Palo Alto Networks URL Filtering with PAN-DB Reviews

We require a firewall to deploy URL filtering or to enforce this URL filtering solution to our users. It is actually cloud-based, deployed on a cloud, and is URL Filtering as a service, which requires a firewall. The firewall, therefore, will then enforce the URL filtering options on my users' traffic.

We are using this for preventing the user's access to malicious websites, or access to inappropriate adult websites or porn websites or even the P2P tunnels or tunnels or domains they should not access. This is our main priority and main use case.

The URL filtering is excellent. It ensures our users can't access certain sites. 

The multiple categorizations of URLs are quite helpful. For example, if a URL is, a social media website, such as facebook.com, it can be classified at a certain risk level - from high to low.  

The solution offers credential phishing, which is a helpful feature. 

The initial setup is easy.

The solution scales well, according to the firewall.

The stability is very good.

Everything that is available with the firewall is provided to the user.

It would be ideal if this solution could be a separate product rather than have to have it deploy through a firewall. If it was a separate product, many of our customers would be happier as most just require a URL filtering option. They do not require a firewall. They do not require any threat prevention or anything. 

If it was a separate product, we could deploy it to branch offices or any of our customer locations in which different firewalls are being used. 

The solution is a bit expensive.

We've been using the solution for more than three years at this point.

The stability is excellent. We've never had to raise any technical issues. There have been no bugs or glitches. It doesn't crash or freeze. 

The scalability depends on the firewall. The URL Filtering does not have any limitations. For example, any number of firewalls is supported. It is not dependent on that. It is just dependent on the firewall. Therefore, if a firewall supports 1,000 users, then it will provide support for protection for 1,000 users as well.

We have 700 users on the solution currently.

We do not plan to increase usage at this time.

We have never had a technical call raised to customer care or the tech team or anyone to resolve the URL Filtering issues. It's been so reliable we haven't really dealt so much with technical support. Any local issues have been small and have been handled by our internal team.

The initial setup is not complex. It's easy and pretty straightforward. There are no configuration options. You use it as it is. A company shouldn't have any issues with it. 

We pay a yearly licensing fee.

It's a bit expensive if I were to rate it from one to five, with one being the cheapest, I'd rate it at a four. That said, I would argue that it is worth the price.

We're Palo Alto partners.

There isn't an exact version number associated with the product. It's a SaaS.

I'd recommend the solution to other users and companies.

I'd rate the product at a ten out of ten.

We use the solution to filter URLs.

The tool blocks URLs.

Support needs to be enhanced.

I have been using Palo Alto Networks URL Filtering with PAN-DB as a partner for six to seven years.

The solution is scalable but limited by the firewall's throughput. The URL filtering can scale effectively to meet the demands of the network, provided that the PAN-DB service is configured correctly and maintained.

Negative

The solution is pretty simple to set up. Configuring PAN-DB with a firewall can involve more than other vendors, especially for single-site deployment. Depending on the project's scope and desired features, it could take one person around two to three days

The solution is based on a subscription for the firewall. The subscriptions and the hardware have more than quadrupled in the last three years. They are pricing themselves out of the K-12 markets.

PAN-DB allows you to set it to auto-update on a schedule. It categorizes newly created sites and recognized sites. If a site becomes infected, it can be moved to another category. This helps block harmful sites and effectively manage new sites. Regular auto-updates are essential for maintaining its effectiveness.

With PAN-DB, it's more about user identification for filtering based on user categories. In K-12 environments where Chromebooks are prevalent, obtaining user IDs from Chromebooks for firewall purposes is challenging. Therefore, setting URL filters based on student names or groups they belong to can be difficult when using Chromebooks

In most cases, organizations maintain their Palo Alto Networks URL Filtering with PAN-DB themselves. Schools are responsible for managing them. Our role is more like a support tier. If they encounter issues, we assist them and collaborate with our Palo Alto representatives to create and escalate tickets for resolution with the Palo Alto Networks team. Typically, it requires just one person to maintain the solution.

You can go to the Palo Alto Networks URL Filtering site and request a site to be recategorized. I have not seen a whole lot of false positives.

Overall, I rate the solution a nine out of ten.

We operate in the automotive industry. Internally we work with computing and networking equipment, concentrated on collecting, storing, processing, and distributing enormous amounts of data. Our company deploys this solution for internal web security purposes.

The Palo Alto solution has improved our organization by providing threat protection across a variety of internet connections. Our company also gets valuable insights regarding threat analysis.

One way Palo Alto can improve is by offering sandboxing. I don't know if they currently offer a sandboxing feature together with the firewall or not. They should provide secure sandboxing with the firewalls.

The stability of the solution is good.

The initial setup and configuration was straight-forward.

The solution was deployed by a small team of about five people in our facility. Their roles included end users, application developers, and system administrators, etc.

I would say it will take another three to four years to realize any significant returns on our investment.

I would recommend using this solution as an enterprise-class security, including a firewall and protection for Microsoft Edge. This solution can also be used as a data center or file storage tool for workloads (small or large).

I would rate this tool as a 7 out of 10.

Our primary use case of this solution is for both internal and external firewalls.

It's allowed us to have better visibility and protection from threats.

• Next generation rule set 
• Much more granular

Performance monitoring could use improvement. 

It's incredibly stable. 

Their technical support is very good. 

We were previously using Fortinet Fortigate.

The initial setup was very straightforward. The deployment took five minutes. Our implementation strategy was to build everything out using existing data. 

We implemented with ANM. They were good. 

Pricing and licensing are excellent.

We also looked at Cisco Firepower.

Demo this first and then other competitors and you'll quickly see what's the right fit and which is the superior product. 

I would rate this solution a ten out of ten. 

We are not using it for the general population, just for a select group of users in an isolated subnet. We are using it primarily as a whitelist with little reliance on the PAN-DB.

I cannot say that PAN-DB has provided any significant improvements, since we are using it primarily as a white list.

Being able to manage blacklists and whitelists easily is very useful, especially for internal access and limiting outbound access.

The biggest improvement is the categories per site. For hosting sites like Blogspot, they host sites that should be in different categories, but get lumped together in general. There needs to be more granularity or multiple categorizations.