ten or somewhere around that. I am not sure of the exact version. 

I'm an end-user and I am non-technical. 

I'd rate the solution eight out of ten. 

Palo Alto Networks Panorama has improved the way my company works, which is why my company uses it.

What I like about Palo Alto Networks Panorama is that it's stable and setting it up isn't complex.

My company's getting whatever it needs from Palo Alto Networks Panorama, but in the cloud, there's an issue with CPU management, and that's an area for improvement. Though the normal data traffic doesn't go through the management interface, whenever there's an increase in the throughput, CPU management becomes high. If you increase the load, CPU management spikes, and it's what needs to be taken care of in Palo Alto Networks Panorama.

I've been using Palo Alto Networks Panorama for the past four years.

Palo Alto Networks Panorama has good stability. I didn't see any instability from it, though at times, the CPU goes high in terms of usage, and that's what you need to take care of.

Palo Alto Networks Panorama is a scalable solution.

Technical support for Palo Alto Networks Panorama, in my experience, was initially good, but now the wait time is longer. My company has a dedicated account manager, so it gets support, but in general, the response time is longer.

The initial setup for Palo Alto Networks Panorama was straightforward. I didn't see any complexity. It was a normal firewall configuration. I haven't done any new deployment of Palo Alto Networks Panorama, but in the cloud environment, it didn't take much time for me, and you can complete a setup within one to two hours.

We implemented Palo Alto Networks Panorama through a vendor team by Palo Alto, specifically for the on-premises deployment, to migrate from Check Point to Palo Alto Networks Panorama, but in the cloud environment, as it is a VM, we did it ourselves.

Palo Alto Networks Panorama is deployed everywhere, particularly in the public cloud and on-premises as well.

My company is just a customer of Palo Alto Networks Panorama, but because it's a big company, it has a dedicated account manager in Palo Alto.

My company uses the solution extensively. There are more than six Panoramas. Forty to fifty firewalls are managed currently through Palo Alto Networks Panorama.

I'm rating Palo Alto Networks Panorama nine out of ten. It's a good solution. What would make my rating a ten is if the CPU management spike issue was addressed and if the delayed response of technical support was addressed as well. A few years ago, the response time from support was immediate, but now, there's a delay with the response, even though my company has a dedicated account manager from Palo Alto Networks Panorama, and this makes you think about a midsized company with no account manager in terms of how much time it gets a response from Palo Alto support.

Our firewall uses IPS and other features. We have some firewall rules using the IPS feature. For the VPN users using the MFA authentication protocol, we are using the SAML protocol.

The application ID or App-ID feature is a good feature for us. We are also using IPS and content inspection features. The firewall can inspect the packages that are passing through my network.

It should have more connection with Threat Intelligence Cloud. They can also include features related to SecOps and automation API.

I have been using Palo Alto Networks Panorama for two years. 

It is awesome in terms of stability.

In terms of scalability, it is complicated because you have to scale up. Its scalability could be better. It would be great if you could scale out by integrating another node, and you are good to go. 

Currently, you have to buy new hardware with more power in terms of CPU and memory. You cannot simply increase the nodes in a cluster. In the last five months, we had to acquire new hardware because we are facing some higher usage in the Palo Alto hardware. We have about 15,000 users.

They provide good support. I would rate them an eight out of ten. 

They can increase the SOA time. When dealing with your case, sometimes, they take time. In the queue, you need to pass through one analyst and then go to the next level, which takes some time.

It was quite straightforward. In terms of technology, it was okay. As our environment is quite complicated, we had to deal with several phases of the implementation because we don't have only one appliance installed. We have implemented four Palo Altos. That's why it took some time, but it was just because of the complexity of our environment, not because of the solution itself. The whole project took one year.

We did some POCs to understand this solution. We had a lot of discussions in terms of the best way to implement this solution in our environment. It took the effort that this kind of solution normally takes.

It is not a cheap solution.

I would advise studying and understanding the best factors for implementing Palo Alto Networks Panorama and creating a roadmap to use all the features because it is not a cheap solution. Understand the possible ways to implement Palo Alto Networks Panorama and create a roadmap that implements all the features.

Palo Alto is constantly improving its solutions. They have been doing a great job and putting a great effort into their products. I would rate Palo Alto Networks Panorama a nine out of ten. We are satisfied with the solution.

Our customers are using the product.

The solution offers good logging features. 

The management is great. 

It is easy to set up.

The solution is stable.

I can scale well. 

Using a Palo Alto solution is very straightforward. 

We have faced some challenges with the solution. We had Panorama in the cloud, and then we used Panorama to manage the on-prem firewalls. Then we had some network-centric architecture to connect to on-prem, where we had two separate Palo Alto firewalls on the cloud. From there, we had a direct connect, external direct connect to the on-prem. In that case, the issue we faced was that whenever the traffic left AWS, it went with any one of the subnets, either from availabilities on one subnet or availabilities on two subnets. When we configured Panorama, it was actually behind a NAT device on two separate IP signals, and there were challenges around that.

When we were deploying Panorama in AWS, there were some issues with Panorama deployment in AWS. I was the first customer to deploy Panorama in AWS, and I raised a case with both AWS and Panorama. Then, in the next Panorama release, they enhanced some features, and both came up in the same version. I had to wait for two or three months to get to a resolution. 

Sometimes technical support is slow to respond. 

The solution is expensive. 

Panorama can be a bit difficult compared to other Palo Alto solutions. It would be ideal if they could simplify it a bit. 

I've been using the solution for two years. 

Overall, the product is stable. There are no bugs or glitches, and it doesn't crash or freeze. 

We haven't had an issue with scalability.

We work mainly with enterprise-level organizations. 

In our region, technical support is not so good. We need to wait if we are reaching out with a P1 case. Sometimes we have to wait for two or three hours. That can be an issue.

I do also work with various other vendors. 

The initial setup is very simple and quite straightforward. It was not overly complex. It's been two years now since I implemented the solution, and therefore I cannot recall exactly how long the deployment took. While the process was smooth, we did face some integration issues, for example, integrating the active standard Palo Alto to Panorama.

It's a costly product. All Palo Alto products are pretty expensive. Nowadays, people are looking for security and something that offers easy management. Therefore, Palo Alto can easily charge what they want. 

We're partners. We handle pre-sales and implementation of the solution for clients. 

It's a good product. However, if a company wants to deploy the solution, it should first do a proper study and design it properly. Otherwise, they will likely run into issues. 

I'd rate the solution seven out of ten.

My obligations consist of overseeing cyber threat intelligence, threat defense operation, digital forensic incident response, and data loss prevention. So in the context of endpoint solutions, my position pertains mainly to the DLP (data loss prevention) function.  

Cisco AMP (Advanced Malware Protection) plays a significant role in our perimeter strategy for protecting the infrastructure. I work primarily with making sure that we have indicators of compromise in Cisco AMP. I am not on the network engineering or network operations side of things. I am mainly a consumer of services from those particular groups.  

We use Snort rules (open source network intrusion detection system [NIDS]). We use Yara rules (Yet Another Recursive/Ridiculous Acronym, rules for malware identification). We have Palo Alto IPSs (Intrusion Prevention Systems).  

Our use cases are primarily perimeter-based for runtime malware defense.  

The most valuable features are the management features like the ACL (Access Control List) management. These give us the capacity to make effective use of the capabilities of the product.   

Pricing is always something that consumers hope will be addressed in their favor. I think that some method of allowing for more customization and open integration with other controls within the enterprise is something that we want to have. We want to be able to have more orchestration of disparate parts.  

I think the features that most of the features that I would like to see are currently being implemented. Behavioral heuristic analysis of connections, for example. That is something that I know is being done now.  

We have been using Networks Panorama for a couple of years now.  

The stability is good. If you consider the size of our organization and the number of users that can verge on being impressive.  

I have good impressions of the scalability of this solution. We have not really had any issue scaling the usage.  

The tech support is actually pretty good. In general, they address issues in a timely manner with reasonable responses.  

My team has not previously used any different solutions in this company, but I have definitely, in the past, used other solutions. It is really necessary for the evaluation of product capabilities.  

The installation was straightforward in a complex environment. That means that we could have had far more issues were the product not well-designed from an installation standpoint. We are a big organization. Deployment can be a matter of weeks or it could be a matter of months depending on what jurisdiction the installation happens to be in.  

We have various partners and consultants that we work with in addition to having expensive competencies in-house. We do not often have a reason to go beyond the network of expertise that we have established.  

My advice to anyone considering Networks Panorama is to thoroughly research the competitive landscape. Do your Gartner research. Make sure you develop a set of requirements — a feature matrix that you can use to compare your requirements with the functionality offered by the various solutions under consideration. There are a lot of solutions out there and the goal would be to pick the one that best fits your situation rather than just one that someone recommends.  

On a scale of one to ten (where one is the worst and ten is the best), I would rate this product as an eight-of-ten considering the knowledge and insight I have into it now.