Palo Alto Networks VM-Series Reviews

Azure Firewall is a cloud-native solution. It's only for netting and simple source-destination blocking. The client wanted everything, so they wanted us to implement a third-party solution. Palo Alto was the leading solution. It's easy to install. 

Palo Alto is dynamic regarding protocol rules, and it is classless. The client also wanted a third-party solution between their on-premise environment and Azure, so they went for Palo Alto. Palo Alto VM-Series is deployed on the Azure Cloud.

We previously had a hardware solution. With VM-Series, you don't need to purchase the hardware. You can deploy it in the cloud, or they have a PaaS, SaaS, and IaaS version. You connect your network to their cloud and get the traffic filtered. 

The most valuable feature is the proxy write. It's called the Write Fill process. It's in a bundle of everything. Palo Alto has everything, including CAD management, malware protection, and a file management system. There is a bundle of packages. This is not in the latest edition of Azure Firewall.

The VM-Series reports how much bandwidth a particular IP is using. You don't need to regularly log into a website, like a Cisco command, to see what kind of ACL it's getting. There isn't an ACL use portal event. You can go there and see how much my ACL has been getting me.

It automatically tells what rules are in place, like scheduled and additional rules. You don't need to create new rules every time. It will automatically tell you that this rule exists. 

Palo Alto's next-generation firewall is classless, and it's a bundle of everything, including malware management, bandwidth utilization, and how much each IP is costing you. It offers bandwidth utilization, DDoS protection, a next-generation firewall, and everything I need in one bundle.

You can integrate fully automated virtual firewall deployments and provisioning into existing DevOps workflows if you are a good developer. Palo Alto offers help for it, but you should have developer knowledge.

It's easy to migrate workloads to the cloud. They expose the API also. In two days, I can implement two firewalls in different regions. It's flexible. That is a feature of Azure and Palo Alto. This kind of integration is why I am able to do the migration in two days.

There's room for improvement in terms of integration with the load balancer. It isn't like Fortinet, which has a load balancer built into its firewall. It is effortless to integrate within the load balancer-plus-firewall solution. 

Palo Alto doesn't have much ability to load balance, so you must purchase a third-party load balancer. It would be great if they did these kinds of changes to integrate the solution with the load balancer.

I have used Palo Alto VM-Series for one year.

VM-Series is highly stable. One of our clients has been using it for one year, and we've been using it for a year and a half. There were some bugs initially, but in the past two years, it has gotten more stable. 

I give VM-Series six out of 10 for the scalability. It's one area where they need to improve. Scaling up requires a lot of effort because it's cloud infrastructure. You need to change a lot of settings and ask them to customize before it starts working. 

There are still some issues after a customer has customized the solution. Scalability is something they are working on. I am hoping that we'll see some decent scalability within a year and a half. 

I rate Palo Alto support nine out of 10. Palo Alto technical support is excellent. When you raise a ticket, you get a support call in 10 minutes. They will contact you by phone and follow up on WhatsApp to see if the issue hasn't been resolved. 

Positive

Setting up VM-Series is completely straightforward. You have to download the VM, and there is a free interface for internal and external management. You configure the interface and the root table within Azure, then the device is good to go. Lastly, you need to activate your license, and Palo Alto is integrated into Azure.

We had to purchase the license from the vendor and download the VMs from the Cloud market. You can download VM-Series from the Azure marketplace, it is a simple process. You configure everything in the management interface. Once that's done, you configure the access list so that others cannot access it from anywhere. 

After you purchase the license, you have to put the license in Azure VM. There's a similar license you have to implement in the Palo Alto portal. Your Palo Alto is ready to use once that goes through. It took us one week to deploy. An issue came up, and we had to raise a ticket, so it took seven days to complete the implementation within Azure Cloud. One person is enough to deploy it. I deployed two firewalls within seven days, so I didn't need anyone's help. One or two people are enough to manage it.

The price is fair enough. The most expensive is Cisco, followed by Fortinet, then Palo Alto. Palo Alto is very much within the range. We use Software Next-Generation Firewall Credits for licensing and consuming VM-Series. They have a cloud solution using their portal. You can go in and put it through the license.

We can't use the credits on the fly. It is not possible because they acquire new CPU RAMs. We cannot change this on the fly. It will take one day of downtime. It is not easy. This is planned downtime. You have to plan for it outside of business hours. If you do the downtime during the business day, you can't do anything. 

The Software Next-Generation Firewall Credits enable us to protect ourselves without going through a long procurement cycle. The licensing part plus implementation is very easy. You just create the firewall, and it can do everything.

I rate Palo Alto Networks VM-Series eight out of 10. Palo Alto is easy to use, and the price is fair compared to the other solutions on the market. I recommend Palo Alto, but you should also consider the other solutions out there. Some solutions have lots of bugs like FirePOWER. Also, the price for FirePOWER is quite high. That is not the case with Palo Alto. It has fewer bugs, requires minimum effort, and the price is fair. Everything is accessible within the same portal.

We are using it on Azure Cloud for our internal systems, where we have set up our internal workloads. We are using it as a perimeter firewall.

We are using it because our internal workflows are on the cloud. Almost everything in our production and development uses these instances. We are using it extensively for conducting reports of the development environment. It is working fine.

It improved all compliance activities. We can close open cases. Compared to other firewalls in these cases, it improved our score on the compliance side.

We are using the complete box. We are mostly using the security services and firewall rules in Panorama.

We need to look at different variables and granular policies of various tools. This makes it easy to understand.

We use Palo Alto’s Panorama centralized management system. We have an on-prem firewall where Panorama is very good for pulling logs in from the cloud so we can see what is going on. It gives us visibility into that as well as showing us what attacks are coming in.

Palo Alto’s Panorama centralized management system simplifies our security posture based on our requirements. Instead of manually pulling logs, then generating them into readable formats, it gives us the console in a readable format to view.

We have been using it for the last two years.

Stability has so far been good. We monitor the resources on the firewall to determine if there will be any spikes on the CPU, RAM utilization, or the load of the firewall. Though, we are yet not putting much load on it. 

I don't think that scaling will be a problem since we can adjust the VM-Series model that we want.

I have around 100 instances protected behind this device.

The customer support is good. They are able to give fast, readily-available solutions upon the creation of a help ticket. I would rate them as 10 out of 10.

Positive

We did a fresh setup for this, but it was pretty easy. We could easily integrate with the VM-Series, then just create our business servers. We were able to do this with the help of the tech team.

It took around seven to eight hours to deploy this solution and configure it to our environment.

We feel that the setup was complex. So, we asked the tech team about the setup process. They explained how to deploy it in the right way, which made it very simple. Once we had a checklist of what to do, it was pretty easy to deploy.

Deploying Panorama has saved us a lot of time. When any incidents happen, our people are comfortable going to the Panorama logs and view the incident report to see what happened.

Initially, pricing was high. Later on, we were able to negotiate the pricing and get something that fits our budget.

The solution provides protection and there wasn't an additional cost involved, in terms of security.

We evaluated FortiGate, Cisco, and the stuff that we are using. Compared to other products, we found it a very useful part of our compliance requirements and liked its format on the graphical interface. It is also a more secure firewall compared to other existing ones in the market. Based on our evaluation, it matched our compliance requirements.

Cisco is pretty complex in nature to deploy. It is helpful to have a skilled person with at least two years of experience. 

We are happy with their features for how we are using it and what we have deployed.

I would recommend giving the solution a try and see the difference between it and your existing firewalls. Give it a shot and see the difference.

In the firewall market, it is the number one product right now. I would rate it as 10 out of 10.

We use Palo Alto Networks VM-Series primarily for security purposes. It helps us with URL filtering, domain blocking, threat analysis, and detecting vulnerabilities.

We can monitor the traffic manually and detect threats. Additionally, we can block different IP addresses and URLs.

There could be dynamic DNS features similar to Fortinet in the product.

We have been using Palo Alto Networks VM-Series for six years.

I rate the product's stability a nine out of ten.

I rate the product's stability a seven out of ten. It could be better. We have four users for it at the moment. We plan to increase the number of devices.

We receive technical support from a local partner rather than directly from the vendor. The support team requires more training.

Positive

We have used Cisco Adaptive Security Appliance (ASA) before. Compared to Palo Alto, Cisco devices are not feasible regarding hardware. They are very slow and complicated to find the granular level of results. Sometimes, even a technical expert is unable to fetch a proper report.

I rate the initial setup process an eight out of ten. It takes eight hours to complete and requires one security engineer to execute the process. The deployment involves setting up security policies. The on-premise installation is simple. However, VM installation is complicated in terms of the network interface.

It is an expensive product. I rate the pricing an eight out of ten. We purchased a three-year license for it.

I rate Palo Alto Networks VM-Series an eight out of ten.

I am a firewall expert, although my job is not on the management side. I take care of the routing and switching aspects. We have approximately 1,000 firewalls in the company.

This product is a complete security system, wherein we provide direct internet access to our hub site.

The most valuable feature is that you can control your traffic flowing out and coming out, allowing you to apply malware and threat protection, as well as vulnerability checks.

It has an advanced engine that does parallel processing for packet and deep packet inspection. It also supports user authentication.

The disadvantage with Palo Alto is that they don't have a cloud-based solution that includes a secure web gateway. For example, if a person is working from home and you want a proxy then you have to rely on a secure web gateway. Palo Alto cannot do that because they don't have a cloud solution. So, if you want direct internet access and if you also want the proxies then Palo Alto is not a good choice.

I have been working with the Palo Alto VM-Series for four years.

The stability is absolutely good and there is no problem with it.

We have almost 3,000 branch offices set up across the globe.

Our intention is to increase usage of Palo Alto, adopting it for security in all of our future products.

Technical support from Palo Alto is very good.

We did not use another firewall product before this one.

With any organization, if you want to change the firewalls that are being used in production then it's a hectic task. You have some rules and engines that can be used, but it's a step-by-step process.

Migrating from an existing solution to Palo Alto needs to be done in phases. Phase one would be installing the devices. Phase two is testing a lab setup and diverting traffic, then analyzing it. Finally, the third phase is to enable other features like threat protection, malware detection, and other advanced options.

Depending on the size of the organization, if a migration is well planned then it will take three to four months to complete.

The configuration is different between our branch offices in order to meet our requirements. Some use the hardware appliance, whereas others use the software version.

We had a Palo Alto engineer who was assisting us, in-house, for our deployment. We also have support from our vendor, which provides LAN and WAN solutions.

We considered using Cisco ASA, but we chose Palo Alto because it can also act as a proxy for your hub site. Palo Alto is more advanced than the Cisco solution.

This is definitely a product that I can recommend.

Overall, it is a good product, although it would be better if they offered a cloud proxy.

I would rate this solution a seven out of ten.

Our corporate clients use the product to secure cloud environments.

Palo Alto Networks VM-Series's most valuable feature is the visibility of the environment.

The product's AIOps process needs improvement.

We have been using Palo Alto Networks VM-Series for two years.

I rate the product's stability a ten out of ten.

We have 5000 Palo Alto Networks VM-Series users as our clients. I rate its scalability a ten out of ten.

I rate the initial setup process a nine. It takes a few hours to complete.

I rate Palo Alto Networks VM-Series pricing an eight out of ten.

I rate Palo Alto Networks VM-Series a nine out of ten.

We use Palo Alto for the VPN, firewalls, and the hybrid site-to-site.

We have purchased Palo Alto VM for one of our customers. It has been a year since we have been using this product.

We use Palo Alto's on-premise version for a different purpose. We are using the cloud version for our contractors to VPN to the AWS environment.

For Palo Alto on-premise, we use it more for security firewalls. On the cloud side, we use it for customer contractors to get into the AWS environment for VPN. we use native routing and native security tools that they developed already in AWS. 

We have big team which can support Palo Alto on-premise. We have engineers which are familiar with Palo Alto products. Our customers are perfectly suited for our use case. They wanted to get onto AWS or be on the hybrid cloud. They want to keep the technology consistent across the board. Therefore, Palo Alto makes sure that they are a leader in this space. We are able to support them, and customers can take advantage of using these products, both on-premise and cloud.

• Firewalls
• VPN

On the cloud side, they need to come up with more HA solutions to support the multi-region.

The stability is fine. The product has been running well so far.

We have about 150 contractors who log into Palo Altos. We don't put heavy stress on them, but they are working fine for now.

You already can scale it if you put it in Auto Scaling groups. If you put it in a load balancer, it should already be able to scale. 

We put our Palo Altos in the public VPC, then we have contractors come over the Internet and VPN into the Palo Altos to get into the AWS environment. 

It depends on the person you get on the call from technical support, but many times I have gotten good people on the call. Sometimes, you get some bad experiences. Most of the time, it has been good.

It is easy to install. You buy it on the AWS Marketplace, then you just install it. You have already purchased the license and everything else. It is easy to configure and use.

The purchase process through AWS Marketplace was easy for us because we are partner to Palo Alto, so it was straightforward. All we need to do was purchase it from AWS Marketplace because we had a license.

AWS is available as a AMI that you can purchase from the AWS Marketplace. Therefore, you need to purchase the licensing, since it is per AMI. Then, you deploy it on a regular EC2. Then, for on-premise, you can use both Palo Alto's software and hardware. So, it depends on your usage.

Compared to other solutions, I think the pricing is efficient.

For on-premise, we evaluated Check Point and Fortinet.

I would recommend the product, and tell people, "Go for it." It has not disappointed us for the purpose that we use it. It is really matured in the networking area.

Because of our use case, we didn't have to integrate the product with anything else.

The AWS side of the product is a seven out of ten rating. The on-premise side of the product is a ten out of ten for a rating.

This is our core firewall for the data center network.

We have two on-premises appliances set up in a high availability configuration.

The VM-Series enables us to extend consistent next-generation protection across different infrastructures with a unified policy model, which makes it very easy for us. It is very important that we have this single pane for monitoring all of the network resources and multiple devices because, today, it's a complex environment where you have to take care of many devices.

This solution makes it very easy to quickly migrate workloads to the cloud.

Since we updated the system, the network has been very stable. Previously, there were issues with traffic throughput. With the improved visibility we now have, the traffic is being properly monitored, which means that we are better able to manage it. These are improvements that we saw very quickly.

This is a firewall product and every OEM has claims about their special features. This device is very user-friendly and offers ease of monitoring.

Changes to the configuration happen quickly.

There is a single pane of glass for reporting, which is quite good. 

The interface is user-friendly.

It would be helpful if we had a direct number for the support manager or the supporting engineer. That would be better than having to email every time because there would be less wait. Having a dedicated number where we could send a text message in the case of an emergency would be helpful.

We have been using Palo Alto Networks VM-Series for approximately six months.

We are very much satisfied with the stability and performance.

This solution is quite scalable because it has options for deploying in a VM as well as an appliance. The interfaces are all license-based, which means that features can be added just by obtaining another license.

Our current environment has more than three gigs of traffic.

We have a team of four or five people that is responsible for the network. They are continually monitoring the firewall and updating the policies, as required.

Pala Alto has very good support. Generally, the response is very good and they address our issues as soon as we contact them. For example, they assisted us during our deployment and it was a very good experience.

My only complaint about the support has to do with complications that we had with communication. Sometimes, support was done over email, and because of the difference in time zone, there was occasionally a long gap in time before we got the proper response.

We used to have Cisco ASA and Firepower, and we had some issues with those firewalls. Once they were replaced by Palo Alto, we didn't have any problems after that. 

Compared to the previous devices that we have used from other vendors, Palo Alto is very user-friendly, and we are comfortable with the features and capabilities that it offers.

The initial setup is very straightforward and we had no issues with it. It is not complex because the procedures are properly defined, the documentation is available, and there is proper support. Our initial setup took about 15 days, which included migrating all of the data.

Our deployment is ongoing, as we are adding policies and dealing with updates on a day to day basis. We have a very complex environment that includes a firewall for the data center, as well as for the distribution networks.

The Palo Alto team supported us through the deployment process.

Palo Alto definitely needs to be more competitive compared to other products. The problem that I have faced is that the price of licensing is very high and not very competitive. When a customer wants to implement Palo Alto, even a small box, there are several licenses, and having all of them is sometimes really hard to justify. It is difficult for some clients to understand why such a small box costs so much.

For instance, they have the dashboard license, and then they have the user license, and so on. If the pricing were more competitive then it would be good because more customers would use the product, rather than use simpler firewalls.

We have worked with firewalls like Sophos, FortiGate, and Cisco ASA. We have dealt with almost all of the vendors but at this point, our experience with Palo Alto has been the best one. Palo Alto has been doing what it claims to do, whereas the other vendors' products have various shortcomings.

For example, some vendors do not have the performance that they claim in terms of throughput. Sometimes, the user interface is complex, or the device needs to restart whenever you make changes. With Palo Alto, it's simple to use and easy to get things done.

We have not yet used Panorama for centralized management but in the future, we may do so for other projects.

My advice for anybody who is looking into purchasing a firewall is to carefully consider what their requirements are. I have seen that when a customer procures a firewall, they initially choose products like Sophos. Over time, they engage in trials with the majority of the vendors and finally end up with Palo Alto. This is only after spending a lot of time and money on other products.

If instead, a client is aware of the requirements including how much traffic there is and what throughput is needed, it's better to invest in Palo Alto than to try all of the cheaper alternatives. Then, evaluate everything afterward and finally select Palo Alto. This, of course, is providing the client doesn't have limitations on the investment that they're going to make.

I say this because generally, in my practice, what I've seen is that when choosing a firewall, the clients first choose a cheaper alternative. Then, after some time they think that it may not be what they wanted. This could be brought about by a throughput issue or maybe some threats were not blocked or they have had some security incidents. After trying these firewalls, they replace them with another, and yet another, until finally, they settle on Palo Alto.

Essentially, my advice is to skip the cheaper vendors and go straight to Palo Alto.

In summary, this is a very good product and my only real complaint is about the cost. If it were more competitive then more customers would choose it, and those people suffering losses as a result of security incidents would be saved. I find the real reason that people don't choose the right product is due to the cost factor. Even when they know that the product is the best choice, because of the limitation that they have on the investment they can make, they're not able to choose it.

I would rate this solution a nine out of ten.

We use Palo Alto as a perimeter security device.

It is nice to have a rock solid security platform that we can count on.

• It is the leader in the marketplace.
• It has the ability to create Palo Alto VM-series using software.
• The VM-Series has all of the components (out-of-the-box) that you need in a very secure environment.

In the next release, I would like to see better integration of multi-factor authentication vendors.

It is very stable. We have almost never had an issue.

We have around 15 VM-Series, which are running hot all day.

We're still learning about the scalability. We have run into some issues with scaling and limitations associated with some of the configurations. However, it is a solution that we have been happy with overall.

Technical support is good.

The integration and configuration of this product in our AWS environment was easy to pick up and very usable. It was a good walk between the old physical way and the new software or infrastructure as code (IaC) model.

We use Palo Alto to provide remote access, and we've been able to provide access for hundreds of users with a very short build out time. In the past, this would take a lot longer. Now, we don't have to wait for a physical box, etc.

Our company is entirely AWS, so it is the only place to go to purchase anything. 

Some parts of purchasing through AWS Marketplace are good, such as this product was easy to find and launch. Some of the other parts could be clearer in the AWS Marketplace, e.g., how to properly do an annual subscription.

The pricing and licensing are reasonable.

We also evaluated Fortinet and some other competitors.

We chose Palo Alto because we had institutional experience and knowledge that we could bring over.

Do a demo. Set one up and try it. 

We have used both the physical and AWS versions. The physical version is a good product. However, in an AWS environment, the ability to automate and scale pieces of it are critical.

We integrated a couple other products with it, which seems to be working well.