Palo Alto needs to improve deployment by making it easier to deploy an agent to a desktop. Currently, it's complex since the product cannot utilize the AD serving for deployment, which would be a desired improvement in the near future.
Integration between Panorama and the Edge Firewall has a lot of issues, like different configuration assets, configuration object templates, lack of flexibility, and not a good browser. It needs improvement in saving and synchronization.
If we implement Cisco or Fortinet's firewall for the first time, anybody with a basic knowledge of firewalls can set the policies and rules. The implementation is not that easy. Though Palo Alto is much better and more efficient than many other products in the market, we need some skilled resources to manage the initial installation and configuration. It leads to an increase in service costs.
In the future, it would be beneficial if Panorama could include a firewall assurance feature similar to Skybox. While each firewall has its policy optimizer, a consolidated policy optimizer in Panorama could further enhance firewall management and optimization.
Security Technical Lead at a tech services company with 11-50 employees
Real User
Top 5
2023-09-14T14:52:43Z
Sep 14, 2023
If a large company uses Panorama as a log collector, it may require setting up multiple local collector devices due to potential limitations in handling firewall logs. It would be beneficial to improve the capabilities of Panorama to handle logs more efficiently, potentially reducing the need for additional local collectors. Adding more predefined dashboards as features would enhance the monitoring and reporting capabilities. The iOPS tools, which are currently offered separately, could be integrated into Panorama to eliminate the need for an additional dashboard or GUI.
Learn what your peers think about Palo Alto Networks Panorama. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
The pricing of the solution could be considered an area of improvement, as it is a comprehensive and feature-rich product that may include features that are not needed by some companies. Therefore, the solution should have a more competitive pricing structure.
Palo Alto Networks Panorama currently lacks the capability of integrating with other software, such as AlgoSec to simplify rule management and schedule management. However, this feature has been requested by the company and it is uncertain if Palo Alto will implement it in the future. Additionally, the UI needs improvement, it is too slow.
Solution Architect at Innovirtuz Technologies Pvt. Ltd
Real User
Top 10
2022-12-14T14:25:00Z
Dec 14, 2022
Storage in Palo Alto Networks Panorama needs improvement. My company also experienced deployment issues when the product was first installed, particularly when binding with the firewall. It's not as user-friendly because not everyone can deploy it without some knowledge. Updating Palo Alto Networks Panorama was also a bit challenging when upgrading your firewall, so that's another area for improvement.
We have faced some challenges with the solution. We had Panorama in the cloud, and then we used Panorama to manage the on-prem firewalls. Then we had some network-centric architecture to connect to on-prem, where we had two separate Palo Alto firewalls on the cloud. From there, we had a direct connect, external direct connect to the on-prem. In that case, the issue we faced was that whenever the traffic left AWS, it went with any one of the subnets, either from availabilities on one subnet or availabilities on two subnets. When we configured Panorama, it was actually behind a NAT device on two separate IP signals, and there were challenges around that. When we were deploying Panorama in AWS, there were some issues with Panorama deployment in AWS. I was the first customer to deploy Panorama in AWS, and I raised a case with both AWS and Panorama. Then, in the next Panorama release, they enhanced some features, and both came up in the same version. I had to wait for two or three months to get to a resolution. Sometimes technical support is slow to respond. The solution is expensive. Panorama can be a bit difficult compared to other Palo Alto solutions. It would be ideal if they could simplify it a bit.
I would improve the management. I need to view charts and traffic statistics, but the management console doesn't share that information with me. I would also improve the integration with other solutions.
We have had some issues in the past because integrating a new device is not intuitive. If there is some room for improvement, that would be it. I'm not an expert on the matter, but I would like to see more capabilities regarding automation and integration. We are seeing a trend where the clients are asking for integrations with European tools. I know the solution is quite integral with all kinds of tools, but there are some different tools here in the market in Europe, so this is important. The menu is full of options, which is good in some ways, but for a newbie it can be a little bit overwhelming and you need to properly understand it before starting to work with it. I think the ramp up at the beginning is quite intense.
Cloud Security Engineer at a computer software company with 1,001-5,000 employees
Real User
2022-08-11T15:03:11Z
Aug 11, 2022
It's not part of my role to connect other devices to Panorama, so I don't know how the integration works. I maybe need a better understanding of how the policies of the signature work. For example, what does it mean to exclude an IP, and what are the policy rules and priorities? I need more knowledge about the signature policy and priorities. Instead of searching their knowledge base in their website, maybe they can interact with us in the user interface to explain things better. If they had pop-ups to help guide us, we might get fewer failures along the way. Small notifications would be quite helpful.
It is not a cheap product. Some kinds of Palo Alto devices can cost a few thousands of dollars, and Panorama will be even higher. For the big customers that have a lot of devices, it is crucial to get all the benefits from the Palo Alto Networks portfolio regarding network security. For a highly secure environment, they sometimes need only hardware appliances, not a virtual machine.
Price is probably one of the biggest things that we struggle with, specifically with Palo, and that's across their whole portfolio. Also, the tech support could be better.
Cybersecurity Engineer at Networks Unlimited Africa
Real User
2022-07-18T11:25:17Z
Jul 18, 2022
Everyone, I suppose, would like the price to be improved. Price is always a good thing to change. There is always room for improvement in anything. But I couldn't really comment on that off the top of my head. In terms of updates, I believe everything is in order. That is not an issue for me.
My company's getting whatever it needs from Palo Alto Networks Panorama, but in the cloud, there's an issue with CPU management, and that's an area for improvement. Though the normal data traffic doesn't go through the management interface, whenever there's an increase in the throughput, CPU management becomes high. If you increase the load, CPU management spikes, and it's what needs to be taken care of in Palo Alto Networks Panorama.
Sometimes in Palo Alto Networks Panorama, we receive issues where it is overloaded and unresponsive. We have issues with accessing the devices due to a slow response from Panorama. Palo Alto Networks Panorama should be more robust and resilient.
Director at a tech services company with 1-10 employees
Reseller
2022-03-28T21:38:00Z
Mar 28, 2022
The ease of use of Palo Alto Networks Panorama is an area for improvement, because it's not very easy to use. The downside with the system is that you need a lot of comprehension to understand what it is. There are also risks associated with making a change, e.g. you can accidentally break your network which knocks off the firewall, and then you can't get back on again. If you know what you're doing, e.g. if you're a specialist, then there won't be any problems, in general. It's important to gain an understanding of Palo Alto Networks Panorama, or the concept, before you start. It works like Palo Alto, but it doesn't at the same time, because you have templates, and the templates have to be applied before your variables, and then those variables directly affect your objects. It's important to understand how it works. I wish they could make it easier, and a bit more intuitive, but if you're doing the training, and you're properly in the system, then it will make sense the way it's explained to you, otherwise, it'll be hard to make sense of it. It could be difficult to get to the stage you want to be on with this system. It's similar to a different language, and it's so hard to just do it on your own, but if you are in the culture and you're speaking to other people, then it becomes easier because you're doing it. That's the learning curve right there, e.g. if you've never done it before, you'll sit and look around saying: "What is this? I don't understand." If you're doing the training, and you're more involved in the product, or even if you speak to specialists, they will be able to help you, then you start to learning it and what it can do.
We have experienced a few bugs which the team at Palo Alto don't have solutions for. In the next release, it would be good to have features which increase the processing power in clusters.
Sr. Director, Security and Architecture at a pharma/biotech company with 11-50 employees
Real User
2021-10-20T18:31:08Z
Oct 20, 2021
Its UI and usability could be improved. The way the UI looks could be improved to make it a little bit more intuitive. Other than that, it is a pretty simple product.
Cyber Ambassador at a comms service provider with 11-50 employees
Reseller
2021-09-02T21:22:10Z
Sep 2, 2021
It tends to move along fairly quickly in terms of features because it is a part of PAN-OS. We are waiting on one feature that's on the beta at the moment, but that's because we use Okta as our authentication. Reporting might be an area to improve. It can provide reporting or some sort of graphical representation of your environment.
IT Security Analyst at a energy/utilities company with 51-200 employees
Real User
2021-06-30T18:46:24Z
Jun 30, 2021
While Palo Alto is the leading firewall worldwide, it's so pricey. Other products like Checkpoint still do the job, and yet it's way cheaper than Palo Alto. The solution is extremely expensive. You can integrate it with other Palo Alto products, however, it ends up being too much. Palo Alto prefers the VM version. However, for the VM level, often we have a migration from one host, VM host, to another host, and then the network jobs. And they're not fully redundant. With VM, the purpose is easy migration from one host to another one. That's the purpose of VM in play, however, if you want to have high availability or redundancy, you have to purchase two licenses - one on one host, another one on another host - and it costs a lot of money to do that. Technical support could be better.
There are times when we are backing up a device centrally, we do not get a full backup. We are able to do a full backup of all the devices but when we attempt to backup a single device, it only does the backup of a few presets and not the full configuration. In the future, they could improve by providing better management of the devices, such as bandwidth.
Technology consultant at a tech services company with 501-1,000 employees
Real User
2021-05-26T09:12:18Z
May 26, 2021
There is a need to improve the upgrade process. When we are upgrading the solution we are facing some issues with Elasticsearch services. Every time we upgrade it takes a long time to become stable. In an upcoming release, I recommend having policy segmentation because that will help Panorama. There is no policy segmentation as you would find in Check Point.
Its scalability can be improved. It is too expensive to scale it in the way Palo Alto wants us to scale. Scalability is one of the main reasons why our customer is looking for alternatives. It is too expensive to scale. Its redundancy also requires improvement, but it seems that in the latest version, redundancy is improved, and you can have more than two devices in an HA pair. So, they are heading in that direction. It would be good if they combine their dynamic list functionality in a much better way with Panorama and include it as out-of-the-box functionality. Palo Alto supports the dynamic list functionality for some basic threats, but there is a lot of scope for improvement.
Senior System Engineer at a financial services firm with 10,001+ employees
Real User
2021-03-29T20:35:51Z
Mar 29, 2021
I haven't come across any issues with the product. Overall, it's been very positive. I don't recall missing any features. It's a fairly complete solution. The product could offer more integration with other solutions.
Senior Network & Security Administrator at a consultancy with 1,001-5,000 employees
Real User
2020-12-22T13:42:17Z
Dec 22, 2020
In our version, there is no feature to transfer or upload a database of third-party vulnerabilities or signatures so that Panorama can convert them into its own database. This kind of feature might already have come in version 10.
Network Security Engineer at a tech vendor with 51-200 employees
Real User
2020-12-11T19:18:06Z
Dec 11, 2020
The product does need a bit of configuration. It's not quite ready to go out of the box. The solution could do a bit more with its security updates. Palo Alto in general could be a bit more secure. Support is pretty good, however, they could always be a bit faster and more responsive.
Engineering infrastructure manager at a financial services firm with 10,001+ employees
Real User
2020-12-11T05:12:11Z
Dec 11, 2020
We found a vulnerability where when we have a low flow, like 2.7K, it is not getting fired by the threat prevention. That's something important to improve on. They should have a proxy or some solution to solve the issue. We also found some issues around decrypting the flow. When we have more flow than expected to decrypt, the performance goes down.
Security Manager at a transportation company with 1,001-5,000 employees
Real User
2020-10-06T06:57:41Z
Oct 6, 2020
I would like to have better analytics. The network traffic analysis (NTA) is something that you can add on to get more insight from the traffic passing through the firewall, and it should be included.
There are too many OS upgrades. We've had six new versions in the past six months. Even if they are updating it to fix bugs, it's hard to keep pace with the change when you have 800 or more Palo Alto devices that you now need to update and upgrade. We try to follow version minus one or two for security reasons. To keep pace with the changes, it takes us nearly six months as we have to check with the business, arrange downtime, and count and cover all devices. These upgrades aren't just little fixes either. Whenever there is a new release, it requires an OS upgrade. It would be nice if there was some automation on the upgrades of the devices. They need to do less bug-related releases and create versions that are stable for at least six months at a time. I don't find this issue in other solutions like Cisco, Check Point, FortiGate, or others. Those just provide a patch if there is a bug and we don't have to worry about downtime.
Chief Cloud Architect at a tech services company with 1,001-5,000 employees
Real User
2020-09-29T05:58:28Z
Sep 29, 2020
I would like to see Networks Panorama more integrated into the firewall solutions rather than being a separate component. This would be helpful so that we can do rule-based change management for the firewall through it as well.
The pricing should be reconsidered. It's too high right now. At times we have noticed that we get into issues where Panorama is going too slow or has other little problems. The performance can suffer occasionally.
Director, Compliance and Risk Management at a pharma/biotech company with 10,001+ employees
Real User
2020-09-16T08:18:00Z
Sep 16, 2020
Pricing is always something that consumers hope will be addressed in their favor. I think that some method of allowing for more customization and open integration with other controls within the enterprise is something that we want to have. We want to be able to have more orchestration of disparate parts. I think the features that most of the features that I would like to see are currently being implemented. Behavioral heuristic analysis of connections, for example. That is something that I know is being done now.
I don't see many places to improve the solution. For us, it's working quite well. The solution should improve the speed at which they make changes on the system. Historically, they've been a bit slow in that respect. They should apply changes to the box quicker and more often.
I think the multitenancy of this solution can be improved. I would also like to see better management task automation for the trial environment. That is missing in this solution. In the next version, I would like to have more integration with the cloud and with the services delivered by Palo Alto. It isn't very task integrated at this stage. I would also like more dashboard management.
Information Security Consultant at a tech services company with 51-200 employees
Real User
2019-08-30T04:51:00Z
Aug 30, 2019
The general customer feedback is when saving the configuration, it takes a long time. That needs to be fixed. The troubleshooting, the debugging part is also a little bit of a pain. It's not user-friendly on the interface to do our debugging when comparing it with other firewalls, like Forcepoint. It would be nice to have a real-time traffic monitoring console similar to Forcepoint firewalls where you can see in real-time instead of having to keep on refreshing, or maybe a command on the console where you are able to see the traffic. The solution needs to work on speeding up the committing time.
Executive Manager at a financial services firm with 1,001-5,000 employees
Real User
Top 20
2019-08-29T08:53:00Z
Aug 29, 2019
There is room for improvement in the integration within endpoint detection. They need to do some integration between endpoints and the firewalls. They also need to add a mobile version for product so we can access the interface easily.
The solution needs to improve its pricing model. Panorama needs to work on its configuration issues. They should also focus on firewall management. Many clients have multiple firewalls, so Palo Alto should offer better management of them. They could model themselves off of AlgoSec, or maybe FireMon which are other very good firewall management tools.
Senior Security Engineer at a government with 1,001-5,000 employees
Real User
2019-08-07T06:15:00Z
Aug 7, 2019
It can take a few minutes to test to see if any changes are successful or not. This needs to be improved. A change commit should take a second, not a minute or more. Panorama does suffer from performance issues, which they need to resolve. Also, technical support isn't very responsive and could use some improvement.
Network Architect at a media company with 10,001+ employees
Real User
2019-03-11T07:21:00Z
Mar 11, 2019
My pain point is the automation process is not well-documented. There are some things that they could improve on there. If you go in the system to search for something, it is not intuitive. They could really improve that. There is a concept of device groups and a concept of templates. The templates can allow for inheritance, but the device groups do not.
Panorama network security management provides static rules and dynamic security updates in an ever-changing threat landscape. Reduce administrator workload and improve your overall security posture with a single rule base for firewall, threat prevention, URL filtering, application awareness, user identification, file blocking and data filtering.
Palo Alto needs to improve deployment by making it easier to deploy an agent to a desktop. Currently, it's complex since the product cannot utilize the AD serving for deployment, which would be a desired improvement in the near future.
Integration between Panorama and the Edge Firewall has a lot of issues, like different configuration assets, configuration object templates, lack of flexibility, and not a good browser. It needs improvement in saving and synchronization.
If we implement Cisco or Fortinet's firewall for the first time, anybody with a basic knowledge of firewalls can set the policies and rules. The implementation is not that easy. Though Palo Alto is much better and more efficient than many other products in the market, we need some skilled resources to manage the initial installation and configuration. It leads to an increase in service costs.
In the future, it would be beneficial if Panorama could include a firewall assurance feature similar to Skybox. While each firewall has its policy optimizer, a consolidated policy optimizer in Panorama could further enhance firewall management and optimization.
A potential improvement for Palo Alto Networks Panorama could be a more competitive pricing structure.
If a large company uses Panorama as a log collector, it may require setting up multiple local collector devices due to potential limitations in handling firewall logs. It would be beneficial to improve the capabilities of Panorama to handle logs more efficiently, potentially reducing the need for additional local collectors. Adding more predefined dashboards as features would enhance the monitoring and reporting capabilities. The iOPS tools, which are currently offered separately, could be integrated into Panorama to eliminate the need for an additional dashboard or GUI.
The pricing of the solution could be considered an area of improvement, as it is a comprehensive and feature-rich product that may include features that are not needed by some companies. Therefore, the solution should have a more competitive pricing structure.
This is a relatively expensive solution and I wouldn't recommend it for a stand-alone deployment.
The solution can improve by providing unique reports in relation to the function of which you choose the firewall to do.
Palo Alto Networks Panorama currently lacks the capability of integrating with other software, such as AlgoSec to simplify rule management and schedule management. However, this feature has been requested by the company and it is uncertain if Palo Alto will implement it in the future. Additionally, the UI needs improvement, it is too slow.
Storage in Palo Alto Networks Panorama needs improvement. My company also experienced deployment issues when the product was first installed, particularly when binding with the firewall. It's not as user-friendly because not everyone can deploy it without some knowledge. Updating Palo Alto Networks Panorama was also a bit challenging when upgrading your firewall, so that's another area for improvement.
I don't have any real comments in terms of areas of improvement. The scalability is limited. It is an expensive product.
We have faced some challenges with the solution. We had Panorama in the cloud, and then we used Panorama to manage the on-prem firewalls. Then we had some network-centric architecture to connect to on-prem, where we had two separate Palo Alto firewalls on the cloud. From there, we had a direct connect, external direct connect to the on-prem. In that case, the issue we faced was that whenever the traffic left AWS, it went with any one of the subnets, either from availabilities on one subnet or availabilities on two subnets. When we configured Panorama, it was actually behind a NAT device on two separate IP signals, and there were challenges around that. When we were deploying Panorama in AWS, there were some issues with Panorama deployment in AWS. I was the first customer to deploy Panorama in AWS, and I raised a case with both AWS and Panorama. Then, in the next Panorama release, they enhanced some features, and both came up in the same version. I had to wait for two or three months to get to a resolution. Sometimes technical support is slow to respond. The solution is expensive. Panorama can be a bit difficult compared to other Palo Alto solutions. It would be ideal if they could simplify it a bit.
I would improve the management. I need to view charts and traffic statistics, but the management console doesn't share that information with me. I would also improve the integration with other solutions.
We have had some issues in the past because integrating a new device is not intuitive. If there is some room for improvement, that would be it. I'm not an expert on the matter, but I would like to see more capabilities regarding automation and integration. We are seeing a trend where the clients are asking for integrations with European tools. I know the solution is quite integral with all kinds of tools, but there are some different tools here in the market in Europe, so this is important. The menu is full of options, which is good in some ways, but for a newbie it can be a little bit overwhelming and you need to properly understand it before starting to work with it. I think the ramp up at the beginning is quite intense.
It's not part of my role to connect other devices to Panorama, so I don't know how the integration works. I maybe need a better understanding of how the policies of the signature work. For example, what does it mean to exclude an IP, and what are the policy rules and priorities? I need more knowledge about the signature policy and priorities. Instead of searching their knowledge base in their website, maybe they can interact with us in the user interface to explain things better. If they had pop-ups to help guide us, we might get fewer failures along the way. Small notifications would be quite helpful.
It is not a cheap product. Some kinds of Palo Alto devices can cost a few thousands of dollars, and Panorama will be even higher. For the big customers that have a lot of devices, it is crucial to get all the benefits from the Palo Alto Networks portfolio regarding network security. For a highly secure environment, they sometimes need only hardware appliances, not a virtual machine.
Price is probably one of the biggest things that we struggle with, specifically with Palo, and that's across their whole portfolio. Also, the tech support could be better.
Everyone, I suppose, would like the price to be improved. Price is always a good thing to change. There is always room for improvement in anything. But I couldn't really comment on that off the top of my head. In terms of updates, I believe everything is in order. That is not an issue for me.
The price of Palo Alto Networks Panorama could be better.
My company's getting whatever it needs from Palo Alto Networks Panorama, but in the cloud, there's an issue with CPU management, and that's an area for improvement. Though the normal data traffic doesn't go through the management interface, whenever there's an increase in the throughput, CPU management becomes high. If you increase the load, CPU management spikes, and it's what needs to be taken care of in Palo Alto Networks Panorama.
The price could be lower. I would like to see remote VPN, like the Cisco client.
Sometimes in Palo Alto Networks Panorama, we receive issues where it is overloaded and unresponsive. We have issues with accessing the devices due to a slow response from Panorama. Palo Alto Networks Panorama should be more robust and resilient.
The ease of use of Palo Alto Networks Panorama is an area for improvement, because it's not very easy to use. The downside with the system is that you need a lot of comprehension to understand what it is. There are also risks associated with making a change, e.g. you can accidentally break your network which knocks off the firewall, and then you can't get back on again. If you know what you're doing, e.g. if you're a specialist, then there won't be any problems, in general. It's important to gain an understanding of Palo Alto Networks Panorama, or the concept, before you start. It works like Palo Alto, but it doesn't at the same time, because you have templates, and the templates have to be applied before your variables, and then those variables directly affect your objects. It's important to understand how it works. I wish they could make it easier, and a bit more intuitive, but if you're doing the training, and you're properly in the system, then it will make sense the way it's explained to you, otherwise, it'll be hard to make sense of it. It could be difficult to get to the stage you want to be on with this system. It's similar to a different language, and it's so hard to just do it on your own, but if you are in the culture and you're speaking to other people, then it becomes easier because you're doing it. That's the learning curve right there, e.g. if you've never done it before, you'll sit and look around saying: "What is this? I don't understand." If you're doing the training, and you're more involved in the product, or even if you speak to specialists, they will be able to help you, then you start to learning it and what it can do.
We have experienced a few bugs which the team at Palo Alto don't have solutions for. In the next release, it would be good to have features which increase the processing power in clusters.
An area for improvement would be the connectivity, which sometimes means logs can be slow to display.
Its UI and usability could be improved. The way the UI looks could be improved to make it a little bit more intuitive. Other than that, it is a pretty simple product.
There could be more integrations with third parties.
It tends to move along fairly quickly in terms of features because it is a part of PAN-OS. We are waiting on one feature that's on the beta at the moment, but that's because we use Okta as our authentication. Reporting might be an area to improve. It can provide reporting or some sort of graphical representation of your environment.
It could be more secure.
The solution's utilization of network ports makes things as complex as possible. The pricing could be better.
While Palo Alto is the leading firewall worldwide, it's so pricey. Other products like Checkpoint still do the job, and yet it's way cheaper than Palo Alto. The solution is extremely expensive. You can integrate it with other Palo Alto products, however, it ends up being too much. Palo Alto prefers the VM version. However, for the VM level, often we have a migration from one host, VM host, to another host, and then the network jobs. And they're not fully redundant. With VM, the purpose is easy migration from one host to another one. That's the purpose of VM in play, however, if you want to have high availability or redundancy, you have to purchase two licenses - one on one host, another one on another host - and it costs a lot of money to do that. Technical support could be better.
There are times when we are backing up a device centrally, we do not get a full backup. We are able to do a full backup of all the devices but when we attempt to backup a single device, it only does the backup of a few presets and not the full configuration. In the future, they could improve by providing better management of the devices, such as bandwidth.
There is a need to improve the upgrade process. When we are upgrading the solution we are facing some issues with Elasticsearch services. Every time we upgrade it takes a long time to become stable. In an upcoming release, I recommend having policy segmentation because that will help Panorama. There is no policy segmentation as you would find in Check Point.
They can improve its cloud integration.
Its scalability can be improved. It is too expensive to scale it in the way Palo Alto wants us to scale. Scalability is one of the main reasons why our customer is looking for alternatives. It is too expensive to scale. Its redundancy also requires improvement, but it seems that in the latest version, redundancy is improved, and you can have more than two devices in an HA pair. So, they are heading in that direction. It would be good if they combine their dynamic list functionality in a much better way with Panorama and include it as out-of-the-box functionality. Palo Alto supports the dynamic list functionality for some basic threats, but there is a lot of scope for improvement.
I haven't come across any issues with the product. Overall, it's been very positive. I don't recall missing any features. It's a fairly complete solution. The product could offer more integration with other solutions.
In our version, there is no feature to transfer or upload a database of third-party vulnerabilities or signatures so that Panorama can convert them into its own database. This kind of feature might already have come in version 10.
The product does need a bit of configuration. It's not quite ready to go out of the box. The solution could do a bit more with its security updates. Palo Alto in general could be a bit more secure. Support is pretty good, however, they could always be a bit faster and more responsive.
We found a vulnerability where when we have a low flow, like 2.7K, it is not getting fired by the threat prevention. That's something important to improve on. They should have a proxy or some solution to solve the issue. We also found some issues around decrypting the flow. When we have more flow than expected to decrypt, the performance goes down.
Aside from pricing, I don't have any issues with Panorama.
The notification and alerting system could be improved.
It's difficult to implement.
It should have more connection with Threat Intelligence Cloud. They can also include features related to SecOps and automation API.
I would like to have better analytics. The network traffic analysis (NTA) is something that you can add on to get more insight from the traffic passing through the firewall, and it should be included.
There are too many OS upgrades. We've had six new versions in the past six months. Even if they are updating it to fix bugs, it's hard to keep pace with the change when you have 800 or more Palo Alto devices that you now need to update and upgrade. We try to follow version minus one or two for security reasons. To keep pace with the changes, it takes us nearly six months as we have to check with the business, arrange downtime, and count and cover all devices. These upgrades aren't just little fixes either. Whenever there is a new release, it requires an OS upgrade. It would be nice if there was some automation on the upgrades of the devices. They need to do less bug-related releases and create versions that are stable for at least six months at a time. I don't find this issue in other solutions like Cisco, Check Point, FortiGate, or others. Those just provide a patch if there is a bug and we don't have to worry about downtime.
I would like to see Networks Panorama more integrated into the firewall solutions rather than being a separate component. This would be helpful so that we can do rule-based change management for the firewall through it as well.
The pricing should be reconsidered. It's too high right now. At times we have noticed that we get into issues where Panorama is going too slow or has other little problems. The performance can suffer occasionally.
Pricing is always something that consumers hope will be addressed in their favor. I think that some method of allowing for more customization and open integration with other controls within the enterprise is something that we want to have. We want to be able to have more orchestration of disparate parts. I think the features that most of the features that I would like to see are currently being implemented. Behavioral heuristic analysis of connections, for example. That is something that I know is being done now.
I'd like to see improvement in the speed and reliability of the solution. They're the two things most important to me right now.
I don't see many places to improve the solution. For us, it's working quite well. The solution should improve the speed at which they make changes on the system. Historically, they've been a bit slow in that respect. They should apply changes to the box quicker and more often.
I think the multitenancy of this solution can be improved. I would also like to see better management task automation for the trial environment. That is missing in this solution. In the next version, I would like to have more integration with the cloud and with the services delivered by Palo Alto. It isn't very task integrated at this stage. I would also like more dashboard management.
The general customer feedback is when saving the configuration, it takes a long time. That needs to be fixed. The troubleshooting, the debugging part is also a little bit of a pain. It's not user-friendly on the interface to do our debugging when comparing it with other firewalls, like Forcepoint. It would be nice to have a real-time traffic monitoring console similar to Forcepoint firewalls where you can see in real-time instead of having to keep on refreshing, or maybe a command on the console where you are able to see the traffic. The solution needs to work on speeding up the committing time.
There is room for improvement in the integration within endpoint detection. They need to do some integration between endpoints and the firewalls. They also need to add a mobile version for product so we can access the interface easily.
I have had some leakage issues before, but it was solved. I would, however like to see better integration with other products.
The dual WAN functionality is missing in this solution.
The solution needs to improve its pricing model. Panorama needs to work on its configuration issues. They should also focus on firewall management. Many clients have multiple firewalls, so Palo Alto should offer better management of them. They could model themselves off of AlgoSec, or maybe FireMon which are other very good firewall management tools.
It can take a few minutes to test to see if any changes are successful or not. This needs to be improved. A change commit should take a second, not a minute or more. Panorama does suffer from performance issues, which they need to resolve. Also, technical support isn't very responsive and could use some improvement.
My pain point is the automation process is not well-documented. There are some things that they could improve on there. If you go in the system to search for something, it is not intuitive. They could really improve that. There is a concept of device groups and a concept of templates. The templates can allow for inheritance, but the device groups do not.