Palo Alto Networks NG Firewalls Reviews

Almost all of my deployments are regulated to each firewall perimeter or as a data center firewall. The perimeter firewalls are deployed to control the user traffic and establish IPv6 VPN connections between a company's headquarter and its branches. This solution comes with threat prevention and URL filtering licenses for perimeter deployment. For data center deployments, the solution is deployed as a second layer of protection for the network traffic, especially for VLANs. It also prevents lateral movement of network attacks.

Almost all of my deployments in the Middle East are deployed on-prem. There is no acceptance of cloud solutions, especially for government and banking rules.

Palo Alto Networks Next-Generation Firewall comes with full visibility into the network traffic. The administrator of this next-generation firewall can troubleshoot the traffic, network issues, or connectivity issues that busted through the Palo Alto Next-Generation Firewall, then detect whether the problem is from the client side or the server side. This solution helps the administrator to troubleshoot and have their network up and running all of the time.

A feature introduced by Palo Alto with the version 10-OS is embedded machine learning in the core of the firewall to provide inline, real-time attack prevention. Machine learning analyzes the network traffic and detects if there is any usual traffic coming from outside to inside. Because of Palo Alto, organizations detect around 91% of malicious attacks using machine learning. The machine learning helps customers by implementing firewalls in critical and air gap areas so there is no need to integrate with the cloud sandbox. 

I integrate Palo Alto with different Security Information and Event Management (SIEM) solutions as well as Active Directory to control the traffic based on users and integration with the email server to send notifications and look at domain recipients. I also integrate Palo Alto with Duo as a multi-factor authentication, which is easy to integrate. 

They have introduced more security components that can be integrated. We are talking about Cortex XDR and WildFire. These are natively integrated with Palo Alto Networks. These help to predict malicious attacks on the endpoint and network. WildFire is easy to deploy and integrate.

SP3 architecture helps distribute the bucket into different engines. Each engine has their own tasks: the networking engine, the management engine, and application and security. Each one of these tasks is done by a single task or dedicated CPUs and RAM for handling traffic.

I have been using this solution for about four or five years.

They have a stable solution, stable hardware, and stable software since they have released multiple OSs. If there are any issues, they release a new OS. Each month, you will see new batches with a new OS introduced to customers. You can update it easily. 

With Palo Alto Networks, you have a dedicated management plan. Therefore, if you face an issue regarding the management interface, e.g., the GUI and CLI of Palo Alto Networks, if you have any problem on that you can restart it without effects on the data streams.

The technical support team is great. We have no tickets open with Palo Alto. There are distributed tech centers worldwide that do not have Palo Alto employees, but have the capability to solve your problem in an easy way. They help you to close your gaps or pains.

I am expert with next-gen Firewalls, especially in Fortinet and Palo Alto. I am NSE 4, NSE 7, and PCSAE certified.

Palo Alto has introduced new features in their next-generation firewall, such as SD-WAN. However, the technique of SD-WAN implementation is not easy to understand. It is not easy to deploy at this moment. Maybe, in the future, they can improve the process and how the administrators, partners, or support team can easily deploy this SD-WAN solution on their next-generation firewall. The SD-WAN solution from Fortinet is easy to do. It does not take more than five or 10 minutes. When we talk about Palo Alto, it takes extra effort to implement SD-WAN.

If you are looking for a great firewall that helps you stop attacks as well as giving you visibility with the administration, this firewall is the best choice. You should not look at the price the first time. Instead, you should look into the solution's productivity and return on investment.

There are some differences in regards to the integrations between Palo Alto and other vendors. Palo Alto handles the traffic using Single Pass Parallel Processing (SP3) engines unlike other vendors, like Fortinet, who use ASIC processors to handle the traffic. The SP3 engine is a different, new architecture for next-generation firewalls. The SP3 engine curbs the traffic and makes the decision based on the buckets, then it evaluates the bucket and other features regarding routing. 

SP3 helps the customer when we talk about data sheets and the performance of the administration firewall. We introduce SP3 to show them real numbers. When we talk about Fortinet, they introduce a different performance number for networking and application throughputs. With Palo Alto Networks, the deduplication between the firewall throughput to the full inspection mode throughput is minimal. There is no big difference between the networking throughput and full inspection mode throughput.

I use DNS security from other vendors, not Palo Alto. I have tested Palo Alto with some scripts in regards to exfiltration and about 50% to 70% of exfiltration attacks could be stopped by Palo Alto. This year, Palo Alto has improved its DNS security against data exfiltration attacks. They enhanced the DNS security features with Palo Alto Networks Next-Generation Firewall by introducing a cloud solution. The solution now forwards these DNS requests to the cloud, which can analyze it using machine learning and artificial intelligence to decide if it is legitimate traffic or not.

The integration is based on the customer environment and what they need. Enterprise customers have some regulations and compliance so they need to send all their logs to the same solutions. We can integrate it using a syslog protocol over UDP. So, it is easy to integrate Palo Alto with some solutions. However, with other Palo Alto technologies or solutions, I integrate them just with WildFire. WildFire is a dedicated solution related to sandboxing and can be deployed on-prem or in the cloud.

The NSS Labs Test Report information has previously helped me to convince customers to buy Palo Alto Networks Next-Generation Firewalls. However, I am now not using the NSS Labs Test Report. Instead, I am using Gartner reports to offer customers Palo Alto Networks Next-Generation Firewalls.

Machine learning on the Palo Alto Networks Next-Generation Firewall was introduced on version 10.

I would rate this solution as nine out of 10.

We use the solution to access clients.

I like the configuration of the product. The configuration is quite simple to understand. The product is easy to manage.

The solution has a lot of features. However, there are no deep configurations available. The functionalities are limited. Other products offer more customization.

I have been using the solution for the last five years.

The product is stable.

The product is currently being used by three of our customers. We provide them with dedicated VMs.

The local support is good. The response is slow when I try to reach out to technical support on the customer portal. It might be because the tickets I raised were P3 or P4 tickets. However, I do not get proper responses for P2 tickets either. I get a good response when I call support directly.

We also use FortiGate, Check Point, Forcepoint, and SonicWall. We use the tools based on our clients’ requirements.

The initial installation was easy. It was not difficult for me because I am familiar with many products.

The solution is worth the money. However, there are other tools that provide features similar to Palo Alto but are less expensive.

The solution’s cost is a little high compared to other products.

I will recommend the tool to others. It is a fine product. If someone is looking for DLP and other features, the product might not suit them. The product has good URL filtering features. Overall, I rate the solution a seven or eight out of ten.

Our primary use case is protecting our clients from remote threats on the internet. These firewalls are very powerful and important for our business.

With single-pass architecture, there isn't a trade-off between security and network performance. The device functions well in terms of both security and network performance together.

One of the most valuable features of Palo Alto Networks NG Firewalls is application symmetries. I like this feature.

Also, the embedded machine learning in the core of the firewall means the device learns about threat types. The machine learning also enables the solution to secure networks against threats that evolve rapidly.

The solution also provides a unified platform that integrates all security capabilities, which helps prevent external attacks, and eliminates the need for multiple network security tools and the effort needed to make them work together.

I have been using Palo Alto Networks NG Firewalls for about six years.

The stability is good. It's a very stable device. That is the biggest lesson I have learned from using them.

The scalability is very good. If our customer has distributed networks, Palo Alto is a good solution.

In general, the solution is good for midsize companies, between 100 and 2,000 users.

We plan to increase our usage of Palo Alto Networks NG Firewalls in the future.

I rate the technical support highly. Palo Alto's technical team is very helpful and provides fast solutions.

We previously used Palo Alto Cortex. We switched because the NG Firewalls are very stable, flexible, and more powerful.

The initial setup is easy. The initial config takes one or two hours. After that, the time needed depends on the customer's requirements.

For mid-sized networks, the solution requires two to three people for deployment and maintenance. But in our company, we manage with one person for everything.

My responsibilities are on the technical side, but the price is expensive, especially in Turkey, where I am located. The exchange rate of the dollar against the Turkish lira is very high, making Palo Alto very expensive in our country.

Palo Alto is very expensive compared to other vendors, like Fortinet.

In addition to the standard fees, there is an extra cost for a GlobalProtect License, and that is something we generally need.

If a colleague were to say they are just looking for the cheapest and fastest firewall, I don't know what I would say if they don't have the budget. But if they have a budget, I would recommend Palo Alto because, while another solution may be cheaper, it could be more expensive in total if you consider the potential loss of business continuity and reputation.

And while I don't use the PA-400 series, I know it sells well because the higher series are very expensive, and the 200 series is very slow and less powerful. The PA-400 series is good.

Our primary use case is to provide our clients with an internet gateway. 

The best feature is the packet inspection; compared to solutions like Cisco and FortiGate, Palo Alto's packet inspection is much less CPU intensive, allowing it to detect threats embedded within packages more quickly and efficiently. 

Palo Alto Networks NGFW provides a unified platform that natively integrates all security capabilities; it's easy to integrate with other platforms, and we never faced any issues doing so.  

Using Palo Alto Networks NGFW's unified platform, our clients have eliminated multiple network security tools and the effort needed to get them to work together.

The solution doesn't support routing in virtual firewall creation, and we want that to be enabled. 

We've been involved with Palo Alto Networks since 2008 and are a reseller, so we implement the solutions for our clients.

The solution is very stable; we don't have any problems with the stability. 

The product is very scalable. Most of our customers are enterprise-sized financial institutions with over 3,000 branches. 

Palo Alto Networks doesn't directly support Pakistan but rather through distributors. Out tickets go to the distributors, which are then forwarded to Palo Alto.

Neutral

The initial setup is very straightforward; we can complete it three to four hours after activating the licenses.

The product is expensive. With one being the cheapest and ten being the most expensive, I give it an eight.

I rate the solution nine out of ten. 

Palo Alto Networks NGFW is an excellent solution; 90% of the financial institutions in Pakistan use it as their ultimate gateway. 

People are just starting to get into machine learning in Pakistan, so we're not 100% sure of its capabilities and potential. I believe machine learning becomes more efficient in a cloud environment than a hybrid one, though I have yet to research this thoroughly.

To a colleague at another company who says they want the cheapest and fastest firewall, Palo Alto Networks provides an expensive solution, but you can't compromise on security. You can buy the most inexpensive firewall, but you'll have to purchase add-ons and subscriptions to enable a complete security infrastructure in your organization. One solution for every situation that doesn't require any additional services is a better choice. 

I advise those considering the solution to understand where they want to deploy it in the organization, as a broad installation is best for internet gateways. Next, the sensitivity of the data is important; for a financial institution like a bank, I recommend Palo Alto NGFWs because of the quality of the security and machine learning.

We use it for our edge firewalls and our east-west and north-south traffic for our firewalls. We have also deployed each firewall to every site for our Layer 3 connections back to our data center.

Since we've integrated it into our east-west traffic and north-south traffic, I feel that it has reduced the number of viruses or other things in our endpoints. I wish to expand it more all the way to our endpoint computers so that we have end-to-end firewall security through Palo Alto.

It provides a unified platform that natively integrates all security capabilities. This is very important to me because I'm in IT infrastructure. I take care of the entire operations network and everything that flows north and south, east and west, and inside and out of our data center. It's very important that we have Palo Alto to protect us.

It embeds machine learning in the core of the firewall to provide inline, real-time attack prevention. When any packet comes through the network, everything is like a first pass. It goes through every single part of our network, and we don't have a delay in alerts or network security. It stops any attack on the line.

I like all the threat alerts and WildFire. I also like scanning because everything that comes into our network via customers is scanned. We're an electric company, so every one of the bills is scanned and emailed in and out of our network. 

I like the reports, but I wish the reporting was a little better. When I set up the automatic reports to come in, they're pretty basic. I would like them to be a little more advanced at the ACC monitoring and things like that. I still enjoy all the daily alerts that I get and all the daily PDFs and reports, but I just feel that it could expand upon the visualization of the reports.

I've been using this solution for seven years.

The stability is great. They're not going anywhere. They're the industry leader.

It doesn't matter whether you are small or large, Palo Alto will fit your needs.

I'm in Pacific Standard Time. During the day, I have great support, and after 5:30, I don't have great support. During my business hours, I would rate their support as a ten out of ten. I love Palo Alto's support. However, at night, when the sun changes and I go to a different area, it's not always the best at level 1. If the incident was like having a system down, the support would be better, but after hours or 5:30, I have a harder time.

We were using Cisco ASA. We switched because of its ease to use and the GUI. There is also Single Pass Architecture, which is related to the way a packet flows through our network. It doesn't have to go through one area into another area. It's all at one, and it just separates. It gives me the best visibility of our network and firewalls.

It has decreased the time of technicians in researching the vulnerabilities. We also do web filtering, so that helps. Web filtering has changed things because we used to use Websense, and it's night and day.

It's very expensive. However, we usually use all of the subscriptions and threat alerts on any firewall that uses the internet. For each edge security endpoint, we use all subscriptions. Otherwise, we just utilize the threat alert, the antivirus, WildFire, etc.

Palo Alto is the best firewall company. Whether you're a small company or a large company, it will fit your needs.

By attending this RSA Conference, I was hoping to find new security solutions. However, I seem to like my existing Palo Alto security solutions. In terms of the impact of the RSA Conference on our organization’s cybersecurity purchases, it depends on what we're looking for at the time of attending an RSA Conference. Right now, we're looking for something that I didn't really see here. We're looking for security, but this means we need a security operations center (SOC), whereas we're small. We just don't have that type of network. This is almost too much. However, that's why we have Palo Alto Networks.

I would rate it a nine out of ten. It's not perfect, but it's pretty good. Palo Alto is the best firewall security network that I could possibly purchase.

We're partners. Essentially, we take all the Palo Alto firewall policy information and all the device information, and we put it on a single pane of glass for them.

It provides a unified platform that natively integrates all security capabilities. This communication between security devices or security platforms is pretty important.

It helps to reduce downtime in our organization, but I don't have the metrics.

Their Prisma log collection is pretty great. Our product collects the logs, and it definitely makes the configuration of log collection easier.

Everything has been great. More machine learning would be something great to see, but I don't know if it's a priority for Palo Alto.

We're partners with Palo Alto. We've been partnering with them for about ten years for their firewalls.

It's pretty stable.

It's pretty scalable. Palo Alto does a great job across the board from small businesses to large enterprise solutions.

I have not had direct communication with their support.

We've worked with different firewall solutions such as Check Point, Cisco, ACI, and Fortinet, but Palo Alto is definitely among the ones that I like to work with.

Overall, it provides a wide range of features for securing an environment.

You get what you pay for.

The RSA Conference is great. You get to see a wide range of products all in one place. In terms of security, this is the place to be. It has been a great experience.

I believe attending the RSA Conference has an impact on our organization’s cybersecurity purchases made throughout the year afterward. It gives us a good forecast as to where the industry is going and what's to come so that we can be better prepared to partner with all different vendors.

To a colleague at another company who says, “We are just looking for the cheapest and fastest firewall,” I would say that Palo Alto is definitely not the cheapest. It's one of those things where you prefer quality.

Overall, I'd rate this solution a nine out of ten.

We have clients in the government and supermarkets, for example, who use this firewall for integration with EDR, NDR, CN, and IPS.

Palo Alto Networks NG Firewalls' IPS is more complete and is very good. This is a user-friendly solution that is easy to install, and it provides the best protection.

It's very important that Palo Alto Networks NG Firewalls embed machine learning in the core of the firewall to provide inline, real-time attack prevention because all components are moving laterally these days. We need tools that follow the zero-trust model.

These firewalls have helped reduce downtime in our organization as well.

Palo Alto needs to improve their training. They do not invest in their partners. I have been a partner for seven years, and it is very expensive for me to certify my engineers.

I've been working with these firewalls for almost seven years.

The firewalls are very stable.

Palo Alto's scalability is not as good as that of Check Point. With Check Point, I can integrate the firewall with other products.

We do not have technical support in Brazil, so I would rate it a two out of ten. However, Palo Alto's technical support in the US is good, and I would give them a rating of eight out of ten. 

Neutral

I have worked with Check Point, but it's very difficult to configure. Palo Alto is much easier to configure, and the dashboard is very user-friendly as well.

Because I have worked with Palo Alto for seven years, the initial setup is very easy for me. However, new engineers may find the configuration difficult.

Palo Alto Networks NG Firewalls are very expensive compared to other firewalls such as Fortinet. As a result, Palo Alto is losing some of its market share. 

I would rate Palo Alto Networks NG Firewalls an eight out of ten because it's a good product.

I like attending RSA conferences because it gives me the opportunity to see what competitors are doing and what is new on the market.

Attending RSAC does have an impact on our cyber security purchases, but I would like to see manufacturers offer more training, certifications, labs, and demos at RSAC. 

We use Palo Alto as our perimeter firewall. We also use the GlobalProtect VPN solution.

It gives visibility into different threats. There is a wide range of threats that can be identified.

We collect logs from Palo Alto into our Rapid7 SIEM solution. It's pretty well integrated. This integration is important because we don't necessarily want a solution from the same vendor. I know Palo Alto has Cortex for collection. Being open to other vendors in order to ingest the data or logs is a great thing.

Palo Alto has embedded machine learning in the core of the firewall to provide inline, real-time attack prevention, which is important because AI is the future. All cybersecurity companies are going to start using it. It's definitely a good thing. We just need to make sure that there's still the human component because AI can still fail.

Palo Alto has a wide range of different appliances or virtual machines. It can be installed anywhere from a small branch to a data center. It helps to secure small businesses to large enterprises.

The most valuable feature is advanced URL filtering. Its prevention capabilities and DNS security are also valuable. It pinpoints any suspicious activities and also prevents the users from doing certain things. For example, DNS security prevents users from reaching certain websites, so it's really interesting.

Palo Alto should improve their support. It's sometimes difficult to get the right technician or engineer to fix the problem as soon as possible.

We have been using Palo Alto for at least five years. 

They're pretty robust. They also have Unit 42, which is their threat intelligence team. They make you feel safer because they can identify the threats and then implement protection from those into their firewall.

Scalability is pretty good on the virtual side. Because the virtual environment licensing model is based on credit, if you don't wanna use UI protection tomorrow, you can get rid of it and use those credits for another product or another license.

Because of the pandemic, there's a lot of turnover and the quality of the support technicians is not great. I hope they will improve. I would rate their support a seven out of ten.

Neutral

I didn't use any other solution previously.

It was straightforward. They have great documentation. We use Palo Alto in the Azure environment, and their Azure documentation is one of the best documentation I've ever seen. It's very detailed. It can be confusing sometimes because there's a lot of information, but it's definitely good. They're good at documenting, and their knowledge base is really interesting for troubleshooting. There's a lot of useful information.

We deployed it ourselves. We didn't use any company to deploy it.

It's hard to tell. It's preventing attacks, but I don't have any specific case where I can say whether a particular attack would not have been blocked by another vendor.

It can be quite expensive, but there's a good incentive for the three-year contracts. The part that is especially confusing is for the virtual environment. The credits or the licensing system can be very confusing.

We didn't evaluate any other options.

As a result of my experience with Palo Alto NGFW, to a colleague at another company who says, “We are just looking for the cheapest and fastest firewall,” I would say that the cheapest and fastest means there is a potential risk of breach. Even though Palo Alto is quite expensive, it definitely makes you feel secure. The configuration of the appliances or virtual machines is pretty straightforward, so you don't need to be highly trained in order to be the administrator of the platform.

It's important to attend an RSA Conference even if you're already a customer. That's because you might not be necessarily aware of the new products, so going to an RSA Conference can help you identify new solutions that may be valuable for your company. 

Attending an RSA Conference will have an impact on our organization’s cybersecurity purchases made throughout the year afterward. There are a lot of different vendors that I've found, and I will probably get in touch soon.

Overall, I would rate this solution a nine out of ten.