I typically get involved with it when it comes to audit and compliance and having to gather evidence of those firewalls, routers, and rule sets. The evidence that I typically need is there.
Learn what your peers think about Palo Alto Networks NG Firewalls. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
IT Network Engineer at a energy/utilities company with 201-500 employees
Real User
Top 20
2023-05-01T10:44:00Z
May 1, 2023
I like all the threat alerts and WildFire. I also like scanning because everything that comes into our network via customers is scanned. We're an electric company, so every one of the bills is scanned and emailed in and out of our network.
Senior information technology consultant at a tech services company with 11-50 employees
Consultant
Top 20
2023-01-17T04:20:45Z
Jan 17, 2023
We have found the SSL decryption within this solution to be great; you can enable this feature and have the ability to see more of what is happening across your network.
Senior Network Analyst at a non-profit with 1,001-5,000 employees
Real User
2022-11-22T21:42:00Z
Nov 22, 2022
It's very important that Palo Alto NG Firewalls embed machine learning into the core of the firewall to provide inline, real-time attack prevention. That increases our security posture... The firewall is able to capture it and flag it and it is easy to mitigate as soon as we see something like that happening, to secure the environment more, in real time.
One of the simple features I like about Palo Alto firewalls is that it's extremely easy to find out what's happening in the network. The reporting is phenomenal, and it's easy to find which threats have been detected and what traffic is going through the box. When a customer notices something is wrong, you can quickly check the amount of traffic going through the firewall around that time. If there is anything out of the ordinary, you can decide it needs to be investigated further.
I can enable the features I want and configure the policies based on the user and not all users and network traffic, making firewall management much easier.
Software Engineer at a manufacturing company with 10,001+ employees
Real User
2022-10-09T10:45:00Z
Oct 9, 2022
We like the fact that this product can provide multiple layers of protection depending on our clients requirements, and can be configured to whatever level of protection and the specific protocols that they want.
Security Architect at University Corporation for Atmospheric Research
Real User
2022-08-16T10:49:00Z
Aug 16, 2022
The WildFire reporting and Cortex XDR platform have huge infrastructures in the cloud that secures the network against threats. So, we have the potential on the system, specifically for users, where we take care of this since the user is the most dangerous. We get reports back from WildFire on a minute-by-minute basis, rather than a daily or weekly update like I used to with different AV vendors. These features can detect viruses and malware more quickly, which is super important.
It has a solid network security with some robust tools. We can block unexpected attacks, especially zero-day attacks. Since they use the Pan-OS engine, they can collect attacks from all over the world and analyze them. They can then protect against zero-day attacks and unexpected attacks.
It helps the organization function better by virtue of cleaner and more predictive Internet access and usage being conducted by the employees and constituents of the company. It helps ensure that they have a stronger security posture. It is preventive medicine If you have DNS Security in place. You will be happy you had it. If you don't have it, you may never need it. However, if you did need it, and didn't have it, you will wish that you did. It is one of those things, like insurance.
System Engineer at a tech vendor with 1-10 employees
Real User
2022-07-03T21:02:00Z
Jul 3, 2022
All the features are valuable, but my main one is the straightforward and well-designed GUI. I'm over 50 and have been in this business since the internet started. I'm not a GUI guy; I prefer using the command line. The product's GUI is excellent, and so is the threat intelligence. It's also straightforward to configure and flexible. The solution even has good networking, such as VLAN and subinterfaces, which is great because, in my experience, if the firewall is good, then the router usually isn't and vice-versa, but Palo Alto has both.
Professional Services Consultant at a tech services company with 201-500 employees
Consultant
2022-06-12T15:10:00Z
Jun 12, 2022
Palo Alto Networks NG Firewalls have a Single Pass Parallel Processing (SP3) Architecture, which has a different kind of code doing the work. It increases the packet processing rate. Whereas, without the SP3 Architecture, you are waiting for each job to complete, even if you have 100 jobs assigned.
I'm using most of its features such as antivirus, anti-spam, and WAF. I'm also using its DNS Security and DNS sinkhole features, as well as the URL filtering and application security features.
The trackability is most valuable. When a port is open for a protocol, such as port 443 for HTTPS, it can look inside the traffic and identify or verify the applications that are using the port, which was previously not possible with traditional firewalls.
I like the sandbox feature, and it's very good. It kills each malware deployment in the sense of signatures within five minutes. So, we can secure our network and infrastructure very well within the stipulated time.
The WildFire functionality is very good because a few files are also getting blocked. It's critical as malware attacks are also getting ignored, and the logging is very well maintained in this firewall.
The most valuable solutions in this field are application-based firewalls. That is the main criteria of the firewall and functionality. We can get all the logs related to this and each and every packet. I like that the firewall is working as an application. The application-based entity we have deployed is well maintained and working very well.
We were able to find lots of vulnerabilities when we deployed it, but we could not disclose all. But there were vulnerabilities we could block by updating the firewall and taking actions on clientside machines. So, we got to know that we have lots of vulnerabilities inside the organization too, and we took lots of steps and resolved the number of vulnerabilities.
Palo Alto Networks NG Firewalls is an all-in-one solution. It provides every entity log, which is a very good functionality of this firewall. It gives every packet and aspect that the firewall is performing through its logs, and it does it very well.
This firewall's unified platform helped eliminate multiple network security tools. If anyone uses P2P sites, cryptocurrency websites, or any illegal sites, we can block it easily. It gives us a proper alert for these kinds of sites, and it properly secures our network. Monitoring is the best thing we are doing here, and we can block this kind of vulnerability as soon as it comes to us.
Security Presales Consultant at a tech services company with 501-1,000 employees
Real User
2022-02-11T03:28:00Z
Feb 11, 2022
A feature introduced by Palo Alto with the version 10-OS is embedded machine learning in the core of the firewall to provide inline, real-time attack prevention. Machine learning analyzes the network traffic and detects if there is any usual traffic coming from outside to inside. Because of Palo Alto, organizations detect around 91% of malicious attacks using machine learning. The machine learning helps customers by implementing firewalls in critical and air gap areas so there is no need to integrate with the cloud sandbox.
Network Analyst at a recreational facilities/services company with 1,001-5,000 employees
Real User
2021-12-21T02:46:00Z
Dec 21, 2021
With its single pane of glass, it makes monitoring and troubleshooting a bit more homogeneous. We are not looking at multiple platforms and monitoring management tools. It is more efficient from that perspective. It is more of a common monitoring and control system for multiple aspects of what used to be different systems. It provides efficiency and time savings.
Manager IT Security & Infrastructure at Currimjee Jeewanjee & Co. Ltd.
Real User
2021-12-15T10:55:00Z
Dec 15, 2021
You can easily integrate it with Active Directory, and you can use the GlobalProtect VPN for internal and external purposes. The URL Filtering is also clear and the application filtering is a plus. The application filtering is much better when you compare it to FortiGate or other firewall vendors.
Network Solutions Architect at Ecobank Transnational Incorporated
Real User
2021-12-07T16:01:00Z
Dec 7, 2021
It is critical that Palo Alto Networks NG Firewalls embeds machine learning in the core of the firewall to provide inline, real-time attack prevention. In my environments, we have an integration with a third-party vendor. As soon as there is new information about new threats and the destination that they are trying to reach on any of our network devices, that traffic will be stopped.
Security Engineer at a tech services company with 1,001-5,000 employees
Real User
2021-11-11T17:32:00Z
Nov 11, 2021
With App-ID, we can identify exact traffic. Even if someone tries to fool the firewall with a different port number, or with the correct port number, Palo Alto is able to identify what kind of traffic it is.
Chief Architect at a recruiting/HR firm with 1,001-5,000 employees
Real User
2021-10-08T08:31:00Z
Oct 8, 2021
Palo Alto NGFW provides a unified platform that natively integrates all security capabilities, which is very useful. This prevents us from having to go to a lot of different systems, and in some cases, many different systems in many different regions, because we are a global company with 60 remote offices around the world in 30 different countries. Its centralized platform is really what we look for in all services, whether it be security or otherwise.
CyberSecurity Network Engineer at a university with 5,001-10,000 employees
Real User
2021-09-23T17:45:00Z
Sep 23, 2021
When we put it on the border, it was blocking everything that we were getting ahead of time, and we weren't getting any hits. This includes URL filtering, spam prevention, and anti-virus.
Senior Network Engineer at a tech services company with 201-500 employees
MSP
2021-08-10T22:10:00Z
Aug 10, 2021
The most valuable features include the different security zones and the ability to identify applications not only by port numbers but by the applications themselves... And with the single-pass architecture, it provides a good trade-off between security and network performance. It provides good security and good network throughput.
Security Team Technical Manager at ECCOM Network System Co., Ltd.
Reseller
2021-08-10T12:31:00Z
Aug 10, 2021
Palo Alto NGFW’s unified platform has helped our customers eliminate security holes. With a unified platform, customers can deploy the NG Firewall both in the data center edge, inside the data center, and in the product/public cloud environments. They have the same user interfaces and platform, so they can be maintained by a single unified platform called Panorama. Customers can use Palo Alto Network NG Firewalls in all the places where they need to protect their environments. This helps to decrease security holes.
The machine learning in the core of the firewalls, for inline, real-time attack prevention, is very important to us. With the malware and ransomware threats that are out there, to keep abreast of and ahead of those types of attacks, it's important for our devices to be able to use AI to distinguish when there is malicious traffic or abnormal traffic within our environment, and then notify us.
Security team leader at a aerospace/defense firm with 10,001+ employees
Real User
Top 10
2021-05-19T18:12:46Z
May 19, 2021
The strengths of Palo Alto Networks NG Firewalls are application visibility and application awareness. Their strong point is identifying applications for traffic. So all of the policies that are configured are related to the application and not to a port.
Technology Engineer at a computer software company with 51-200 employees
Real User
2021-04-07T11:09:32Z
Apr 7, 2021
I have found it to be reliable and very easy to use. I haven't really encountered many problems with it because its documentation is clear and readily available on their website.
Sr. Product Management Specialist at a comms service provider with 10,001+ employees
Reseller
2021-03-02T07:38:59Z
Mar 2, 2021
The Unified Threat Management (UTM) module, which consists of the basic firewall and IPS services, is what the majority of our customers use in Palo Alto Firewall.
Senior Network & Security Administrator at a consultancy with 1,001-5,000 employees
Real User
2021-01-30T13:39:00Z
Jan 30, 2021
The feature that I like the most is its IPS model, the WildFire model. I really like how the whole threat protection model functions, including the vulnerability and anti-spyware aspects. That is really awesome.
Security Presales Solutions Architect at a tech services company with 201-500 employees
Real User
2020-11-18T17:49:17Z
Nov 18, 2020
In general, its performance and ease of use are the most valuable. Its performance is good, stable, and reliable. The user interface is friendly and easy to use. Customers find it easy to work with and easy to learn.
System Administrator at a mining and metals company with 51-200 employees
Real User
2020-11-16T18:30:20Z
Nov 16, 2020
Everything is easy in Palo Alto Networks NG Firewall. It is very stable, easy to configure, and easy to upgrade. It is also very easy to create custom policies and applications. Everything can be done with the click of a button.
It is also good for the protection of web services. Nowadays, they have a rather new DNS security feature, which is pretty good and functional. We did a one-month trial, and it is the best product for the firewall network.
Security Consultant at a tech services company with 501-1,000 employees
Real User
2020-07-27T07:17:38Z
Jul 27, 2020
From my experience, comparing it to other products, the granularity you can have in the application is very good. The application detection is excellent. It's certainly one of the best.
We have found the application control to be the most valuable feature. Also, Layer 7, because all other products are working up to the maximum capacity. But Palo Alto is benefiting us, especially in application control management. We are able to differentiate between Oracle traffic and SQL traffic.
Works at a computer software company with 201-500 employees
Real User
2019-06-26T20:18:00Z
Jun 26, 2019
One of the things I really like about it is that we have the same features and functions available on the entry-level device (PA-220), as do large corporations with much more costly appliances.
Palo Alto Networks NG Firewalls offer comprehensive security, including application control, traffic shaping, threat prevention, and load balancing, designed to secure internal networks, perimeter protection, VPN services, and cloud environments.
Palo Alto Networks NG Firewalls are a key choice for managing and protecting data centers, securing remote access, network segmentation, malware prevention, and ensuring high availability and performance for business-critical applications. Known...
We utilize advanced threat prevention features like web filtering and SSL decryption, which haven't caused any issues.
The configuration is quite simple to understand.
The initial setup process is quite easy.
One of the most valuable features of Palo Alto Networks NG Firewalls is application symmetries.
Palo Alto Networks NG Firewalls enabled us to have better visibility overall.
I typically get involved with it when it comes to audit and compliance and having to gather evidence of those firewalls, routers, and rule sets. The evidence that I typically need is there.
I like all the threat alerts and WildFire. I also like scanning because everything that comes into our network via customers is scanned. We're an electric company, so every one of the bills is scanned and emailed in and out of our network.
Palo Alto Networks NG Firewalls provide a unified platform that natively integrates all security capabilities.
There are many valuable features within the solution. This includes security, a user-friendly firewall, antivirus, and global protection.
We have found the SSL decryption within this solution to be great; you can enable this feature and have the ability to see more of what is happening across your network.
It's very important that Palo Alto NG Firewalls embed machine learning into the core of the firewall to provide inline, real-time attack prevention. That increases our security posture... The firewall is able to capture it and flag it and it is easy to mitigate as soon as we see something like that happening, to secure the environment more, in real time.
One of the simple features I like about Palo Alto firewalls is that it's extremely easy to find out what's happening in the network. The reporting is phenomenal, and it's easy to find which threats have been detected and what traffic is going through the box. When a customer notices something is wrong, you can quickly check the amount of traffic going through the firewall around that time. If there is anything out of the ordinary, you can decide it needs to be investigated further.
I can enable the features I want and configure the policies based on the user and not all users and network traffic, making firewall management much easier.
We like the fact that this product can provide multiple layers of protection depending on our clients requirements, and can be configured to whatever level of protection and the specific protocols that they want.
The WildFire reporting and Cortex XDR platform have huge infrastructures in the cloud that secures the network against threats. So, we have the potential on the system, specifically for users, where we take care of this since the user is the most dangerous. We get reports back from WildFire on a minute-by-minute basis, rather than a daily or weekly update like I used to with different AV vendors. These features can detect viruses and malware more quickly, which is super important.
It has a solid network security with some robust tools. We can block unexpected attacks, especially zero-day attacks. Since they use the Pan-OS engine, they can collect attacks from all over the world and analyze them. They can then protect against zero-day attacks and unexpected attacks.
It helps the organization function better by virtue of cleaner and more predictive Internet access and usage being conducted by the employees and constituents of the company. It helps ensure that they have a stronger security posture. It is preventive medicine If you have DNS Security in place. You will be happy you had it. If you don't have it, you may never need it. However, if you did need it, and didn't have it, you will wish that you did. It is one of those things, like insurance.
All the features are valuable, but my main one is the straightforward and well-designed GUI. I'm over 50 and have been in this business since the internet started. I'm not a GUI guy; I prefer using the command line. The product's GUI is excellent, and so is the threat intelligence. It's also straightforward to configure and flexible. The solution even has good networking, such as VLAN and subinterfaces, which is great because, in my experience, if the firewall is good, then the router usually isn't and vice-versa, but Palo Alto has both.
Palo Alto Networks NG Firewalls have a Single Pass Parallel Processing (SP3) Architecture, which has a different kind of code doing the work. It increases the packet processing rate. Whereas, without the SP3 Architecture, you are waiting for each job to complete, even if you have 100 jobs assigned.
I'm using most of its features such as antivirus, anti-spam, and WAF. I'm also using its DNS Security and DNS sinkhole features, as well as the URL filtering and application security features.
The trackability is most valuable. When a port is open for a protocol, such as port 443 for HTTPS, it can look inside the traffic and identify or verify the applications that are using the port, which was previously not possible with traditional firewalls.
The solution is user-friendly. It's secure and easy to understand your network visibility, control the network, and prevent attacks.
I like the sandbox feature, and it's very good. It kills each malware deployment in the sense of signatures within five minutes. So, we can secure our network and infrastructure very well within the stipulated time.
The WildFire functionality is very good because a few files are also getting blocked. It's critical as malware attacks are also getting ignored, and the logging is very well maintained in this firewall.
The most valuable solutions in this field are application-based firewalls. That is the main criteria of the firewall and functionality. We can get all the logs related to this and each and every packet. I like that the firewall is working as an application. The application-based entity we have deployed is well maintained and working very well.
We were able to find lots of vulnerabilities when we deployed it, but we could not disclose all. But there were vulnerabilities we could block by updating the firewall and taking actions on clientside machines. So, we got to know that we have lots of vulnerabilities inside the organization too, and we took lots of steps and resolved the number of vulnerabilities.
Palo Alto Networks NG Firewalls is an all-in-one solution. It provides every entity log, which is a very good functionality of this firewall. It gives every packet and aspect that the firewall is performing through its logs, and it does it very well.
This firewall's unified platform helped eliminate multiple network security tools. If anyone uses P2P sites, cryptocurrency websites, or any illegal sites, we can block it easily. It gives us a proper alert for these kinds of sites, and it properly secures our network. Monitoring is the best thing we are doing here, and we can block this kind of vulnerability as soon as it comes to us.
A feature introduced by Palo Alto with the version 10-OS is embedded machine learning in the core of the firewall to provide inline, real-time attack prevention. Machine learning analyzes the network traffic and detects if there is any usual traffic coming from outside to inside. Because of Palo Alto, organizations detect around 91% of malicious attacks using machine learning. The machine learning helps customers by implementing firewalls in critical and air gap areas so there is no need to integrate with the cloud sandbox.
With its single pane of glass, it makes monitoring and troubleshooting a bit more homogeneous. We are not looking at multiple platforms and monitoring management tools. It is more efficient from that perspective. It is more of a common monitoring and control system for multiple aspects of what used to be different systems. It provides efficiency and time savings.
You can easily integrate it with Active Directory, and you can use the GlobalProtect VPN for internal and external purposes. The URL Filtering is also clear and the application filtering is a plus. The application filtering is much better when you compare it to FortiGate or other firewall vendors.
It is critical that Palo Alto Networks NG Firewalls embeds machine learning in the core of the firewall to provide inline, real-time attack prevention. In my environments, we have an integration with a third-party vendor. As soon as there is new information about new threats and the destination that they are trying to reach on any of our network devices, that traffic will be stopped.
With App-ID, we can identify exact traffic. Even if someone tries to fool the firewall with a different port number, or with the correct port number, Palo Alto is able to identify what kind of traffic it is.
Palo Alto NGFW provides a unified platform that natively integrates all security capabilities, which is very useful. This prevents us from having to go to a lot of different systems, and in some cases, many different systems in many different regions, because we are a global company with 60 remote offices around the world in 30 different countries. Its centralized platform is really what we look for in all services, whether it be security or otherwise.
When we put it on the border, it was blocking everything that we were getting ahead of time, and we weren't getting any hits. This includes URL filtering, spam prevention, and anti-virus.
The most valuable features include the different security zones and the ability to identify applications not only by port numbers but by the applications themselves... And with the single-pass architecture, it provides a good trade-off between security and network performance. It provides good security and good network throughput.
Palo Alto NGFW’s unified platform has helped our customers eliminate security holes. With a unified platform, customers can deploy the NG Firewall both in the data center edge, inside the data center, and in the product/public cloud environments. They have the same user interfaces and platform, so they can be maintained by a single unified platform called Panorama. Customers can use Palo Alto Network NG Firewalls in all the places where they need to protect their environments. This helps to decrease security holes.
The machine learning in the core of the firewalls, for inline, real-time attack prevention, is very important to us. With the malware and ransomware threats that are out there, to keep abreast of and ahead of those types of attacks, it's important for our devices to be able to use AI to distinguish when there is malicious traffic or abnormal traffic within our environment, and then notify us.
There are plenty of features available in this solution, such as attack blocker and spam blocker. Additionally, it is very robust and in-depth.
I like that they are more stable than the previous ones, and they allow a lot of other features.
The strengths of Palo Alto Networks NG Firewalls are application visibility and application awareness. Their strong point is identifying applications for traffic. So all of the policies that are configured are related to the application and not to a port.
Identifying applications is very easy with this solution.
I have found it to be reliable and very easy to use. I haven't really encountered many problems with it because its documentation is clear and readily available on their website.
Protection from a single packet and ease of making security rules.
It's quite nice. It's very user-friendly, powerful, and there are barely any bugs.
The ease of use and the ease of configuration of our policies are the most valuable features.
Operationally, it is easier, and the manageability and their security features are good.
The Unified Threat Management (UTM) module, which consists of the basic firewall and IPS services, is what the majority of our customers use in Palo Alto Firewall.
We have found the DPI ability to understand web applications and build access rules on web application categories first to be a great feature.
The stability of the product has been good over the years.
The technology's very good. We have had a lot of good experience with this solution.
I like all the functions and features.
I love the Policy Optimizer feature. I am also completely happy with its stability.
It's one of the best products I've worked with. It's typically a market leader on Gartner. It's a very respected brand.
The feature that I like the most is its IPS model, the WildFire model. I really like how the whole threat protection model functions, including the vulnerability and anti-spyware aspects. That is really awesome.
The scalability is very good.
I like the architecture because it separates the management plan process and the data plan process.
The most valuable features of this solution are all of the services it provides.
The interface is very nice. We generally like the UI the product offers.
Flexible and integrates well with apps and other security tools.
Its flexibility is the most valuable.
It's a next-generation firewall and it's pretty stable. You don't have to worry about if you restart it for some maintenance. It will just come back.
The management options are good.
It worked fine normally.
They have a good system operator in the firewalls and it provides many tools that they can use to protect their networks.
They are regularly releasing new versions that include more integration with third-party services.
In general, its performance and ease of use are the most valuable. Its performance is good, stable, and reliable. The user interface is friendly and easy to use. Customers find it easy to work with and easy to learn.
Everything is easy in Palo Alto Networks NG Firewall. It is very stable, easy to configure, and easy to upgrade. It is also very easy to create custom policies and applications. Everything can be done with the click of a button.
It is also good for the protection of web services. Nowadays, they have a rather new DNS security feature, which is pretty good and functional. We did a one-month trial, and it is the best product for the firewall network.
The structure is much faster and more sophisticated than Cisco.
Ability to log each and every application.
GlobalProtect and App-ID features are very good.
From my experience, comparing it to other products, the granularity you can have in the application is very good. The application detection is excellent. It's certainly one of the best.
The most valuable feature is WildFire, which blocks sophisticated attacks and distinguishes it from other traditional firewall functions.
Innovative, advanced threat protection is the most valuable feature.
The most valuable features are web filtering and application filtering.
I like that it has high security.
The most valuable feature is the security provided by the ATP.
The interface and dashboards are good.
The solution allows us to set parameters on where our users can go. We can block certain sites or ads if we want to.
Provision of quality training material and the reporting is very good.
The most valuable features are the IPS/IDS subscriptions.
This is arguably the best security protection that you can buy.
This solution not only provides better security than flat VLAN segments but allows easy movement through the lifecycle of the server.
With our High availability pair, we have had no downtime for several years, since it was first put it in production.
The solution is scalable
One of the best firewalls on the market.
We have found the application control to be the most valuable feature. Also, Layer 7, because all other products are working up to the maximum capacity. But Palo Alto is benefiting us, especially in application control management. We are able to differentiate between Oracle traffic and SQL traffic.
One of the things I really like about it is that we have the same features and functions available on the entry-level device (PA-220), as do large corporations with much more costly appliances.
Comments have some delay, but overall, it's a good product.
The initial setup was very easy.
The solution is very stable.
The basic configuration will only take 15 minutes to set up
The most valuable features are the threat prevention and policy-based routing features.
Good functionality and features.
I found Palo Alto NG firewalls more intuitive compared to other products. I value the capability to identify a cloud solution.
The most valuable feature is the ability to deeply analyze the connection or connection type.
We standardized on the product and got rid of several other types of firewalls from different vendors.
It has the typical features of a next-generation firewall. It can do application control, antivirus, content filtering, etc.
I like to install Palo Alto mainly on the data center side to have visibility into all VLANs. That gives full visibility into the core.