Network administrator at a comms service provider with 201-500 employees
Real User
Top 5
2024-10-25T13:08:00Z
Oct 25, 2024
We provide localization services and use Palo Alto Networks NG Firewalls to protect our environment. We have two on-premises Palo Alto Networks NG Firewalls that are managed in the cloud.
IT System Administrator at a manufacturing company with 201-500 employees
Real User
Top 5
2024-10-18T13:19:00Z
Oct 18, 2024
We're using Palo Alto Networks NG Firewalls as a backup hardware solution. When the main firewalls have an issue, we're using the backup solution and hardware firewalls to avoid any network issues or prolonged downtime.
I primarily help users migrate from traditional firewalls to Palo Alto NG Firewalls. This involves troubleshooting, assisting with application control and backup configuration, and teaching users how to optimize the firewall for their needs. Additionally, I guide users through the process of redesigning their firewalls and migrating their servers, which often includes helping them understand and manage the vast number of applications they have. Sometimes, the firewall cannot identify specific applications, requiring customization to ensure accurate recognition and security. Currently, I am working on a management query language, which involves collaborating with other teams to assess the necessity of specific applications and connections between the firewall and various assets. This ensures optimal security and network efficiency.
Network and Information Security Manager at a pharma/biotech company with 1,001-5,000 employees
Real User
Top 10
2024-09-24T13:10:00Z
Sep 24, 2024
We primarily use Palo Alto Networks NG Firewalls for a DMZ firewall. Its primary function is to separate our network into four layers: a DMZ zone for all publishing services, an internal zone for internal user access to publishing services, a zone for terminating connections between VPN consultants and internal services, and a zone for Internet access. We implemented Palo Alto Networks NG Firewalls to secure our network and control access using filtering and application control. We also use Palo Alto WildFire for vulnerability scanning. We have Palo Alto Networks NG Firewalls deployed on the cloud and on-prem.
We partner with vendors primarily to foster better understanding and relationships. Our core business is system integration, where we cater to diverse customer requirements. A customer might approach us with a specific need, and we deliver. A product like Palo Alto's XDR or EDR endpoint protection is popular due to its features, but ultimately, the choice depends on individual customer requirements, including extra services or integrations. We currently have around six customers using Palo Alto. Aside from the usual content filtering and application filtering, the primary driving force for Palo Alto Networks NG Firewalls has been the SD-WAN. Additionally, ADR has also been a significant factor. All our clients also use Palo Alto as their firewall solution.
Learn what your peers think about Palo Alto Networks NG Firewalls. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
Security Consultant at a computer software company with 51-200 employees
MSP
Top 20
2024-09-17T14:04:00Z
Sep 17, 2024
We are managing services for our customers. I am mostly dedicated to Palo Alto. I have had a very good experience with Palo Alto firewalls and Panorama. We have used Palo Alto firewalls for multiple use cases. We have used them at the perimeter as well as in the data center. I have experience in 5000 series, 7000 series, and 3000 series. I have worked with most of them.
We use the solution to secure our Internet traffic and the application traffic from the Internet. There is also no need to connect to a VPN most of the time.
IT Network Engineer at a energy/utilities company with 201-500 employees
Real User
Top 20
2023-05-01T10:44:00Z
May 1, 2023
We use it for our edge firewalls and our east-west and north-south traffic for our firewalls. We have also deployed each firewall to every site for our Layer 3 connections back to our data center.
Security Operations Manager at a retailer with 10,001+ employees
Real User
Top 20
2023-05-01T09:14:00Z
May 1, 2023
We use this solution to protect the perimeter and use it as a proxy for the servers. We have the firewalls installed in our data center at present and are planning to put them in the corporate and branch offices as well.
Senior information technology consultant at a tech services company with 11-50 employees
Consultant
Top 20
2023-01-17T04:20:45Z
Jan 17, 2023
Our main use of this solution is to create micro segmentations only in the public cloud, and use the data we receive to see threats passing through the Vnets.
Senior Network Analyst at a non-profit with 1,001-5,000 employees
Real User
2022-11-22T21:42:00Z
Nov 22, 2022
We used the solution as an edge or internet firewall where we were running IPS/IDS and doing filtering on it, apart from the other security features. We are still using it for our users' VPN activity and to manage site-to-site VPN tunnels with other clouds, like AWS and Azure, so that there is connectivity back and forth between those cloud providers and our on-prem data center.
NG Firewalls form the edge between customers' networks and the internet. They often provide load balancing to multiple internet providers. In most cases, people use NG Firewalls for more than just a basic firewall function. The intrusion detection and prevention feature is usually the most significant piece that people want because it provides layers of protection against malware, ransomware, and things of that nature.
We use the solution for all the capabilities that the firewall offers, including proxy filtering, VPN connection, and Next-Gen firewall capability. We integrate the solution with clients that use ExpressRoute, which is a very common and popular service in Australia. We route all our client's local traffic, 10.x, and the client's Class B public address traffic all into Palo Alto Networks NG Firewalls. We use the solution to provide hub and spoke integration, web filtering, and for VPN. The solution is a fully managed centralized firewall service for both public and private traffic, including on-prem traffic and Azure traffic.
Software Engineer at a manufacturing company with 10,001+ employees
Real User
2022-10-09T10:45:00Z
Oct 9, 2022
We use this solution for perimeter security and security profile purposes. This covers anti-virus and anti-spyware, as well as cyber security vulnerabilities through URL and file blocking.
Security Architect at University Corporation for Atmospheric Research
Real User
2022-08-16T10:49:00Z
Aug 16, 2022
On certain levels, it protects our information. Luckily, I had switched to Palo Alto as our VPN solution for our users. We finished that in December of 2019, just in time for COVID to hit. We had a system that was able to support 650 to 700 users remoting into our campus through the VPN. This was a huge use case for us, as it was not intended to be the solution for COVID, but it turned out to be the solution for COVID. So, it was a great use case. Obviously, we want to protect our servers, virtual servers in the cloud, and on-prem. We have the eighth fastest supercomputer in the world. Unfortunately, we don't get to protect that because it has so much data going through it, i.e., petabytes a day. There isn't a firewall that can keep up with it. We just created a science DMZ for that kind of stuff as well as large data movers since we do weather data for the world. We research the ocean, sky, and solar weather. We have 104 universities who work with us around the world. Therefore, we need to have data available for all of them. We need to be protected as much as we can. We started with Palo Alto 5060, then the 3060 came in, which was the next form. We have now switched to an HA system and have four firewalls as our base: a pair of 5220s and a pair of 5250s. We have been running the different OSs from PAN-OS 8.0, 8.1, 9.0, 9.1, and then 10.1. We are about to move to 10.2. We are in the process of doing that over the next week. We like to stay on the cutting edge because they are always adding more features and security. We have it deployed in a number of different ways. We have our four main firewalls, which have two high availability pairs. One is set primarily for users and outward-facing functions. Therefore, our DMZ servers, staff, and guest networks are on one pair of firewalls. Back behind the scenes, labs and our HR department are on a separate set of firewalls. We call them: untrust and trust. Then, we have another set of firewalls, both in our Wyoming supercomputing center and in our Boulder main campus, which runs a specific program that has a DOD contract that requires more security, so they have their own set of firewalls. We also have firewalls in Azure Cloud for our tests and production environments. I am in the process of purchasing another VM firewall to put on the AWS Cloud. The last set that we have is at our Mauna Loa Solar Observatory, where we have an HA pair of just 800s because we only have a one gig radio link down the side of the volcano to the University of Hawaii. We have between 1,200 and 1400 staff at any given time. Essentially all of them use the solution one way or another, either to access systems or through the VPN. We also have remote users who aren't employees but instead collaborators, and they can be anywhere in the world and remote into our systems. We then have people who are doing PhD programs at universities around the world who need to get into our systems to download data sets as part of their PhD or Master's program. Thus, the solution is not limited to our employees.
It is on-prem. We wanted to implement a multiple architecture for our network security. That is why we looked at the Palo Alto product. It is famous for its multi-layer security architecture and firewall. There are five users: two senior expert administrators and one junior administrator from our data center team and two security engineers from our security team.
In most cases, our use cases were for migration and conversions. People were coming off of dated Cisco platforms and other types of firewall technologies that might not have met next-generation standards, like App-ID. Then, Palo Alto Unit 42 had to go out there and investigate with threat hunters, etc, which was not that well-known or used. Then, Palo Alto sort of showed everybody that world back in 2007 or 2008. Mostly, I was dealing with people migrating off of their platforms onto Palo Alto. Unfortunately, in most cases, they wound up just converting them into service-based firewalls, like what they were already using, because they weren't ready to accept the requirements behind actually creating an effective App-ID policy yet for their company. It wasn't well adopted at first. Even though everybody wanted it, people were putting it in and not really fully deploying it. Once I started working for Palo Alto, we had a whole lot more control over getting people to actually utilize the technology, like it was meant to be used. Mostly, it was going in as a service-based firewall with some App-ID. However, people weren't really taking advantage of the SSL decryption and other things necessary to truly utilize the firewall effectively. I have an active customer who has 600 users using Palo Alto. I have another active customer with 300 users using Palo Alto.
System Engineer at a tech vendor with 1-10 employees
Real User
2022-07-03T21:02:00Z
Jul 3, 2022
I design networks for our customers; I always use a high-speed packet filter upfront because I work for a Juniper partner company. This is usually a Juniper SRX series firewall and it does most of the easy work. Behind that, I add a more intelligent firewall, Palo Alto NGFW. We are partnered with Palo Alto, but that's not the main reason we use their solution. I worked with Check Point products for four years, and the Palo Alto alternative seriously impressed me. Here in Hungary, Palo Alto is considered the de facto intelligent firewall, for good reason. I work for an integrator and support company, and I support our customer's security platforms; we have many customers with Palo Alto Networks NG Firewalls.
Professional Services Consultant at a tech services company with 201-500 employees
Consultant
2022-06-12T15:10:00Z
Jun 12, 2022
We use it to see and detect malware. It is also used for antivirus, anti-spyware, anti-malware, vulnerability, and Wildfire analysis. We support different kinds of authentication as well: Kerberos, LDAP, TACACS, and SAML. All in all, it is a security device that you can have anywhere on your network, as per the design considerations. It is deployed in two different ways, either on-premises or on the cloud, which may require a different hypervisor.
I have deployed it as my internal firewall in the cloud. I also have it on-premises as my perimeter firewall. I am also running Palo Alto in my DMZ. I'm using the PA-5532 Series. We have cloud and on-premises deployments. The cloud deployment is on the Azure public cloud.
Generally, it is used for the main function of the firewall. It protects the applications and the servers of clients from attacks. We use it as a perimeter firewall for the traffic from the internet, and it is also being used because one of the customers needed a solution for PCI compliance. We have put the firewall between servers inside the network to do segmentation. So, with the firewalls, specific communication is open between the clients and the servers, between the servers, and between the servers, applications, and the database. We have PA-5000 and PA-850 series firewalls. In terms of the version, we are using version 9.1, which is not the most recent version. It is the previous one. We manage all firewalls from Panorama.
We have deployed Palo Alto Networks NG Firewalls and every web filter security available. So, we came to know each website user who got blocked and the "not required" categories. These categories are permanently blocked, and if any changes are required in these categories, we will first get approval from management.
Security Presales Consultant at a tech services company with 501-1,000 employees
Real User
2022-02-11T03:28:00Z
Feb 11, 2022
Almost all of my deployments are regulated to each firewall perimeter or as a data center firewall. The perimeter firewalls are deployed to control the user traffic and establish IPv6 VPN connections between a company's headquarter and its branches. This solution comes with threat prevention and URL filtering licenses for perimeter deployment. For data center deployments, the solution is deployed as a second layer of protection for the network traffic, especially for VLANs. It also prevents lateral movement of network attacks. Almost all of my deployments in the Middle East are deployed on-prem. There is no acceptance of cloud solutions, especially for government and banking rules.
Network Analyst at a recreational facilities/services company with 1,001-5,000 employees
Real User
2021-12-21T02:46:00Z
Dec 21, 2021
It is our main Internet firewall. It is used a lot for remote access users. We also use the site-to-site VPN instance of it, i.e., LSVPN. It is pretty much running everything. We have WildFire in the cloud, content filtering, and antivirus. It has pretty much all the features enabled. We have a couple of virtual instances running in Azure to firewall our data center. Predominantly, it is all physical hardware. I am part of the network team who does some work on Palo Alto Networks. There is actually a cybersecurity team who kind of controls the reins of it and does all the security configuration. I am not the administrator/manager in charge of the group that has the appliance.
Manager IT Security & Infrastructure at Currimjee Jeewanjee & Co. Ltd.
Real User
2021-12-15T10:55:00Z
Dec 15, 2021
We have implemented our own private cloud where we host different services for a number of internal companies that are part of a group. We have financial companies, hospitality, and construction companies; a large variety. We use Palo Alto to provide security protection for all these companies.
Network Solutions Architect at Ecobank Transnational Incorporated
Real User
2021-12-07T16:01:00Z
Dec 7, 2021
We use it as an Internet-facing parameter firewall. In my environment, it has security and routing. It is on a critical path in terms of routing, where it does a deep inspection, etc.
Chief Architect at a recruiting/HR firm with 1,001-5,000 employees
Real User
2021-10-08T08:31:00Z
Oct 8, 2021
It is a data center firewall solution and a centralized management for remote office firewall solutions. We have 30-odd remote offices where we are putting firewalls in to replace the standard routers that we used to have. This solution will give us a little bit of routing and firewall capabilities. We are deploying the PA-440 Series in our remote offices.
CyberSecurity Network Engineer at a university with 5,001-10,000 employees
Real User
2021-09-23T17:45:00Z
Sep 23, 2021
We're slowly migrating our on-premises solutions to the cloud. We implemented the next largest size VM for the PA-7050s because we're using 7050s on-premises, due to the bandwidth requirement of 100 GBS. After changing our firewalls to 7050s last year and this year, both our internal firewalls and our border firewalls are 7050s.
Senior Network Engineer at a tech services company with 201-500 employees
MSP
2021-08-10T22:10:00Z
Aug 10, 2021
We use it to segregate traffic between different tenant instances and to manage secure access to environments, DMZ zones, and to communicate what the firewall is doing.
We use them to do quite a bit of URL filtering, threat prevention, and we also use GlobalProtect. And application visibility is huge for us. Rather than having to do port-based firewalling, we're able to take it to an application level.
Security team leader at a aerospace/defense firm with 10,001+ employees
Real User
Top 10
2021-05-19T18:12:46Z
May 19, 2021
We deployed the Palo Alto Next Generation Firewall on the perimeter of the network, so all traffic that flows to the company from the internet and from the company to the internet scanned by the Palo Alto Networks Firewall. In addition, all of the internal traffic from LAN users to services that are on the DMZ zone traverse the Palo Alto Firewall.
Head of IT Infrastructure at a financial services firm with 1,001-5,000 employees
Real User
2021-05-18T05:59:13Z
May 18, 2021
We use this solution as our central firewall, but not as a perimeter firewall. For our perimeter, we use another solution. Our organization consists of roughly 2,000 to 3,000 employees.
Quality engineer of the 1st category at Modern Expo
Real User
Top 20
2021-04-01T09:30:53Z
Apr 1, 2021
We have two 3000 Series Firewalls placed in our primary location. We have two sites and the secondary site uses the primary site for internet access. All traffic to the secondary location goes through a VPN tunnel. I'm a network administrator.
Network Manager at a financial services firm with 1,001-5,000 employees
Real User
2021-03-04T18:02:15Z
Mar 4, 2021
It is our edge appliance. We use it for our edge security, and we also use it for our VPN termination. We're using an old version of this solution. At this moment, I'm looking at migrating away from Palo Alto.
Chief of IT security department at a financial services firm with 1,001-5,000 employees
Real User
2021-02-22T21:26:00Z
Feb 22, 2021
We use these firewalls on-premise. We use them as a central gateway for internet security. We also use them for organizing access to the internet from organizations, and security access rules.
IT Architect at a computer software company with 501-1,000 employees
Real User
2021-02-11T11:33:05Z
Feb 11, 2021
In manufacture, we use this solution as a firewall and an internal gateway. Additionally, we use it for traffic control which keeps strategic traffic separate from production traffic.
We use it for LAN users, internet access, and more. The NG Firewall has many functions like user control, access control for servers, natural controls based on applications, schedules, ports, RTs, and IPS functionality with antivirus or security functionality. We also use it to control internet access, traffic shaping for bandwidth control, and fraud prevention.
Solutions Architect at a comms service provider with 51-200 employees
Reseller
2021-02-04T21:54:27Z
Feb 4, 2021
We mainly use it for perimeter protection between the internet and the local network. We are using it for application control. We exploit the applications with some policies about how the network traffic is going to be from the local LAN to the external network and vice versa. We are protecting our network from outsiders and stopping them from getting into the network.
Senior Network & Security Administrator at a consultancy with 1,001-5,000 employees
Real User
2021-01-30T13:39:00Z
Jan 30, 2021
Normally, we use our firewall at the perimeter level. We are using Palo Alto Networks NG Firewalls as a firewall as well as using a few of their functionalities like the Vulnerability Protection, its IPS module. Additionally, we have remote VPN's on those firewalls, like GlobalProtect. So we are using all the features which are provided by Palo Alto.
Service Delivery Engineer - Network Security Lead at a tech services company with 51-200 employees
Reseller
2021-01-12T12:47:26Z
Jan 12, 2021
I deploy this solution for our clients. Firewalls can be used when you want to achieve SD-WAN connectivity. In a client's VPN or site-to-site VPN, it can be used to secure networks locally. If you have an extender or server room, you can secure your IT infrastructure for your servers. The solution can be installed on edge to protect your internal network. If you have services running on AWS or Google Cloud, or Alibaba Cloud, it can be deployed there. Some clients have a hybrid kind of infrastructure. I'm a service delivery engineer and network security lead and we are customers of Palo Alto.
Marine Consultant/Captain/Senior DPO at Jan Arild Hammer
Consultant
2021-01-04T10:46:56Z
Jan 4, 2021
We use it to control what users may access internally and externally, which covers everything. We are using its latest version. The model that we are using is 3220.
Team Lead Network Infrastructure at a tech services company with 1-10 employees
Real User
2020-12-19T13:47:52Z
Dec 19, 2020
The solution can be used in the data center it can be used as perimeter firewalls and gateways as well. It can be used anywhere. From the systems side, the data center side, or I typically recommend that it be deployed in a VM, as it may be able to see the internet traffic and specifically it would basically look into the details of a virtualized environment as well.
Director, Middle East, East India & SAARC at DMX Technologies
Real User
2020-12-10T16:08:04Z
Dec 10, 2020
We were mainly using it because we had two ISP links, so it was a kind of gateway device. Whenever a link went down, the firewall used to automatically switch over to the secondary link so that the internet connectivity is kind of highly available.
Our primary use case is for the perimeter connection of our clients in the network. Our client brings their services to their clients, and they have the option to connect to a webpage. With Palo Alto Networks NG Firewalls they can safely provide a username and password to their clients. It is mainly on-premise, because the majority of the clients at this point want that kind of option. But many of them are already asking for the cloud option, like Prisma, for example.
Lead Consultant at a tech services company with 1-10 employees
Real User
2020-12-08T16:55:47Z
Dec 8, 2020
We are a solution provider and one of the Palo Alto products that we implement for our clients is the Next-Generation Firewall. It is used to protect your workflows in cloud environments, be it Azure, AWS, or Google. It can also protect your applications' databases that are on-premises.
Security Presales Solutions Architect at a tech services company with 201-500 employees
Real User
2020-11-18T17:49:17Z
Nov 18, 2020
We are a system and development company, and we sell this solution and many other solutions to our customers. We work on all the models, not a specific one. The model depends on the sizing. We also consider future expansion of a customer's environment for deploying a model.
System Engineer at a financial services firm with 1,001-5,000 employees
Real User
Top 20
2020-11-12T05:04:08Z
Nov 12, 2020
We are using this solution for IDS, IPS, and VPN services. Also, we are using it for gateway purposes. The development team accesses the data center, and the file intrusion prevention policy.
We deploy and provide support for this solution to our customers. The use case depends on customer requirements because Palo Alto Next Generation Firewall can be used as a data center firewall, perimeter firewall or on the cloud for a perimeter firewall or used with communications. Some customers use it for global protect connectivity. I am a senior network engineer and we are partners with Palo Alto Networks.
Cyber Security Trainee at Macroview Telecom Limited
Reseller
2020-07-26T08:19:12Z
Jul 26, 2020
We are a solution provider and this is one of the firewall solutions that we implement for our customers. We present this product to customers and also handle the onsite installation. Our clients use it to secure their network infrastructure.
Vice President and Head - IT Telecom, Software License Management and Collaboration at Mphasis
Real User
Top 5
2020-07-13T06:55:57Z
Jul 13, 2020
We use this firewall as part of our overall security solution. It is used to protect our perimeter on the internet side. We have the on-premises version installed for our offices and the cloud-based version for our cloud offerings. For our cloud setup, we use both Azure and AWS.
We primarily use the solution for the firewalls. We're also using the next-gen features to shape what's going on. For example, to figure out what is allowed out and what isn't allowed out on a layer-7 application-aware firewall. We can block based on the application, as opposed to port access.
We are basically using a double protection layer in which we take care of all our DMV, VPN, tunnels, and internal network. We are basically using it for application based configuration controlling our traffic on applications with layers four to seven. We are customers of Palo Alto and I'm an information security specialist.
Vice President, Security Engineering at a financial services firm with 1,001-5,000 employees
Real User
2019-09-10T13:54:00Z
Sep 10, 2019
We use this solution for Zero Trust Data Center Segmentation with layer 2 Palo Alto firewalls. Segmentation has allowed us to put servers into Zones based off VLAN tags applied at the Nutanix level and can change "personalities" with the change of a VLAN tag. Palo Alto calls the "Layer 2 rewrite". By default, all traffic runs through a pair of 5000 series PAs and nothing is trusted. All North and South, East and West traffic is untrusted. No traffic is passed unless it matched a rule in the firewalls. There is a lot of upfront work to get this solution to work but once implemented adds/moves/changes are easy.
We use this solution for WAN routing, NAT, VPN tunnels, granular security policies, URL filtering, antivirus, threat prevention, sandboxing, decryption, high availability, and reporting.
We use the firewall for securing the data center. We have designed it to be a two-stage firewall. We have a perimeter firewall which is not Palo Alto, and then the Palo Alto firewall which is acting as a data center firewall. We are securing our internal network, so we have created different security zones. And we assign each zone a particular task.
Works at a computer software company with 201-500 employees
Real User
2019-06-26T20:18:00Z
Jun 26, 2019
I use the PA-220 to protect the LAN at my small-ish (about twenty people) office. We have several remote users who use the GlobalProtect VPN. As we move into a data center for hosting, I'll buy a second PA-220 to set up a site-to-site VPN. We also have a VM-50 for internal testing and lab use.
IS&S Europe and Global Infrastructure Manager at a manufacturing company with 10,001+ employees
Real User
2019-06-26T05:25:00Z
Jun 26, 2019
We use this solution as a firewall. We use it for VPN setup, threat protection, and for internet breakout also. We actually deploy several different versions. We have a TA200, a PA820, and a PA3200 series.
We're customer facing; each customer uses it for a different purpose. Some use NG Firewalls for IPS capability, some for application capabilities, these kinds of things.
Chief Executive Officer at a tech services company with 11-50 employees
Real User
2019-06-26T05:25:00Z
Jun 26, 2019
I primarily use this solution for the core banking network. It's for core security. So it's to protect against intrusion, to protect against any kind of cyber attack that can happen to it. It protects our core infrastructure.
IT Manager at a tech services company with 51-200 employees
Real User
2019-06-24T12:13:00Z
Jun 24, 2019
Our solution is now based on clustering and load balancing. We can add more nodes to our environment to accommodate the new load within our company. We have about 2,000 to 2,300 users on Palo Alto NG firewall support. Palo Alto has a line of products for different customers. If you do the sizing it from the beginning, considering that you are a growing company, it is fine. You need to plan for the future, which means that you have to pay in advance through investment. With Palo Alto NG Firewalls, the cost will be higher.
I used Palo Alto firewalls for plenty of projects and have many use cases. When working with App-ID, it is important to understand that each App-ID signature may have dependencies that are required to fully control an application. For example, with Facebook applications, the App‑ID Facebook‑base is required to access the Facebook website and to control other Facebook applications. For example, to configure the firewall to control Facebook email, you would have to allow the App-IDs Facebook-base and Facebook-mail.
Palo Alto Networks NG Firewalls offer comprehensive security, including application control, traffic shaping, threat prevention, and load balancing, designed to secure internal networks, perimeter protection, VPN services, and cloud environments.
Palo Alto Networks NG Firewalls are a key choice for managing and protecting data centers, securing remote access, network segmentation, malware prevention, and ensuring high availability and performance for business-critical applications. Known...
We use Palo Alto Networks NG Firewalls for visibility and protection of our network.
We provide localization services and use Palo Alto Networks NG Firewalls to protect our environment. We have two on-premises Palo Alto Networks NG Firewalls that are managed in the cloud.
We're using Palo Alto Networks NG Firewalls as a backup hardware solution. When the main firewalls have an issue, we're using the backup solution and hardware firewalls to avoid any network issues or prolonged downtime.
I primarily help users migrate from traditional firewalls to Palo Alto NG Firewalls. This involves troubleshooting, assisting with application control and backup configuration, and teaching users how to optimize the firewall for their needs. Additionally, I guide users through the process of redesigning their firewalls and migrating their servers, which often includes helping them understand and manage the vast number of applications they have. Sometimes, the firewall cannot identify specific applications, requiring customization to ensure accurate recognition and security. Currently, I am working on a management query language, which involves collaborating with other teams to assess the necessity of specific applications and connections between the firewall and various assets. This ensures optimal security and network efficiency.
We primarily use Palo Alto Networks NG Firewalls for a DMZ firewall. Its primary function is to separate our network into four layers: a DMZ zone for all publishing services, an internal zone for internal user access to publishing services, a zone for terminating connections between VPN consultants and internal services, and a zone for Internet access. We implemented Palo Alto Networks NG Firewalls to secure our network and control access using filtering and application control. We also use Palo Alto WildFire for vulnerability scanning. We have Palo Alto Networks NG Firewalls deployed on the cloud and on-prem.
We partner with vendors primarily to foster better understanding and relationships. Our core business is system integration, where we cater to diverse customer requirements. A customer might approach us with a specific need, and we deliver. A product like Palo Alto's XDR or EDR endpoint protection is popular due to its features, but ultimately, the choice depends on individual customer requirements, including extra services or integrations. We currently have around six customers using Palo Alto. Aside from the usual content filtering and application filtering, the primary driving force for Palo Alto Networks NG Firewalls has been the SD-WAN. Additionally, ADR has also been a significant factor. All our clients also use Palo Alto as their firewall solution.
We are managing services for our customers. I am mostly dedicated to Palo Alto. I have had a very good experience with Palo Alto firewalls and Panorama. We have used Palo Alto firewalls for multiple use cases. We have used them at the perimeter as well as in the data center. I have experience in 5000 series, 7000 series, and 3000 series. I have worked with most of them.
We use Palo Alto firewalls to secure the enterprise network and connect our branch offices with our data centers.
We use Palo Alto Networks NG Firewalls in our offices and data centers.
We use the solution to secure our Internet traffic and the application traffic from the Internet. There is also no need to connect to a VPN most of the time.
We use the solution to access clients.
Our primary use case is protecting our clients from remote threats on the internet. These firewalls are very powerful and important for our business.
We use Palo Alto Networks NG Firewalls for security purposes and to mitigate risk.
We use it for our edge firewalls and our east-west and north-south traffic for our firewalls. We have also deployed each firewall to every site for our Layer 3 connections back to our data center.
We use this solution to protect the perimeter and use it as a proxy for the servers. We have the firewalls installed in our data center at present and are planning to put them in the corporate and branch offices as well.
We use the solution to protect our network environment. We use three versions: 230, 440, and 820.
Our main use of this solution is to create micro segmentations only in the public cloud, and use the data we receive to see threats passing through the Vnets.
We used the solution as an edge or internet firewall where we were running IPS/IDS and doing filtering on it, apart from the other security features. We are still using it for our users' VPN activity and to manage site-to-site VPN tunnels with other clouds, like AWS and Azure, so that there is connectivity back and forth between those cloud providers and our on-prem data center.
NG Firewalls form the edge between customers' networks and the internet. They often provide load balancing to multiple internet providers. In most cases, people use NG Firewalls for more than just a basic firewall function. The intrusion detection and prevention feature is usually the most significant piece that people want because it provides layers of protection against malware, ransomware, and things of that nature.
We use the solution for all the capabilities that the firewall offers, including proxy filtering, VPN connection, and Next-Gen firewall capability. We integrate the solution with clients that use ExpressRoute, which is a very common and popular service in Australia. We route all our client's local traffic, 10.x, and the client's Class B public address traffic all into Palo Alto Networks NG Firewalls. We use the solution to provide hub and spoke integration, web filtering, and for VPN. The solution is a fully managed centralized firewall service for both public and private traffic, including on-prem traffic and Azure traffic.
We use this solution for perimeter security and security profile purposes. This covers anti-virus and anti-spyware, as well as cyber security vulnerabilities through URL and file blocking.
On certain levels, it protects our information. Luckily, I had switched to Palo Alto as our VPN solution for our users. We finished that in December of 2019, just in time for COVID to hit. We had a system that was able to support 650 to 700 users remoting into our campus through the VPN. This was a huge use case for us, as it was not intended to be the solution for COVID, but it turned out to be the solution for COVID. So, it was a great use case. Obviously, we want to protect our servers, virtual servers in the cloud, and on-prem. We have the eighth fastest supercomputer in the world. Unfortunately, we don't get to protect that because it has so much data going through it, i.e., petabytes a day. There isn't a firewall that can keep up with it. We just created a science DMZ for that kind of stuff as well as large data movers since we do weather data for the world. We research the ocean, sky, and solar weather. We have 104 universities who work with us around the world. Therefore, we need to have data available for all of them. We need to be protected as much as we can. We started with Palo Alto 5060, then the 3060 came in, which was the next form. We have now switched to an HA system and have four firewalls as our base: a pair of 5220s and a pair of 5250s. We have been running the different OSs from PAN-OS 8.0, 8.1, 9.0, 9.1, and then 10.1. We are about to move to 10.2. We are in the process of doing that over the next week. We like to stay on the cutting edge because they are always adding more features and security. We have it deployed in a number of different ways. We have our four main firewalls, which have two high availability pairs. One is set primarily for users and outward-facing functions. Therefore, our DMZ servers, staff, and guest networks are on one pair of firewalls. Back behind the scenes, labs and our HR department are on a separate set of firewalls. We call them: untrust and trust. Then, we have another set of firewalls, both in our Wyoming supercomputing center and in our Boulder main campus, which runs a specific program that has a DOD contract that requires more security, so they have their own set of firewalls. We also have firewalls in Azure Cloud for our tests and production environments. I am in the process of purchasing another VM firewall to put on the AWS Cloud. The last set that we have is at our Mauna Loa Solar Observatory, where we have an HA pair of just 800s because we only have a one gig radio link down the side of the volcano to the University of Hawaii. We have between 1,200 and 1400 staff at any given time. Essentially all of them use the solution one way or another, either to access systems or through the VPN. We also have remote users who aren't employees but instead collaborators, and they can be anywhere in the world and remote into our systems. We then have people who are doing PhD programs at universities around the world who need to get into our systems to download data sets as part of their PhD or Master's program. Thus, the solution is not limited to our employees.
It is on-prem. We wanted to implement a multiple architecture for our network security. That is why we looked at the Palo Alto product. It is famous for its multi-layer security architecture and firewall. There are five users: two senior expert administrators and one junior administrator from our data center team and two security engineers from our security team.
In most cases, our use cases were for migration and conversions. People were coming off of dated Cisco platforms and other types of firewall technologies that might not have met next-generation standards, like App-ID. Then, Palo Alto Unit 42 had to go out there and investigate with threat hunters, etc, which was not that well-known or used. Then, Palo Alto sort of showed everybody that world back in 2007 or 2008. Mostly, I was dealing with people migrating off of their platforms onto Palo Alto. Unfortunately, in most cases, they wound up just converting them into service-based firewalls, like what they were already using, because they weren't ready to accept the requirements behind actually creating an effective App-ID policy yet for their company. It wasn't well adopted at first. Even though everybody wanted it, people were putting it in and not really fully deploying it. Once I started working for Palo Alto, we had a whole lot more control over getting people to actually utilize the technology, like it was meant to be used. Mostly, it was going in as a service-based firewall with some App-ID. However, people weren't really taking advantage of the SSL decryption and other things necessary to truly utilize the firewall effectively. I have an active customer who has 600 users using Palo Alto. I have another active customer with 300 users using Palo Alto.
I design networks for our customers; I always use a high-speed packet filter upfront because I work for a Juniper partner company. This is usually a Juniper SRX series firewall and it does most of the easy work. Behind that, I add a more intelligent firewall, Palo Alto NGFW. We are partnered with Palo Alto, but that's not the main reason we use their solution. I worked with Check Point products for four years, and the Palo Alto alternative seriously impressed me. Here in Hungary, Palo Alto is considered the de facto intelligent firewall, for good reason. I work for an integrator and support company, and I support our customer's security platforms; we have many customers with Palo Alto Networks NG Firewalls.
We use it to see and detect malware. It is also used for antivirus, anti-spyware, anti-malware, vulnerability, and Wildfire analysis. We support different kinds of authentication as well: Kerberos, LDAP, TACACS, and SAML. All in all, it is a security device that you can have anywhere on your network, as per the design considerations. It is deployed in two different ways, either on-premises or on the cloud, which may require a different hypervisor.
I have deployed it as my internal firewall in the cloud. I also have it on-premises as my perimeter firewall. I am also running Palo Alto in my DMZ. I'm using the PA-5532 Series. We have cloud and on-premises deployments. The cloud deployment is on the Azure public cloud.
Generally, it is used for the main function of the firewall. It protects the applications and the servers of clients from attacks. We use it as a perimeter firewall for the traffic from the internet, and it is also being used because one of the customers needed a solution for PCI compliance. We have put the firewall between servers inside the network to do segmentation. So, with the firewalls, specific communication is open between the clients and the servers, between the servers, and between the servers, applications, and the database. We have PA-5000 and PA-850 series firewalls. In terms of the version, we are using version 9.1, which is not the most recent version. It is the previous one. We manage all firewalls from Panorama.
I am a reseller of Palo Alto Networks.
We have deployed Palo Alto Networks NG Firewalls and every web filter security available. So, we came to know each website user who got blocked and the "not required" categories. These categories are permanently blocked, and if any changes are required in these categories, we will first get approval from management.
Almost all of my deployments are regulated to each firewall perimeter or as a data center firewall. The perimeter firewalls are deployed to control the user traffic and establish IPv6 VPN connections between a company's headquarter and its branches. This solution comes with threat prevention and URL filtering licenses for perimeter deployment. For data center deployments, the solution is deployed as a second layer of protection for the network traffic, especially for VLANs. It also prevents lateral movement of network attacks. Almost all of my deployments in the Middle East are deployed on-prem. There is no acceptance of cloud solutions, especially for government and banking rules.
It is our main Internet firewall. It is used a lot for remote access users. We also use the site-to-site VPN instance of it, i.e., LSVPN. It is pretty much running everything. We have WildFire in the cloud, content filtering, and antivirus. It has pretty much all the features enabled. We have a couple of virtual instances running in Azure to firewall our data center. Predominantly, it is all physical hardware. I am part of the network team who does some work on Palo Alto Networks. There is actually a cybersecurity team who kind of controls the reins of it and does all the security configuration. I am not the administrator/manager in charge of the group that has the appliance.
We have implemented our own private cloud where we host different services for a number of internal companies that are part of a group. We have financial companies, hospitality, and construction companies; a large variety. We use Palo Alto to provide security protection for all these companies.
We use it as an Internet-facing parameter firewall. In my environment, it has security and routing. It is on a critical path in terms of routing, where it does a deep inspection, etc.
These firewalls are only used for perimeter purposes, in gateway mode.
It is a data center firewall solution and a centralized management for remote office firewall solutions. We have 30-odd remote offices where we are putting firewalls in to replace the standard routers that we used to have. This solution will give us a little bit of routing and firewall capabilities. We are deploying the PA-440 Series in our remote offices.
We're slowly migrating our on-premises solutions to the cloud. We implemented the next largest size VM for the PA-7050s because we're using 7050s on-premises, due to the bandwidth requirement of 100 GBS. After changing our firewalls to 7050s last year and this year, both our internal firewalls and our border firewalls are 7050s.
We use it to segregate traffic between different tenant instances and to manage secure access to environments, DMZ zones, and to communicate what the firewall is doing.
The solution is more towards the front of the security stack. We use both AWS and Alibaba Cloud.
We use them to do quite a bit of URL filtering, threat prevention, and we also use GlobalProtect. And application visibility is huge for us. Rather than having to do port-based firewalling, we're able to take it to an application level.
We use this solution to protect our network.
We use Palo Alto Networks NG Firewalls to manage the villains. Basically, to protect the environment.
We deployed the Palo Alto Next Generation Firewall on the perimeter of the network, so all traffic that flows to the company from the internet and from the company to the internet scanned by the Palo Alto Networks Firewall. In addition, all of the internal traffic from LAN users to services that are on the DMZ zone traverse the Palo Alto Firewall.
We use this solution as our central firewall, but not as a perimeter firewall. For our perimeter, we use another solution. Our organization consists of roughly 2,000 to 3,000 employees.
I am currently testing Palo Alto and preparing for an exam.
We have two 3000 Series Firewalls placed in our primary location. We have two sites and the secondary site uses the primary site for internet access. All traffic to the secondary location goes through a VPN tunnel. I'm a network administrator.
We plan to continue using this solution. Within our organization, there are roughly 1,000 employees using this solution.
It is our edge appliance. We use it for our edge security, and we also use it for our VPN termination. We're using an old version of this solution. At this moment, I'm looking at migrating away from Palo Alto.
We use a very basic model with a small installation to secure a small office segment with 50 users.
We're basically an MSSP service provider. We use this solution as a network firewall for URL filtering, IPS, and IDS proxy services.
We use these firewalls on-premise. We use them as a central gateway for internet security. We also use them for organizing access to the internet from organizations, and security access rules.
We primarily use the product for web browsing and in order to protect some sites that we are publishing to the web internet.
In manufacture, we use this solution as a firewall and an internal gateway. Additionally, we use it for traffic control which keeps strategic traffic separate from production traffic.
We use it for LAN users, internet access, and more. The NG Firewall has many functions like user control, access control for servers, natural controls based on applications, schedules, ports, RTs, and IPS functionality with antivirus or security functionality. We also use it to control internet access, traffic shaping for bandwidth control, and fraud prevention.
We mainly use it for perimeter protection between the internet and the local network. We are using it for application control. We exploit the applications with some policies about how the network traffic is going to be from the local LAN to the external network and vice versa. We are protecting our network from outsiders and stopping them from getting into the network.
The solution is typically used for antivirus and antimalware purposes, to help protect an organization against attacks.
Normally, we use our firewall at the perimeter level. We are using Palo Alto Networks NG Firewalls as a firewall as well as using a few of their functionalities like the Vulnerability Protection, its IPS module. Additionally, we have remote VPN's on those firewalls, like GlobalProtect. So we are using all the features which are provided by Palo Alto.
We are a solution provider and this is one of the firewalls that we implement for our clients.
We primarily use the solution for our internal network.
We primarily use this product to protect our network.
I deploy this solution for our clients. Firewalls can be used when you want to achieve SD-WAN connectivity. In a client's VPN or site-to-site VPN, it can be used to secure networks locally. If you have an extender or server room, you can secure your IT infrastructure for your servers. The solution can be installed on edge to protect your internal network. If you have services running on AWS or Google Cloud, or Alibaba Cloud, it can be deployed there. Some clients have a hybrid kind of infrastructure. I'm a service delivery engineer and network security lead and we are customers of Palo Alto.
We use it to control what users may access internally and externally, which covers everything. We are using its latest version. The model that we are using is 3220.
The solution can be used in the data center it can be used as perimeter firewalls and gateways as well. It can be used anywhere. From the systems side, the data center side, or I typically recommend that it be deployed in a VM, as it may be able to see the internet traffic and specifically it would basically look into the details of a virtualized environment as well.
We use this product as our perimeter firewall.
We were mainly using it because we had two ISP links, so it was a kind of gateway device. Whenever a link went down, the firewall used to automatically switch over to the secondary link so that the internet connectivity is kind of highly available.
Our primary use case is for the perimeter connection of our clients in the network. Our client brings their services to their clients, and they have the option to connect to a webpage. With Palo Alto Networks NG Firewalls they can safely provide a username and password to their clients. It is mainly on-premise, because the majority of the clients at this point want that kind of option. But many of them are already asking for the cloud option, like Prisma, for example.
We are a solution provider and one of the Palo Alto products that we implement for our clients is the Next-Generation Firewall. It is used to protect your workflows in cloud environments, be it Azure, AWS, or Google. It can also protect your applications' databases that are on-premises.
We are a system and development company, and we sell this solution and many other solutions to our customers. We work on all the models, not a specific one. The model depends on the sizing. We also consider future expansion of a customer's environment for deploying a model.
We use it as a firewall. We have VPN, IPSec, or site-to-site VPN. We also protect our few internal web services.
We are using this solution for IDS, IPS, and VPN services. Also, we are using it for gateway purposes. The development team accesses the data center, and the file intrusion prevention policy.
I'm a network security engineer and we are platinum partners with Palo Alto.
We deploy and provide support for this solution to our customers. The use case depends on customer requirements because Palo Alto Next Generation Firewall can be used as a data center firewall, perimeter firewall or on the cloud for a perimeter firewall or used with communications. Some customers use it for global protect connectivity. I am a senior network engineer and we are partners with Palo Alto Networks.
We primarily use the solution as a firewall.
We are a solution provider and this is one of the firewall solutions that we implement for our customers. We present this product to customers and also handle the onsite installation. Our clients use it to secure their network infrastructure.
Our primary use case was for perimeter protection.
We resell products by Palo Alto and Cisco, and this next-generation firewall by Palo Alto is one of the products that we are familiar with.
Our primary use case was to configure our PSAs for our customized configuration.
We use this firewall as part of our overall security solution. It is used to protect our perimeter on the internet side. We have the on-premises version installed for our offices and the cloud-based version for our cloud offerings. For our cloud setup, we use both Azure and AWS.
We primarily use the solution for the firewalls. We're also using the next-gen features to shape what's going on. For example, to figure out what is allowed out and what isn't allowed out on a layer-7 application-aware firewall. We can block based on the application, as opposed to port access.
We are basically using a double protection layer in which we take care of all our DMV, VPN, tunnels, and internal network. We are basically using it for application based configuration controlling our traffic on applications with layers four to seven. We are customers of Palo Alto and I'm an information security specialist.
We are using this firewall for security purposes.
We use both the NG and VM series of Palo Alto firewalls. We sell and install them for clients to provide the best security that money can buy.
We use this solution for Zero Trust Data Center Segmentation with layer 2 Palo Alto firewalls. Segmentation has allowed us to put servers into Zones based off VLAN tags applied at the Nutanix level and can change "personalities" with the change of a VLAN tag. Palo Alto calls the "Layer 2 rewrite". By default, all traffic runs through a pair of 5000 series PAs and nothing is trusted. All North and South, East and West traffic is untrusted. No traffic is passed unless it matched a rule in the firewalls. There is a lot of upfront work to get this solution to work but once implemented adds/moves/changes are easy.
We use this solution for WAN routing, NAT, VPN tunnels, granular security policies, URL filtering, antivirus, threat prevention, sandboxing, decryption, high availability, and reporting.
We have multiple IPS applications, and other multiple use cases.
The primary use for this product is for security as a firewall by a sales engineer for the guest environment.
We use the firewall for securing the data center. We have designed it to be a two-stage firewall. We have a perimeter firewall which is not Palo Alto, and then the Palo Alto firewall which is acting as a data center firewall. We are securing our internal network, so we have created different security zones. And we assign each zone a particular task.
I use the PA-220 to protect the LAN at my small-ish (about twenty people) office. We have several remote users who use the GlobalProtect VPN. As we move into a data center for hosting, I'll buy a second PA-220 to set up a site-to-site VPN. We also have a VM-50 for internal testing and lab use.
Upstream and data center NGFW.
I use the solution for firewalls.
We use this solution as a firewall. We use it for VPN setup, threat protection, and for internet breakout also. We actually deploy several different versions. We have a TA200, a PA820, and a PA3200 series.
We're customer facing; each customer uses it for a different purpose. Some use NG Firewalls for IPS capability, some for application capabilities, these kinds of things.
I primarily use this solution for the core banking network. It's for core security. So it's to protect against intrusion, to protect against any kind of cyber attack that can happen to it. It protects our core infrastructure.
I'm using many solutions. I'm working as a CTO for a big company here. I work with Palo Alto and Cisco.
Our solution is now based on clustering and load balancing. We can add more nodes to our environment to accommodate the new load within our company. We have about 2,000 to 2,300 users on Palo Alto NG firewall support. Palo Alto has a line of products for different customers. If you do the sizing it from the beginning, considering that you are a growing company, it is fine. You need to plan for the future, which means that you have to pay in advance through investment. With Palo Alto NG Firewalls, the cost will be higher.
We use this solution to block malicious or suspicious activity by creating policies that define which action should be blocked or allowed.
Firewall.
Finding a solution for easy management, where the company is protected in a matter where an unwanted software is blocked.
It is our main firewall. It has performed well. It meets our expectations.
I used Palo Alto firewalls for plenty of projects and have many use cases. When working with App-ID, it is important to understand that each App-ID signature may have dependencies that are required to fully control an application. For example, with Facebook applications, the App‑ID Facebook‑base is required to access the Facebook website and to control other Facebook applications. For example, to configure the firewall to control Facebook email, you would have to allow the App-IDs Facebook-base and Facebook-mail.