Palo Alto Networks K2-Series Reviews

The primary use for this solution depends on the preference of a customer and to some extent their existing environment.  

We have to establish things like:  

• what are the business requirements  
• how we can utilize what is existing or if the client needs to upgrade equipment  
• what kind of servers do we put in  
• what kind of servers does he have on cloud  
• what kind of servers do we have on-premises  

So it all depends on the customer's requirements. If a query comes up with a client, I am happy to answer that and provide a resolution but the situation needs to consider specific needs.  

The thing I like the most about Palo Alto is that the IPS system is the strongest you can get. Even if you check with resources like the NSS Labs or Gardner — anywhere else — they all say it has the strongest IPS. It holds true even over the past five years. They are the leaders in the field.  

The reason I believe in my eyes that the IPS is the most valuable feature in Palo Alto is that the IPS is basically protecting everything. I think every two or three hours the database for the IPS signatures gets updated.  

One more feature of Palo Alto, which is not in Fortinet if you compare, is decryption. Palo Alto firewalls are doing SSL inspection and they are doing decryption as well. If we need SSL inbound inspection it is available in Palo Alto but Fortinet does not have this feature. They are not doing SSL inbound inspection. It is one more thing I would like to include as a positive feature of Palo Alto in my opinion.  

There is not really anything that needs to be improved in the product. It might be nice if it were possible for newer users to get a higher level of support.  

The company I work for now is a business I more recently joined. It has been about two years with the company but I have been dealing with Palo Alto products for 10 years now.  

We are talking about a firewall and we are not talking about a simple machine. We are talking about a machine that is not something you can just make simple. We are not talking about a general machine, so it does not really have general features. It does have multiple features. It does have processing engines — the parallel processing of Palo Alto — which is great. The stability will depend on the configuration and use. You really only have two options. You can either go for Palo Alto, or with Fortinet. These are the leaders of network security right now, so I guess those are stable or they would not be popular.  

Palo Alto has got a lot of customers now — even in the middle East. Almost every version has been scalable. That is the main reason that people are buying the product. I am satisfied with the scalability.  

The quality of technical support usually depends on your support level. If your support level is 24/7 365 then obviously your support is going to be perfect. But if you did not purchase that support, you will have some other level of support which is not 365 days. For example, they have an option for eight-by-seven which is eight hours per day seven days a week or something like that. The eight-by-seven support is not good in that case if you need it often or at times when it is not available.  

I have worked for Palo Alto as well as consulting about their products and they are really good at what they are doing, but there are pros and cons for every product. This applies especially to the goals when it comes to support. Most of the customers are not educated enough to do hands-on technical stuff on a product that is new for them every time even if they have experience with similar products. They need support because the basic concepts are essentially the same for firewalls everywhere, but the operating system and the way it does the processing is different for every type of firewall. So new users of Palo Alto may require support to set up most of the things, and if a user does not have the level of support he needs, he will be facing issues. He will not be able to finish his work on time.  

I really feel that all products have some level of technical support issues. Every product has pros and cons and even in the support level. A lot of times we will not find support in our same region. It would be located in different regions. So it happens to be pretty much normal for IT. People probably do not feel that is a good issue to face, but issues in the support are actually fine. That is manageable.  

I do have experience using next-generation firewalls, traditional firewalls, NDN (Named Data Networking) firewalls, distributed firewalls, and NSX. We still use various products but I prefer to use Palo Alto because of its capabilities.  

I am actually satisfied with the pricing of Palo Alto even though it is expensive. If you are talking about using products by a leader in the field and it is a bit expensive compared to other vendors, then that is totally fine for me because you are not compromising your security. In many other cases — like if there are budget issues — the companies can always go for Fortinet. It is also a good firewall, but it is cheaper. If you have got the budget to purchase Palo Alto, get it. If you do not have the budget, go for Fortinet or any other firewall.  

When we were looking for some different solutions, I was looking for comparisons between AlgoSec's firewall and others. I have been trying to research basically right now before purchasing another solution. We are looking for firewall management. We have multiple-vendor firewalls and we are looking to manage them from one console. From there I can manage all my multi-vendor firewalls, DMZ, internal firewalls, group firewalls, et cetera. That is why I was looking at AlgoSec, because it is capable of doing re-certification as well as integrating with NSX as well. There are a lot of things it can do. AlgoSec seems to meet my basic requirements for the solution.  

We are using multiple vendors like Cisco, Palo Alto, Fortinet, and Juniper. We are not limited to one vendor. We have different environments and different firewalls for each environment.  

But mostly, in the current market over here, the clients are preferring to go with Palo Alto as a DC (Data Center) firewall to use internally because IPS (Intrusion Prevention System) is really strong. As for Fortinet, people are preferring that as a solution for DMZ.  

On a scale from one to ten where one is the worst and ten is the best, I would give Palo Alto a rating of nine-out-of-ten.  

I would not give the product a ten and it is not really because there are additional features can be included to make it a perfect ten. Nobody is perfect. Based on smaller support issues is not really something I can rate a product on. Based on their performance in being a leader of these technologies and the leaders and the inventors of next-generation firewalls — based on that, I am giving them a nine. They have better processing which Palo Alto is the only one doing. Based on that and IPS system I give them a nine. And because I am not a perfect guy, I keep one Mark.  

The solution was a firewall that bridged the internal systems with their DMC equipment and/or restricted systems access that wasn't generally available to anyone outside of the organization.

The solution gets the access controls down to an even more precise part of the network traffic. It's not just any user going to an IP address or going to a port to get on the network. It's very thorough.

Our organization liked the fact that it wasn't just firewalls that handled addresses and ports. It also handles actual URL inspections. 

The solution is at the cutting edge of technology. 

The solution has good at controlling restricted access.

Palo Alto has better and finer controls than, say, Cisco or Check Point.

The solution is very strong from a security standpoint.

It's like anything else. What's good today might not be in a day, a week, a month, etc. The solution needs to constantly be adapting and updating.

The solution needs a series of OS changes.

I have been using the solution for five years.

The stability of the solution is rather excellent. It is really stable unless somebody messes up a configuration. We didn't face any bugs or crashes or have any issues with glitches.

The solution was scalable for our purposes. We distributed it to three or four different locations and these were all internal edge firewalls. It wasn't more than a half a day to get any new location up, once the network equipment was in place. (For example, switch hardware, cables, etc.). We would just bring in the hardware, set it up, connect to it, and finish turning it on.

The technical support is excellent. There haven't been problems that they couldn't resolve quickly. Pretty much are all cases that we had were dealt with to our satisfaction.

Prior to Palo Alto, we had been using Check Point. There wasn't a technical reason that we switched. As an organization, we just periodically switch technologies.

I can't really answer any questions related to the initial setup as there was another person who handled it. However, I do believe it was straightforward for them. My understanding was that deployment only took a day. It wasn't a long process.

For the initial deployment, I'm pretty sure they used a subject matter expert. After that, the organization did not need outside assistance. One of our own team members ended up becoming the subject matter expert for a lot of the implementation strategy.

I don't have an idea of what the licensing costs are.

I'd advise companies considering setting up the solution to make sure they have a trained team. If the team doesn't have any expertise with this type of firewall, then they've got to take some training. The training's pretty good and once you understand the concepts, it's pretty quick to put together. 

At the time we implemented it, it was easier than Check Point and the Check Point had a lot of similar capabilities. It also offered finer filtering on what was going to be allowed through various parts of the firewall ports. 

I'd rate the solution ten out of ten due to its reliability and ease, and the consistency of configuration.

K2-Series' best features include its scalability, which is the best on the market, and its continuous development of new technologies and features.

Palo Alto releases a lot of bug fixes for their firewalls, which means it's necessary to do frequent upgrades. They should work on decreasing their bugs so that upgrades aren't needed so often. They also don't always ensure that their upgrades are available for older firewalls.

I've been using K2-Series for two to three years.

Palo Alto's firewalls are the most stable on the market.

K2-Series is scalable.

Palo Alto offers two different types of support - partner-enabled and direct. The direct support is a bit expensive because it allows customers to open cases directly with Palo Alto techs. In contrast, the partner-enabled support goes to the ticket distributor, which can be time-consuming. In general, it can be hard to get answers from Palo Alto's support.

The initial setup of the firewall was easy and took between five and ten minutes. However, implementing DNS or IoT security or packing working features requires assistance from an integrator or professional service.

If you compare K2-Series' quality with its price, I think it is reasonable.

I would rate K2-Series nine out of ten.