Palo Alto Networks VM-Series Reviews

We use Palo Alto as a perimeter security device.

It is nice to have a rock solid security platform that we can count on.

• It is the leader in the marketplace.
• It has the ability to create Palo Alto VM-series using software.
• The VM-Series has all of the components (out-of-the-box) that you need in a very secure environment.

In the next release, I would like to see better integration of multi-factor authentication vendors.

It is very stable. We have almost never had an issue.

We have around 15 VM-Series, which are running hot all day.

We're still learning about the scalability. We have run into some issues with scaling and limitations associated with some of the configurations. However, it is a solution that we have been happy with overall.

Technical support is good.

The integration and configuration of this product in our AWS environment was easy to pick up and very usable. It was a good walk between the old physical way and the new software or infrastructure as code (IaC) model.

We use Palo Alto to provide remote access, and we've been able to provide access for hundreds of users with a very short build out time. In the past, this would take a lot longer. Now, we don't have to wait for a physical box, etc.

Our company is entirely AWS, so it is the only place to go to purchase anything. 

Some parts of purchasing through AWS Marketplace are good, such as this product was easy to find and launch. Some of the other parts could be clearer in the AWS Marketplace, e.g., how to properly do an annual subscription.

The pricing and licensing are reasonable.

We also evaluated Fortinet and some other competitors.

We chose Palo Alto because we had institutional experience and knowledge that we could bring over.

Do a demo. Set one up and try it. 

We have used both the physical and AWS versions. The physical version is a good product. However, in an AWS environment, the ability to automate and scale pieces of it are critical.

We integrated a couple other products with it, which seems to be working well.

I have completed ten projects. The solution is used for network security, application control, and enforcement of policies on end-user devices.

The solution enables organizations to enforce policies. We can control every endpoint that is connected to the network.

The vendor must improve the way it advertises and markets the product.

I have been using the solution for four years.

I did not find any bugs in the tool. However, we'll face some issues if we do not configure it properly.

Almost 25 customers in Riyadh migrated from Juniper to Palo Alto this year. Before buying the product, we must know the number of users who will be using it. We must buy the model that best suits our needs.

Some people do not know how to open a case with the support team. When a customer contacts the support team, the team must help the customer to open a case. After a case is opened, the support team must respond within 15 to 20 minutes. However, the team takes three to four hours to respond. There is no proper support channel to follow up on cases.

Deploying a firewall is not easy until we have a basic knowledge of routing and security. If we have the knowledge, we can find the proper document on the website and do it easily. We should know the basic configuration. The deployment process is user-friendly. We can configure it easily.

The product is cheaper than the on-premise version.

When compared with FortiGate, Palo Alto has more security products. However, Palo Alto did not publish the security profile for the end-users or partners. They must explain to their end users why they are better than FortiGate.

People considering implementing the product must consider investing in the on-premise solution instead. If someone has a good experience with VMs, I suggest they choose VM, as it is cheaper than on-premises. Overall, I rate the tool a nine out of ten.

We use the product on our Azure network firewalls. 

Palo Alto Networks VM-Series is a complex product to work with. 

Palo Alto Networks VM-Series is stable. 

I rate the solution's scalability a nine out of ten. We have 100 users for the product. 

We encountered quality issues over support. 

Neutral

The tool's deployment is simple. 

Palo Alto Networks VM-Series is an expensive product but the best one in the market. 

I rate the product a ten out of ten. 

Primary use case is network protection, next-generation IDS, and IPS protection.

• It provides better protection.
• There is seamless integration.
• It provides complete security posture from end-to-end. This has given us better visibility into what our security aspects are.

The next-generation features of its IDS and IPS.

The product could provide protection above Layer 3, which gets into the application layer and provides better visibility into those aspects of application security. This would be very helpful. This way, there would be one tool that we could continue using.

The data aspects of data security and data loss prevention could provide visibility which would be very useful.

It is stable. We haven't had any issues and don't think about the stability.

One of the great features that we liked and selected it was its  scalability. We can autoscale and put it in Auto Scaling groups, which is very useful.

We have hardly any issues. We have had some patches of data needing some help, but that was it, and the technical support has been spot on.

Integration on on our AWS environment was one of the points that we liked about it.

We used technical support in the initial stages when we were setting it up and configuring some of the features. We used their Professional Services, who were very useful.

We have already seen ROI. 

We continue using it, because the concept was at six months, we should receive value back out of it. If the value is seen, only then would we continue using it. It is two years later, and we still continue using it.

Because the solution was getting deployed on AWS, it was the best place to go and it was available there.

One of the factors for selecting Palo Alto was they had flexible pricing. They had a pay-as-you-go model. Comparable to other products, such as Check Point, the price point was definitely a plus. It was expensive but it was comparable.

We looked at Palo Alto, Check Point, Fortinet, and some other vendors.

We chose Palo Alto because its features, especially its advanced features from the IDS and IPS. We were existing customers with Palo Alto from the on-premise side along with the integration aspects of its hardware.

Identify a use case first of all. If the use case is a match, then use the product.

We use it in the cloud for both AWS and non-AWS versions. The AWS version is far better. It works seamlessly and integrates very well with some other services. 

We have integrated it with Splunk for the security aspects and with identity and access management for configuration purposes. 

We use Palo Alto for the VPN, firewalls, and the hybrid site-to-site.

We have purchased Palo Alto VM for one of our customers. It has been a year since we have been using this product.

We use Palo Alto's on-premise version for a different purpose. We are using the cloud version for our contractors to VPN to the AWS environment.

For Palo Alto on-premise, we use it more for security firewalls. On the cloud side, we use it for customer contractors to get into the AWS environment for VPN. we use native routing and native security tools that they developed already in AWS. 

We have big team which can support Palo Alto on-premise. We have engineers which are familiar with Palo Alto products. Our customers are perfectly suited for our use case. They wanted to get onto AWS or be on the hybrid cloud. They want to keep the technology consistent across the board. Therefore, Palo Alto makes sure that they are a leader in this space. We are able to support them, and customers can take advantage of using these products, both on-premise and cloud.

• Firewalls
• VPN

On the cloud side, they need to come up with more HA solutions to support the multi-region.

The stability is fine. The product has been running well so far.

We have about 150 contractors who log into Palo Altos. We don't put heavy stress on them, but they are working fine for now.

You already can scale it if you put it in Auto Scaling groups. If you put it in a load balancer, it should already be able to scale. 

We put our Palo Altos in the public VPC, then we have contractors come over the Internet and VPN into the Palo Altos to get into the AWS environment. 

It depends on the person you get on the call from technical support, but many times I have gotten good people on the call. Sometimes, you get some bad experiences. Most of the time, it has been good.

It is easy to install. You buy it on the AWS Marketplace, then you just install it. You have already purchased the license and everything else. It is easy to configure and use.

The purchase process through AWS Marketplace was easy for us because we are partner to Palo Alto, so it was straightforward. All we need to do was purchase it from AWS Marketplace because we had a license.

AWS is available as a AMI that you can purchase from the AWS Marketplace. Therefore, you need to purchase the licensing, since it is per AMI. Then, you deploy it on a regular EC2. Then, for on-premise, you can use both Palo Alto's software and hardware. So, it depends on your usage.

Compared to other solutions, I think the pricing is efficient.

For on-premise, we evaluated Check Point and Fortinet.

I would recommend the product, and tell people, "Go for it." It has not disappointed us for the purpose that we use it. It is really matured in the networking area.

Because of our use case, we didn't have to integrate the product with anything else.

The AWS side of the product is a seven out of ten rating. The on-premise side of the product is a ten out of ten for a rating.

This is our core firewall for the data center network.

We have two on-premises appliances set up in a high availability configuration.

The VM-Series enables us to extend consistent next-generation protection across different infrastructures with a unified policy model, which makes it very easy for us. It is very important that we have this single pane for monitoring all of the network resources and multiple devices because, today, it's a complex environment where you have to take care of many devices.

This solution makes it very easy to quickly migrate workloads to the cloud.

Since we updated the system, the network has been very stable. Previously, there were issues with traffic throughput. With the improved visibility we now have, the traffic is being properly monitored, which means that we are better able to manage it. These are improvements that we saw very quickly.

This is a firewall product and every OEM has claims about their special features. This device is very user-friendly and offers ease of monitoring.

Changes to the configuration happen quickly.

There is a single pane of glass for reporting, which is quite good. 

The interface is user-friendly.

It would be helpful if we had a direct number for the support manager or the supporting engineer. That would be better than having to email every time because there would be less wait. Having a dedicated number where we could send a text message in the case of an emergency would be helpful.

We have been using Palo Alto Networks VM-Series for approximately six months.

We are very much satisfied with the stability and performance.

This solution is quite scalable because it has options for deploying in a VM as well as an appliance. The interfaces are all license-based, which means that features can be added just by obtaining another license.

Our current environment has more than three gigs of traffic.

We have a team of four or five people that is responsible for the network. They are continually monitoring the firewall and updating the policies, as required.

Pala Alto has very good support. Generally, the response is very good and they address our issues as soon as we contact them. For example, they assisted us during our deployment and it was a very good experience.

My only complaint about the support has to do with complications that we had with communication. Sometimes, support was done over email, and because of the difference in time zone, there was occasionally a long gap in time before we got the proper response.

We used to have Cisco ASA and Firepower, and we had some issues with those firewalls. Once they were replaced by Palo Alto, we didn't have any problems after that. 

Compared to the previous devices that we have used from other vendors, Palo Alto is very user-friendly, and we are comfortable with the features and capabilities that it offers.

The initial setup is very straightforward and we had no issues with it. It is not complex because the procedures are properly defined, the documentation is available, and there is proper support. Our initial setup took about 15 days, which included migrating all of the data.

Our deployment is ongoing, as we are adding policies and dealing with updates on a day to day basis. We have a very complex environment that includes a firewall for the data center, as well as for the distribution networks.

The Palo Alto team supported us through the deployment process.

Palo Alto definitely needs to be more competitive compared to other products. The problem that I have faced is that the price of licensing is very high and not very competitive. When a customer wants to implement Palo Alto, even a small box, there are several licenses, and having all of them is sometimes really hard to justify. It is difficult for some clients to understand why such a small box costs so much.

For instance, they have the dashboard license, and then they have the user license, and so on. If the pricing were more competitive then it would be good because more customers would use the product, rather than use simpler firewalls.

We have worked with firewalls like Sophos, FortiGate, and Cisco ASA. We have dealt with almost all of the vendors but at this point, our experience with Palo Alto has been the best one. Palo Alto has been doing what it claims to do, whereas the other vendors' products have various shortcomings.

For example, some vendors do not have the performance that they claim in terms of throughput. Sometimes, the user interface is complex, or the device needs to restart whenever you make changes. With Palo Alto, it's simple to use and easy to get things done.

We have not yet used Panorama for centralized management but in the future, we may do so for other projects.

My advice for anybody who is looking into purchasing a firewall is to carefully consider what their requirements are. I have seen that when a customer procures a firewall, they initially choose products like Sophos. Over time, they engage in trials with the majority of the vendors and finally end up with Palo Alto. This is only after spending a lot of time and money on other products.

If instead, a client is aware of the requirements including how much traffic there is and what throughput is needed, it's better to invest in Palo Alto than to try all of the cheaper alternatives. Then, evaluate everything afterward and finally select Palo Alto. This, of course, is providing the client doesn't have limitations on the investment that they're going to make.

I say this because generally, in my practice, what I've seen is that when choosing a firewall, the clients first choose a cheaper alternative. Then, after some time they think that it may not be what they wanted. This could be brought about by a throughput issue or maybe some threats were not blocked or they have had some security incidents. After trying these firewalls, they replace them with another, and yet another, until finally, they settle on Palo Alto.

Essentially, my advice is to skip the cheaper vendors and go straight to Palo Alto.

In summary, this is a very good product and my only real complaint is about the cost. If it were more competitive then more customers would choose it, and those people suffering losses as a result of security incidents would be saved. I find the real reason that people don't choose the right product is due to the cost factor. Even when they know that the product is the best choice, because of the limitation that they have on the investment they can make, they're not able to choose it.

I would rate this solution a nine out of ten.

The Palo Alto VM-Series is a firewall that is part of our security solution.

With Palo Alto, it feels like you're using the Rolls-Royce of firewalls.

All of the next-generation features are valuable and set Palo Alto apart from other firewalls.

The application filtering, or AppiID, and URL filtering are good.

The interface with Panorama makes it very easy to use.

The command-line interface is something that some people struggle with and I think that they should have an option to go straight to the GUI.

The interface for Panorama has not changed greatly and could be updated.

I have been using Palo Alto VM-Series for more than six years.

It is very easy to scale. All you have to do is get access to the VM base and then spin it off into another virtual environment or send it into the cloud.  This means that you now have a data center through Palo Alto.

They have a new product called Prisma that allows you to create links between remote users working from different areas and use that to connect to the clouds in this infrastructure. It also allows you to get connectivity to that but not using a backhaul. Rather, you connect straight from wherever you are.

In the places where we have deployed this solution, they have a couple of thousand users.

The technical support is great. This is a brand and they have to protect it, so they make sure that the users get what they need.

I have experience with Check Point and Cisco, who both started improving their management interface after Panorama.

I would say that the initial setup is easy. I have been an IT professional for more than 20 years and can say that this is an example of a product where you simply have to read the manual. If you jump straight into it then you will start struggling.

During the initial setup you begin with the CLI, but you enter a command and it brings you to the GUI. Once you are in the GUI, you will see words on the tabs. All of these things are there if you look carefully.

The price of this solution is very high for some parts of Africa, which makes it a challenge. If it were lowered then it would be more popular.

I have been using Palo Alto since version 6.0, and I am currently evaluating the latest one, version 9.1.

My advice to anybody who is considering this solution is to try the trial version first. It is good for 30 days and it can actually be used because it is the full product. You can test all of the scenarios and try the next-generation features. You can use features like the VPN GlobalProtect and actually see it work. The same with URL filtering and antivirus.

Overall, this is a great next-generation firewall.

I would rate this solution a nine out of ten.

The most effective features for threat prevention are application-based prevention and WildFire. These features cover various threats, such as ransomware, malware, etc. They provide real-time visibility. By applying appropriate policies, threats can be blocked.

The solution needs to improve its visibility. It's not straightforward to use. Understanding the policies, authorizations, and initializing features requires careful review. The product needs to offer proper training. 

I have been working with the product for three to four months. 

I rate Palo Alto Networks VM-Series' stability as ten out of ten. 

The main issue with the tool's support is the delayed response time, ranging from one to two hours. This delay can impact customers who are waiting for support. Additionally, partners may become busy. 

Positive

The tool's improvement in cloud security posture depends on the features used and the licenses purchased. Different suites are available, such as Professional, Core, and Enterprise, each offering various features for endpoint.

Competitors such as Fortinet and Check Point also offer similar features, but I don't know much about their offerings. However, Palo Alto Network VM-Series stands out with its application deployment capability, iOS zone protection, and features like application ID, user ID, and device ID identification. These features enable policy application and on-premises protection, which may not be available in competing solutions.

I rate the overall product a nine out of ten.