Palo Alto Networks NG Firewalls Reviews

We have clients in the government and supermarkets, for example, who use this firewall for integration with EDR, NDR, CN, and IPS.

Palo Alto Networks NG Firewalls' IPS is more complete and is very good. This is a user-friendly solution that is easy to install, and it provides the best protection.

It's very important that Palo Alto Networks NG Firewalls embed machine learning in the core of the firewall to provide inline, real-time attack prevention because all components are moving laterally these days. We need tools that follow the zero-trust model.

These firewalls have helped reduce downtime in our organization as well.

Palo Alto needs to improve their training. They do not invest in their partners. I have been a partner for seven years, and it is very expensive for me to certify my engineers.

I've been working with these firewalls for almost seven years.

The firewalls are very stable.

Palo Alto's scalability is not as good as that of Check Point. With Check Point, I can integrate the firewall with other products.

We do not have technical support in Brazil, so I would rate it a two out of ten. However, Palo Alto's technical support in the US is good, and I would give them a rating of eight out of ten. 

Neutral

I have worked with Check Point, but it's very difficult to configure. Palo Alto is much easier to configure, and the dashboard is very user-friendly as well.

Because I have worked with Palo Alto for seven years, the initial setup is very easy for me. However, new engineers may find the configuration difficult.

Palo Alto Networks NG Firewalls are very expensive compared to other firewalls such as Fortinet. As a result, Palo Alto is losing some of its market share. 

I would rate Palo Alto Networks NG Firewalls an eight out of ten because it's a good product.

I like attending RSA conferences because it gives me the opportunity to see what competitors are doing and what is new on the market.

Attending RSAC does have an impact on our cyber security purchases, but I would like to see manufacturers offer more training, certifications, labs, and demos at RSAC. 

We use Palo Alto as our perimeter firewall. We also use the GlobalProtect VPN solution.

It gives visibility into different threats. There is a wide range of threats that can be identified.

We collect logs from Palo Alto into our Rapid7 SIEM solution. It's pretty well integrated. This integration is important because we don't necessarily want a solution from the same vendor. I know Palo Alto has Cortex for collection. Being open to other vendors in order to ingest the data or logs is a great thing.

Palo Alto has embedded machine learning in the core of the firewall to provide inline, real-time attack prevention, which is important because AI is the future. All cybersecurity companies are going to start using it. It's definitely a good thing. We just need to make sure that there's still the human component because AI can still fail.

Palo Alto has a wide range of different appliances or virtual machines. It can be installed anywhere from a small branch to a data center. It helps to secure small businesses to large enterprises.

The most valuable feature is advanced URL filtering. Its prevention capabilities and DNS security are also valuable. It pinpoints any suspicious activities and also prevents the users from doing certain things. For example, DNS security prevents users from reaching certain websites, so it's really interesting.

Palo Alto should improve their support. It's sometimes difficult to get the right technician or engineer to fix the problem as soon as possible.

We have been using Palo Alto for at least five years. 

They're pretty robust. They also have Unit 42, which is their threat intelligence team. They make you feel safer because they can identify the threats and then implement protection from those into their firewall.

Scalability is pretty good on the virtual side. Because the virtual environment licensing model is based on credit, if you don't wanna use UI protection tomorrow, you can get rid of it and use those credits for another product or another license.

Because of the pandemic, there's a lot of turnover and the quality of the support technicians is not great. I hope they will improve. I would rate their support a seven out of ten.

Neutral

I didn't use any other solution previously.

It was straightforward. They have great documentation. We use Palo Alto in the Azure environment, and their Azure documentation is one of the best documentation I've ever seen. It's very detailed. It can be confusing sometimes because there's a lot of information, but it's definitely good. They're good at documenting, and their knowledge base is really interesting for troubleshooting. There's a lot of useful information.

We deployed it ourselves. We didn't use any company to deploy it.

It's hard to tell. It's preventing attacks, but I don't have any specific case where I can say whether a particular attack would not have been blocked by another vendor.

It can be quite expensive, but there's a good incentive for the three-year contracts. The part that is especially confusing is for the virtual environment. The credits or the licensing system can be very confusing.

We didn't evaluate any other options.

As a result of my experience with Palo Alto NGFW, to a colleague at another company who says, “We are just looking for the cheapest and fastest firewall,” I would say that the cheapest and fastest means there is a potential risk of breach. Even though Palo Alto is quite expensive, it definitely makes you feel secure. The configuration of the appliances or virtual machines is pretty straightforward, so you don't need to be highly trained in order to be the administrator of the platform.

It's important to attend an RSA Conference even if you're already a customer. That's because you might not be necessarily aware of the new products, so going to an RSA Conference can help you identify new solutions that may be valuable for your company. 

Attending an RSA Conference will have an impact on our organization’s cybersecurity purchases made throughout the year afterward. There are a lot of different vendors that I've found, and I will probably get in touch soon.

Overall, I would rate this solution a nine out of ten.

Our use cases include combining multiple next-gen firewalls and bringing them into the Panorama centralized platform.

In general, it's one of the better firewall brands out there. It definitely has the investment and the dedication of the Palo Alto team to constantly improve their product and move forward. They're not a static company, like some of the other companies out there, and that's why I like them.

From a firewall perspective, there is a unified platform that natively integrates all security capabilities, which is good because there is a single pane of glass. I don't have to go to every single firewall to look at certain things. I don't have to go to every single firewall to deploy rules. I can use Panorama to deploy the rules, so it's a one-stop job type of thing.

For securing data centers consistently across all workplaces, all next-gen firewalls pipe into the same Panorama centralized management solution. We can manage everything from a single pane of glass, deploy all that out, and make sure it goes through each firewall and updates correctly. That's huge. If you had to do it manually and you had thirty locations, that'd be like a day's job versus thirty minutes.

Having a centralized platform where they all feed into the Panorama solution significantly drops firewall-by-firewall management. We can use the Panorama solution to communicate with all of them.

I like the navigation of the general Panorama solution. I can easily navigate around and get to the thing I need. I'm not wasting time trying to find something.

Personally, I feel that their dashboards for reporting and things like that need some improvement.

We've been using Palo Alto for one to two years.

It has been very stable so far.

So far, it has been scalable enough to hit multiple divisions.

I have not personally contacted their support. That just dictates that they have a good product.

Positive

We also use Cisco firewalls.

I am not directly involved in its deployment, but I do help manage it. To my knowledge, the deployment was straightforward. It was easy to connect them into the Panorama platform.

There was a consultant. They knew their stuff.

There is typically no return on investment for firewalls because it's an IT cost, and we don't make money because we don't resell them.

It's pretty good.

We evaluated Fortinet and Check Point.

The value I receive from attending an RSA Conference is huge because I visit all my vendor partners to understand their roadmaps for the future. Attending an RSA Conference has had an impact on our organization’s cybersecurity purchases made throughout the year afterward because it brings out new features and subsets of the vendor partners. Also, if there is a deficiency in any of the current ones we currently use, we'll go engage other providers in order to find out if they can reach that gap or not, and then it'll dictate future proof of concepts and decisions.

Palo Alto embeds machine learning in the core of the firewall to provide inline, real-time attack prevention, but I personally haven't experienced that. It's a good thing that there hasn't been an attack where that became useful, but that's great to know.

As a result of our experience with Palo Alto NGFW, to a colleague at another company who says, “We are just looking for the cheapest and fastest Firewall,” I would say, "Go with Palo Alto."

Overall, I would rate Palo Alto NGFW an eight out of ten.

We chose Palo Alto Networks NG Firewalls to replace our outdated firewalls.

The overall security of the organization has been improved.

The most valuable aspect of this solution is pre-sales and post-sales because of the support and relationship building.

Palo Alto Networks NG Firewalls provide a unified platform that natively integrates all security capabilities. 

The integration of all security capabilities in Palo Alto NG Firewalls provides a unified platform, which is crucial as it reduces complexity.

Having machine learning embedded in the core of the solution for in-line, real-time attack prevention is of great importance to us, it is a top priority. 

This is significant because it enables automation, reducing the number of man-hours needed.

When evaluating the ability of Palo Alto Networks NG Firewalls to secure data centers consistently across all workplaces, I would give it a rating of eight out of ten.

By using Palo Alto Networks NG Firewalls, we have been able to decrease our downtime by several hours per month.

The solution could be more cost-effective.

I have been using Palo Alto Networks NG Firewalls for two years.

Palo Alto Networks NG Firewalls is a very stable solution.

Palo Alto Networks NG Firewalls are easily scalable.

We previously used Barracuda Networks.

We switched to Palo Alto Networks NG Firewalls after having a bad experience with our previous vendor for firewall solutions.

Palo Alto is more forward-thinking when compared to Barracuda.

I was involved in the initial setup. It was complex in multiple ways.

The solution itself is not a simple solution.

An integrator assisted us with the deployment.

They were helpful and knowledgeable.

I have experienced a return on investment with Palo Alto Networks NG Firewalls. One benefit is that there are fewer man-hours required for deployment and maintenance.

That solution's pricing and/or licensing are very convoluted.

Based on my experience with Palo Alto Networks NG Firewalls, if a colleague at another company said they were only looking for the cheapest and fastest firewall, I would not recommend Palo Alto.

I would rate Palo Alto Networks NG Firewalls a nine out of ten.

Attending an RSA conference provides high value and helps us to see the impact of our organization's cybersecurity purchases annually.

I use NG Firewalls for perimeter defense. 

We've seen better throughput compared to our previous firewall. End-users are happier with their connections through Palo Alto. 

Palo Alto offers better Layer 7 protection than competing solutions by Cisco and Fortinet. I also like the VPN client more. The interface is simple, so administrators can deploy and configure it much faster than other firewalls. The interoperability with other vendors is excellent. We can connect Palo Alto firewalls to all our other solutions. 

I would like to see more artificial intelligence. However, that is going beyond firewalls to products like Prisma. Palo Alto has those features in an entirely different ecosystem. It isn't a problem. Machine learning is valuable, but I rely more on threat intel. 

I have been using Palo Alto's solutions since 2014.

I rate Palo Alto NG Firewalls a nine out of ten for stability. We have had zero downtime except for scheduled maintenance. The firewalls are in a cluster that never goes down.

The scalability is excellent because you can always purchase a bigger firewall as you grow. 

I rate Palo Alto's support a seven out of ten. It is good overall but worse in some regions. The first level of support will usually do nothing for you. If you're an IT company, you're not looking for level-one support. You need to escalate. Other vendors have a direct support line for enterprise clients, but not Palo Alto.

Neutral

Palo Alto has a better interface and integration with other solutions than competing vendors. The only drawback is the price. Go with FortiGate if you're looking for a firewall that is cheap and decent. If you can't afford Palo Alto, FortiGate is the next cheapest. 

We can deploy Palo Alto firewalls faster and easier than most other solutions. We assess the traffic, buy the appropriate size, and implement it. 

Palo Alto firewalls are expensive, but they're worth what we pay. 

I rate Palo Alto NG Firewalls a nine out of ten. Technical support has some room for improvement, and there are several minor issues that aren't worth mentioning. 

We used the solution as an edge or internet firewall where we were running IPS/IDS and doing filtering on it, apart from the other security features. We are still using it for our users' VPN activity and to manage site-to-site VPN tunnels with other clouds, like AWS and Azure, so that there is connectivity back and forth between those cloud providers and our on-prem data center.

The features I like are the debugging and troubleshooting through package capture. It's easy to capture from the CLI and it's also easy to get logs from the CLI.

It's very important that Palo Alto NG Firewalls embed machine learning into the core of the firewall to provide inline, real-time attack prevention. That increases our security posture. It gives us real-time anti-cyber activity and enables us to look at it. The firewall is able to capture it and flag it and it is easy to mitigate as soon as we see something like that happening, to secure the environment more, in real time.

These firewalls have the zero-delay signatures feature, which is really important because you don't want to be lagging behind with any kind of security updates. It doesn't affect our security a lot, but without it, we could be compromised a little bit. If updates are delayed by a couple of hours, there's an opportunity for the bad actors to execute something in that time frame. It gives us a little bit more security, but it's not like it's a high-severity situation.

Overall, they're doing great with the features. They're improving them day by day and year by year, which is really good. They're making new products that are compact inside, which is also really good. Instead of a full rack, they have tiny devices that have the same or even better performance compared to the bigger ones. They are doing well in improving the units, features, and security.

I've been using Palo Alto Networks NG Firewalls for eight years.

They're very reliable and stable. Compared to some of the competitors, they're more reliable.

The scalability is also good. They provide good options for scaling. The only thing that I would think about is that, in the newer firewalls, they have increased the performance but decreased the number of concurrent VPN connections or users. The new, compact devices have better performance, but they have reduced the number of users that can connect. Maybe that's a marketing strategy to sell higher-end models.

In my organization, everybody is using the Palo Alto firewalls because they're connected to the VPN, but the management and operations aspects are limited to the folks in IT.

These firewalls used to bring a lot of value to us, but in my practical experience, in the last three years at least, they have been lagging behind their competitors. The main issue is the support that we can get.

For example, in the past, if something happened, we could just give them a call and open a ticket, and we would have technical support right away to help us. Whether it was a severity-one, critical incident, where we had no connectivity, or just a minor or medium-severity issue, we used to get support right away. But in the last three years, it has been really hard to get hold of an engineer. I have reached out a couple of times to give them a heads-up, "This is a ticket I opened three days ago. I'm trying to get a hold of anybody."

It's okay that they force us to open a ticket on the portal, but after opening a ticket, it's really hard to get support when you need it. You have to wait for them to get back to you and sometimes it's random. And the biggest problem I have is that you have to wait hours on the line when you're calling them to get a hold of the next available engineer.

They should make it easier to get in touch with their TAC. This is what they have called transforming the customer experience, but I believe it's getting worse. That's the only thing they have to improve. When you do get someone, the support from their end stands out, it's a nine out of 10. But getting a hold of an engineer is a two out of 10.

Neutral

The initial setup is very straightforward. You need to connect through the portal manager and to the IP that you want to access remotely. And pushing the configuration from other devices is very easy. They provide tools so that you can get the configuration from competitors' devices and convert that into the Palo Alto version. It's very easy to configure initially and to manage as well.

On the maintenance side, it's really good. We don't have to put a lot of effort into that.

The security and performance of the PA-400 series of Palo Alto NGFWs, versus its price, is really good. It's very inexpensive and has good performance compared to the previous higher-end 3000 models.

Palo Alto provides Panorama where you can manage a bunch of firewalls from a single pane of glass or just one device. It allows you to manage all of the firewalls in one, integrated location. You don't have to make a chain of 50 different firewalls. It will push what you need to be changed to all the other firewalls. We used to use it, but we got rid of it because we replaced all our Palo Altos with competitors' firewalls and we don't use Palo Alto anymore, other than for VPN. We have six firewalls in our organization right now, although we used to have 35 to 40. Because we no longer have a lot of firewalls, we got rid of Panorama. We don't want to pay for it to just manage six firewalls where we are not making any changes frequently. If we had 35 or 40 still, I would definitely recommend having Panorama.

Panorama is for managing the rules. It saves time on configuration, but it doesn't affect your security posture. Whether you're managing each firewall or using Panorama, it's exactly the same thing. But it helps you to execute changes in a very short period of time. It's a way of pushing the config to all your devices.

We use this solution for perimeter security and security profile purposes.  This covers anti-virus and anti-spyware, as well as cyber security vulnerabilities through URL and file blocking.

We like the fact that this product can provide multiple layers of protection depending on our clients requirements, and can be configured to whatever level of protection and the specific protocols that they want.

We also like the fact that this solution has a wide range of features covering all types of system security, not focusing on just one area. Everything is geared into a single module, which means we no longer need several different devices.

As well as the single module functionality, this solution allows us to easily see the active sessions and how many users we have connected. Complete information, on one screen.

We would like to see the external dynamic list for this solution improved. The current version does not automatically block malicious IP addresses, which would be very useful.

We have been using this solution for the last seven years.

We have experienced 100% stability with this solution.

The scalability of this solution depends on the management CPU that is being utilized. To manage high level traffic, it requires high-specification hardware to be used, or performance can be affected.

This vendor not only provides a lot of very clear documentation, but also has a community center to allow for self-diagnosis and fixes.

However, if this does not resolve the issue, the technical support team are very responsive and quick to fix any problems we take to them.

Positive

The initial setup of this solution is straightforward, particularly when migrating from a different product and using their centralized management tool. This provides a configuration file that completes the majority of the setup automatically. All traffic is then automatically diverted through this firewall

The firewall is then registered in the providers portal, which allows for updates to be applied when they are released without the need for manual intervention.

We implemented this using one member of our in-house team, and the deployment took three days to complete.

However, there was some pre-implementation work to be done registering firewall serial numbers, connecting console cables etc, but this is all straightforward.

This solution is quite expensive because along with the license there is premium partner support that has to be purchased as a default addition. 

There is also a specific Threat Prevention License that has to be requested and purchased separately. However, licenses can be purchased for specific periods as opposed to just an annual offering.

We actually tested multiple solutions, and choose this one because it gave us the most benefits in one product.

We would advise organizations who are migrating from a different provider to inquire about the centralized management console, and to understand the full costs involved up front.

Also, despite the fact that this solution provides a lot of features, there will still be areas that aren't covered as this only works on perimeter level security.

I would rate this solution a 10 out of 10.

I design networks for our customers; I always use a high-speed packet filter upfront because I work for a Juniper partner company. This is usually a Juniper SRX series firewall and it does most of the easy work. Behind that, I add a more intelligent firewall, Palo Alto NGFW. We are partnered with Palo Alto, but that's not the main reason we use their solution. I worked with Check Point products for four years, and the Palo Alto alternative seriously impressed me. Here in Hungary, Palo Alto is considered the de facto intelligent firewall, for good reason.

I work for an integrator and support company, and I support our customer's security platforms; we have many customers with Palo Alto Networks NG Firewalls.

The firewalls improved our organization. Creating firewall rules is much simpler. The solution is so straightforward that customers can configure it themselves, and they rarely call us for that, which is great for us as a support company. It makes our job much easier as Palo Alto NGFWs don't require a security specialist to configure; it can be done by systems engineers or IT support staff. 

All the features are valuable, but my main one is the straightforward and well-designed GUI. I'm over 50 and have been in this business since the internet started. I'm not a GUI guy; I prefer using the command line. The product's GUI is excellent, and so is the threat intelligence. It's also straightforward to configure and flexible. The solution even has good networking, such as VLAN and subinterfaces, which is great because, in my experience, if the firewall is good, then the router usually isn't and vice-versa, but Palo Alto has both.

We use the on-premises solution, and it's very impressive; both flexible and intelligent. The machine learning functionality is excellent, and I love the product as a support guy because it makes my job much easier. I have very little troubleshooting, and our customers haven't had a single security incident since implementing Palo Alto. I'm deeply impressed with this solution.

The machine learning against evolving threats works well. The best thing I can say is that none of our customers have had any security issues; I can't find any problems with the solution.

The support is outstanding; we are always alerted about potential issues such as bugs in advance, so we have time to adapt and prepare. Palo Alto has grown more effective; most importantly, there haven't been any security issues. I would give the product a 10 out of 10 for flexibility and at least a seven for security. I can't say precisely what security threats our customers face, but nothing has gotten through.

The solution provides a unified platform, which is essential because there is a significant shortage of experienced IT specialists in Hungary and elsewhere. Their effectiveness is amplified by the quality and straightforward nature of the solution, and the result is more robust security.

I don't have a direct view of our customer's security threats as it is privileged information, but I can say that there have been no security breaches. I would say the solution does eliminate security holes. 

Our Palo Alto firewalls have the zero-delay signature feature implemented, and it works fine. There haven't been any issues with us or any of our customers. This feature makes the whole security system more efficient. 

The network performance is top-notch; I would give it a 10 out of 10. Intelligent firewalls tend to be slower, but this solution is fast. Previously, I used a simple packet filter or zone-based packet filter in conjunction with an intelligent firewall, but Palo Alto is fast and secure enough for standalone use. I've been familiar with the solution's architecture from the beginning, and it's a very nice platform.

I recommend this solution to any engineer; technically speaking, it's the best product on the market. I know it isn't the cheapest, and decisions are often made on a financial level, but Palo Alto in Hungary always gives us a good deal. 

The solution's VPN, called GlobalProtect, could be improved as I've had a few issues with that. 

It can be challenging to migrate configurations between Palo Alto firewalls or restart with a backup configuration using the CLI. That could be improved. I think I'm one of the only people still using the CLI over the GUI, so that's just a personal issue.

I have been working with the solution for four years.

The solution is incredibly stable.

We work with hardware platforms, and they are usually slightly over designed to be on the safe side. The virtual firewall is highly customizable, but I have experience with the hardware platforms, and there is an upper limit on those, but I haven't had any scaling issues thus far.

In Hungary, where I live, the population is 10 million, similar to London. When I say we have 1000 end-users, it may seem like a small number, but that's relatively high for Hungary. Other vendors also supply the solution here, so 1000 is just our customers.

I mostly do deployments and maintenance alone. There are three systems engineers at our company.

The customer service and support are good. I have full support when I have a problem, and they can even do remote assistance. We had a big power failure, and the firewall didn't restart; they provided a hardware expert over the phone to solve the problem. They are very impressive. I would say Juniper offers the best support, but Palo Alto is almost as good, if not just as good for me.

Positive

I have been in this business from the beginning, so I used most firewall solutions. I focused on Cisco for 15 years, but that changed due to license-based selling in a very price-sensitive market. Cisco is not as viable an option as it used to be as customers consider it too expensive. I also used a Check Point solution, which was regarded as the go-to intelligent firewall five years ago, but now Palo Alto has taken that top spot. 

We are partners with several providers, including Juniper, Palo Alto, and a few others, but I always go with Palo Alto because it's a straightforward solution with easy installation.

The setup is easy; it's straightforward for anyone with basic networking and security knowledge. It's comparable to setting up a firewall at home, which is very impressive. It's still easy with very complex network setups, only the VPN concentrator, GlobalProtect, is more challenging, as it requires two-factor authentication, but it's still straightforward.

Initial setup time depends on the specific implementation, but we can do a new deployment in one or two days. It is more complicated when migrating from other platforms because the customer expects the same logic and features in the new platform. Palo Alto has an excellent marketing strategy, so their customers know their product uses a unique logic. This helps keep the implementation straightforward and shorter compared to other solutions. 

My implementation strategy begins with a plan for the customer's network based on their needs. Then I set up all the networking parameters and configure the solution in my lab device, so I can export it and import it on-site. Every setup begins in our lab, as it's more impressive to go to the customer and import the configuration right away. 

I don't know about the price of the platform or the license fees, as the finance department deals with that. I only bill for the materials involved in the design.

I don't know about the price. When there's a new project, I go to the meeting, but after a point, all the engineers leave when it comes to money because it's not our business. I know Palo Alto offers good discounts for the partners, and the solutions are good. They offer free trials and win many customers because it allows them to test products and see how well they perform.

The only thing I can say is it's a top technology. 

I would rate this solution a nine out of ten.

Cloud-based solutions are very unpopular in Eastern Europe, only private clouds are used, but on-premises is the favored deployment method. We use cloud solutions at home and for small companies or companies with particular use cases. I implemented the solution for a customer, and my first task was to disable all cloud-related features. It's exceedingly difficult to find a financial or government institution using a cloud-based platform; this market segment tends to have a more conservative mentality.

I don't use the solution personally, but I'm the first-level troubleshooter. If I can't solve a problem, I open a ticket to Palo Alto's customer support.

I have clients who used separate firewalls and VPN concentrators, but after switching to this solution, they now use the Palo Alto firewall and its VPN, GlobalProtect. I don't think it's the best VPN concentrator, it's an excellent firewall, but the weak point is the VPN.

I advise reading the documentation before configuring, which goes for any platform.