Network administrator at a comms service provider with 201-500 employees
Real User
Top 5
2024-10-25T13:08:00Z
Oct 25, 2024
I would rate Palo Alto Networks NG Firewalls ten out of ten. We have over 10,000 end users. When choosing a firewall, cost often reflects capability. While budget-friendly options exist, their security levels may not match those of higher-end providers like Palo Alto or Fortinet. Investing in a robust firewall often provides enhanced protection and advanced features, justifying the higher cost. We have three employees and one consultant who are responsible for the maintenance of our NG Firewalls.
I would rate Palo Alto NG Firewalls nine out of ten. The Palo Alto NG Firewalls are great, but they are expensive. I'm most interested in Palo Alto NG Firewalls, specifically how to improve their efficiency and application identification capabilities. Sometimes applications have unique requirements or behave differently, making accurate identification crucial. Palo Alto NG Firewalls excel at application-level security because they can block traffic, prevent attacks, and identify potentially compromised applications. Unlike traditional firewalls, Palo Alto NG Firewalls go beyond basic policy enforcement and traffic filtering by incorporating intrusion prevention systems and antivirus functionality. This allows them to analyze internal traffic for risks, similar to how antivirus software protects endpoints. Future users need to appreciate the costs involved in using Palo Alto, and the manual configuration required is beneficial because it ensures clarity and control over what is being configured. To enhance your organization's security posture and management, I recommend implementing Palo Alto Networks NG Firewalls. Three people in our organization are directly using the Palo Alto NG Firewalls. Upgrading Palo Alto Next-Generation Firewalls requires some maintenance.
Network and Information Security Manager at a pharma/biotech company with 1,001-5,000 employees
Real User
Top 10
2024-09-24T13:10:00Z
Sep 24, 2024
I would rate Palo Alto Networks NG Firewalls seven out of ten. Those looking for the cheapest and fastest firewall won't find that combination. They must invest money to get a fast firewall suitable for their environment. Gather their requirements before choosing a firewall that fits their budget and features. They can opt for the quickest or cheapest option or select a device compatible with their needs. We have Palo Alto Networks NG Firewalls deployed in multiple locations, serving both on-premises and cloud departments. There are three people in our organization that work with the NG Firewalls. Our clients are enterprises. Palo Alto Networks NG Firewalls require maintenance for software upgrades, and after several years, the hardware will also need upgrades. I recommend Palo Alto Networks NG Firewalls for their stability and high level of security. If the security of your infrastructure is critical, Palo Alto is a strong choice, though it comes with a higher price tag. If budget is a concern or security isn't a top priority, then Palo Alto may not be the best fit.
I would rate Palo Alto Networks NG Firewalls nine out of ten. I would recommend Palo Alto Networks NG Firewalls, but it ultimately comes down to the organization's needs. Some organizations are almost entirely cloud-based, while others rely on the Internet for a few specific tasks and may have on-premises processing or branch offices. The ideal firewall solution varies depending on the specific environment and use cases; a firewall that performs well for one organization might not be the best fit for another. The primary reason people opt for cloud or hybrid solutions is to manage workloads or services already operating in the cloud. This trend extends to Palo Alto Networks NG Firewalls, where the cloud versions are gaining popularity. However, many users prefer the on-premise version of the firewalls to safeguard their on-premise infrastructure. This may involve physical or virtual appliances as long as they remain on-premise and not in the cloud. Other than updates, Palo Alto Networks NG Firewalls rarely require physical maintenance because most data centers are clean. Palo Alto Networks NG Firewalls are excellent firewalls but require technical expertise and dedicated resources for deployment. However, with technical know-how, they are easy to configure and deploy and offer flexibility for adaptation to various environments. We highly recommend them for SD-WANs and VPNs due to their high compatibility.
Learn what your peers think about Palo Alto Networks NG Firewalls. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
Senior Network and Security Engineer at a computer software company with 501-1,000 employees
Real User
Top 20
2024-08-21T17:53:00Z
Aug 21, 2024
I rate Palo Alto NG Firewalls 10 out of 10. I recommend spending time with Palo Alto and other support partners planning and understanding your network before you deploy. You can simplify many capabilities into common rules that you can apply consistently across the organization to save time. Planning can help you build consistency in naming address objects, VLANs, and network resources.
Technical Superintendent at Indian Institute Of Technology, Patna
Real User
Top 5
2024-08-19T10:12:00Z
Aug 19, 2024
I work with the product, and we purchased our box after a demo. We also have IoT security, but I don't personally handle that. I rate the overall product a nine out of ten.
Manager-Information Technology at a computer software company with 51-200 employees
Real User
Top 20
2024-07-04T08:06:00Z
Jul 4, 2024
I need to check DNS security with Palo Alto Firewalls. I set it up initially, but my team manages it daily. I approve any changes, but my team handles the hands-on work. I can't say all tools will be integrated, but other tools might also be needed based on our business and use cases. This alone might not suffice. Network performance is okay but not great because multiple hops are involved. Each tool, like an endpoint with antivirus, scans the traffic before it moves to the firewall, which also scans it before sending it out. So, there will be some performance regulation. We cannot expect 100% performance in any network once you have any firewall with all the built-in security features implemented. When I recommend the tool to others, I first check their business needs and understand what they're looking for. If they're focused on security posture and are ready to invest, I'd recommend Palo Alto Networks NG Firewalls. But if they want something cheap, I'd suggest options like FortiGate or SonicWall. Also, I'd check if they have the in-house skills to manage it day-to-day. I'm familiar with the PA-400 series of Palo Alto Networks NG Firewalls. It's good for small offices, and we use the same series in one of our branch offices. I've learned that using this solution is a continuous learning process. Every day, I analyze and evaluate the differences between each product to see if it meets our business requirements and is cost-effective. I rate it a ten out of ten.
IT Technical Lead at a tech services company with 1,001-5,000 employees
Real User
Top 20
2024-04-23T11:20:56Z
Apr 23, 2024
We started with on-premise infrastructure, including domain controllers. Still, as we moved to the cloud, there was a gap in group membership management until Palo Alto came up with a solution. We have multiple firewalls, about 50 of which are difficult to manage. However, the features offered by the firewalls themselves are really good. In the future, we might consider switching from Palo Alto Networks NG Firewalls. We're currently evaluating a new solution. However, cost is a concern, as it seems more expensive than other products and SaaS solutions. Integration with Palo Alto Networks NG Firewalls and other security tools or IT infrastructure is not entirely straightforward but manageable. It's easier compared to some other vendors but still requires effort. I have tried to integrate it with Cisco ISE. I recommend Palo Alto NG Firewalls for large enterprises. However, due to their high price, I wouldn't recommend them for small—to medium-sized companies, especially those with limited IT budgets. We've found that Palo Alto NG Firewalls are particularly good at stopping zero-day attacks. Compared to other companies like Fortinet, we've had fewer security breaches with it. I rate the overall solution a seven out of ten.
Senior Network Security Engineer at a tech services company with 51-200 employees
Real User
Top 5
2024-01-12T11:49:20Z
Jan 12, 2024
I will recommend the tool to others. It is a fine product. If someone is looking for DLP and other features, the product might not suit them. The product has good URL filtering features. Overall, I rate the solution a seven or eight out of ten.
If a colleague were to say they are just looking for the cheapest and fastest firewall, I don't know what I would say if they don't have the budget. But if they have a budget, I would recommend Palo Alto because, while another solution may be cheaper, it could be more expensive in total if you consider the potential loss of business continuity and reputation. And while I don't use the PA-400 series, I know it sells well because the higher series are very expensive, and the 200 series is very slow and less powerful. The PA-400 series is good.
Manager, Cyber Security Risk & Compliance at a financial services firm with 5,001-10,000 employees
Real User
Top 20
2023-05-01T11:40:00Z
May 1, 2023
If you're looking for the cheapest and fastest firewall, I would not recommend Palo Alto NG Firewalls. Overall, I would rate Palo Alto Networks NG Firewalls an eight out of ten. I place a high value on attending the RSA Conference. I get a lot out of it because I'm able to learn about up-and-coming companies. I can see what options are available, whether someone's doing it better, and if I can get a cheaper option. Attending RSAC does have an impact on my organization’s cybersecurity purchases made throughout the year.
To someone at another company who says, “We are just looking for the cheapest and fastest firewall,” I would say that you just lost the customer because I'm not going to do business with somebody who is going for the cheapest. I'm always looking for a vendor or customer that has more input and cares about the security of their systems. The value received from attending an RSA Conference includes prizes and other things, but on a personal level, I love the tech talks, knowing about a lot of industry changes, and different product solutions being showcased. RSAC definitely has an impact on our organization’s cybersecurity purchases made throughout the year. One of my main roles is vendor due diligence, so I come to RSA quite often, and I have conversations with many different sales engineers who can explain the security of their products because that's what I focus on during our onboarding process. Overall, I would rate this solution a seven out of ten.
IT Network Engineer at a energy/utilities company with 201-500 employees
Real User
Top 20
2023-05-01T10:44:00Z
May 1, 2023
Palo Alto is the best firewall company. Whether you're a small company or a large company, it will fit your needs. By attending this RSA Conference, I was hoping to find new security solutions. However, I seem to like my existing Palo Alto security solutions. In terms of the impact of the RSA Conference on our organization’s cybersecurity purchases, it depends on what we're looking for at the time of attending an RSA Conference. Right now, we're looking for something that I didn't really see here. We're looking for security, but this means we need a security operations center (SOC), whereas we're small. We just don't have that type of network. This is almost too much. However, that's why we have Palo Alto Networks. I would rate it a nine out of ten. It's not perfect, but it's pretty good. Palo Alto is the best firewall security network that I could possibly purchase.
Network administrator at a educational organization with 201-500 employees
Real User
Top 20
2023-03-31T11:29:00Z
Mar 31, 2023
I give the solution nine out of ten. The maintenance consists of regular updates only. Currently, we do not use Palo Alto Networks NG Firewalls across our entire network but we have plans to extend them in the future. I recommend Palo Alto Networks NG Firewalls to others.
Senior information technology consultant at a tech services company with 11-50 employees
Consultant
Top 20
2023-01-17T04:20:45Z
Jan 17, 2023
We would recommend that organizations implementing this solution use a good consulting service and plan extensively up front, before implementation, in order to ensure a smooth deployment with no issues. We would rate this solution as 10 out of 10.
Senior Network Analyst at a non-profit with 1,001-5,000 employees
Real User
2022-11-22T21:42:00Z
Nov 22, 2022
The security and performance of the PA-400 series of Palo Alto NGFWs, versus its price, is really good. It's very inexpensive and has good performance compared to the previous higher-end 3000 models. Palo Alto provides Panorama where you can manage a bunch of firewalls from a single pane of glass or just one device. It allows you to manage all of the firewalls in one, integrated location. You don't have to make a chain of 50 different firewalls. It will push what you need to be changed to all the other firewalls. We used to use it, but we got rid of it because we replaced all our Palo Altos with competitors' firewalls and we don't use Palo Alto anymore, other than for VPN. We have six firewalls in our organization right now, although we used to have 35 to 40. Because we no longer have a lot of firewalls, we got rid of Panorama. We don't want to pay for it to just manage six firewalls where we are not making any changes frequently. If we had 35 or 40 still, I would definitely recommend having Panorama. Panorama is for managing the rules. It saves time on configuration, but it doesn't affect your security posture. Whether you're managing each firewall or using Panorama, it's exactly the same thing. But it helps you to execute changes in a very short period of time. It's a way of pushing the config to all your devices.
I rate Palo Alto NG Firewalls 10 out of 10. People who are only starting with these firewalls should rely on the technical notes and briefs Palo Alto provides on functionality. I started using Palo Alto firewalls years ago, and we deployed firewalls the way we knew how. Later, I worked with another integrator who had been doing it for about two or three years more than I had. He was configuring areas on the firewalls that I had never considered. That becomes the critical piece; turning a firewall up based on what another firewall vendor does is enough to get you the same level of functionality that the other vendors provide. But with the additional capabilities that Palo Alto includes in the firewalls, it's imperative to have all the different pieces activated as much as the customer can accommodate in their environment. And that's a critical piece that Palo Alto provides a lot of online resources, and there are a lot of technical notes that are out there on what needs to be enabled in addition to that Day 1 configuration. That can give you a big headstart on all the different areas that need to be enabled within the firewall.
I give the solution a nine out of ten. The embedded machine learning included in the solution's firewall core used to provide inline real-time attack prevention is an important capability because it gives us the heuristics. The solution uses existing knowledge of the service and how we use the firewall, to determine if something nefarious is being undertaken. I don't believe that we are using the feature to its fullest capability. We integrate Palo Alto NG Firewalls into Sentinel and we use additional data points to determine attacks. We use the solution's DNS security for some of our clients. We use a lot of data points from various systems and not only this solution to determine if a threat is live and active. We don't recommend publishing using the solution. We do local DNS resolution using the Palo Alto NG Firewalls. We're purely an Azure consultancy. We use Azure publishing services to publish. We integrate the solution into virtual networks from a DNS point of view, but we are always on the safe side, and we never use the solution for DNS publishing to the public internet. We are an ISB. We provide managed services, but we are primarily an integrator. In terms of a trade-off between security and network performance, there will always be a performance lag when doing TLS inspections because the traffic has to be decrypted in real-time, however, the benefit outweighs the disadvantages from a network performance perspective. When the TLS inspections are sized properly, the performance lag is hardly noticeable. We sometimes work with Palo Alto, for example, to support the default route over ExpressRoute. The maintenance is all scripted and fully automated. We are always at the current stable release and we update as regularly as we get the updates from Palo Alto. There is no impact, no downtime, and no loss of service unless we've got a customer with a single firewall that requires a reboot, in which case we schedule the outage. I have worked with many different appliances in Azure over the years, and I still do with some clients who already have incumbent NBAs, but for our firewall as a service, I have always used Palo Alto. What we find is that clients want to utilize the features but don't know how to implement them or have the capability. We offer that support. Palo Alto is extremely good value for the money if we maximize its capabilities. If we want a cheap firewall, then Palo Alto isn't the answer. If we want a capable value-for-money firewall, when we are utilizing all of the services available, Palo Alto is the best on the market. If we want a cheap solution we can go to Fortinet which is not as technically sound but for someone who is price sensitive and doesn't want to use all the features and functions of Palo Alto NG Firewalls that is an option. We work with Palo Alto for our firewall as a service, and we work with Velo for our network as a service. The operational run cost for us is low with these vendors because those firewalls are extremely reliable and because we don't have problems with the firewalls, we don't need a big operational support team. We did some work with the NHS Test and Trace program and they had a multi-client solution that we deployed hundreds of firewalls across Azure and AWS, using Palo Alto. The client did explore other vendors that were cheaper and after looking at the operational support capability, features, and how reliable the firewall was, the option was clear and not driven by price. I would automate the solution. I would use infrastructure as code deployment and manage my devices using IHC. If I was going for a larger state, I would use the solution's management tool.
Software Engineer at a manufacturing company with 10,001+ employees
Real User
2022-10-09T10:45:00Z
Oct 9, 2022
We would advise organizations who are migrating from a different provider to inquire about the centralized management console, and to understand the full costs involved up front. Also, despite the fact that this solution provides a lot of features, there will still be areas that aren't covered as this only works on perimeter level security. I would rate this solution a 10 out of 10.
Security Architect at University Corporation for Atmospheric Research
Real User
2022-08-16T10:49:00Z
Aug 16, 2022
All data goes through the firewall,since our HR and finance departments are behind the firewall. A lot of our labs are behind the firewall. We have some plans to expand, as I am about to put a virtual firewall in AWS Cloud for a project. We have a C-130 hub that has been flying into hurricanes and tornadoes for years. I want to put a firewall on that to protect the instrumentation from outside sources. If you are just looking for the cheapest, fastest firewall out there, that is a foolish attitude. The point of a firewall is to increase your security, not to increase your throughput. You don't want it to degrade your throughput, but the cheapest solution and the solution that makes sense aren't necessarily the same thing. The main advice would be to plan on starting small, then build up. Don't try to do everything at once. Also, make sure you do the available training prior to use or at the same time, at least the basic one, because that is important. Make sure you have a good networking background or a good network engineer standing next to you because talking to the routers is key. I would rate it at about eight and a half to nine out of 10. There is no perfect answer, but this is a pretty good one.
We are currently using a single firewall architecture. Next year, we will probably move to a dual firewall architecture. I would recommend Palo Alto Networks NGFW, especially for parameter-level security. I would rate the product as 10 out of 10.
Machine learning is taking logs and feeding them back through. Everybody is doing machine learning now. You need to have some type of machine learning in order to understand what is going through your environment since you can't be predictive anymore, like you used to be able to be. There is no way of knowing what things are going to do. Therefore, machine learning helps the firewall become smarter. However, machine learning is only as good as how it is utilized and how effectively it is deployed, and it is not always obvious. With Palo Alto, it was difficult to get the API keys and whatnot to work correctly, getting real, effective, actual, usable machine language stuff to use in the policies. It was a lot more hype than reality. Their zero-pass architecture is not really zero-pass, but it is better than others. It still has to run the traffic through again, once it is recognized at the port, service, and route level, to be acceptable. Then, it has to bring it back through to try to recognize the application. So, it is not necessarily a 100% zero-pass, but the way it works. It is like in the Indianapolis 500 when a car pulls into a pit stop. Instead of having one place in the pit stop where the tires are changed, another place in the pit stop that does the windows, and another place that does the gas, they have all the guys come around the car and do their work on the car at the same exact time. That is what is happening with Palo Alto. The packet gets there and the services attack the packet versus having to run the packet through the mill. That is what makes it faster, but it still has to do it more than once before it really knows. It is definitely better than what anybody else has done up to this point. With a single-pass cloud, we are not concerned with hardware as much anymore. Now, we are concerned with technology, implementation, and how controls are deployed. That is more important now than where the hardware is, e.g., if the hardware is integrated or deintegrated. I don't know if that is even that important anymore, but it was at one time. As long as you are comfortable with the price point, you are not going to make a mistake going this way. It is definitely best-in-class and a first-class firewall. I would never be ashamed of putting Palo Alto Networks NGFWs into my network. It's a very good product. As much as I might complain about this and that, there isn't any product that you would put in the network where you are going to have 100% confidence in it. There will always be something. Palo Alto NGFWs are the best way to go. I would rate this solution as nine out of 10.
System Engineer at a tech vendor with 1-10 employees
Real User
2022-07-03T21:02:00Z
Jul 3, 2022
I would rate this solution a nine out of ten. Cloud-based solutions are very unpopular in Eastern Europe, only private clouds are used, but on-premises is the favored deployment method. We use cloud solutions at home and for small companies or companies with particular use cases. I implemented the solution for a customer, and my first task was to disable all cloud-related features. It's exceedingly difficult to find a financial or government institution using a cloud-based platform; this market segment tends to have a more conservative mentality. I don't use the solution personally, but I'm the first-level troubleshooter. If I can't solve a problem, I open a ticket to Palo Alto's customer support. I have clients who used separate firewalls and VPN concentrators, but after switching to this solution, they now use the Palo Alto firewall and its VPN, GlobalProtect. I don't think it's the best VPN concentrator, it's an excellent firewall, but the weak point is the VPN. I advise reading the documentation before configuring, which goes for any platform.
Professional Services Consultant at a tech services company with 201-500 employees
Consultant
2022-06-12T15:10:00Z
Jun 12, 2022
If someone is in a routing and switching domain and wants to come up to a security domain, they should choose Palo Alto Network NG Firewalls. We are happy to assist customers whenever support is missing. Over a period of time, we see customers raise tickets because they are looking for a particular feature that is not available on the platform. We don't say to our customers, "We don't support this." Instead, we take it as an opportunity, giving that information to our engineering team. I would rate the solution as nine out of 10. I am leaving room for improvement.
I'm working in a systems and data company, and I recommend Palo Alto and other firewalls to many people. The users can choose one based on their budgeting because Palo Alto is expensive as compared to other brands. Palo Alto NGFW’s unified platform hasn't 100% helped to eliminate security holes. In some cases, we are using other products. I'm mainly using it for WAF and securing my DMZ infrastructure. It is working well in terms of the functionalities in layer 3 and layer 4. I would rate this solution a seven out of ten.
This firewall provides a unified platform that natively integrates all security capabilities. It will queue all functionalities like firewall protection and alerts and track all DDoS attacks. It shares all the information with us, and we can monitor and take immediate action on the other alerts we receive. I would advise potential users to only go for this solution if they have the budget and don't require any support. Only buy this firewall if you can install, configure, and solve potential problems on your own. If not, FortiGate and WatchGuard are much better options. On a scale from one to ten, I would give Palo Alto Networks NG Firewalls a five.
Security Presales Consultant at a tech services company with 501-1,000 employees
Real User
2022-02-11T03:28:00Z
Feb 11, 2022
The integration is based on the customer environment and what they need. Enterprise customers have some regulations and compliance so they need to send all their logs to the same solutions. We can integrate it using a syslog protocol over UDP. So, it is easy to integrate Palo Alto with some solutions. However, with other Palo Alto technologies or solutions, I integrate them just with WildFire. WildFire is a dedicated solution related to sandboxing and can be deployed on-prem or in the cloud. The NSS Labs Test Report information has previously helped me to convince customers to buy Palo Alto Networks Next-Generation Firewalls. However, I am now not using the NSS Labs Test Report. Instead, I am using Gartner reports to offer customers Palo Alto Networks Next-Generation Firewalls. Machine learning on the Palo Alto Networks Next-Generation Firewall was introduced on version 10. I would rate this solution as nine out of 10.
Network Analyst at a recreational facilities/services company with 1,001-5,000 employees
Real User
2021-12-21T02:46:00Z
Dec 21, 2021
As far as a firewall solution, it is one of the best ones that I have seen. It is fairly expensive compared to some of the other ones, but if you have the money and are looking for a solid, reliable system, then Palo Alto is the way to go. For what we use it for, the solution is good. I am part of the network team. There is a cybersecurity team who has control of its reins and does all the security configuration. I am not the administrator of it or a manager in charge of the group with this appliance. I find the whole machine learning and AI capabilities a bit overhyped. Everybody throws it in there, but I'm actually a little bit suspicious of what it is actually doing. I don't follow or monitor some of the day-to-day or zero-day threat prevention protection abilities that it has. I would rate the solution as nine out of 10, as I am always hesitant to give perfect scores.
Network Solutions Architect at Ecobank Transnational Incorporated
Real User
2021-12-07T16:01:00Z
Dec 7, 2021
Palo Alto Networks NG Firewalls is a very good firewall. It is one of the best firewalls that I have used. I would rate Palo Alto Networks as nine out of 10.
Security Engineer at a tech services company with 1,001-5,000 employees
Real User
2021-11-11T17:32:00Z
Nov 11, 2021
If you're going with Palo Alto, you have to use all its features, including the DNS Security, App-ID, and SSL decryption. Otherwise, there is no point in buying Palo Alto.
Chief Architect at a recruiting/HR firm with 1,001-5,000 employees
Real User
2021-10-08T08:31:00Z
Oct 8, 2021
We haven't actually deployed Palo Alto NGFW’s DNS Security yet, but we will be doing that. It is great that 100% of the tested attacks were blocked in the NSS Labs Test Report from July 2019 about Palo Alto NGFW. It is a great story, but I never trust 100% because that's why we have layered security. However, it definitely provides a great level of comfort in our security structure. I never give anyone a 10, so I will give the solution a nine (out of 10).
CyberSecurity Network Engineer at a university with 5,001-10,000 employees
Real User
2021-09-23T17:45:00Z
Sep 23, 2021
I don't want to become a Palo Alto-centric shop. We can use certain cloud features that they have, such as SaaS products. However, I choose not to, so that we can have a little bit more flexibility in what we do. When we were a pure Cisco shop, we saw the problems with doing that. Palo Alto does a really good job at everything they do but, I just want to make sure that from my university's perspective, we don't get stuck. If all of a sudden, somebody else comes out with another product, we don't want to be stuck with a specific vendor, unless they are definitely the best solution. We use other products in addition to Palo Alto to help along the way. For example, we use Corelight from Bro Zeek, Terracotta, and other things that I can stream together and send to our SOC to look at. We also have XDR, although it's not a fully functional one because we don't have the endpoint component. That is what is killing a lot of EDUs because we just don't have the budget or the money to be able to go out and buy all of the products that help us to function the way we need to. In the NSS Labs Test Report from July 2019 about Palo Alto NGFW, 100% of the evasions were blocked. For a C-level person, that's great news. They read those types of things. As a technical person, it's important to me because it makes my life easy. Palo Alto sells a next-generation firewall called the PA-400 series, and depending on what a company's bandwidth needs are, it would be a good choice. For example, if they're not doing anywhere close to a gig worth of traffic, such as in a small office, home office, or small business, then it would be a good solution. It also depends on what the business does. If there isn't much traffic then a PA-400 would be fine. If a colleague of mine at another company were to say that they are just looking for the cheapest and fastest firewall, based on my experience with Palo Alto, I would tell them that they get what they pay for. Palo Alto is not cheap but at the same time, their product is not really comparable with others. It's like comparing apples to oranges. If you consider Fortinet, for example, they call themselves a next-generation firewall but they really aren't. They are what you call a GPO, which is related to policies. It is important that you look at what other people do and how they do it, but for the most part, there's not anybody out there doing what Palo Alto is. Another one is Cisco. They do the same thing that Palo Alto does, although it takes three Cisco boxes to do what a single Palo Alto box does. I would rate this solution a ten out of ten.
Senior Network Engineer at a tech services company with 201-500 employees
MSP
2021-08-10T22:10:00Z
Aug 10, 2021
The fact that Palo Alto NG Firewalls embed machine learning in the core of the firewall to provide inline, real-time attack prevention is important, but I still don't completely trust it. I haven't really seen this feature. Maybe it's somewhere in the background, but I haven't gotten any notifications that something was found or prevented. At this point, we still use traditional approaches with human interaction. Overall, what I have learned from using Palo Alto is that you need to be very detailed in your requirements.
Security Team Technical Manager at ECCOM Network System Co., Ltd.
Reseller
2021-08-10T12:31:00Z
Aug 10, 2021
For our customers, I would tell them that Palo Alto Networks NG Firewalls is easy to use, but probably difficult to master. It has a very easy to use interface and configuration utility, but it has a lot of advanced features that need some deep knowledge of the product. No product can guarantee 100% evasions being blocked, but I think Palo Alto is among the top of the threat inspection vendors. From the NSS Labs Test Report, we can see that Palo Alto Networks always has a top score. Machine learning in a single firewall is not that accurate or important for our customers. Since it will only see some network traffic, it cannot connect everything together, like endpoints and servers. Therefore, our customers do not value the machine learning techniques on a single firewall very much. We may review the alerts generated by machine learning modules, then we can see if the alerts are real alerts, not false positives. This may tell us how efficient machine learning is. Very few customers in China have used the Palo Alto NGFW’s DNS Security module. It is a new feature that was introduced only two years ago. Customers already know what the product can provide in terms of protection. Its DNS Security provides something that is not really easy to understand. Also, it increases the cost of the firewall because it requires another license to be implemented, and the cost is not low. DNS Security is very impressive, and I think it will be an efficient way to block the rapidly changing threat landscape and maybe Zero-day attack methods. Biggest lesson learnt: If you want to protect something, you need to gain visibility of the entire network. NG Firewalls provides a deep visibility into network traffic. I would rate Palo Alto Networks NG Firewalls as nine out of 10.
Other than the SD-WAN, everything else has been functioning like our previous setup because it's a pretty similar license. The way that the new hardware handles URL filtering, threat protection, and GlobalProtect has been pretty solid. I don't have any issues with those. Overall, I would rate Palo Alto NG Firewalls at nine out of 10. It's definitely not the cheapest product out there. Cost is the main reason I wouldn't put it at a 10.
Security team leader at a aerospace/defense firm with 10,001+ employees
Real User
Top 10
2021-05-19T18:12:46Z
May 19, 2021
I would advise that those thinking about Palo Alto Networks NG Firewalls need to switch how they think about a policy on the firewall. They should not to look at it from the point of view of the service and what port that policy is related to. Instead, they should look at it from the application side. Don't pay too much attention to the port. Just look at the application. For example, the NGFW doesn't care if SMTP traverses on port 25 or 65. It just enforces the protocol. From a technical point of view, I don't think that there's something that's missing from the Palo Alto Networks NG Firewalls. So, I would rate it at nine on a scale from one to ten.
Head of IT Infrastructure at a financial services firm with 1,001-5,000 employees
Real User
2021-05-18T05:59:13Z
May 18, 2021
This solution is very particular; it's only suited to specific companies — it's a commercial opportunity. Overall, on a scale from one to ten, I would give this solution a rating of eight.
Technology Engineer at a computer software company with 51-200 employees
Real User
2021-04-07T11:09:32Z
Apr 7, 2021
I would say go for it because it seems to be stable and very reliable. I've spoken to some specialists who vouch for Palo Alto. They say they've been using it in their environment, and it hasn't let them down so far. I would rate this solution a nine out of ten.
Quality engineer of the 1st category at Modern Expo
Real User
Top 20
2021-04-01T09:30:53Z
Apr 1, 2021
I would absolutely recommend this product, it's expensive but I trust it. There is always room for improvement such as with scalability capabilities in Palo Alto. I know I'm not the only one who thinks this is an issue. It's possible that next time we will try virtualized firewalls, it may be a little cheaper for us. We would consider switching to something else but it would be a big move and quite complicated. Moving to a different vendor is a whole other story. I rate this solution a nine out of 10.
Network Manager at a financial services firm with 1,001-5,000 employees
Real User
2021-03-04T18:02:15Z
Mar 4, 2021
There are multiple firewalls out there. I am moving away from them because they are expensive, and they don't do what I want to do with them. I have plans of getting FortiGate instead. I would rate Palo Alto Networks NG Firewalls a six out of ten.
Regulatory Specialist at a healthcare company with 501-1,000 employees
Real User
2021-03-02T16:01:23Z
Mar 2, 2021
I would tell potential users that Palo Alto is the best, even compared to Cisco or any other competitor. On a scale from one to ten, I would give Palo Alto Networks NG Firewalls a nine.
Sr. Product Management Specialist at a comms service provider with 10,001+ employees
Reseller
2021-03-02T07:38:59Z
Mar 2, 2021
We plan to keep using this solution depending on the customers' needs. We also have a cloud-based platform on Fortinet, and we provide it as a service. I would rate Palo Alto Networks NG Firewalls an eight out of ten.
Server Administrator and Operation Manager at a computer software company with 501-1,000 employees
Real User
2021-02-12T08:51:27Z
Feb 12, 2021
I'm not sure which version of the solution we're using. We use a physical appliance. We're using three different models, for the most part. My company is an outsourcing company that deploys software and testing. The solution is very user-friendly and easy to manage and administrate. For that reason, I would rate the product at a nine out of ten.
IT Architect at a computer software company with 501-1,000 employees
Real User
2021-02-11T11:33:05Z
Feb 11, 2021
If someone looking for stability and the leader in next-generation firewall technology, I would choose this solution. I would recommend this solution to others. I rate Palo Alto Networks NG Firewalls a ten out of ten.
Solutions Architect at a comms service provider with 51-200 employees
Reseller
2021-02-04T21:54:27Z
Feb 4, 2021
First of all, I would say that the engineer who is going to deploy the solution has to know how the network policy is going to be introduced into the firewall. It is very important for deployment because it is a new concept that Palo Alto introduced in the market. The second thing is to know the policies, not on the layer-4 basis, but in terms of policies, such as SMB, DSTP, and other such things. I would rate Palo Alto Networks NG Firewalls a nine out of ten.
Sr. Engineer at a comms service provider with 51-200 employees
Real User
2021-01-31T06:58:32Z
Jan 31, 2021
We have a partnership with Palo Alto. I am in pre-sales and often do POCs or do some aspect of evaluating the solution for clients to help them understand the usefulness. Overall, I really do prefer Palo Alto to other options. I'm the most comfortable with it and I understand it the best out of other solutions such as Juniper or Fortinet. I'd suggest organizations consider the solution. Yes, it is quite expensive. However, it is also very reliable and is always marked highly in Gartner due to its feature set and usability. It's easy to configure and it's very easy to add more features into your roadmap if you need to. It can easily integrate into a larger holistic security system to help keep a company safe. In general, I would rate the solution at a nine out of ten.
Senior Network & Security Administrator at a consultancy with 1,001-5,000 employees
Real User
2021-01-30T13:39:00Z
Jan 30, 2021
I would recommend Palo Alto Networks NG Firewalls. If a company has the budget and wants to have the next generation of firewalls then they should go for the Palo Alto, because whatever state of features they provide, it's pretty awesome. But if there is a budget constraint there are several other products which give you similar kinds of features but with less cost. On a scale of one to ten, I would give Palo Alto Networks NG Firewalls an 8. Nothing is perfect. There are features that they should add. One of the features that I'm looking at is when it comes to the Vulnerability Protection. We are blocking the threats which are, by default, updated by the Palo Alto Threat Engine. Currently, there is no scope of manually adding the external database to the firewall so the firewall will convert that database to their own. This is currently not functional with the current version. There are a few functions that they could add that are available with other vendors. That's why I am giving the 8.
My advice for anybody who is implementing this firewall is to follow the guide or instructions that are available. There are multiple resources and examples of use cases available on the Palo Alto website, and you can directly follow them. I would rate this solution a nine out of ten.
Network Engineer at a tech services company with 201-500 employees
Real User
2021-01-27T10:49:16Z
Jan 27, 2021
I'd tell potential users of Palo Alto Networks NG Firewalls that their decision depends on their budget. If you have an adequate budget, then I recommend Palo Alto. If you have a limited budget, you need to consider your needs and look at Cisco ASA's price and Fortinet's price. On a scale from one to ten, I would give Palo Alto Networks NG Firewalls an eight.
Vice President of Digital Transformation at Sysnet Global Technologies
Real User
2021-01-27T09:19:49Z
Jan 27, 2021
Know your business requirements, the features, the ease of use, and know what type of budget you have. These are the types of requirements to know before you use this product. I would rate this solution an eight out of ten.
Partner Alliance Director at a comms service provider with 1,001-5,000 employees
Real User
2021-01-15T20:15:01Z
Jan 15, 2021
We have a partnership with Palo Alto. We're using the 5000 series of Palo Alto. It's a next-generation firewall. We're currently using the Management Gateway and Virtual Firewall. Also, the Endpoint Solution. I'd recommend the solution to other organizations. We've been pretty happy with it so far. I'd rate the solution at an eight out of ten.
Service Delivery Engineer - Network Security Lead at a tech services company with 51-200 employees
Reseller
2021-01-12T12:47:26Z
Jan 12, 2021
I would recommend this solution. The uptake is mostly with medium and large enterprise, it's strong there. For small to medium size businesses, the preference is usually Fortinet or Sophos. It's really about what suits the client. I would rate this solution an eight out of 10.
Team Lead Network Infrastructure at a tech services company with 1-10 employees
Real User
2020-12-19T13:47:52Z
Dec 19, 2020
I'm an integrator. I work with many clients. My clients use both the cloud and on-premises deployment models. I would recommend the solution to other organizations. Overall, I would rate it at a nine out of ten.
Director, Middle East, East India & SAARC at DMX Technologies
Real User
2020-12-10T16:08:04Z
Dec 10, 2020
I would not recommend this solution. I am sure they will come up with better models to overcome some of the challenges that we faced, but I would definitely not recommend this particular model. I would rate Palo Alto Networks NG Firewalls a six out of ten.
On a scale of one to ten, I would give Palo Alto Networks NG Firewalls a nine. I would recommend this product to others. In terms of what advice I would give to future customers looking into implementing Palo Alto Firewalls, I would tell them that they have a good system operator in the firewalls and that it provides many tools that they can use to protect their networks. You don't find that in the other vendors.
Security Presales Solutions Architect at a tech services company with 201-500 employees
Real User
2020-11-18T17:49:17Z
Nov 18, 2020
I would recommend this solution based on a customer's requirements. I sell solutions from a lot of firewall vendors. I have the flexibility to recommend based on the budget of a project. I would recommend Palo Alto or any other vendor if the environment and all the conditions are available and suitable for that deployment. A lot of times, we make POC or proof of concepts to show the customer the value of the products and how to deal with them to convince them to buy it. I would rate Palo Alto Networks NG Firewalls an eight out of ten.
System Administrator at a mining and metals company with 51-200 employees
Real User
2020-11-16T18:30:20Z
Nov 16, 2020
We have not had any issue with this solution. I really hope that we continue to use this solution. Its price is higher than other solutions, and the company might go for another firewall. I would recommend this solution to other users. I would rate Palo Alto Networks NG Firewalls a nine out of ten.
System Engineer at a financial services firm with 1,001-5,000 employees
Real User
Top 20
2020-11-12T05:04:08Z
Nov 12, 2020
We plan to continue the usage of this solution in the future and I would recommend it to others. The product is very good, I would rate Palo Alto Networks NG Firewalls a nine out of ten.
I would recommend this firewall still. Our system integrates well but it depends on customer requirements so we sometimes choose to go with an alternative firewall. I would rate this solution an eight out of 10.
Security Consultant at a tech services company with 501-1,000 employees
Real User
2020-07-27T07:17:38Z
Jul 27, 2020
In general, I prefer hardware, and Palo Alto's is quite good. However, we have a couple of virtual deployments for cases as well. I would definitely recommend the solution. It's one of the best firewalls on the market. I've worked with four different vendors in the past, and some of the most mature NG firewalls are Palo Alto's. It's their main business, so they are able to really focus on the tech. They spend a lot of time on R&D. They're always leading the way with new technologies. While Cisco has more main products, Palo Alto really does focus in on NG firewalls. That's why I always see them as a leader in the space. I'd rate the solution nine out of ten.
Cyber Security Trainee at Macroview Telecom Limited
Reseller
2020-07-26T08:19:12Z
Jul 26, 2020
My advice for anybody who is considering this product is that it is a useful firewall and high-ranking compared to others. I would rate this solution an eight out of ten.
Cyber Security Solutions Architect at NTT Security
Real User
2020-07-26T08:18:00Z
Jul 26, 2020
My advice would be to make sure the firewall is configured properly. I would rate it an eight out of ten. Not a ten because you have to be really excellent before you get a ten out of me. In the next release, I would like to have the ability to auto-generate rule and policy, based on known traffic, based on the baseline. That is a feature that I think Palo Alto should be able to have in some form or fashion to auto-generate and propose a policy and rules set, after putting the file into a learning mode for some period.
My advice for anyone who is implementing the Palo Alto Next-Generation firewall is to take the training that is available. This will allow them to better work with the technology. This is an ambitious company with a good security roadmap. The product is being continuously developed and they are professionals who are focused in this area of technology. It is the firewall that I personally recommend. I would rate this solution a seven out of ten.
Sr. Solution Architect at a tech vendor with 501-1,000 employees
Reseller
2020-07-05T09:37:56Z
Jul 5, 2020
While we mainly deal with on-premises deployment models, occasionally we also do hybrid deployments. We're not a customer. We're a systems integrator. We're a reseller. We sell solutions to our clients. Palo Alto is very good at policymaking. It's like they have a single policy that you can use. Other solutions don't have single policy use, which means you have to configure everything. There may be many consoles or many tasks that you'll have to worry about other solutions. Multiple task configuration should not be there, and yet, for many companies, it is. This isn't the case with Palo Alto. Palo Alto is easy compared to Fortinet. It's overall a very solid solution. I would rate it nine out of ten.
I'm not really a customer. I'm like a consultant. I'm an introduction expert. If I think a client needs a certain technology I point them in the direction of whoever sells it. I do go in and configure it, so I do have experience actually using the product. When I'm looking for something, I just find someone that sells Palo Alto and I redirect the client towards them. I'm not interested in being in a hardware vendor. There's no money in it. There's so much competition out there with people selling hardware. It doesn't matter where the client gets it from. We tend to use the 200-series models of the solution. I'd rate the solution eight out of ten. They do a very good job. The product works well.
The advice I can give is that this is a good solution: Easy to deploy, easy to manage, easy to understand, reporting is very good, and it will give you the full picture up to the layer seven. Their VPN service is very good. The good thing is that whenever you need to train anyone on these devices, it's very easy to explain. Previous firewalls I've used, required a lot more work before you could configure. This isn't like that, it takes maybe 30 minutes and it's done.
Senior Network Security Engineer at Locuz Enterprise Solutions Ltd
Vendor
2020-06-15T07:34:02Z
Jun 15, 2020
My experience with Palo Alto is good and I definitely recommend this product. That said, there is always room for improvement. I would rate this solution a seven out of ten.
Solutions Architect at NTT Global Networks Incorporated
MSP
Top 20
2019-12-04T05:40:00Z
Dec 4, 2019
Palo Alto is my number one choice for firewalls. I support and utilize more Palo Alto firewalls throughout my company and with my customers than any other device. Number two would be Fortinet. I don't really like Fortinet that that much because it is not as secure as Palo Alto, but I have customers who want to use it because it is a lot less expensive. Number three is Cisco Meraki, which I obviously don't like, but people request that because the Cisco name is very popular and a lot of other people are using it. I couldn't recommend against choosing a device more than choosing it by name instead of functionality. Palo Alto invented the method of looking at the application identifier in each packet and making a decision. For instance, many companies may want to do something like prohibiting all chat applications with the exclusion of whatever application the company is choosing to use. Let's say the company is using IP Communicator for customers and for employees to chat with each other, but the company wants to block Skype. The reason why might be because they don't want anybody bringing up a Skype call, sharing information via that Skype call, or maybe turning on a Skype call and letting other people see inside the facility. Skype has a very interesting platform in which you block one IP address on the Skype server and it allows another one. You block Skype.com and it creates another URL. Skype loves to get in and around simple security steps. Palo Alto is phenomenal because it takes a look at the application identifier within each packet and will find that it is Skype and block it. If you want to block AOL Instant Messenger, you just block it. Anything out there you don't want employees to use can just be blocked by referencing the identifier. Netflix is another one that seems to find it's way into corporate networks. It is normal not to want employees sitting around watching movies. The Palo Alto will find out that someone is trying to access a Netflix movie and block it. Then it can also send an email to alert different people of the activity. You could set it up so that when something like that happens, an email goes to the director of IT to say, "Hey, this person may be trying to access Netflix." You may want it to just block the access type and forgo the alert. Or you can block the activity and alert anyone you want that someone appears to have tried to subvert security. The idea of this type of security measure isn't just to lay blame and get people fired, it is to identify different types of breaches and why they occur. It could be that a potential breach requires a sit-down conversation with the persons involved. But the truth is that many malicious sites — like adult related websites, platforms like gambling sites, obviously hacking-related sites, violence or gore — are loaded with malware. You don't want that on your computer, and your employer doesn't want it on the network either. It is just as bad as bringing a device to work and allowing that device to be connected to the network without protection as that is just another potential malware exposure. Another beautiful thing with Palo Alto is that they have Wildfire. Wildfire can prohibit malware in either direction. Malware is not going to get into the network via a customer or a user surfing and it is not going to get out and affect the network and spread around via a user's BYOD (Bring Your Own Device) that got infected while he was working at home.
PA is a product that continuously improves, so, I have nothing to add in terms of features. My advice is not to look for a cheaper solution, as the price/performance ratio on Palo Alto is great.
Vice President & Head Technology Transition at EXL Services
Real User
2019-07-01T07:58:00Z
Jul 1, 2019
I'd say the blueprint of the implementation needs to be ready before you start the implementation of the product. The product is generally stable and the team provides a good presence on it, but at the end, if you're putting it in the mission-critical data center, the planning needs to be extensive. I would rate this solution an eight and a half out of ten.
Sales Engineer at a wholesaler/distributor with 51-200 employees
Real User
2019-06-26T05:25:00Z
Jun 26, 2019
The functionality is good and so are the features. In terms of implementing the solution, I wish it was better. I would rate the solution 8 out of 10, mostly due to the technical issues I've experienced.
IS&S Europe and Global Infrastructure Manager at a manufacturing company with 10,001+ employees
Real User
2019-06-26T05:25:00Z
Jun 26, 2019
Once you install it, you use it every day. You can't stop because it's a security feature and a precaution. Also, we are using it to do some local breakouts, so we use utilize the local internet to carry some business traffic, to ensure there's no interruption. You have to let it run 24/7. I would suggest you be careful when choosing your model. Consider your bandwidth as well as how you want to run the local area network because the throughput of the firewall has to be well designed. I would rate this solution a nine out of10.
I've helped customers using Fortinet and Check Point. They are compromised. Their firewall is not stable. But for some features, for example, encryption, they want to use this feature, but the firewall feature isn't great. With Palo Alto, there isn't any problem, you can open any feature - IPS feature, data encryption feature - there isn't an issue. Implementation is simple, the product is stable, but I advise if people get the firewall I strongly recommend the use of the API features. They may not be accustomed to using a next-generation firewall. If they want to use NG Firewalls, they need to use and implement the API features. They need to create uses based on the application. My understanding is Version 9 will introduce some logic features. I would rate this solution 9 out of 10.
Chief Executive Officer at a tech services company with 11-50 employees
Real User
2019-06-26T05:25:00Z
Jun 26, 2019
I would rate this solution 8 out of 10. Generating reports is not so easy. I think with support, for everyone, and for all the bank company workers, they can do that a bit better. Then maybe I would rate them higher.
Palo Alto's firewall protects your network against attacks, threats, and many other things. Networking can be more advanced. You can upgrade the edition of Palo Alto. There's competition between Palo Alto and Fortinet firewalls. Most IT security people don't know which to pick. For a basic firewall, I recommend Fortinet because it has two or three basic firewalls. I personally need a data center firewall. Datacenter firewalls I would recommend FortiGate because of the support. It provides a high level of support. The latest Palo Alto release has many new features. It can provide you with audits, and policy auditing for a policy review. This allows you to know what's going on inside the network from a quality perspective because sometimes you can create new policies - up to one million policies. You can choose policies, and sometimes you get something by mistake. It provides you with an ability to view or do a policy review or policy audit. This is a major feature. It's a very important feature because before it was impossible to bring the visibility to the policy audits to let me know what's going on inside my policies. Now Palo Alto has provided this feature. In terms of advice I'd give to someone considering this solution, I'd say they should read more before going to the implementation phase. They have to read the administrative guides, and product guides before going to implementation. They have to check the platform because different versions of the platform have some new features. The technical people have to review before going to implement it because sometimes they don't need to upgrade this platform or this version. It is not a stable version. You have to read more before going to do the implementation. Ask an advisor, the vendors or call Palo Alto. You can call them, they have great coverage in any country in the world. You can ask the technical engineers what is the best design, their recommended design. I would rate this solution an eight out of 10.
IT Manager at a tech services company with 51-200 employees
Real User
2019-06-24T12:13:00Z
Jun 24, 2019
You have to do proper network design from the beginning. You have to look into future expansion. Otherwise, after a year, you have to replace the entire box. On a scale from 1 to 10, I would rate this product a seven because the point of scalability within their product is a big issue. If you have to put a huge investment in front to accommodate future expansion, it is fine. It requires forecasting. If your forecast is not correct and you are not growing to that point, then all your investments will be a waste. If you're adding a block so that it can accommodate your user traffic demand, then that would be perfect. I buy one block at a time now. I can't buy two blocks at the same time. That's a waste of money with Palo Alto NG firewalls.
Head, Information Technology at a construction company with 201-500 employees
Real User
2018-08-08T07:09:00Z
Aug 8, 2018
List your requirements, give them the proper weighting, and look at what future options are available if you stick with the solution. Then do your evaluation. And don't forget the vendor, the local support, their competency and their commitment. You can have the best product in the world but if you don't get the right person to support you, it's a waste. You would probably better off with a second- or a third-tier product if you have an excellent, competent, and committed vendor to support you. I would rate Palo Alto at eight out of 10 because of the performance, the security features, and policy management, the reporting capabilities, and the optional upgrades or extensions that we can do, like sandboxing. It also offers an option for our integration with our endpoint security. We are going to revamp our endpoint security architecture. One of the options we're looking at is how we can integrate that with solutions from Palo Alto, because then we can have a more consolidated view, instead of using a third-party solution as the endpoint security. Finally, the local support is important.
Buy Palo Alto and try its features. In Palo Alto, you have select prevention, scan over AV, anti-spyware, vulnerability protection. and file blocking. you have good feature like WildFire to protect against unknown malware. I rate Palo Alto at eight out of 10 because it gives me visibility and protection. This visibility and protection are very important nowadays to protect you from hackers.
Palo Alto Networks NG Firewalls offer comprehensive security, including application control, traffic shaping, threat prevention, and load balancing, designed to secure internal networks, perimeter protection, VPN services, and cloud environments.
Palo Alto Networks NG Firewalls are a key choice for managing and protecting data centers, securing remote access, network segmentation, malware prevention, and ensuring high availability and performance for business-critical applications. Known...
I would rate Palo Alto Networks NG Firewalls seven out of ten. The maintenance of Palo Alto Networks NG Firewalls is easy.
I would rate Palo Alto Networks NG Firewalls ten out of ten. We have over 10,000 end users. When choosing a firewall, cost often reflects capability. While budget-friendly options exist, their security levels may not match those of higher-end providers like Palo Alto or Fortinet. Investing in a robust firewall often provides enhanced protection and advanced features, justifying the higher cost. We have three employees and one consultant who are responsible for the maintenance of our NG Firewalls.
For medium companies, I would advise using Sophos. For larger enterprises, Palo Alto is more suitable. I'd rate the solution seven out of ten.
I would rate Palo Alto NG Firewalls nine out of ten. The Palo Alto NG Firewalls are great, but they are expensive. I'm most interested in Palo Alto NG Firewalls, specifically how to improve their efficiency and application identification capabilities. Sometimes applications have unique requirements or behave differently, making accurate identification crucial. Palo Alto NG Firewalls excel at application-level security because they can block traffic, prevent attacks, and identify potentially compromised applications. Unlike traditional firewalls, Palo Alto NG Firewalls go beyond basic policy enforcement and traffic filtering by incorporating intrusion prevention systems and antivirus functionality. This allows them to analyze internal traffic for risks, similar to how antivirus software protects endpoints. Future users need to appreciate the costs involved in using Palo Alto, and the manual configuration required is beneficial because it ensures clarity and control over what is being configured. To enhance your organization's security posture and management, I recommend implementing Palo Alto Networks NG Firewalls. Three people in our organization are directly using the Palo Alto NG Firewalls. Upgrading Palo Alto Next-Generation Firewalls requires some maintenance.
I would rate Palo Alto Networks NG Firewalls seven out of ten. Those looking for the cheapest and fastest firewall won't find that combination. They must invest money to get a fast firewall suitable for their environment. Gather their requirements before choosing a firewall that fits their budget and features. They can opt for the quickest or cheapest option or select a device compatible with their needs. We have Palo Alto Networks NG Firewalls deployed in multiple locations, serving both on-premises and cloud departments. There are three people in our organization that work with the NG Firewalls. Our clients are enterprises. Palo Alto Networks NG Firewalls require maintenance for software upgrades, and after several years, the hardware will also need upgrades. I recommend Palo Alto Networks NG Firewalls for their stability and high level of security. If the security of your infrastructure is critical, Palo Alto is a strong choice, though it comes with a higher price tag. If budget is a concern or security isn't a top priority, then Palo Alto may not be the best fit.
I would rate Palo Alto Networks NG Firewalls nine out of ten. I would recommend Palo Alto Networks NG Firewalls, but it ultimately comes down to the organization's needs. Some organizations are almost entirely cloud-based, while others rely on the Internet for a few specific tasks and may have on-premises processing or branch offices. The ideal firewall solution varies depending on the specific environment and use cases; a firewall that performs well for one organization might not be the best fit for another. The primary reason people opt for cloud or hybrid solutions is to manage workloads or services already operating in the cloud. This trend extends to Palo Alto Networks NG Firewalls, where the cloud versions are gaining popularity. However, many users prefer the on-premise version of the firewalls to safeguard their on-premise infrastructure. This may involve physical or virtual appliances as long as they remain on-premise and not in the cloud. Other than updates, Palo Alto Networks NG Firewalls rarely require physical maintenance because most data centers are clean. Palo Alto Networks NG Firewalls are excellent firewalls but require technical expertise and dedicated resources for deployment. However, with technical know-how, they are easy to configure and deploy and offer flexibility for adaptation to various environments. We highly recommend them for SD-WANs and VPNs due to their high compatibility.
I would rate Palo Alto Networks NG Firewalls a nine out of ten.
I rate Palo Alto NG Firewalls 10 out of 10. I recommend spending time with Palo Alto and other support partners planning and understanding your network before you deploy. You can simplify many capabilities into common rules that you can apply consistently across the organization to save time. Planning can help you build consistency in naming address objects, VLANs, and network resources.
I work with the product, and we purchased our box after a demo. We also have IoT security, but I don't personally handle that. I rate the overall product a nine out of ten.
We are customers of Palo Alto. I'd rate the solution ten out of ten.
I need to check DNS security with Palo Alto Firewalls. I set it up initially, but my team manages it daily. I approve any changes, but my team handles the hands-on work. I can't say all tools will be integrated, but other tools might also be needed based on our business and use cases. This alone might not suffice. Network performance is okay but not great because multiple hops are involved. Each tool, like an endpoint with antivirus, scans the traffic before it moves to the firewall, which also scans it before sending it out. So, there will be some performance regulation. We cannot expect 100% performance in any network once you have any firewall with all the built-in security features implemented. When I recommend the tool to others, I first check their business needs and understand what they're looking for. If they're focused on security posture and are ready to invest, I'd recommend Palo Alto Networks NG Firewalls. But if they want something cheap, I'd suggest options like FortiGate or SonicWall. Also, I'd check if they have the in-house skills to manage it day-to-day. I'm familiar with the PA-400 series of Palo Alto Networks NG Firewalls. It's good for small offices, and we use the same series in one of our branch offices. I've learned that using this solution is a continuous learning process. Every day, I analyze and evaluate the differences between each product to see if it meets our business requirements and is cost-effective. I rate it a ten out of ten.
Overall, I rate the solution a nine out of ten.
We started with on-premise infrastructure, including domain controllers. Still, as we moved to the cloud, there was a gap in group membership management until Palo Alto came up with a solution. We have multiple firewalls, about 50 of which are difficult to manage. However, the features offered by the firewalls themselves are really good. In the future, we might consider switching from Palo Alto Networks NG Firewalls. We're currently evaluating a new solution. However, cost is a concern, as it seems more expensive than other products and SaaS solutions. Integration with Palo Alto Networks NG Firewalls and other security tools or IT infrastructure is not entirely straightforward but manageable. It's easier compared to some other vendors but still requires effort. I have tried to integrate it with Cisco ISE. I recommend Palo Alto NG Firewalls for large enterprises. However, due to their high price, I wouldn't recommend them for small—to medium-sized companies, especially those with limited IT budgets. We've found that Palo Alto NG Firewalls are particularly good at stopping zero-day attacks. Compared to other companies like Fortinet, we've had fewer security breaches with it. I rate the overall solution a seven out of ten.
I will recommend the tool to others. It is a fine product. If someone is looking for DLP and other features, the product might not suit them. The product has good URL filtering features. Overall, I rate the solution a seven or eight out of ten.
I rate Palo Alto Networks NG Firewalls a nine out of ten.
If a colleague were to say they are just looking for the cheapest and fastest firewall, I don't know what I would say if they don't have the budget. But if they have a budget, I would recommend Palo Alto because, while another solution may be cheaper, it could be more expensive in total if you consider the potential loss of business continuity and reputation. And while I don't use the PA-400 series, I know it sells well because the higher series are very expensive, and the 200 series is very slow and less powerful. The PA-400 series is good.
If you're looking for the cheapest and fastest firewall, I would not recommend Palo Alto NG Firewalls. Overall, I would rate Palo Alto Networks NG Firewalls an eight out of ten. I place a high value on attending the RSA Conference. I get a lot out of it because I'm able to learn about up-and-coming companies. I can see what options are available, whether someone's doing it better, and if I can get a cheaper option. Attending RSAC does have an impact on my organization’s cybersecurity purchases made throughout the year.
To someone at another company who says, “We are just looking for the cheapest and fastest firewall,” I would say that you just lost the customer because I'm not going to do business with somebody who is going for the cheapest. I'm always looking for a vendor or customer that has more input and cares about the security of their systems. The value received from attending an RSA Conference includes prizes and other things, but on a personal level, I love the tech talks, knowing about a lot of industry changes, and different product solutions being showcased. RSAC definitely has an impact on our organization’s cybersecurity purchases made throughout the year. One of my main roles is vendor due diligence, so I come to RSA quite often, and I have conversations with many different sales engineers who can explain the security of their products because that's what I focus on during our onboarding process. Overall, I would rate this solution a seven out of ten.
Palo Alto is the best firewall company. Whether you're a small company or a large company, it will fit your needs. By attending this RSA Conference, I was hoping to find new security solutions. However, I seem to like my existing Palo Alto security solutions. In terms of the impact of the RSA Conference on our organization’s cybersecurity purchases, it depends on what we're looking for at the time of attending an RSA Conference. Right now, we're looking for something that I didn't really see here. We're looking for security, but this means we need a security operations center (SOC), whereas we're small. We just don't have that type of network. This is almost too much. However, that's why we have Palo Alto Networks. I would rate it a nine out of ten. It's not perfect, but it's pretty good. Palo Alto is the best firewall security network that I could possibly purchase.
Overall, I would rate Palo Alto Networks NG Firewalls a nine on a scale from one to ten.
I give the solution nine out of ten. The maintenance consists of regular updates only. Currently, we do not use Palo Alto Networks NG Firewalls across our entire network but we have plans to extend them in the future. I recommend Palo Alto Networks NG Firewalls to others.
We would recommend that organizations implementing this solution use a good consulting service and plan extensively up front, before implementation, in order to ensure a smooth deployment with no issues. We would rate this solution as 10 out of 10.
The security and performance of the PA-400 series of Palo Alto NGFWs, versus its price, is really good. It's very inexpensive and has good performance compared to the previous higher-end 3000 models. Palo Alto provides Panorama where you can manage a bunch of firewalls from a single pane of glass or just one device. It allows you to manage all of the firewalls in one, integrated location. You don't have to make a chain of 50 different firewalls. It will push what you need to be changed to all the other firewalls. We used to use it, but we got rid of it because we replaced all our Palo Altos with competitors' firewalls and we don't use Palo Alto anymore, other than for VPN. We have six firewalls in our organization right now, although we used to have 35 to 40. Because we no longer have a lot of firewalls, we got rid of Panorama. We don't want to pay for it to just manage six firewalls where we are not making any changes frequently. If we had 35 or 40 still, I would definitely recommend having Panorama. Panorama is for managing the rules. It saves time on configuration, but it doesn't affect your security posture. Whether you're managing each firewall or using Panorama, it's exactly the same thing. But it helps you to execute changes in a very short period of time. It's a way of pushing the config to all your devices.
I rate Palo Alto NG Firewalls 10 out of 10. People who are only starting with these firewalls should rely on the technical notes and briefs Palo Alto provides on functionality. I started using Palo Alto firewalls years ago, and we deployed firewalls the way we knew how. Later, I worked with another integrator who had been doing it for about two or three years more than I had. He was configuring areas on the firewalls that I had never considered. That becomes the critical piece; turning a firewall up based on what another firewall vendor does is enough to get you the same level of functionality that the other vendors provide. But with the additional capabilities that Palo Alto includes in the firewalls, it's imperative to have all the different pieces activated as much as the customer can accommodate in their environment. And that's a critical piece that Palo Alto provides a lot of online resources, and there are a lot of technical notes that are out there on what needs to be enabled in addition to that Day 1 configuration. That can give you a big headstart on all the different areas that need to be enabled within the firewall.
I give the solution a nine out of ten. The embedded machine learning included in the solution's firewall core used to provide inline real-time attack prevention is an important capability because it gives us the heuristics. The solution uses existing knowledge of the service and how we use the firewall, to determine if something nefarious is being undertaken. I don't believe that we are using the feature to its fullest capability. We integrate Palo Alto NG Firewalls into Sentinel and we use additional data points to determine attacks. We use the solution's DNS security for some of our clients. We use a lot of data points from various systems and not only this solution to determine if a threat is live and active. We don't recommend publishing using the solution. We do local DNS resolution using the Palo Alto NG Firewalls. We're purely an Azure consultancy. We use Azure publishing services to publish. We integrate the solution into virtual networks from a DNS point of view, but we are always on the safe side, and we never use the solution for DNS publishing to the public internet. We are an ISB. We provide managed services, but we are primarily an integrator. In terms of a trade-off between security and network performance, there will always be a performance lag when doing TLS inspections because the traffic has to be decrypted in real-time, however, the benefit outweighs the disadvantages from a network performance perspective. When the TLS inspections are sized properly, the performance lag is hardly noticeable. We sometimes work with Palo Alto, for example, to support the default route over ExpressRoute. The maintenance is all scripted and fully automated. We are always at the current stable release and we update as regularly as we get the updates from Palo Alto. There is no impact, no downtime, and no loss of service unless we've got a customer with a single firewall that requires a reboot, in which case we schedule the outage. I have worked with many different appliances in Azure over the years, and I still do with some clients who already have incumbent NBAs, but for our firewall as a service, I have always used Palo Alto. What we find is that clients want to utilize the features but don't know how to implement them or have the capability. We offer that support. Palo Alto is extremely good value for the money if we maximize its capabilities. If we want a cheap firewall, then Palo Alto isn't the answer. If we want a capable value-for-money firewall, when we are utilizing all of the services available, Palo Alto is the best on the market. If we want a cheap solution we can go to Fortinet which is not as technically sound but for someone who is price sensitive and doesn't want to use all the features and functions of Palo Alto NG Firewalls that is an option. We work with Palo Alto for our firewall as a service, and we work with Velo for our network as a service. The operational run cost for us is low with these vendors because those firewalls are extremely reliable and because we don't have problems with the firewalls, we don't need a big operational support team. We did some work with the NHS Test and Trace program and they had a multi-client solution that we deployed hundreds of firewalls across Azure and AWS, using Palo Alto. The client did explore other vendors that were cheaper and after looking at the operational support capability, features, and how reliable the firewall was, the option was clear and not driven by price. I would automate the solution. I would use infrastructure as code deployment and manage my devices using IHC. If I was going for a larger state, I would use the solution's management tool.
We would advise organizations who are migrating from a different provider to inquire about the centralized management console, and to understand the full costs involved up front. Also, despite the fact that this solution provides a lot of features, there will still be areas that aren't covered as this only works on perimeter level security. I would rate this solution a 10 out of 10.
All data goes through the firewall,since our HR and finance departments are behind the firewall. A lot of our labs are behind the firewall. We have some plans to expand, as I am about to put a virtual firewall in AWS Cloud for a project. We have a C-130 hub that has been flying into hurricanes and tornadoes for years. I want to put a firewall on that to protect the instrumentation from outside sources. If you are just looking for the cheapest, fastest firewall out there, that is a foolish attitude. The point of a firewall is to increase your security, not to increase your throughput. You don't want it to degrade your throughput, but the cheapest solution and the solution that makes sense aren't necessarily the same thing. The main advice would be to plan on starting small, then build up. Don't try to do everything at once. Also, make sure you do the available training prior to use or at the same time, at least the basic one, because that is important. Make sure you have a good networking background or a good network engineer standing next to you because talking to the routers is key. I would rate it at about eight and a half to nine out of 10. There is no perfect answer, but this is a pretty good one.
We are currently using a single firewall architecture. Next year, we will probably move to a dual firewall architecture. I would recommend Palo Alto Networks NGFW, especially for parameter-level security. I would rate the product as 10 out of 10.
Machine learning is taking logs and feeding them back through. Everybody is doing machine learning now. You need to have some type of machine learning in order to understand what is going through your environment since you can't be predictive anymore, like you used to be able to be. There is no way of knowing what things are going to do. Therefore, machine learning helps the firewall become smarter. However, machine learning is only as good as how it is utilized and how effectively it is deployed, and it is not always obvious. With Palo Alto, it was difficult to get the API keys and whatnot to work correctly, getting real, effective, actual, usable machine language stuff to use in the policies. It was a lot more hype than reality. Their zero-pass architecture is not really zero-pass, but it is better than others. It still has to run the traffic through again, once it is recognized at the port, service, and route level, to be acceptable. Then, it has to bring it back through to try to recognize the application. So, it is not necessarily a 100% zero-pass, but the way it works. It is like in the Indianapolis 500 when a car pulls into a pit stop. Instead of having one place in the pit stop where the tires are changed, another place in the pit stop that does the windows, and another place that does the gas, they have all the guys come around the car and do their work on the car at the same exact time. That is what is happening with Palo Alto. The packet gets there and the services attack the packet versus having to run the packet through the mill. That is what makes it faster, but it still has to do it more than once before it really knows. It is definitely better than what anybody else has done up to this point. With a single-pass cloud, we are not concerned with hardware as much anymore. Now, we are concerned with technology, implementation, and how controls are deployed. That is more important now than where the hardware is, e.g., if the hardware is integrated or deintegrated. I don't know if that is even that important anymore, but it was at one time. As long as you are comfortable with the price point, you are not going to make a mistake going this way. It is definitely best-in-class and a first-class firewall. I would never be ashamed of putting Palo Alto Networks NGFWs into my network. It's a very good product. As much as I might complain about this and that, there isn't any product that you would put in the network where you are going to have 100% confidence in it. There will always be something. Palo Alto NGFWs are the best way to go. I would rate this solution as nine out of 10.
I would rate this solution a nine out of ten. Cloud-based solutions are very unpopular in Eastern Europe, only private clouds are used, but on-premises is the favored deployment method. We use cloud solutions at home and for small companies or companies with particular use cases. I implemented the solution for a customer, and my first task was to disable all cloud-related features. It's exceedingly difficult to find a financial or government institution using a cloud-based platform; this market segment tends to have a more conservative mentality. I don't use the solution personally, but I'm the first-level troubleshooter. If I can't solve a problem, I open a ticket to Palo Alto's customer support. I have clients who used separate firewalls and VPN concentrators, but after switching to this solution, they now use the Palo Alto firewall and its VPN, GlobalProtect. I don't think it's the best VPN concentrator, it's an excellent firewall, but the weak point is the VPN. I advise reading the documentation before configuring, which goes for any platform.
If someone is in a routing and switching domain and wants to come up to a security domain, they should choose Palo Alto Network NG Firewalls. We are happy to assist customers whenever support is missing. Over a period of time, we see customers raise tickets because they are looking for a particular feature that is not available on the platform. We don't say to our customers, "We don't support this." Instead, we take it as an opportunity, giving that information to our engineering team. I would rate the solution as nine out of 10. I am leaving room for improvement.
I'm working in a systems and data company, and I recommend Palo Alto and other firewalls to many people. The users can choose one based on their budgeting because Palo Alto is expensive as compared to other brands. Palo Alto NGFW’s unified platform hasn't 100% helped to eliminate security holes. In some cases, we are using other products. I'm mainly using it for WAF and securing my DMZ infrastructure. It is working well in terms of the functionalities in layer 3 and layer 4. I would rate this solution a seven out of ten.
I would recommend this solution. It is a good solution. I would rate it a nine out of ten.
I would rate this solution 9 out of 10. If you want to have a secure network, use Palo Alto.
This firewall provides a unified platform that natively integrates all security capabilities. It will queue all functionalities like firewall protection and alerts and track all DDoS attacks. It shares all the information with us, and we can monitor and take immediate action on the other alerts we receive. I would advise potential users to only go for this solution if they have the budget and don't require any support. Only buy this firewall if you can install, configure, and solve potential problems on your own. If not, FortiGate and WatchGuard are much better options. On a scale from one to ten, I would give Palo Alto Networks NG Firewalls a five.
The integration is based on the customer environment and what they need. Enterprise customers have some regulations and compliance so they need to send all their logs to the same solutions. We can integrate it using a syslog protocol over UDP. So, it is easy to integrate Palo Alto with some solutions. However, with other Palo Alto technologies or solutions, I integrate them just with WildFire. WildFire is a dedicated solution related to sandboxing and can be deployed on-prem or in the cloud. The NSS Labs Test Report information has previously helped me to convince customers to buy Palo Alto Networks Next-Generation Firewalls. However, I am now not using the NSS Labs Test Report. Instead, I am using Gartner reports to offer customers Palo Alto Networks Next-Generation Firewalls. Machine learning on the Palo Alto Networks Next-Generation Firewall was introduced on version 10. I would rate this solution as nine out of 10.
As far as a firewall solution, it is one of the best ones that I have seen. It is fairly expensive compared to some of the other ones, but if you have the money and are looking for a solid, reliable system, then Palo Alto is the way to go. For what we use it for, the solution is good. I am part of the network team. There is a cybersecurity team who has control of its reins and does all the security configuration. I am not the administrator of it or a manager in charge of the group with this appliance. I find the whole machine learning and AI capabilities a bit overhyped. Everybody throws it in there, but I'm actually a little bit suspicious of what it is actually doing. I don't follow or monitor some of the day-to-day or zero-day threat prevention protection abilities that it has. I would rate the solution as nine out of 10, as I am always hesitant to give perfect scores.
If someone is looking for the cheapest and fastest firewall, I would say the fastest is good, but not cheapest. Palo Alto Firewalls are not cheap.
Palo Alto Networks NG Firewalls is a very good firewall. It is one of the best firewalls that I have used. I would rate Palo Alto Networks as nine out of 10.
If you're going with Palo Alto, you have to use all its features, including the DNS Security, App-ID, and SSL decryption. Otherwise, there is no point in buying Palo Alto.
We haven't actually deployed Palo Alto NGFW’s DNS Security yet, but we will be doing that. It is great that 100% of the tested attacks were blocked in the NSS Labs Test Report from July 2019 about Palo Alto NGFW. It is a great story, but I never trust 100% because that's why we have layered security. However, it definitely provides a great level of comfort in our security structure. I never give anyone a 10, so I will give the solution a nine (out of 10).
I don't want to become a Palo Alto-centric shop. We can use certain cloud features that they have, such as SaaS products. However, I choose not to, so that we can have a little bit more flexibility in what we do. When we were a pure Cisco shop, we saw the problems with doing that. Palo Alto does a really good job at everything they do but, I just want to make sure that from my university's perspective, we don't get stuck. If all of a sudden, somebody else comes out with another product, we don't want to be stuck with a specific vendor, unless they are definitely the best solution. We use other products in addition to Palo Alto to help along the way. For example, we use Corelight from Bro Zeek, Terracotta, and other things that I can stream together and send to our SOC to look at. We also have XDR, although it's not a fully functional one because we don't have the endpoint component. That is what is killing a lot of EDUs because we just don't have the budget or the money to be able to go out and buy all of the products that help us to function the way we need to. In the NSS Labs Test Report from July 2019 about Palo Alto NGFW, 100% of the evasions were blocked. For a C-level person, that's great news. They read those types of things. As a technical person, it's important to me because it makes my life easy. Palo Alto sells a next-generation firewall called the PA-400 series, and depending on what a company's bandwidth needs are, it would be a good choice. For example, if they're not doing anywhere close to a gig worth of traffic, such as in a small office, home office, or small business, then it would be a good solution. It also depends on what the business does. If there isn't much traffic then a PA-400 would be fine. If a colleague of mine at another company were to say that they are just looking for the cheapest and fastest firewall, based on my experience with Palo Alto, I would tell them that they get what they pay for. Palo Alto is not cheap but at the same time, their product is not really comparable with others. It's like comparing apples to oranges. If you consider Fortinet, for example, they call themselves a next-generation firewall but they really aren't. They are what you call a GPO, which is related to policies. It is important that you look at what other people do and how they do it, but for the most part, there's not anybody out there doing what Palo Alto is. Another one is Cisco. They do the same thing that Palo Alto does, although it takes three Cisco boxes to do what a single Palo Alto box does. I would rate this solution a ten out of ten.
The fact that Palo Alto NG Firewalls embed machine learning in the core of the firewall to provide inline, real-time attack prevention is important, but I still don't completely trust it. I haven't really seen this feature. Maybe it's somewhere in the background, but I haven't gotten any notifications that something was found or prevented. At this point, we still use traditional approaches with human interaction. Overall, what I have learned from using Palo Alto is that you need to be very detailed in your requirements.
For our customers, I would tell them that Palo Alto Networks NG Firewalls is easy to use, but probably difficult to master. It has a very easy to use interface and configuration utility, but it has a lot of advanced features that need some deep knowledge of the product. No product can guarantee 100% evasions being blocked, but I think Palo Alto is among the top of the threat inspection vendors. From the NSS Labs Test Report, we can see that Palo Alto Networks always has a top score. Machine learning in a single firewall is not that accurate or important for our customers. Since it will only see some network traffic, it cannot connect everything together, like endpoints and servers. Therefore, our customers do not value the machine learning techniques on a single firewall very much. We may review the alerts generated by machine learning modules, then we can see if the alerts are real alerts, not false positives. This may tell us how efficient machine learning is. Very few customers in China have used the Palo Alto NGFW’s DNS Security module. It is a new feature that was introduced only two years ago. Customers already know what the product can provide in terms of protection. Its DNS Security provides something that is not really easy to understand. Also, it increases the cost of the firewall because it requires another license to be implemented, and the cost is not low. DNS Security is very impressive, and I think it will be an efficient way to block the rapidly changing threat landscape and maybe Zero-day attack methods. Biggest lesson learnt: If you want to protect something, you need to gain visibility of the entire network. NG Firewalls provides a deep visibility into network traffic. I would rate Palo Alto Networks NG Firewalls as nine out of 10.
Other than the SD-WAN, everything else has been functioning like our previous setup because it's a pretty similar license. The way that the new hardware handles URL filtering, threat protection, and GlobalProtect has been pretty solid. I don't have any issues with those. Overall, I would rate Palo Alto NG Firewalls at nine out of 10. It's definitely not the cheapest product out there. Cost is the main reason I wouldn't put it at a 10.
This is a very good solution but it is very expensive. I rate Palo Alto Networks NG Firewalls a six out of ten.
I would recommend this solution to new users. On a scale from one to ten, I would give Palo Alto Networks NG Firewalls a nine.
I would advise that those thinking about Palo Alto Networks NG Firewalls need to switch how they think about a policy on the firewall. They should not to look at it from the point of view of the service and what port that policy is related to. Instead, they should look at it from the application side. Don't pay too much attention to the port. Just look at the application. For example, the NGFW doesn't care if SMTP traverses on port 25 or 65. It just enforces the protocol. From a technical point of view, I don't think that there's something that's missing from the Palo Alto Networks NG Firewalls. So, I would rate it at nine on a scale from one to ten.
This solution is very particular; it's only suited to specific companies — it's a commercial opportunity. Overall, on a scale from one to ten, I would give this solution a rating of eight.
I would say go for it because it seems to be stable and very reliable. I've spoken to some specialists who vouch for Palo Alto. They say they've been using it in their environment, and it hasn't let them down so far. I would rate this solution a nine out of ten.
I would absolutely recommend this product, it's expensive but I trust it. There is always room for improvement such as with scalability capabilities in Palo Alto. I know I'm not the only one who thinks this is an issue. It's possible that next time we will try virtualized firewalls, it may be a little cheaper for us. We would consider switching to something else but it would be a big move and quite complicated. Moving to a different vendor is a whole other story. I rate this solution a nine out of 10.
I would absolutely recommend this solution to others. Overall, on a scale from one to ten, I would give this solution a rating of nine.
There are multiple firewalls out there. I am moving away from them because they are expensive, and they don't do what I want to do with them. I have plans of getting FortiGate instead. I would rate Palo Alto Networks NG Firewalls a six out of ten.
I would tell potential users that Palo Alto is the best, even compared to Cisco or any other competitor. On a scale from one to ten, I would give Palo Alto Networks NG Firewalls a nine.
We plan to keep using this solution depending on the customers' needs. We also have a cloud-based platform on Fortinet, and we provide it as a service. I would rate Palo Alto Networks NG Firewalls an eight out of ten.
I would give Palo Alto Networks Next-Generation Firewalls a rating of nine on a scale of ten.
I'm not sure which version of the solution we're using. We use a physical appliance. We're using three different models, for the most part. My company is an outsourcing company that deploys software and testing. The solution is very user-friendly and easy to manage and administrate. For that reason, I would rate the product at a nine out of ten.
If someone looking for stability and the leader in next-generation firewall technology, I would choose this solution. I would recommend this solution to others. I rate Palo Alto Networks NG Firewalls a ten out of ten.
On a scale from one to ten, I would give Palo Alto Networks NG Firewalls a ten.
First of all, I would say that the engineer who is going to deploy the solution has to know how the network policy is going to be introduced into the firewall. It is very important for deployment because it is a new concept that Palo Alto introduced in the market. The second thing is to know the policies, not on the layer-4 basis, but in terms of policies, such as SMB, DSTP, and other such things. I would rate Palo Alto Networks NG Firewalls a nine out of ten.
We have a partnership with Palo Alto. I am in pre-sales and often do POCs or do some aspect of evaluating the solution for clients to help them understand the usefulness. Overall, I really do prefer Palo Alto to other options. I'm the most comfortable with it and I understand it the best out of other solutions such as Juniper or Fortinet. I'd suggest organizations consider the solution. Yes, it is quite expensive. However, it is also very reliable and is always marked highly in Gartner due to its feature set and usability. It's easy to configure and it's very easy to add more features into your roadmap if you need to. It can easily integrate into a larger holistic security system to help keep a company safe. In general, I would rate the solution at a nine out of ten.
I would recommend Palo Alto Networks NG Firewalls. If a company has the budget and wants to have the next generation of firewalls then they should go for the Palo Alto, because whatever state of features they provide, it's pretty awesome. But if there is a budget constraint there are several other products which give you similar kinds of features but with less cost. On a scale of one to ten, I would give Palo Alto Networks NG Firewalls an 8. Nothing is perfect. There are features that they should add. One of the features that I'm looking at is when it comes to the Vulnerability Protection. We are blocking the threats which are, by default, updated by the Palo Alto Threat Engine. Currently, there is no scope of manually adding the external database to the firewall so the firewall will convert that database to their own. This is currently not functional with the current version. There are a few functions that they could add that are available with other vendors. That's why I am giving the 8.
My advice for anybody who is implementing this firewall is to follow the guide or instructions that are available. There are multiple resources and examples of use cases available on the Palo Alto website, and you can directly follow them. I would rate this solution a nine out of ten.
I'd tell potential users of Palo Alto Networks NG Firewalls that their decision depends on their budget. If you have an adequate budget, then I recommend Palo Alto. If you have a limited budget, you need to consider your needs and look at Cisco ASA's price and Fortinet's price. On a scale from one to ten, I would give Palo Alto Networks NG Firewalls an eight.
Know your business requirements, the features, the ease of use, and know what type of budget you have. These are the types of requirements to know before you use this product. I would rate this solution an eight out of ten.
We have a partnership with Palo Alto. We're using the 5000 series of Palo Alto. It's a next-generation firewall. We're currently using the Management Gateway and Virtual Firewall. Also, the Endpoint Solution. I'd recommend the solution to other organizations. We've been pretty happy with it so far. I'd rate the solution at an eight out of ten.
In summary, this is a good product and I recommend it. I would rate this solution a nine out of ten.
I would recommend this solution. The uptake is mostly with medium and large enterprise, it's strong there. For small to medium size businesses, the preference is usually Fortinet or Sophos. It's really about what suits the client. I would rate this solution an eight out of 10.
I would rate Palo Alto Networks NG Firewalls a ten out of ten. It is the best solution I have tried. I am happy with this solution.
I'm an integrator. I work with many clients. My clients use both the cloud and on-premises deployment models. I would recommend the solution to other organizations. Overall, I would rate it at a nine out of ten.
This is a good product and I recommend it. I would rate this solution a nine out of ten.
I would not recommend this solution. I am sure they will come up with better models to overcome some of the challenges that we faced, but I would definitely not recommend this particular model. I would rate Palo Alto Networks NG Firewalls a six out of ten.
On a scale of one to ten, I would give Palo Alto Networks NG Firewalls a nine. I would recommend this product to others. In terms of what advice I would give to future customers looking into implementing Palo Alto Firewalls, I would tell them that they have a good system operator in the firewalls and that it provides many tools that they can use to protect their networks. You don't find that in the other vendors.
I would rate this solution a ten out of ten.
I would recommend this solution based on a customer's requirements. I sell solutions from a lot of firewall vendors. I have the flexibility to recommend based on the budget of a project. I would recommend Palo Alto or any other vendor if the environment and all the conditions are available and suitable for that deployment. A lot of times, we make POC or proof of concepts to show the customer the value of the products and how to deal with them to convince them to buy it. I would rate Palo Alto Networks NG Firewalls an eight out of ten.
We have not had any issue with this solution. I really hope that we continue to use this solution. Its price is higher than other solutions, and the company might go for another firewall. I would recommend this solution to other users. I would rate Palo Alto Networks NG Firewalls a nine out of ten.
We plan to continue the usage of this solution in the future and I would recommend it to others. The product is very good, I would rate Palo Alto Networks NG Firewalls a nine out of ten.
I would rate this solution an eight out of 10.
I would recommend this firewall still. Our system integrates well but it depends on customer requirements so we sometimes choose to go with an alternative firewall. I would rate this solution an eight out of 10.
In general, I prefer hardware, and Palo Alto's is quite good. However, we have a couple of virtual deployments for cases as well. I would definitely recommend the solution. It's one of the best firewalls on the market. I've worked with four different vendors in the past, and some of the most mature NG firewalls are Palo Alto's. It's their main business, so they are able to really focus on the tech. They spend a lot of time on R&D. They're always leading the way with new technologies. While Cisco has more main products, Palo Alto really does focus in on NG firewalls. That's why I always see them as a leader in the space. I'd rate the solution nine out of ten.
My advice for anybody who is considering this product is that it is a useful firewall and high-ranking compared to others. I would rate this solution an eight out of ten.
My advice would be to make sure the firewall is configured properly. I would rate it an eight out of ten. Not a ten because you have to be really excellent before you get a ten out of me. In the next release, I would like to have the ability to auto-generate rule and policy, based on known traffic, based on the baseline. That is a feature that I think Palo Alto should be able to have in some form or fashion to auto-generate and propose a policy and rules set, after putting the file into a learning mode for some period.
My advice for anyone who is implementing the Palo Alto Next-Generation firewall is to take the training that is available. This will allow them to better work with the technology. This is an ambitious company with a good security roadmap. The product is being continuously developed and they are professionals who are focused in this area of technology. It is the firewall that I personally recommend. I would rate this solution a seven out of ten.
I would rate Palo Alto a nine out of ten. In the next release, they should simplify the deployment process.
Palo Alto NG is definitely a firewall that I recommend for the right size of deployment. I would rate this solution an eight out of ten.
While we mainly deal with on-premises deployment models, occasionally we also do hybrid deployments. We're not a customer. We're a systems integrator. We're a reseller. We sell solutions to our clients. Palo Alto is very good at policymaking. It's like they have a single policy that you can use. Other solutions don't have single policy use, which means you have to configure everything. There may be many consoles or many tasks that you'll have to worry about other solutions. Multiple task configuration should not be there, and yet, for many companies, it is. This isn't the case with Palo Alto. Palo Alto is easy compared to Fortinet. It's overall a very solid solution. I would rate it nine out of ten.
I'm not really a customer. I'm like a consultant. I'm an introduction expert. If I think a client needs a certain technology I point them in the direction of whoever sells it. I do go in and configure it, so I do have experience actually using the product. When I'm looking for something, I just find someone that sells Palo Alto and I redirect the client towards them. I'm not interested in being in a hardware vendor. There's no money in it. There's so much competition out there with people selling hardware. It doesn't matter where the client gets it from. We tend to use the 200-series models of the solution. I'd rate the solution eight out of ten. They do a very good job. The product works well.
The advice I can give is that this is a good solution: Easy to deploy, easy to manage, easy to understand, reporting is very good, and it will give you the full picture up to the layer seven. Their VPN service is very good. The good thing is that whenever you need to train anyone on these devices, it's very easy to explain. Previous firewalls I've used, required a lot more work before you could configure. This isn't like that, it takes maybe 30 minutes and it's done.
My experience with Palo Alto is good and I definitely recommend this product. That said, there is always room for improvement. I would rate this solution a seven out of ten.
Palo Alto is my number one choice for firewalls. I support and utilize more Palo Alto firewalls throughout my company and with my customers than any other device. Number two would be Fortinet. I don't really like Fortinet that that much because it is not as secure as Palo Alto, but I have customers who want to use it because it is a lot less expensive. Number three is Cisco Meraki, which I obviously don't like, but people request that because the Cisco name is very popular and a lot of other people are using it. I couldn't recommend against choosing a device more than choosing it by name instead of functionality. Palo Alto invented the method of looking at the application identifier in each packet and making a decision. For instance, many companies may want to do something like prohibiting all chat applications with the exclusion of whatever application the company is choosing to use. Let's say the company is using IP Communicator for customers and for employees to chat with each other, but the company wants to block Skype. The reason why might be because they don't want anybody bringing up a Skype call, sharing information via that Skype call, or maybe turning on a Skype call and letting other people see inside the facility. Skype has a very interesting platform in which you block one IP address on the Skype server and it allows another one. You block Skype.com and it creates another URL. Skype loves to get in and around simple security steps. Palo Alto is phenomenal because it takes a look at the application identifier within each packet and will find that it is Skype and block it. If you want to block AOL Instant Messenger, you just block it. Anything out there you don't want employees to use can just be blocked by referencing the identifier. Netflix is another one that seems to find it's way into corporate networks. It is normal not to want employees sitting around watching movies. The Palo Alto will find out that someone is trying to access a Netflix movie and block it. Then it can also send an email to alert different people of the activity. You could set it up so that when something like that happens, an email goes to the director of IT to say, "Hey, this person may be trying to access Netflix." You may want it to just block the access type and forgo the alert. Or you can block the activity and alert anyone you want that someone appears to have tried to subvert security. The idea of this type of security measure isn't just to lay blame and get people fired, it is to identify different types of breaches and why they occur. It could be that a potential breach requires a sit-down conversation with the persons involved. But the truth is that many malicious sites — like adult related websites, platforms like gambling sites, obviously hacking-related sites, violence or gore — are loaded with malware. You don't want that on your computer, and your employer doesn't want it on the network either. It is just as bad as bringing a device to work and allowing that device to be connected to the network without protection as that is just another potential malware exposure. Another beautiful thing with Palo Alto is that they have Wildfire. Wildfire can prohibit malware in either direction. Malware is not going to get into the network via a customer or a user surfing and it is not going to get out and affect the network and spread around via a user's BYOD (Bring Your Own Device) that got infected while he was working at home.
PA is a product that continuously improves, so, I have nothing to add in terms of features. My advice is not to look for a cheaper solution, as the price/performance ratio on Palo Alto is great.
I'd say the blueprint of the implementation needs to be ready before you start the implementation of the product. The product is generally stable and the team provides a good presence on it, but at the end, if you're putting it in the mission-critical data center, the planning needs to be extensive. I would rate this solution an eight and a half out of ten.
I would rate this solution 7 out of 10.
I've used it and I'm very happy. Frankly, I think this site under-rates the technology, as it should be in at least the top three.
I would rate this product 8.5/10. It's very good.
The functionality is good and so are the features. In terms of implementing the solution, I wish it was better. I would rate the solution 8 out of 10, mostly due to the technical issues I've experienced.
Once you install it, you use it every day. You can't stop because it's a security feature and a precaution. Also, we are using it to do some local breakouts, so we use utilize the local internet to carry some business traffic, to ensure there's no interruption. You have to let it run 24/7. I would suggest you be careful when choosing your model. Consider your bandwidth as well as how you want to run the local area network because the throughput of the firewall has to be well designed. I would rate this solution a nine out of10.
I've helped customers using Fortinet and Check Point. They are compromised. Their firewall is not stable. But for some features, for example, encryption, they want to use this feature, but the firewall feature isn't great. With Palo Alto, there isn't any problem, you can open any feature - IPS feature, data encryption feature - there isn't an issue. Implementation is simple, the product is stable, but I advise if people get the firewall I strongly recommend the use of the API features. They may not be accustomed to using a next-generation firewall. If they want to use NG Firewalls, they need to use and implement the API features. They need to create uses based on the application. My understanding is Version 9 will introduce some logic features. I would rate this solution 9 out of 10.
I would rate this solution 8 out of 10. Generating reports is not so easy. I think with support, for everyone, and for all the bank company workers, they can do that a bit better. Then maybe I would rate them higher.
Palo Alto's firewall protects your network against attacks, threats, and many other things. Networking can be more advanced. You can upgrade the edition of Palo Alto. There's competition between Palo Alto and Fortinet firewalls. Most IT security people don't know which to pick. For a basic firewall, I recommend Fortinet because it has two or three basic firewalls. I personally need a data center firewall. Datacenter firewalls I would recommend FortiGate because of the support. It provides a high level of support. The latest Palo Alto release has many new features. It can provide you with audits, and policy auditing for a policy review. This allows you to know what's going on inside the network from a quality perspective because sometimes you can create new policies - up to one million policies. You can choose policies, and sometimes you get something by mistake. It provides you with an ability to view or do a policy review or policy audit. This is a major feature. It's a very important feature because before it was impossible to bring the visibility to the policy audits to let me know what's going on inside my policies. Now Palo Alto has provided this feature. In terms of advice I'd give to someone considering this solution, I'd say they should read more before going to the implementation phase. They have to read the administrative guides, and product guides before going to implementation. They have to check the platform because different versions of the platform have some new features. The technical people have to review before going to implement it because sometimes they don't need to upgrade this platform or this version. It is not a stable version. You have to read more before going to do the implementation. Ask an advisor, the vendors or call Palo Alto. You can call them, they have great coverage in any country in the world. You can ask the technical engineers what is the best design, their recommended design. I would rate this solution an eight out of 10.
You have to do proper network design from the beginning. You have to look into future expansion. Otherwise, after a year, you have to replace the entire box. On a scale from 1 to 10, I would rate this product a seven because the point of scalability within their product is a big issue. If you have to put a huge investment in front to accommodate future expansion, it is fine. It requires forecasting. If your forecast is not correct and you are not growing to that point, then all your investments will be a waste. If you're adding a block so that it can accommodate your user traffic demand, then that would be perfect. I buy one block at a time now. I can't buy two blocks at the same time. That's a waste of money with Palo Alto NG firewalls.
This solution is easy to understand, reliable, and user-friendly. I would rate this solution as eight out of ten.
I would certainly encourage someone to look into this solution.
List your requirements, give them the proper weighting, and look at what future options are available if you stick with the solution. Then do your evaluation. And don't forget the vendor, the local support, their competency and their commitment. You can have the best product in the world but if you don't get the right person to support you, it's a waste. You would probably better off with a second- or a third-tier product if you have an excellent, competent, and committed vendor to support you. I would rate Palo Alto at eight out of 10 because of the performance, the security features, and policy management, the reporting capabilities, and the optional upgrades or extensions that we can do, like sandboxing. It also offers an option for our integration with our endpoint security. We are going to revamp our endpoint security architecture. One of the options we're looking at is how we can integrate that with solutions from Palo Alto, because then we can have a more consolidated view, instead of using a third-party solution as the endpoint security. Finally, the local support is important.
Buy Palo Alto and try its features. In Palo Alto, you have select prevention, scan over AV, anti-spyware, vulnerability protection. and file blocking. you have good feature like WildFire to protect against unknown malware. I rate Palo Alto at eight out of 10 because it gives me visibility and protection. This visibility and protection are very important nowadays to protect you from hackers.