Senior Network Engineer at Just In Time Group (Sri Lanka)
Reseller
Top 20
2024-04-26T07:46:00Z
Apr 26, 2024
Palo Alto can improve the web application firewall (WAF) feature at layer 7. Currently, I don't think it's available. If they can improve that, it would be better. We wouldn't need to purchase a separate WAF solution because they already have advanced URL filtering. But I don't think that advanced URL filtering has the same features as a dedicated WAF, like F5 or other solutions. That is an area for improvement. If they can improve the WAF feature, customers won't have to buy a separate WAF solution. They could do it with the same Palo Alto firewall, perhaps through a subscription-based model. So the web application firewall feature has to be improved.
Sr. Network Engineer at a tech services company with 1-10 employees
Reseller
Top 20
2024-04-02T15:46:00Z
Apr 2, 2024
I don't have any specific suggestions for improving the Palo Alto Networks PA-Series at the moment. I find it to be a very effective solution, and I don't have any major complaints or areas for improvement in mind. However, pricing flexibility could be an aspect worth considering, as it has been a concern for some of our clients.
IT Senior Network Security Engineer at a financial services firm with 1,001-5,000 employees
Real User
Top 20
2024-03-27T15:38:59Z
Mar 27, 2024
I had opened a case before with the tool because I could not create a wildcard for the security address. We can create wildcards for security addresses in Fortinet, but this feature doesn't exist in the product. We use it as a decryptor using the decryption policy. Any site with a certificate chain with some intermediate CAs not in the CA database already downloaded in Palo Alto Networks PA-Series will not open until I extract the certificate and import it manually into the CA database. This is a workaround. I opened a ticket, and they guided me to upgrade the firewall to a specific version, but I haven't done it yet.
C Palo Alto Networks firewalls can be somewhat complex due to the various options available. They offer different devices and subscription models, including standalone firewalls and bundled options. Utilizing these features as a unified solution can require additional setup, particularly when incorporating Panorama for centralized management, which may involve extra costs.
Automation-OT Manager at a non-profit with 1,001-5,000 employees
Real User
Top 20
2024-02-15T15:38:00Z
Feb 15, 2024
Migrating from old to new Palo Alto Networks firewalls can sometimes encounter hiccups, and there is room for improvement in streamlining this process for smoother transitions.
IT Manager at a computer software company with 51-200 employees
Real User
Top 10
2024-01-30T16:08:46Z
Jan 30, 2024
The UI definitely needs work. In my opinion, the UI could be simpler and more user-friendly for the average user. For example, I encountered complexities with policy management. Policy management is one of the areas where the UI is not intuitive, and managing policies can be quite complex.
Learn what your peers think about Palo Alto Networks PA-Series. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
Senior Information Technology Manager at Inventia Healthcare Limited
Real User
Top 10
2023-12-26T06:59:00Z
Dec 26, 2023
The product's gateway services can be improved. Along with the firewall, if a user wants to work with a VPN and if you want to check the posture of your endpoint, that service needs to be separately purchased. They have this feature, but if this service is clubbed with the solution, it will be very useful for the end users. For Mac OS and Apple products, there remains some challenge for VPN; it requires an SSL certificate to be installed separately, and this can be improved.
Palo Alto should integrate artificial intelligence for security purposes in the background for well-known threats and new risks coming to the market. Additionally, they could introduce a central dashboard where we can centrally monitor and mitigate all the risks automatically.
Associate Process Manager at a computer software company with 5,001-10,000 employees
Real User
Top 5
2023-10-10T09:29:15Z
Oct 10, 2023
There are constant updates for the operating system. It is a nice thing also, but it has its own disadvantages. Continuous updates are there. The users face issues like, how often do I need to update that? Within a period of five months, I'm updating it two or three times. It gives them a feeling that they are not confident about their product and have to update it so frequently. Plus, there are certain bugs, like in the 10.1 version, it's had some bugs. Then, they are upgrading it to the 10.2 version. They are updating that for the bugs. But the time duration between the two is less than the others. If we go for Cisco, they don't have their OS upgrades frequently as parallel to us. So that's the disadvantage.
Senior Network Engineer at a manufacturing company with 10,001+ employees
Real User
Top 5
2023-09-19T17:29:30Z
Sep 19, 2023
There seem to be some issues with TAC (Technical Assistance Center) or Palo Alto support. Anytime you open a case, a level one engineer joins, and then you have to escalate it to level two or three. The support system has changed in the past few years, and that's something they need to look into. In future releases, I would add one feature where we can take a subnet or take an IP and create a list of rules that are for that IP. There is an option, but it's not as expansive as I would like. When you run a report, you have to run it for a hostname. And when you look at the report, you see the hostnames, but you don't see the IPs. Like, there is no additional column for seeing the IP of the hostname or the subnet of the hostname. So that creates an issue. You have to go into the file and take the export list of firewall rules, and then you have the hostname got have the IP, then you have to note down the IP addresses.
There should be an improvement in the protection of endpoint computers when working outside the office. Currently, they are not protected with any data security when they work from home or outside the network. They surf the Internet directly and should implement a proxy or firewall to monitor the data between the endpoint and the Internet. In future releases, there may be better monitoring and reporting. In the past, there were some situations with vendor utilization where it was sometimes challenging to catch in real-time which user or device was generating excessive traffic, leading to increased utilization. There were some situations where it was easy to catch the source of high utilization through the device. There may be better monitoring or reporting capabilities.
Palo Alto Networks PA-Series is essential for firewall implementation, perimeter defense, securing infrastructure boundaries, web filtering, VPN, and threat prevention. Organizations deploy it for secure cloud connections, internet security, and managing network devices.
Companies trust Palo Alto Networks PA-Series to protect corporate networks from external threats, control traffic between networks, and meet regulatory compliance. Integrating well with applications, it offers...
Palo Alto can improve the web application firewall (WAF) feature at layer 7. Currently, I don't think it's available. If they can improve that, it would be better. We wouldn't need to purchase a separate WAF solution because they already have advanced URL filtering. But I don't think that advanced URL filtering has the same features as a dedicated WAF, like F5 or other solutions. That is an area for improvement. If they can improve the WAF feature, customers won't have to buy a separate WAF solution. They could do it with the same Palo Alto firewall, perhaps through a subscription-based model. So the web application firewall feature has to be improved.
I don't have any specific suggestions for improving the Palo Alto Networks PA-Series at the moment. I find it to be a very effective solution, and I don't have any major complaints or areas for improvement in mind. However, pricing flexibility could be an aspect worth considering, as it has been a concern for some of our clients.
I had opened a case before with the tool because I could not create a wildcard for the security address. We can create wildcards for security addresses in Fortinet, but this feature doesn't exist in the product. We use it as a decryptor using the decryption policy. Any site with a certificate chain with some intermediate CAs not in the CA database already downloaded in Palo Alto Networks PA-Series will not open until I extract the certificate and import it manually into the CA database. This is a workaround. I opened a ticket, and they guided me to upgrade the firewall to a specific version, but I haven't done it yet.
C Palo Alto Networks firewalls can be somewhat complex due to the various options available. They offer different devices and subscription models, including standalone firewalls and bundled options. Utilizing these features as a unified solution can require additional setup, particularly when incorporating Panorama for centralized management, which may involve extra costs.
Migrating from old to new Palo Alto Networks firewalls can sometimes encounter hiccups, and there is room for improvement in streamlining this process for smoother transitions.
The UI definitely needs work. In my opinion, the UI could be simpler and more user-friendly for the average user. For example, I encountered complexities with policy management. Policy management is one of the areas where the UI is not intuitive, and managing policies can be quite complex.
The product's gateway services can be improved. Along with the firewall, if a user wants to work with a VPN and if you want to check the posture of your endpoint, that service needs to be separately purchased. They have this feature, but if this service is clubbed with the solution, it will be very useful for the end users. For Mac OS and Apple products, there remains some challenge for VPN; it requires an SSL certificate to be installed separately, and this can be improved.
Palo Alto should integrate artificial intelligence for security purposes in the background for well-known threats and new risks coming to the market. Additionally, they could introduce a central dashboard where we can centrally monitor and mitigate all the risks automatically.
Palo Alto Networks PA-Series is expensive. We would like to see additional threat hunting features.
The solution's licensing price could be improved. The solution's GUI should be user-friendly and easily configurable.
The solution’s pricing could be improved because it is an expensive solution.
There are constant updates for the operating system. It is a nice thing also, but it has its own disadvantages. Continuous updates are there. The users face issues like, how often do I need to update that? Within a period of five months, I'm updating it two or three times. It gives them a feeling that they are not confident about their product and have to update it so frequently. Plus, there are certain bugs, like in the 10.1 version, it's had some bugs. Then, they are upgrading it to the 10.2 version. They are updating that for the bugs. But the time duration between the two is less than the others. If we go for Cisco, they don't have their OS upgrades frequently as parallel to us. So that's the disadvantage.
The SD-WAN feature of Palo Alto Networks is not good compared to FortiGate. It is also more complicated to configure, while FortiGate is much easier.
There seem to be some issues with TAC (Technical Assistance Center) or Palo Alto support. Anytime you open a case, a level one engineer joins, and then you have to escalate it to level two or three. The support system has changed in the past few years, and that's something they need to look into. In future releases, I would add one feature where we can take a subnet or take an IP and create a list of rules that are for that IP. There is an option, but it's not as expansive as I would like. When you run a report, you have to run it for a hostname. And when you look at the report, you see the hostnames, but you don't see the IPs. Like, there is no additional column for seeing the IP of the hostname or the subnet of the hostname. So that creates an issue. You have to go into the file and take the export list of firewall rules, and then you have the hostname got have the IP, then you have to note down the IP addresses.
Palo Alto Networks PA-Series should improve its price. It should also include a feature similar to Sophos Security Heartbeat.
There should be an improvement in the protection of endpoint computers when working outside the office. Currently, they are not protected with any data security when they work from home or outside the network. They surf the Internet directly and should implement a proxy or firewall to monitor the data between the endpoint and the Internet. In future releases, there may be better monitoring and reporting. In the past, there were some situations with vendor utilization where it was sometimes challenging to catch in real-time which user or device was generating excessive traffic, leading to increased utilization. There were some situations where it was easy to catch the source of high utilization through the device. There may be better monitoring or reporting capabilities.