Palo Alto Networks VM-Series Reviews

The primary use case for the Palo Alto Networks VM-Series is real-time inspection for vendor security.

We have been using Palo Alto Networks VM-Series for three years.

I rate the stability a ten out of ten.

The product has good scalability. We have small to enterprise businesses as our clients for it.

As per premium support licenses, we received 24/7 support services. Apart from that, they join the calls quickly to resolve the issues for distributors' performance.

Positive

The initial setup is easy. We managed and configured it with the help of existing management tools and courses. We deployed it on the cloud and on-premises.

The deployment time depends on specific business requirements and bandwidth. It takes around one to two weeks to migrate and configure for large organizations. For small organizations, it takes one or two days to complete.

The product is costly but provides all essential security features. I rate the pricing a seven out of ten.

VM-Series enhances the security of our virtualized infrastructure. It ensures that every interaction, pre and post-loan processing, undergoes a thorough inspection, leveraging VPN features and comprehensive security protocols. It reviews the data for encryption and decryption before sending it to the server.

By applying Palo Alto's robust security measures, we enhanced the overall security posture of the cloud development process. Generally, it is challenging to scale hardware while increasing the bandwidth. When it comes to VM-Series, it is more scalable than other firewalls.

Certainly, the prevention capabilities can have an impact on bandwidth. Without the imposition of security profiles, the bandwidth can operate at its full capacity, reaching up to 100 Gbps. However, upon introducing security profiles, there may be a slight decrease in bandwidth due to the utilization of a software control plan and software data plan. The data plan involves a parallel processing mechanism, incorporating multi-scan and multi-action functions. While this may introduce a minimal latency, it efficiently prevents threats with lesser bandwidth. The operation efficiency is enhanced after the deployed VM-Series. We can easily fetch all licensing details, including serial numbers.

I rate it a nine out of ten.

We use this product to secure our entire network, for ZTNA structure, and for VPN purposes, allowing access to our servers behind the firewall.

Using this product has increased our security and has given us much better results in terms of security scans.

Palo Alto embeds machine learning into the core of the firewall to provide online real-time attack prevention, and I would rate that capability an 8 out of 10. It's definitely effective in terms of securing our network against threats that are able to evolve and morph rapidly.

This solution provides a unified platform that natively integrates all of the security capabilities, although we are not using parts of it. For example, we don't use the configuration tools like Panorama.

The most valuable feature is the CLI.

We have the firewall configured for zero-day signatures, which is very important to us. We must be HIPAA and PCI compliant, which means that we need those signatures immediately.

There is no noticeable trade-off between security and network performance. In fact, so far, we've not seen any negative network performance with it. We're very impressed in that regard.

The web interface is still slow, even after recent improvements. 

I have been working with the Palo Alto Networks VM-Series for three years.

This product is very stable. We have had zero problems with stability.

The scalability is fantastic. We're using the lowest-end product right now, and I don't foresee when we'll have to upgrade. We've got a long way where we can continue to scale up.

We currently have multiple people that use it for VPN purposes, to access our servers behind the firewall. It is not used nearly as extensively as it should be. However, next year, we're going to start flowing all of our internet traffic through it.

We're all working remotely, and we're going to be connecting through the firewall. This means that our traffic is going to greatly increase, meaning that our usage will also increase. We'll also be using many more of the features.

The technical support from Palo Alto is good, overall. However, their response times could be a little quicker.

We have not really had any big complaints with the technical support and I would rate them a seven out of ten.

Neutral

Prior to using Palo Alto, we were using an on-premises solution by Juniper. When we switched from onsite to the cloud, we changed products.

We made the switch because Juniper became unbearable regarding complexity and performance. It was getting very bad; we couldn't manage it well, and the performance was quite poor. 

The initial setup is quite complex. There is a steep learning curve and we failed at it a couple of times.

Our final deployment took between three and four hours.

Our in-house team was responsible for the deployment.

We have absolutely seen a return on our investment. We are definitely more secure. With the features that are in Palo Alto, we do not have to worry about people busting into our network. Even just out of the box, with the base features, it's really solid. The default configurations are very secure.

Our return on investment comes from the fact that we're not having to spend hours monitoring stuff the way we did before. We've saved man hours and we've saved stress. I can't put a monetary value to that, but that would be the return.

This is not the cheapest firewall but it's not the most expensive of the options on the market.

There's a new licensing structure coming in that we're really trying to understand, so I would suggest studying up on it. I recommend getting a partner involved for purchasing the product.

Beyond Palo Alto, we evaluated two or three other products. Two of them that I can recall are Fortinet and the Microsoft Azure Firewall.

We did some extensive reviews and some extensive testing and what we found is that for the price, Palo Alto gave us the best options. It had the best set of security features. It wasn't the cheapest product but it was the best solution that fit our requirements.

We have not yet implemented the DNS security features. However, we will likely be doing so next year.

If one of my colleagues at another company were to say that they were just looking for the cheapest and fastest firewall, I would suggest that they be careful. Palo Alto has a great balance. It's not super expensive compared to other options on the market, and it's quite quick when it comes to throughput and performance.

In summary, this is a good product but I do suggest that people shop around a little bit.

I would rate this solution an eight out of ten.

It is deployed on the Azure cloud to inspect the outbound traffic, but in the near future we will be working to inspect inbound and Azure Express Route traffic as well.

With Palo Alto VM-Series, we are capable through a single point of management and visualization both in infrastructure and on premises and in the cloud. This allows us to improve the speed to create new rules, speed up the resolution of problems, having a holistic vision of our firewall infrastructure.

Its security features, i.e. antimalware, threat prevention, URL Filtering, VPN, antivirus are the most valuable. The ID-User integrated with AD and 2FA feature is also very useful to provide access to servers and some users in the company. 

It can be improved in areas such as DevOps and quality assurance. The installation rules deployment process we also improved when we deployed these firewalls. In terms of new features, for simplicity reasons, it is faster, because as I mentioned above we can reused the same rules and the same objects from the local PAN that has a Panorama such as the single point of supervision.

We are looking for ways to integrate with other cloud in the future. For this, we will require a more secure integration and encrypted connections with other companies. 

I have been using this brand for more than ten years in on premises (appliances). Now, we are expanding this features to our Azure tenant with PAN VM-Series + Panorama.

It is stable and robust solution. Through Panorama manager, we can scale up automatically if the demand increase. At the moment, we do not have any problems with its stability.

We currently don't have many end-users of this solution. It is being used mostly for servers. We have around 100 servers. In the future, we plan to have more users. Our company has around 10,000 people.

PAN provides good support in general through its partners in Chile

No, the same brand is deployed, but in this case the change was a high availability architecture under Azure VM Scale Set mode.

We had some complexity because we had no experience in implementing it in the cloud, but with the support of the partner and the endorsement of the brand it was solved quickly. It took us a couple of weeks to implement it, and then we started testing. (traffic stress, fault escenarios, scale up, vulnerability assessment, etc.)

We took the professional services of a PAN partner or reseller in Chile. We had a good experience with them. They provide good support and have a qualified team working in security, together with the internal team of our company.

Its cost is $75.000. This is the total cost, and it includes the license, implementation fee, and support for two years.

We also evaluated Check Point, Fortinet, and Azure Firewall. We needed a single point to manage the on-premises firewall and cloud firewall. Our focus was simplicity without losing the security.

Fortinet is growing in the industry. Many companies in Chile are adopting this brand. Our company has not yet adopted this solution.  Our maintenance teams don't know this technology, which would have been a problem.

Check Point is a good brand. Their product is robust, but we found an issue in using their firewall manager with the hybrid architecture like ours, where we have both on-premises and on-cloud deployments.

Both are also a leader in Gartner Quadrant and Forrester together with Palo Alto.

Azure Firewall needs to improve.

Good support from the brand and local partner in Chile.

Azure Firewall is a cloud-native solution. It's only for netting and simple source-destination blocking. The client wanted everything, so they wanted us to implement a third-party solution. Palo Alto was the leading solution. It's easy to install. 

Palo Alto is dynamic regarding protocol rules, and it is classless. The client also wanted a third-party solution between their on-premise environment and Azure, so they went for Palo Alto. Palo Alto VM-Series is deployed on the Azure Cloud.

We previously had a hardware solution. With VM-Series, you don't need to purchase the hardware. You can deploy it in the cloud, or they have a PaaS, SaaS, and IaaS version. You connect your network to their cloud and get the traffic filtered. 

The most valuable feature is the proxy write. It's called the Write Fill process. It's in a bundle of everything. Palo Alto has everything, including CAD management, malware protection, and a file management system. There is a bundle of packages. This is not in the latest edition of Azure Firewall.

The VM-Series reports how much bandwidth a particular IP is using. You don't need to regularly log into a website, like a Cisco command, to see what kind of ACL it's getting. There isn't an ACL use portal event. You can go there and see how much my ACL has been getting me.

It automatically tells what rules are in place, like scheduled and additional rules. You don't need to create new rules every time. It will automatically tell you that this rule exists. 

Palo Alto's next-generation firewall is classless, and it's a bundle of everything, including malware management, bandwidth utilization, and how much each IP is costing you. It offers bandwidth utilization, DDoS protection, a next-generation firewall, and everything I need in one bundle.

You can integrate fully automated virtual firewall deployments and provisioning into existing DevOps workflows if you are a good developer. Palo Alto offers help for it, but you should have developer knowledge.

It's easy to migrate workloads to the cloud. They expose the API also. In two days, I can implement two firewalls in different regions. It's flexible. That is a feature of Azure and Palo Alto. This kind of integration is why I am able to do the migration in two days.

There's room for improvement in terms of integration with the load balancer. It isn't like Fortinet, which has a load balancer built into its firewall. It is effortless to integrate within the load balancer-plus-firewall solution. 

Palo Alto doesn't have much ability to load balance, so you must purchase a third-party load balancer. It would be great if they did these kinds of changes to integrate the solution with the load balancer.

I have used Palo Alto VM-Series for one year.

VM-Series is highly stable. One of our clients has been using it for one year, and we've been using it for a year and a half. There were some bugs initially, but in the past two years, it has gotten more stable. 

I give VM-Series six out of 10 for the scalability. It's one area where they need to improve. Scaling up requires a lot of effort because it's cloud infrastructure. You need to change a lot of settings and ask them to customize before it starts working. 

There are still some issues after a customer has customized the solution. Scalability is something they are working on. I am hoping that we'll see some decent scalability within a year and a half. 

I rate Palo Alto support nine out of 10. Palo Alto technical support is excellent. When you raise a ticket, you get a support call in 10 minutes. They will contact you by phone and follow up on WhatsApp to see if the issue hasn't been resolved. 

Positive

Setting up VM-Series is completely straightforward. You have to download the VM, and there is a free interface for internal and external management. You configure the interface and the root table within Azure, then the device is good to go. Lastly, you need to activate your license, and Palo Alto is integrated into Azure.

We had to purchase the license from the vendor and download the VMs from the Cloud market. You can download VM-Series from the Azure marketplace, it is a simple process. You configure everything in the management interface. Once that's done, you configure the access list so that others cannot access it from anywhere. 

After you purchase the license, you have to put the license in Azure VM. There's a similar license you have to implement in the Palo Alto portal. Your Palo Alto is ready to use once that goes through. It took us one week to deploy. An issue came up, and we had to raise a ticket, so it took seven days to complete the implementation within Azure Cloud. One person is enough to deploy it. I deployed two firewalls within seven days, so I didn't need anyone's help. One or two people are enough to manage it.

The price is fair enough. The most expensive is Cisco, followed by Fortinet, then Palo Alto. Palo Alto is very much within the range. We use Software Next-Generation Firewall Credits for licensing and consuming VM-Series. They have a cloud solution using their portal. You can go in and put it through the license.

We can't use the credits on the fly. It is not possible because they acquire new CPU RAMs. We cannot change this on the fly. It will take one day of downtime. It is not easy. This is planned downtime. You have to plan for it outside of business hours. If you do the downtime during the business day, you can't do anything. 

The Software Next-Generation Firewall Credits enable us to protect ourselves without going through a long procurement cycle. The licensing part plus implementation is very easy. You just create the firewall, and it can do everything.

I rate Palo Alto Networks VM-Series eight out of 10. Palo Alto is easy to use, and the price is fair compared to the other solutions on the market. I recommend Palo Alto, but you should also consider the other solutions out there. Some solutions have lots of bugs like FirePOWER. Also, the price for FirePOWER is quite high. That is not the case with Palo Alto. It has fewer bugs, requires minimum effort, and the price is fair. Everything is accessible within the same portal.

We use the solution for inter-VPC traffic segmentation and inspection. I also use it for external interfaces.

The product gives us the ability to do malware detection and file inspection.

The tool provides ease of use for GUI management and deployment. The product provides more visibility into our traffic. It also helps with troubleshooting a bit of high-level next-generation platforms. The auto-update feature of App-ID is valuable. Traffic monitoring, threat monitoring, and dashboards are the most impactful for our network security.

Having visibility and alerts and being able to react to them is valuable. The integration of VM-Series with cloud services has helped us a lot to streamline our security operations. The solution has ease of use. The web interface and the traffic monitoring are more centralized.

The cost must be improved. The tool is very costly.

I have been using the solution for more than five years.

I rate the tool’s stability a nine or ten out of ten.

I rate the tool’s scalability an eight or nine out of ten.

The technical support is really good. I rate the technical support a nine or ten out of ten.

We deploy AWS VPC as a virtual appliance, as a security VPC. The initial deployment was moderately easy. It is not complex, though.

I have used Juniper. Palo Alto’s next-generation features are better than Juniper’s.

The cloud service providers are also coming up with similar features. It can get really competitive for Palo Alto. People who want to use the solution must engage the system engineer for the deployment, vetting process, and initial implementation. Overall, I rate the product a nine to ten out of ten.

The main concern is VPN. If you're using Azure Firewall, you still need a VPN gateway to terminate your VPN connection. Azure Firewall doesn't remove the need for another VPN gateway, especially for point-to-site VPN. So you have to use another VPN appliance. With Palo Alto and FortiGate, for example, you can have an all-in-one solution. The VPN gateway and all the other features are available.

Palo Alto Networks VM-Series has everything centralized. You have the VPN solution, firewall, routing, UDR, flexibility, updates, and full visibility of your traffic. You can also perform log debugging. It provides all the things that Azure's firewall doesn't offer. Plus, you have full ownership of your device.

Firstly, Palo Alto should update their documentation to make it more readable and provide easier-to-follow instructions through videos. This would help people learn and deploy the product more easily. Even if the product itself is excellent, lacking proper documentation and troubleshooting guidance renders it less useful. It won't be helpful even if it's rock solid but lacks sufficient information and tutorials.

I've been using Palo Alto as a VM for about three months. I use the latest version.

It is a stable solution. I would rate the stability a ten out of ten.

It is a scalable solution. We have more than 20 entities using this solution. 

Customer service and support are great. The response time is good. My experience with them was very good. 

I used Azure Firewall for a while, but then I removed it and installed Palo Alto.

The setup requires professional people to work on it. It's not straightforward. Knowledge is needed to adapt it to your platform. 

So, it's not an entry-level solution; it requires professional and expert-level skills.

I deployed the solution myself. The deployment process took about three to four days. It depends on your production environment because I had to migrate production.

Only one person is required for deployment and maintenance. 

I can't make a suggestion because it depends on the specific needs they have. They can consider using the entry-level version or opt for the expert lab, depending on their workload.

Overall, I would rate the solution a nine out of ten. 

For this VM in particular, it is microsegmentation which is used for implementing the firewall inside the data center.

When talking about the VM or the virtual firewall, it is mostly about the sessioncapacities that it can handle. In the early version of the firewall, the session or traffic that it could inspect was low. 

In quite a few releases, they have improved a lot. They started with the physical firewall, therefore it is almost virtually the same firewall with the same features, only that it is a virtual one. The main improvements that they have made are surrounding the processing capacity for the virtual machines.

The granularity which is used to confirm applications based in users. 

When you have VMware NSX, it is easy to deploy this virtual firewall because it is fully integrated with the VM solution. If I want to segment any type of network inside the data center, it is about two or three clicks, and it works.

The reporting. There are various reports that come with the box or with VMware, but you can only run them daily. If you want to generate a report from this week or the past month, you have to create a custom report. It is not that difficult, but I expect these reports to be pre-made. I would like to be able to choose the dates that I can run the reports. As of now, you can only run it for the day before, so this is one improvement they need to make. 

From time to time, maybe twice a year, they have released content updates which have some issues. When they release content updates, the applications with these updates give us a false positives. I manage older software developers and members, and almost everyone has one or two missteps a year regarding these updates.

The Series 2000 version of Palo Alto were somewhat big for small or medium customers. They did not have a middle box. 

In the newer version (3850s), all of them are scalable. They fit better into medium or small businesses, so it is easy for us. E.g, if we have a VMware 500 appliance, we can upgrade it to a 100. They have improved in this way.

The technical support is extremely good. They are a 10 out of 10, not only because of their fast response time, but their knowledgeable personnel as well. They have knowledge regarding very specific issues. 

When we finish creating tickets in the support portal, there are a lot of knowledge-based documents. They answer almost immediately, calling you back about 10 minutes later. When creating a support ticket, I always get a quick answer.

I was using Cisco, but I was using the old Cisco. The firewall was the only working protocol. The Palo Alto Network Firewall is a Next-Generation Firewall, so it is a lot different. 

This is the first and only Next-Generation Firewall that I have used. I have put in several Sophos Firewalls, but they are not the same as Palo Alto.

You will need to know what are you doing with the firewall. 

It's different than Sophos or Fortinet where you only need to click two or three times, and it puts you in engaged mode in the simplest way. 

With Palo Alto, you need to know where you are going to be implementing and what architectures you want. It is not complicated, but it is not as easy as Sophos or Fortinet, because when you start with these two firewalls, the quick setup wizard chooses for you and it automatically creates for you network rules.

With Palo Alto, you need to do all those steps manually, but it is somewhat better because it gives you the flexibility to choose how you want your network set up and how you are going to segment the networks.

I know Palo Alto is not cheap because my finance team has been telling me that it is not a cheap solution. It is about the maturity of your security team or infrastructure team and whom you want to work with no matter how big your organization is: small, medium, or large.

The newest version of Cisco, the Next-Generation Firewall, is less expensive than Palo Alto. The price is more comparable to Check Point.

For licensing, it depends how you want to use the firewall. The firewall can be used only for IPS purposes. If you only want that firewall IPS, you will only need a license called threat prevention which includes vulnerabilities, antivirus signatures, and one additional measure; it includes three measures and security updates. 

If you do not want to buy the threat prevention license in the box, you can buy it with only the support license which is for the support of the hardware. It works like a simple firewall. It integrates what it calls user IDs and application IDs. If you do not buy any other license, only the firewall, Palo Alto will also help you improve your security.

We evaluated VanGuard for their Next-Generation Firewall.

We chose between Check Point and Palo Alto for their support teams. Check Point is very bad for support. We switched from Check Point to Palo Alto.

If you do not have a Next-Generation Firewall, Palo Alto is a good choice. It is reliable and the support is very good. The VMware version is in all the boxes and they use the same OS, so it is not different if you manage a physical box or a virtual box. The only difference is the virtual box depends on where it will be placed, and its main usage is for microsegmentation and data center firewalls.

The primary use case of this solution is as a firewall for our servers.

We are running a total of 12 servers. Four of them are hardware servers and the rest are VMware servers. We have about 80 clients running Windows 10.

The most valuable feature is the Posture Assessment.

From my understanding, we used to have the Sophos firewall and a nice feature that is missing in Palo Alto is the heartbeat that monitors each endpoint. It would be helpful if Palo Alto monitored the status of every endpoint. It could be that it was not set up correctly.

In the next release, I would like to see better integration between the endpoints and the firewalls.

I have been using Palo Alto for approximately 12 months.

The stability is good.

We haven't explored the scalability yet.

We have approximately 80 Windows 10 clients, and we have approximately 85 users in our organization.

Technical support is okay. It's the same across the board, you have good techs and you have bad techs.

At times, it's a little slow in getting back to us, but nothing out of the norm.

Prior to using Palo Alto, we used a Sophos firewall.

The initial setup was complex, but we were able to work through it.

I would rate this solution an eight out of ten.

We evaluated quite a few solutions before choosing Palo Alto Networks VM-Series.