The solution's commitment time could be reduced as it often takes a lot of time to execute. Additionally, reducing the SLA response time from two hours would be beneficial.
Global Head - SAP for Energy & Resources at Tata Consultancy
Reseller
Top 10
2024-06-04T08:50:49Z
Jun 4, 2024
The scalability for the on-premises version is limited as it depends on the model. It always needs to stay updated. It just needs to keep the threat IDs and the latest kinds of threats updated. Otherwise, it's great.
Learn what your peers think about Palo Alto Networks K2-Series. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
Security Technical Lead at a tech services company with 11-50 employees
Real User
Top 5
2022-09-06T13:22:44Z
Sep 6, 2022
Palo Alto releases a lot of bug fixes for their firewalls, which means it's necessary to do frequent upgrades. They should work on decreasing their bugs so that upgrades aren't needed so often. They also don't always ensure that their upgrades are available for older firewalls.
It is recommended that the Palo Alto Networks K2-Series be implemented step by step for the Panorama. Sometimes we can't overwrite the configurations because it fails.
Technical Advisor to COO at a comms service provider with 51-200 employees
Real User
2021-10-19T13:03:22Z
Oct 19, 2021
Palo Alto K2-Series firewalls could use some technical improvements, like main and standby, as well as FTU and STU support. In addition, they should upgrade the CPU, and there are so many other things that I cannot think of off the top of my head.
Industrial Controls Advisor at a energy/utilities company with 5,001-10,000 employees
Real User
2021-09-27T14:19:00Z
Sep 27, 2021
In the past, we've had trouble with Palo Alto's application filtering not getting it right. I would not be recommending layer 7 application filtering yet. That's the only hiccup with the product line. In terms of the features, I'd like to see, one of the bigger pieces missing from any firewall system is the ability to monitor and report. I don't think there are any firewalls doing this, but I'd like to see firewalls have the ability to do what Splunk is doing automatically. In other words, the ability to provide log analysis and monitoring from a visualization standpoint would be very beneficial to any firewall. That doesn't really exist today. There also needs to be a real methodology to maintain rules. They have rule sets in there and different ways of showing it, but the presentation isn't great. It's not a great presentation of where you have duplicate rules in place that makes it easy to find. Then again, I would say that no firewall company really has good management abilities for that. This isn't to badmouth Palo Alto. It's just that these features don't exist. So as we talk about where threat modeling and cybersecurity need to go, there's no one vendor with the best solution. It'd be nice if it would come in one platform. In other words, you buy their product, and they have a platform that includes that functionality.
The user interface could be improved. Right now, it's an aspect that is lacking. They should make it more user-friendly. There are too many options visible right now, which makes it confusing. They need to streamline and simplify it. I'd like to see more data protection on the system. It needs a DLP, a Data Loss Prevention, system.
They should lower their prices for small businesses. They should offer subscriptions or box-sets because a lot of companies want to buy it, but they just can't afford it. It's not that expensive necessarily; the market is just doing poorly at the moment. Everything I could possibly want has already been implanted into the new version, including the Internet of Things, machine learning, and SD-WAN; every feature I wanted has already been integrated.
Data Center - Assistant Group Manager (Information Security) at a financial services firm with 501-1,000 employees
Real User
2020-08-23T08:17:17Z
Aug 23, 2020
The company needs to align better with the customer. At the price point they offer, they need to be as good or better than the competition. They're losing market because they aren't there yet in that regard. When it comes to renewing the solution, they tend to try to jack up the pricing.
Security Technical Lead at a tech services company with 11-50 employees
Real User
Top 5
2020-06-07T09:09:00Z
Jun 7, 2020
The reporting functionality in GlobalProtect needs to be improved. Other products, such as Check Point, have better reporting features that give more reports. The price of the K2-Series should be lowered. The dashboard could be improved by adding more GUI components.
The URL Filtering module needs to have more categories added to it. The concept of clustering would be of benefit to Palo Alto and it would make it more productive. For example, with Forcepoint, you can cluster two different products.
System Engineer - Security Presales at Raya Integration
Real User
Top 10
2020-05-27T16:23:40Z
May 27, 2020
The partner support, which is a local company, is not that good and can be improved. I would like to see the threat intelligence capability integrated with other vendors such as Cisco and Forcepoint. This would effectively be a multi-threat intelligence solution. Along the same lines, it would be useful to share threat signatures with different vendors.
The technical support, and how they provide it to the client, needs to be improved. They take too long to provide answers. I would like to have a statistical report that shows the number of times that each rule is used.
Security Solutions Architect at a tech services company with 501-1,000 employees
Real User
2020-03-23T06:14:17Z
Mar 23, 2020
The solution could be improved with more dedicated reporting about the user's context. For example, if I need to have a summarized report that includes uses as well as consolidating the user's activities, threads and applications on the endpoint machine, Palo Alto does not have the visibility for the endpoint in their firewalls. If I want to have a report from the firewall that summarizes user application from the user side, rather than the server side, Palo Alto software does not have that information. Other vendors, such as Cisco, have that in their profile. You can generate a report from Cisco firewall and it will tell you that you're using the internet, and using Firefox or Google Chrome. Palo Alto doesn't have that extended visibility to the end point. It would be the same for additional features - I need to have the visibility of the endpoint application, endpoint context. It's an innate feature in Cisco firewalls. I don't like the style of Forte, for example. It has email spam over the firewall. I don't like this feature, and I don't like to have features that are not really good for out of the box. What Forte does have that is good is an explicit proxy capability and Palo Alto could include that.
System Engineer at a tech services company with 501-1,000 employees
Real User
2020-03-19T13:00:00Z
Mar 19, 2020
In terms of what needs improvement, Palo Alto is lacking abilities that other firewalls can do. They disable the current sessions when you think the hardest part is done. They have a workaround for authentication, but then our clients just use the local database of the device itself. Some of the small to medium businesses are using these features and it would be easier for us to upsell the product up to other networks. Palo Alto Networks is quite a bit higher when it comes to prices. They should implement the features that the other firewalls have. In the next release, I would like for them to include a checkbox where the user could disable concurrent users of the portal.
IT Specialist at a transportation company with 10,001+ employees
Real User
2020-03-09T08:07:58Z
Mar 9, 2020
It's like anything else. What's good today might not be in a day, a week, a month, etc. The solution needs to constantly be adapting and updating. The solution needs a series of OS changes.
Network Security & Virtualization at a financial services firm with 1,001-5,000 employees
Real User
2020-03-03T08:47:00Z
Mar 3, 2020
There is not really anything that needs to be improved in the product. It might be nice if it were possible for newer users to get a higher level of support.
Designed to handle growing throughput needs due to increasing amounts of application-, user-, and device-generated data, the K2-Series offers amazing performance and threat prevention capabilities to stop advanced cyberattacks and secure mobile network infrastructure, subscribers, and services.
The solution's commitment time could be reduced as it often takes a lot of time to execute. Additionally, reducing the SLA response time from two hours would be beneficial.
The scalability for the on-premises version is limited as it depends on the model. It always needs to stay updated. It just needs to keep the threat IDs and the latest kinds of threats updated. Otherwise, it's great.
The prices are not affordable for small companies.
The solution's pricing could be better.
The tool needs to improve integration with more products from other vendors. I would like the product to add threat intelligence features as well.
The password function of the solution could be improved. Additionally, some of the processes take too long to complete.
The product should get frequent updates allowing us to add new signatures. This is my only concern.
Palo Alto releases a lot of bug fixes for their firewalls, which means it's necessary to do frequent upgrades. They should work on decreasing their bugs so that upgrades aren't needed so often. They also don't always ensure that their upgrades are available for older firewalls.
It is recommended that the Palo Alto Networks K2-Series be implemented step by step for the Panorama. Sometimes we can't overwrite the configurations because it fails.
Palo Alto has many other products. It would be nice for these products to be centralized under one tool rather than having to jump from tool to tool.
Palo Alto K2-Series firewalls could use some technical improvements, like main and standby, as well as FTU and STU support. In addition, they should upgrade the CPU, and there are so many other things that I cannot think of off the top of my head.
In the past, we've had trouble with Palo Alto's application filtering not getting it right. I would not be recommending layer 7 application filtering yet. That's the only hiccup with the product line. In terms of the features, I'd like to see, one of the bigger pieces missing from any firewall system is the ability to monitor and report. I don't think there are any firewalls doing this, but I'd like to see firewalls have the ability to do what Splunk is doing automatically. In other words, the ability to provide log analysis and monitoring from a visualization standpoint would be very beneficial to any firewall. That doesn't really exist today. There also needs to be a real methodology to maintain rules. They have rule sets in there and different ways of showing it, but the presentation isn't great. It's not a great presentation of where you have duplicate rules in place that makes it easy to find. Then again, I would say that no firewall company really has good management abilities for that. This isn't to badmouth Palo Alto. It's just that these features don't exist. So as we talk about where threat modeling and cybersecurity need to go, there's no one vendor with the best solution. It'd be nice if it would come in one platform. In other words, you buy their product, and they have a platform that includes that functionality.
The user interface could be improved. Right now, it's an aspect that is lacking. They should make it more user-friendly. There are too many options visible right now, which makes it confusing. They need to streamline and simplify it. I'd like to see more data protection on the system. It needs a DLP, a Data Loss Prevention, system.
They could improve by providing more features in the solution.
They should lower their prices for small businesses. They should offer subscriptions or box-sets because a lot of companies want to buy it, but they just can't afford it. It's not that expensive necessarily; the market is just doing poorly at the moment. Everything I could possibly want has already been implanted into the new version, including the Internet of Things, machine learning, and SD-WAN; every feature I wanted has already been integrated.
The company needs to align better with the customer. At the price point they offer, they need to be as good or better than the competition. They're losing market because they aren't there yet in that regard. When it comes to renewing the solution, they tend to try to jack up the pricing.
The reporting functionality in GlobalProtect needs to be improved. Other products, such as Check Point, have better reporting features that give more reports. The price of the K2-Series should be lowered. The dashboard could be improved by adding more GUI components.
The URL Filtering module needs to have more categories added to it. The concept of clustering would be of benefit to Palo Alto and it would make it more productive. For example, with Forcepoint, you can cluster two different products.
The partner support, which is a local company, is not that good and can be improved. I would like to see the threat intelligence capability integrated with other vendors such as Cisco and Forcepoint. This would effectively be a multi-threat intelligence solution. Along the same lines, it would be useful to share threat signatures with different vendors.
The ease of management and configuration should be improved. The price of the K2 series could be lower.
The technical support, and how they provide it to the client, needs to be improved. They take too long to provide answers. I would like to have a statistical report that shows the number of times that each rule is used.
The solution could be improved with more dedicated reporting about the user's context. For example, if I need to have a summarized report that includes uses as well as consolidating the user's activities, threads and applications on the endpoint machine, Palo Alto does not have the visibility for the endpoint in their firewalls. If I want to have a report from the firewall that summarizes user application from the user side, rather than the server side, Palo Alto software does not have that information. Other vendors, such as Cisco, have that in their profile. You can generate a report from Cisco firewall and it will tell you that you're using the internet, and using Firefox or Google Chrome. Palo Alto doesn't have that extended visibility to the end point. It would be the same for additional features - I need to have the visibility of the endpoint application, endpoint context. It's an innate feature in Cisco firewalls. I don't like the style of Forte, for example. It has email spam over the firewall. I don't like this feature, and I don't like to have features that are not really good for out of the box. What Forte does have that is good is an explicit proxy capability and Palo Alto could include that.
In terms of what needs improvement, Palo Alto is lacking abilities that other firewalls can do. They disable the current sessions when you think the hardest part is done. They have a workaround for authentication, but then our clients just use the local database of the device itself. Some of the small to medium businesses are using these features and it would be easier for us to upsell the product up to other networks. Palo Alto Networks is quite a bit higher when it comes to prices. They should implement the features that the other firewalls have. In the next release, I would like for them to include a checkbox where the user could disable concurrent users of the portal.
There are a lot of bugs in this solution.
It's like anything else. What's good today might not be in a day, a week, a month, etc. The solution needs to constantly be adapting and updating. The solution needs a series of OS changes.
There is not really anything that needs to be improved in the product. It might be nice if it were possible for newer users to get a higher level of support.