Palo Alto Networks Panorama Reviews

We use this solution because it provides us with a consistent security profile no matter the location. Regardless of users, we use the same configuration. 

We also use Panorama for management. Currently, all of our users are working from home — this solution has helped us manage everything. 

Over the next four years, we are planning on moving all of our data centers onto the cloud.  

Before I joined this organization, they experienced some issues when trying to set up zone protection parameters. Last week I applied a zone protection profile; for each and every branch, I had to apply a zone protection profile or modify existing metrics — I needed to physically go to each branch. When we originally deployed Panorama, we were managing the firewalls individually. After implementing all those firewalls and changing all of the templates, it's really hard to modify them. 

You can't just modify them with a single click, you need to physically go to each individual branch and make the changes yourself — we can't directly seal all of the fireworks. This needs to be improved. 

With version 9.1, when configuring it, if something goes wrong, then it reverts back to your original settings automatically. This is a nice feature but it's not available on the standard firewalls. If we didn't have Panorama and I was setting up some remote Palo Alto firewalls, after implementing my configurations, if I were to lose the configurations then I would lose firewall access. This isn't the case with other firewalls like Cisco and Juniper SRX where you can just put in a reminder in the last 10 minutes. 

I have been using Palo Alto Networks Panorama for the past five years.

Besides the odd bug, Panorama is stable. From a management point of view, it's good. Even though we now have 25 firewalls, with a single click, we can add and submit a request. With a single click, we can apply changes to all 25 firewalls. Upgrading our remote locations, the firewalls, logs, and the reporting is all very easy. We can easily add more power and stability, it's nice.

GlobalProtect is a great extension that you can add on. If something goes wrong with our cloud solution, then it will automatically fall back to our local physical firewalls across the globe. We have four different locations that GlobalProtect automatically connects to. At the moment, our company is expanding so we are adding more clients. 

The technical support is pretty good. The best part about Palo Alto is that you can find answers with a simple Google search. Compared to other vendors, all of their technical data is online — for all of their solutions. Still, sometimes we prefer to use support. Sometimes it takes time as their technical team has to regenerate our issues in their lab, etc. 

The initial setup can be complex. As I mentioned before, making modifications is very difficult. Before implementing, you need to plan carefully.

Our engineer made some mistakes when he was setting it up; we still experience some complications due to that as everything is already in place and we can't change it. 

Licenses are available on a one to three-year basis. If you go for a one-year license, you won't get much of a discount. We have a three-year license for all of our firewalls. Currently, we have 25 firewall licenses.

Currently, we have around 20 TB of data. We are in the process of upgrading our licenses because we are adding more and more files.

The price of the licenses could be lower. Still, because we have Panorama with 25 firewalls, Palo Alto gives us a good discount. 

I would definitely recommend Panorama to others. Compared to all of the other firewall vendors, Palo Alto is very secure. Personally, I'd say it's the best firewall vendor on the market. When combined with WildFire, it's highly secure; just make sure you configure it properly as there are a lot of viruses out there. 

Overall, on a scale from one to ten, I would give Panorama a rating of nine. 

This is a solution that we implement for our customers.

It allows our customers to manage several firewalls from a central location. Some examples are securing the internet edge, data centers, micro-segmentation within the data centers, and securing their campuses.

The majority of the deployments are on-premises, however, we have more and more customers that are moving to the cloud. This solution is helping them to secure their cloud, as well.

Using this solution means that you can store logs for longer periods, up to perhaps two years, depending on your attached storage.

The most valuable feature is the ease of use that comes from the GUI. I have found that you can do almost everything from the GUI. You rarely have to log into the CLI, at perhaps once in six months or a year.

This solution offers a lot of advanced functionality that is easy to deploy and not available from other vendors. An example of this is credential theft. Credentials are sometimes collected through phishing emails or websites, and this solution helps to reduce that type of attack. Every five minutes, Palo Alto updates the list of phishing websites. You can set up a profile to ensure that if anybody tries to access such a website, whether it be Http or https, then the attempt will be blocked.

Palo Alto will automatically monitor the contents of POST messages and check to see if they contain credentials such as a username and password. If they do then it may indicate an attempt to steal credentials by an external site. The traffic will be blocked, the incident will be reported, and the admin will be notified.

This solution makes the lives of security admins very easy in cases, as an example, for configuring IPS. If you want to secure traffic between any two zones, we need to make sure that the applications are identified, the users are identified, and all of the security profiles are applied. These including antivirus, anti-spyware, and IPS. This solution makes the configuration very easy.

Each firewall is treated as a security sensor where the firewall talks to the cloud and a machine running artificial intelligence helps to detect malware or other threats. This is an important step in the protection that this solution offers.

The dual WAN functionality is missing in this solution.

This solution is very stable. It is a mature solution with a mature operating system. I have one firewall that has been running since 2010, and it is still upgrading to the latest software and still working.

This solution scales well.

We have many more than forty customers who are using this solution. One is a university with twenty thousand students, and we have deployments in large banks, different branches of government, etc. There are many thousands and thousands of users who are being secured.

The demand is very high and the standards are improving. Data centers are booming, and customers are looking for more enhancement in their platforms.

Technical support for this solution is awesome. However, I rarely open a case because their platform is very stable. Most of the cases are related to basic support, such as an RMA. I have seen other vendors like Fortinet or Cisco, where the enabling of a function means that you have to deal with support, and there are issues that come from that.

The initial setup of this solution is very easy. The length of time for deployment depends on how many policies you have, but the basic configuration should not take more than one hour.

For policy tuning, you need to review and tune the devices. Palo Alto has several tools to help with migration from the legacy approach of port-based policies to application-based policies.

Initially, Palo Alto looks expensive, but if you dig deeper then you will find that it is very comparable, or even cheaper than other solutions. For example, if you are looking for a one-gig next-generation firewall then you will start looking at the Palo Alto 850. If you compare the price of this to Fortinet, Worksense, Forcepoint, or Sophos, then you will see that they offer three or four gig performance at half the price. However, it is not true.

The reason for this is that not all of the security features are enabled. When you enable them, the performance degrades by more than ninety percent, and I have seen this happen in many different scenarios. This means that for the Palo Alto 1GB, it actually means 1GB with all of the functionality enabled. For the other vendors, you will never see their datasheet with all of the functionality enabled for a real environment with real traffic. It is based on lab traffic. Because the reality is that the performance of Palo Alto is better, it means that the price is better. When you compare models using real performance, and you do the calculation, you will see that Palo Alto is very comparable.

We have worked with many, many vendors, and this is the most mature next-generation firewall in the market. The performance of Palo Alto is very predictable, unlike other vendors who are faking their datasheet in terms of high-performance numbers that are unrelated to a real network, or real traffic.

Palo Alto provides numbers that reflect what is happening when all of the security functions are enabled, whereas other vendors do not show their performance will all of the functionality enabled. In reality, they are better than others. At the end of the day you are buying a security device, and you don't want to turn off any of the functionality to enhance your performance. Palo Alto is designed from day zero for performance and security.

This is the most mature next-generation firewall in the market and a solution that I strongly recommend.

The biggest lesson that I have learned from this solution is not to trust internet users. Whether it is regular users or employees, they do not like to be detected. They keep trying to work around the policies using different applications and peer-to-peer functionality. I have learned this because Palo Alto has full visibility to all types of traffic, and we're able to catch these scenarios and put security policies int place.

Palo Alto has done a lot towards closing gaps in security. Cloud security is not their only focus. It is concerned with the flows between VMs, storage, and containers. They are concerned with PCI requirements and compliance. They have also launched Cortex Analytics to help close gaps further. They are in a very good position to lead the future.

At the end of the day, everything is relative, and I would rate this solution a ten out of ten compared to other products. However, there is room for improvement.

Overall, I would rate this solution a nine out of ten.

We are a cybersecurity business, so we are a Palo Alto reseller and integrator. We also use Palo Alto to run our firewalls in our own environment. 

It's really the central management component that helps us. From a configuration point of view, when we are implementing it for large organizations where the customer owns a hundred firewalls, it's just easy to manage them all at one central location. I think that's probably one of the best features from a visibility component.

Price is probably one of the biggest things that we struggle with, specifically with Palo, and that's across their whole portfolio. Also, the tech support could be better.

I have been working with this solution for about five years.

The solution is very stable.

The solution is easy to scale.

On a scale of one to five, I would rate the technical support as a four. 

Positive

The setup process is simple and straightforward. 

If I were to rate the pricing of Palo on a scale of one to five, with one being really high and five being a good, reasonable price, I would rate Palo as a three.

We generally compare Palo Alto with the offerings from Check Point because they both seem to have the majority of the market share here in my region.
From a stability point of view, I think Panorama is better. Check Point is struggling with their current software releases along those lines, and Panorama is very good at releasing new features along those lines. Palo is a lot faster than a lot of the competitors on the market.

I would rate Panorama as an eight out of ten.

We primarily use it for firewall monitoring, reviews, and policy-level monitoring.

Threat prevention and traffic monitoring are the most valuable features for us. We use them the most.

There is room for improvement in response time for tech support.

I have been using this solution for three years. 

The stability is good, so I would rate it around nine.

I would rate the scalability an eight out of ten. 

The customer service and support team is okay because the response time depends on the case. For example, it can take a lot of time if they don't have a readily available solution.

If compared with Cisco, I find Panorama is better and easier to use.

Our technical team did the setup for us.

Overall, I would rate the solution a seven out of ten. 

We use Panorama in order to centrally manage our firewall.

Basically, in my firewalls, I usually create new signatures and deploy them for each endpoint firewall in each region. It's great for creating signatures and activating activities.

It's pretty user-friendly. The user interface is good. 

The product has been stable. 

It's not part of my role to connect other devices to Panorama, so I don't know how the integration works. I maybe need a better understanding of how the policies of the signature work. For example, what does it mean to exclude an IP, and what are the policy rules and priorities? I need more knowledge about the signature policy and priorities.

Instead of searching their knowledge base in their website, maybe they can interact with us in the user interface to explain things better. If they had pop-ups to help guide us, we might get fewer failures along the way. Small notifications would be quite helpful. 

I've been working with the solution for one year. 

It is very stable, from my experience, at least. There are no bugs or glitches. It doesn't crash or freeze. It is reliable. I'd rate it an eight or nine out of ten in terms of stability.

I don't deal with scaling the solution. I am not sure what is possible. 

We have about five to ten users on the solution right now. 

I had some interactions with the technical support of Palo Alto.

They have been pretty good overall. We are mostly satisfied. 

Positive

We are using Aqua Sec. 

I did not handle the initial setup process. I can't speak to how it went. 

Our technical team manages the initial implementation process. 

In my experience in general, Palo Alto is very expensive.

We tested Palo Alto solution for Kubernetes, and the Aqua Sec and Aqua Sec was much cheaper than Palo Alto. If Palo Alto were less expensive like them, maybe we would've chosen them over Aqua Sec.

I've never compared the solution to other options. The company uses it and therefore I do too. 

We are working with version ten or somewhere around that. I am not sure of the exact version. 

I'm an end-user and I am non-technical. 

I'd rate the solution eight out of ten. 

Palo Alto Networks Panorama has improved the way my company works, which is why my company uses it.

What I like about Palo Alto Networks Panorama is that it's stable and setting it up isn't complex.

My company's getting whatever it needs from Palo Alto Networks Panorama, but in the cloud, there's an issue with CPU management, and that's an area for improvement. Though the normal data traffic doesn't go through the management interface, whenever there's an increase in the throughput, CPU management becomes high. If you increase the load, CPU management spikes, and it's what needs to be taken care of in Palo Alto Networks Panorama.

I've been using Palo Alto Networks Panorama for the past four years.

Palo Alto Networks Panorama has good stability. I didn't see any instability from it, though at times, the CPU goes high in terms of usage, and that's what you need to take care of.

Palo Alto Networks Panorama is a scalable solution.

Technical support for Palo Alto Networks Panorama, in my experience, was initially good, but now the wait time is longer. My company has a dedicated account manager, so it gets support, but in general, the response time is longer.

The initial setup for Palo Alto Networks Panorama was straightforward. I didn't see any complexity. It was a normal firewall configuration. I haven't done any new deployment of Palo Alto Networks Panorama, but in the cloud environment, it didn't take much time for me, and you can complete a setup within one to two hours.

We implemented Palo Alto Networks Panorama through a vendor team by Palo Alto, specifically for the on-premises deployment, to migrate from Check Point to Palo Alto Networks Panorama, but in the cloud environment, as it is a VM, we did it ourselves.

Palo Alto Networks Panorama is deployed everywhere, particularly in the public cloud and on-premises as well.

My company is just a customer of Palo Alto Networks Panorama, but because it's a big company, it has a dedicated account manager in Palo Alto.

My company uses the solution extensively. There are more than six Panoramas. Forty to fifty firewalls are managed currently through Palo Alto Networks Panorama.

I'm rating Palo Alto Networks Panorama nine out of ten. It's a good solution. What would make my rating a ten is if the CPU management spike issue was addressed and if the delayed response of technical support was addressed as well. A few years ago, the response time from support was immediate, but now, there's a delay with the response, even though my company has a dedicated account manager from Palo Alto Networks Panorama, and this makes you think about a midsized company with no account manager in terms of how much time it gets a response from Palo Alto support.

Our firewall uses IPS and other features. We have some firewall rules using the IPS feature. For the VPN users using the MFA authentication protocol, we are using the SAML protocol.

The application ID or App-ID feature is a good feature for us. We are also using IPS and content inspection features. The firewall can inspect the packages that are passing through my network.

It should have more connection with Threat Intelligence Cloud. They can also include features related to SecOps and automation API.

I have been using Palo Alto Networks Panorama for two years. 

It is awesome in terms of stability.

In terms of scalability, it is complicated because you have to scale up. Its scalability could be better. It would be great if you could scale out by integrating another node, and you are good to go. 

Currently, you have to buy new hardware with more power in terms of CPU and memory. You cannot simply increase the nodes in a cluster. In the last five months, we had to acquire new hardware because we are facing some higher usage in the Palo Alto hardware. We have about 15,000 users.

They provide good support. I would rate them an eight out of ten. 

They can increase the SOA time. When dealing with your case, sometimes, they take time. In the queue, you need to pass through one analyst and then go to the next level, which takes some time.

It was quite straightforward. In terms of technology, it was okay. As our environment is quite complicated, we had to deal with several phases of the implementation because we don't have only one appliance installed. We have implemented four Palo Altos. That's why it took some time, but it was just because of the complexity of our environment, not because of the solution itself. The whole project took one year.

We did some POCs to understand this solution. We had a lot of discussions in terms of the best way to implement this solution in our environment. It took the effort that this kind of solution normally takes.

It is not a cheap solution.

I would advise studying and understanding the best factors for implementing Palo Alto Networks Panorama and creating a roadmap to use all the features because it is not a cheap solution. Understand the possible ways to implement Palo Alto Networks Panorama and create a roadmap that implements all the features.

Palo Alto is constantly improving its solutions. They have been doing a great job and putting a great effort into their products. I would rate Palo Alto Networks Panorama a nine out of ten. We are satisfied with the solution.

My obligations consist of overseeing cyber threat intelligence, threat defense operation, digital forensic incident response, and data loss prevention. So in the context of endpoint solutions, my position pertains mainly to the DLP (data loss prevention) function.  

Cisco AMP (Advanced Malware Protection) plays a significant role in our perimeter strategy for protecting the infrastructure. I work primarily with making sure that we have indicators of compromise in Cisco AMP. I am not on the network engineering or network operations side of things. I am mainly a consumer of services from those particular groups.  

We use Snort rules (open source network intrusion detection system [NIDS]). We use Yara rules (Yet Another Recursive/Ridiculous Acronym, rules for malware identification). We have Palo Alto IPSs (Intrusion Prevention Systems).  

Our use cases are primarily perimeter-based for runtime malware defense.  

The most valuable features are the management features like the ACL (Access Control List) management. These give us the capacity to make effective use of the capabilities of the product.   

Pricing is always something that consumers hope will be addressed in their favor. I think that some method of allowing for more customization and open integration with other controls within the enterprise is something that we want to have. We want to be able to have more orchestration of disparate parts.  

I think the features that most of the features that I would like to see are currently being implemented. Behavioral heuristic analysis of connections, for example. That is something that I know is being done now.  

We have been using Networks Panorama for a couple of years now.  

The stability is good. If you consider the size of our organization and the number of users that can verge on being impressive.  

I have good impressions of the scalability of this solution. We have not really had any issue scaling the usage.  

The tech support is actually pretty good. In general, they address issues in a timely manner with reasonable responses.  

My team has not previously used any different solutions in this company, but I have definitely, in the past, used other solutions. It is really necessary for the evaluation of product capabilities.  

The installation was straightforward in a complex environment. That means that we could have had far more issues were the product not well-designed from an installation standpoint. We are a big organization. Deployment can be a matter of weeks or it could be a matter of months depending on what jurisdiction the installation happens to be in.  

We have various partners and consultants that we work with in addition to having expensive competencies in-house. We do not often have a reason to go beyond the network of expertise that we have established.  

My advice to anyone considering Networks Panorama is to thoroughly research the competitive landscape. Do your Gartner research. Make sure you develop a set of requirements — a feature matrix that you can use to compare your requirements with the functionality offered by the various solutions under consideration. There are a lot of solutions out there and the goal would be to pick the one that best fits your situation rather than just one that someone recommends.  

On a scale of one to ten (where one is the worst and ten is the best), I would rate this product as an eight-of-ten considering the knowledge and insight I have into it now.