Palo Alto Networks NG Firewalls Reviews

We are basically using a double protection layer in which we take care of all our DMV, VPN, tunnels, and internal network. We are basically using it for application based configuration  controlling our traffic on applications with layers four to seven. We are customers of Palo Alto and I'm an information security specialist. 

I like the training material they provide and the reporting is very good. The solution is very easy to configure, and very easy to understand and explain. Compared to firewalls offered by their competitors, I find it easier to use and more thorough. The most important thing the solution provides is, of course, the firewalling up to the application level.

There could be improvement with their logs, especially their CLI. When you go to the command line to understand the command line interface it's tricky and requires a deep understanding of the product. We recently faced one issue where the server side configuration changed and it wasn't replicated at the firewall. It required us to tweak things and now it is working fine. Finally, the HIPS and audio call features could be improved. 

I've been using this solution for two years. 

In the past two years I haven't had any issues with the stability. That applies to the hardware, software, upgrades, updates, new feeds. I haven't faced any big issue, you can say that. 

We are using their big boxes, like the 7,000 series. So it's already at that level. We're already using 120 GB, like three 40 gigs and it's working fine for us. You can scale as you wish.
We have over 10,000 people using the service through this firewall. It's working 24/7 and it's been that way for the past two and a half years. 

The initial setup is not complex. It took us 15 to 20 days because we were migrating from the other firewall. The strategy was to take the backup and simultaneously create a leg and transfer to that. The first time we deployed, we used the integrator recommended by the vendor. That worked very well. Our team worked with the integrator. We planned everything and they supervised us. 

We currently have four people helping with maintenance. They are security admins and their job is with the firewalls, like configuring and maintaining and upgrading all those things. 

Yes, we evaluated other options. Cisco was there, as was FortiGate. We were using Juniper at that time, and then Palo Alto came into picture. We carried out a comparison of pricing, support, features, etc. and then we made our choice. It was really the next generation features and application level security that were key to our decision. 

The advice I can give is that this is a good solution: Easy to deploy, easy to manage, easy to understand, reporting is very good, and it will give you the full picture up to the layer seven. Their VPN service is very good. 

The good thing is that whenever you need to train anyone on these devices, it's very easy to explain. Previous firewalls I've used, required a lot more work before you could configure. This isn't like that, it takes maybe 30 minutes and it's done. 

We protect certain applications in the data center with Palo Alto Networks NG Firewalls.

Application layer security and integration with other components that we have in our networks are valuable features.

Compared to other firewalls from Check Point, Fortinet, and Cisco, for example, Palo Alto Networks NG Firewalls use the most advanced techniques. They have sandbox integration and others in the orchestrator. Palo Alto's security features are at a higher level than those of the competitors at the moment.

It's very important that we be able to integrate all security capabilities within the firewall. This is one of the key reasons why we chose to go with Palo Alto Networks NG Firewalls.

We are heavily investing in technology that uses machine learning. Thus, it is important for us that Palo Alto Networks NG Firewalls embed machine learning in the core of the firewall to provide inline, real-time attack prevention.

Palo Alto needs to provide more support during the design phase and with proposals. They need to be more proactive, try to anticipate issues, and then help us to implement the transformation quickly.

I have been using Palo Alto Networks NG Firewalls for five years now.

We have not had any issues with stability. I have not heard from our SOC about issues with devices either.

The scalability has been good. We are the biggest bank in Italy with 100,000 employees.

Palo Alto's technical support is extremely good and responsive. The ticketing system, however, is a little bureaucratic especially when you are in a hurry or are dealing with an emergency. On a scale from one to ten, overall, I would rate technical support a nine.

Positive

The deployment was quite easy.

We have seen a return on investment in general. Our company is moving to the cloud and toward digital transformation in the financial sector. Palo Alto plays a key role in this return on investment.

My advice to you, if you're looking for the cheapest and fastest firewall, is that the cheapest firewall is not the best for security.

We use firewall solutions from multiple vendors, and from a security point of view, Palo Alto Networks NG Firewalls are one of the best in comparison. Also, you get the best value from Palo Alto with application layer security, machine learning, and integration.

Overall, I would rate Palo Alto Networks NG Firewalls a nine out of ten.

I find it valuable to attend an RSA Conference because I get the opportunity to participate in several seminars, share, and learn from other people as well.

Attending RSAC also impacts our purchasing decisions because what I see at the conference will end up in the budget the following year or the year after that.

We use the solution to protect our internal network from external threats.

Up until recently we were not using multilayer firewalls and were using several solutions that are combined in Palo Alto Networks NG Firewalls.

We are required to provide our network test results to our central bank, and Palo Alto Networks NG Firewalls offer a robust report for this purpose that would otherwise be a cumbersome human task.

The performance of Palo Alto Networks NG Firewalls is the most valuable feature.

The analytics could be improved. I would like to have a unified analysis tool within Palo Alto, as we currently use Perimeter 81 and Fortinet FortiGate, which makes the analysis process take a long time.

I have been using the solution for almost four years.

The solution is stable.

The solution is scalable. We have three people that monitor the solution and maintain it.

The initial setup is straightforward. We had to secure our parameter network. We required two engineers from a reseller and two from our organization.

The implementation was completed with the help of a partner.

The solution is worth the price, as it can be utilized without the need for high-processing CPUs and resources, thus saving us overall.

I evaluated Check Point and decided to use Palo Alto because of its performance. Palo Alto can be used with fewer CPUs. 

I give the solution a nine out of ten.

Before using Palo Alto Networks NG Firewalls you must first know what our requirements are.

We use the solution as a firewall for our network. We can manage our traffic between internal traffic and external traffic handling. The solution protects the traffic and we manage the standard firewall issues.

The solution's embedded machine learning in the core of the firewall that provides in-line real-time attack prevention is important and provides good insight for us. The machine learning actions and learning activities provide some useful information. 

The solution's machine learning for securing our networks against rapidly evolving threats is good. We utilize an IoT tool that comprehends IoT devices, such as webcams, and can therefore interpret their behavior and send information on their activity. The tool also applies appropriate firewall rules to these devices, taking into account the clearance level of each device based on its traffic.

Before implementing Palo Alto, we had to rely on a management company to handle our firewall security. However, now that we have Palo Alto, we can manage our firewall security in-house.

Palo Alto Networks NG Firewalls unified platform helped to eliminate security holes.

The zero-delay signature feature helps keep our security updated against new attacks.

Palo Alto Networks NG Firewalls provides a unified platform that natively integrates all security capabilities which is important to our organization.

Palo Alto Networks NG Firewalls' zero-delay signature feature is important, and it receives daily updates.

At times, server capacity can result in issues. While Palo Alto is a top firewall company, it's crucial to properly size the firewall to meet our needs. In the case of larger attacks, the capacity of our current firewall may not be adequate, requiring us to obtain more advanced and expensive versions to ensure network protection.

There is a tradeoff between security and network performance, as security is always top-notch, but performance can sometimes lag and has room for improvement.

The cost of the solution has room for improvement.

I have been using the solution for one year.

I give the stability an eight out of ten.

The solution is not very scalable. We need to define our requirements and purchase the correct product for our needs.

We are an enterprise company with over 3,000 people. All the network traffic goes through the solution but we have five people that work directly on the solution.

The technical support is great.

Positive

We previously used Check Point NGFW and switched to Palo Alto Networks NG Firewalls because of the stability.

I give the initial setup a five out of ten. The deployment took one month.

Implementation was completed in-house by a consultant.

Compared to other firewall solutions, this is an expensive solution.

I give the solution an eight out of ten.

We have had use cases for defending our resources against external access or authenticating particular traffic or appropriate traffic for access.

The key factor here is reliability. In my previous company, we had a different vendor's firewall before switching to Palo Alto network devices. 

Unfortunately, during that time, our security team was on vacation and had to be called back urgently due to a severe incident. This experience led us to switch to a more dependable, reliable, and robust system, which turned out to be the Palo Alto network device. 

Fortunately, the transition from our old system to the new one was relatively seamless, and we now have a reliable and robust security infrastructure.

In my opinion, Palo Alto has consistently been one of the best firewalls for enterprise security. 

We have encountered numerous instances where we have observed threats and attacks targeting our systems, and Palo Alto has proven to be highly reliable in blocking any malicious activity.

I would like to see some Machine Learning because I have observed new types of attacks that are able to bypass existing security rules. It is possible that implementing some form of continuous learning or education could be beneficial in addressing this issue.

Some way to learn what is normal it isn't, you know, something like that, I think that would be probably the most beneficial thing to me.

To say it's a set-and-forget system wouldn't be entirely accurate, but it is an incredibly stable and reliable system. Once it's set up and configured properly, you really just need to keep an eye on it for any necessary updates or new rules. In my experience, it's one of the most reliable systems available.

The original installation we were considering was for a small organization, and we had to take into account the fact that we were going to expand the endpoints to our entire user base, not just a select few like marketing.

We were assured that the system would have no issues handling the additional workload as we added more devices or upgraded the device.

The firewall solution that I have referred to the most during this conversation is one that I have implemented for small to medium-sized organizations.

I found the initial setup very straightforward.

I recall that the setup process for the device was straightforward and could be completed quickly. However, while the device did come out of the box, it wasn't as secure as it could have been, and I had to go in and tighten up the security settings. Despite that, compared to other firewalls with complex and cryptic interfaces, Palo Alto's firewall interface was relatively easy to use and comprehend.

There were certainly benefits in terms of time-saving and ease of learning for the user. The straightforward setup process and user-friendly interface of the Palo Alto network devices made it easier and quicker to implement, thus saving time. Additionally, the easy-to-use interface also helped in reducing the learning curve for users, enabling them to become proficient in using the device more rapidly.

Using Palo Alto has reduced the amount of downtime considerably.

Determining the impact of blocking threats is not straightforward because it depends on the severity of the threat. For example, if a threat only affected one server, the downtime would be minimal. However, if it caused an outage in the entire environment, the impact would be much greater. It is challenging to quantify the amount of downtime prevented by blocking threats.

Usually, when setting up a new firewall, it's common to get around 80% of the work done within a few days. However, with the Palo Alto network device, I recall that we were able to achieve 95% to 99% completion within just a couple of days. The device's user-friendly interface and straightforward configuration process made it easier to accomplish more in less time.

Technical support was helpful during the deployment process.

During the deployment process, I thought they were great. I had no complaints they were very knowledgeable, and we were able to resolve everything very quickly.

The organization has seen a return on investment with Palo Alto firewalls as we haven't experienced any significant breaches.

When when we first looked at Palo Alto, it came in as the top recommendation from a source that we trusted. We didn't actually look at other vendors at that time. 

At the time, we had the full support of our CEO and team, who recognized the urgency of the situation as our entire system was down. This rare backing from everyone helped us to quickly implement a solution.

We frequently recommend Palo Alto to others as we believe it is a highly effective solution for network security. It is one of those things where if someone does not have a Palo Alto, we advise them to consider it as a worthwhile investment.

For those seeking the cheapest or quickest solution, I would advise that while it may seem like a good idea in the short term, you will likely encounter issues that will require you to replace the solution soon after. Investing in a reliable and reputable solution like Palo Alto Networks may require a larger investment upfront, but will ultimately save you time and money in the long run.

The biggest value that I gain from being here is networking and finding out what other products are out there without having to go to, like, a search engine and wait or rely on the results of the search engine. I can literally wander around. And if something catches my eye, I can be like, well, that's really cool. Let me go get some more information about that.

It's really easy to just look at all the different vendors, looks at the various talks, looks at everything that's here, and get information tailored to what I wanna learn about.

I definitely can make recommendations on various products they get based on my experience, but I don't have a say in it directly.

I would rate Palo Alto Networks NG Firewalls a nine out of ten.

We use this solution for perimeter security and security profile purposes.  This covers anti-virus and anti-spyware, as well as cyber security vulnerabilities through URL and file blocking.

We like the fact that this product can provide multiple layers of protection depending on our clients requirements, and can be configured to whatever level of protection and the specific protocols that they want.

We also like the fact that this solution has a wide range of features covering all types of system security, not focusing on just one area. Everything is geared into a single module, which means we no longer need several different devices.

As well as the single module functionality, this solution allows us to easily see the active sessions and how many users we have connected. Complete information, on one screen.

We would like to see the external dynamic list for this solution improved. The current version does not automatically block malicious IP addresses, which would be very useful.

We have been using this solution for the last seven years.

We have experienced 100% stability with this solution.

The scalability of this solution depends on the management CPU that is being utilized. To manage high level traffic, it requires high-specification hardware to be used, or performance can be affected.

This vendor not only provides a lot of very clear documentation, but also has a community center to allow for self-diagnosis and fixes.

However, if this does not resolve the issue, the technical support team are very responsive and quick to fix any problems we take to them.

Positive

The initial setup of this solution is straightforward, particularly when migrating from a different product and using their centralized management tool. This provides a configuration file that completes the majority of the setup automatically. All traffic is then automatically diverted through this firewall

The firewall is then registered in the providers portal, which allows for updates to be applied when they are released without the need for manual intervention.

We implemented this using one member of our in-house team, and the deployment took three days to complete.

However, there was some pre-implementation work to be done registering firewall serial numbers, connecting console cables etc, but this is all straightforward.

This solution is quite expensive because along with the license there is premium partner support that has to be purchased as a default addition. 

There is also a specific Threat Prevention License that has to be requested and purchased separately. However, licenses can be purchased for specific periods as opposed to just an annual offering.

We actually tested multiple solutions, and choose this one because it gave us the most benefits in one product.

We would advise organizations who are migrating from a different provider to inquire about the centralized management console, and to understand the full costs involved up front.

Also, despite the fact that this solution provides a lot of features, there will still be areas that aren't covered as this only works on perimeter level security.

I would rate this solution a 10 out of 10.

We use the solution to protect our network environment. We use three versions: 230, 440, and 820. 

Palo Alto Networks NG Firewalls embed machine learning into the core of the firewall to provide real-time attack prevention, which is wonderful.

We check the machine learning logs to secure our networks against threats that are able to evolve more rapidly. 

I find the solution to be comfortable and easy to use. While I cannot completely authenticate my devices, I am able to distinguish between private devices and use them for authentication in some way, which is very helpful. The URL filtering feature is also helpful and I am very satisfied with the firewall delivery.

Palo Alto Networks NG Firewalls provide a unified platform that natively integrates all our security capabilities through Cortex XDR.

I give the solution's single-pass architecture for performance and security an eight out of ten.

There are many valuable features within the solution. This includes security, a user-friendly firewall, antivirus, and global protection.

Palo Alto Networks NG Firewalls' documentation, features, and user-friendliness are excellent.

The VPN has room for improvement.

I have been using the solution for two and a half years.

For the most part, the stability is good but we sometimes face problems with the VPN connections.

The solution is scalable. We have 150 people that use the solution.

We often don't have to open a ticket as the documentation provided is usually comprehensive, and we can usually resolve most issues on our own. The one time I submitted a ticket, the technical support was not able to resolve the issue.

Positive

I previously used Forcepoint Next-Generation Firewall which is cheaper than Palo Alto Networks NG Firewalls but I prefer Palo Alto because it is user-friendly and supports more devices and features. 

I was not involved in the initial setup but I did migrate the 820 to the 440 and it was straightforward. The migration took a few hours.

Palo Alto Networks NG Firewalls are expensive.

There is an additional cost for support.

I give the solution nine out of ten.

The maintenance consists of regular updates only.

Currently, we do not use Palo Alto Networks NG Firewalls across our entire network but we have plans to extend them in the future.

I recommend Palo Alto Networks NG Firewalls to others.

We use Palo Alto Networks Next-Generation Firewalls daily to create firewall rules that permit network traffic for specific applications and end users.

We use various models, including the 800, 400, and 3200 series. The specific model required depends on the size of the remote site where it will be deployed.

Embedded machine learning is crucial because hackers increasingly leverage AI to develop innovative methods of infiltrating networks. AI enables them to create more sophisticated malware and threats, intensifying the arms race between defenders and attackers. To counter this evolving threat landscape, next-generation firewalls must incorporate AI and machine learning capabilities to analyze and mitigate threats effectively.

AI and machine learning are valuable aspects.

UTM solutions like those offered by CheckPoint and Fortinet all offer a single pane of glass for managing security. Palo Alto is the same, but as a newcomer to Palo Alto, I've found its management, particularly with Panorama overseeing our hundred firewalls, challenging. Pushing changes, especially to individual firewalls, often results in failures, requiring full system updates. This inconsistency creates significant hurdles. While I suspect similar complexities exist in Cisco Firepower and potentially Fortinet, Palo Alto's implementation seems unnecessarily convoluted.

Palo Alto claims their NG Firewalls are highly customizable, but this isn't always true. We've encountered an issue where changes to a firewall cannot be reverted. Unlike Cisco Firepower or ASA, where changes are only committed after saving, Palo Alto commits changes immediately and places them in a queue. This prevents reverting changes, even accidentally made ones. For instance, today I was testing firewall rules without intending to push them, but the changes were already committed to the locally managed Panorama server. This lack of control is a significant drawback compared to vendors like Cisco or Checkpoint, where uncommitted changes are not saved.

Executives often praise Palo Alto firewalls, but these same executives rarely have hands-on experience managing them. Unlike them, I deal with the daily complexities of firewall operations. While every firewall has its shortcomings, Palo Alto is no exception. Cisco's ASA, for instance, was frustrating to manage through its ASDM interface, but the CLI configuration was reliable. Unfortunately, other vendors like Checkpoint and Fortinet heavily rely on management servers, limiting CLI options. Pushing changes can be a nightmare with any firewall, often involving unnecessary whole pushes due to errors or version mismatches. Palo Alto is no different; it's prone to bugs and challenges like any other product. Contrary to popular belief, executives who lack firsthand experience with firewall management often exaggerate Palo Alto's strengths.

Palo Alto Networks NG Firewalls have been problematic. Due to failed configuration pushes, I've encountered issues requiring Palo Alto Technical Assistance Center involvement. Based on DNS hostnames, objects are supposed to be automatically resolved by Palo Alto, but this functionality proved unreliable, necessitating a firewall upgrade and patch to correct a bug. Contrary to claims, Palo Alto has not exceeded expectations; managing as other firewall brands has been as frustrating. Each firewall platform has complexities, but I don't believe Palo Alto surpasses Check Point, Fortinet, or Cisco Firepower. While it might have advantages over Cisco Firepower, when compared to Check Point or Fortinet, Palo Alto does not offer greater performance.

I have been using Palo Alto Networks NG Firewalls for nine months.

When installing a Palo Alto Networks NG Firewall, we connect it to the network via a management interface and configure basic settings. Next, we register the firewall with Panorama, its management server, and then plan the network transition.

Palo Alto Networks NG Firewalls are overpriced. While Fortinet offers a more affordable option, Palo Alto commands premium prices due to its strong brand reputation among CISOs and security executives. Despite this, I believe Palo Alto firewalls are overhyped and underperform expectations. Many of these executives, who lack hands-on firewall management experience, base their decisions on marketing claims rather than practical knowledge. In contrast, Check Point pioneered next-generation firewalls, offering advanced features before competitors. However, its reliance on a centralized management system limited flexibility. Cisco, while improving, has also moved towards centralized management, restricting CLI access. Ultimately, I prefer the balance of features and flexibility Check Point offers.

I would rate Palo Alto Networks NG Firewalls eight out of ten.