Palo Alto Networks NG Firewalls Reviews

I am a reseller of Palo Alto Networks.

The solution is user-friendly. It's secure and easy to understand your network visibility, control the network, and prevent attacks.

The pricing could be improved. They need to work on the setup over the firewall, VLAN, and PPPoE.

It's stable.

It's scalable.

I seldom call technical support because it's easy to understand and configure the solution.

It could be less expensive.

I would rate this solution 9 out of 10.

If you want to have a secure network, use Palo Alto. 

We primarily use the solution as a datacenter firewall for 0 trust security model

From my experience, comparing it to other products, the granularity you can have in the application is very good. The application detection is excellent. It's certainly one of the best. 

The engine detector application is usually one of the best compared to any other firewall on the market, in my opinion.  With it, I can do a lot of rules based on the application. If you have multiple internet links, you can have an application export from one link, and an application wire from another link. You can have security on the application. The security, for example, can have different functionalities. Basically, the granularity of rules is amazing in Palo Alto.

They have a good reputation for their antivirus capabilities.

The solution offers a strong URL based system or detection for malicious URL or malicious files. 

They even have a machine learning algorithm. They do a lot of very advanced detection for files and URLs. 

Once you deploy the product, you can basically forget about it. It has high customer satisfaction because it's always just working.

The solution would benefit from having a dashboard.

From a normal IPS after attack, routine attack and threat detection attack, in other words, the standard IPS detection attack, I don't see Palo Alto as very good compared to others. The standard network IPS functionality could be better. It's there in solutions like McAfee or Tipping Point, however, I don't see it here in this solution.

We've been working with Palo Alto for about six years now.

From my experience, it's the best hardware compared to other NG firewalls from the perspective of performance stability. While the other firewalls lose 50 or 60% of performance when enabling all policies, Palo Alto loses 10 to 20% maximum, even with enabled IPS and fire detection and all. From our experience performance-wise, it's one of the best hardware solutions for firewalls. 

We haven't lost performance really, so I would describe it as very stable. There are not any issues.

Since the solution is hardware, there are some limitations in terms of scalability.

Usually, in hardware, you can't say it's scalable or not due to the fact that you have the limitations built-in related to the size of the box. The box has a maximum number that it can reach. You can add more hardware, however, the hardware itself is finite.

We usually do a POC first so we can get the figures for performance and we can put in a box that can support 20 or 30 people extra for future expansion.

In general technical support is very good. That said, usually, when we face an issue, we try to solve it ourselves internally before going to level one support. 

In general, we never have had a big issue with support. I don't have much experience with the support team to tell you if they're really good or not. Usually 80% of the cases we open, we talk with the distributor and finish the operation case directly with Palo Alto. It's more like a backend request and therefore I don't have much input that would be objective.

As resellers, we also work with Cisco and some Forcepoint solutions.

I like that in Cisco there's more security parts, like IPS, and a Demandware engine.

I like Cisco, in general, more than Palo Alto if I'm comparing the two. However, from an application perspective, our application's usability and detection and firewall control using an application, it's Palo Alto that's the best on the market. That's, of course, purely from a  firewall point of view. Even in terms of detection of the applications, it has the best system.

The deployment depends on the client's environment as well as how they are using it. For example, an internet NG firewall on the internet, it takes, on average, a week between installation, integration, and tuning. Usually we don't do all the policies because we are system integrator. We do the main policies and we teach the customer and then do a handover to the user for tuning and all the installation extras.

If it's a data center project, it takes more time and effort. It takes a month sometimes due to the fact that we'll be dealing with a lot of traffic. The application and server are usually harder to control than internet applications like Facebook and other standard applications, and easier on the internet. Then there's also internal applications, custom applications, migrating applications, finance education applications, etc., which are not always direct from the customer or directly known.

In short, the implementation isn't always straightforward. There can be quite a bit of complexity, depending on the company.

In general, I prefer hardware, and Palo Alto's is quite good. However, we have a couple of virtual deployments for cases as well.

I would definitely recommend the solution. It's one of the best firewalls on the market. I've worked with four different vendors in the past, and some of the most mature NG firewalls are Palo Alto's. It's their main business, so they are able to really focus on the tech. They spend a lot of time on R&D. They're always leading the way with new technologies. 

While Cisco has more main products, Palo Alto really does focus in on NG firewalls. That's why I always see them as a leader in the space.

I'd rate the solution nine out of ten.

The customers primarily use this solution for a firewall.

Some of the valuable features in this solution are traffic monitoring, GUI functionality, and it very easy to troubleshoot if there is any problem that happens.

The solution could be simplified.

I have been working with this solution for approximately three years.

I have not found any bugs, this solution is stable.

The technical support I have been using has been through email communication. When I open a support case, shortly there is a response with a solution. They are responsive and have always found solutions for the issues I have been having.

The installation is straightforward. Before I do a deployment for my customers I am able to do a simulation on my laptop.

I rate Palo Alto Networks NG Firewalls an eight out of ten.

I am using the solution for protecting the network organization from threats.

The best features of this solution are URL filtering and traffic visibility.

The areas that need to improve are network protection and user identification.

In the next release of the solution the VPN could improve because it is not as good as competitors.

I have been using this solution within the past 12 months.

This solution is stable and reliable.

We have 10 employees using this solution in my organization. We are in the beginning phases of testing and will increase usage if the test phase results are favorable.

The technical support is responsive.

The initial setup was easy.

We are on an annual license for this solution. I am happy with the price and when comparing it to other solutions it is priced competitively.

I have evaluated Sophos firewalls and I found Palo Alto solutions better because of the protection and web filters.

I would recommend this solution to others.

I rate Palo Alto Networks NG Firewalls a seven out of ten.

We use this solution to protect our network.

This solution has helped our organization by protecting the perimeter of our network from both internal and external threats.

There are plenty of features available in this solution, such as attack blocker and spam blocker. Additionally, it is very robust and in-depth.

The solution is not straightforward.

I have been using this solution for approximately eight years.

The solution is very stable.

The scalability is good. We have approximately 500 users using this solution in my company.

The initial setup was complex. The full installation, including customize to meet our requirements, took approximately one month.

We used the help from an integrator team for the implementation.

The technical support is satisfactory.

The price of the solution is on the higher side compared to competitors.

We are currently looking for a better-priced solution.

This is a very good solution but it is very expensive.

I rate Palo Alto Networks NG Firewalls a six out of ten.

We are using it for data center protection, intrasystem security, endpoints protection, load balancing, and DHCP.

The App-ID, Content-ID, User-ID, and encryption and decryption are valuable features.

They can improve the handling and management of User-ID. They should also improve its price. Their technical support can also be improved.

I have been using this solution for three years.

It is stable and reliable.

We went from 4 devices to 16 devices, and it was not a big problem. Currently, we don't have any plans to increase its usage. Our network won't grow over the next two years. It will stay as it is.

Their technical support is sometimes lousy, but sometimes, it is okay. Their technical support can be improved.

Its initial setup is not too complex for an environment like this.

Its price should be improved.

I would recommend this solution. I would rate Palo Alto Networks NG Firewalls an eight out of ten.

Our primary use case of the Palo Alto firewall is to control incoming and outgoing traffic as the firewall is deployed at the perimeter. Also we have used a VPN in that device so remote users can access the internal networks. We are partners with Palo Alto and I'm from the implementation team and work as a technology consultant. 

The GUI is very simple in Palo Alto and I like that. We rarely have any issues but when we do, the stability of the solution is very good. All the options they offer; creating objects, configuring VPN, it's all pretty simple and straightforward. The solution is continuously in use in our company. 

The support could definitely be improved. Whenever I call the tech engineers, there's a long wait time. For an additional feature, I'd like to see the segmentation in policy. Check Point has a good feature for segmenting policies that I'd like to see implemented in Palo Alto. It would make things easier for the operation team to create & identify particular policies, or to place a policy in that segment. Finally, there are limitions to the hardware in the number of objects & policy we can create is limited which is not the case with Check Point or FortiGate.

The stability is good in the Palo Alto firewall.

The Palo Alto firewall cannot increase the RAM and we can't do that either. We're unable to increase any physical boundaries of the firewall. That is one of the cons of Palo Alto. Our organization is pretty large and I am currently working on Palo Alto for three clients. I have a total of about 10 clients who are using the Palo Alto firewall. 

The initial setup is pretty straightforward. We just had to do the initial configuration of hardware, deploy our Panorama VM and integrate with hardware firewall, and it is pretty simple. It's also quite self-explanatory. 

We have five-year contracts with Palo Alto. I know the solution is on the expensive side but I'm not involved in licensing and don't have the numbers. 

I have also worked on Check Point and FortiGate, the hardware firewall. The Check Point Firewall has three-tier architecture where one security gateway & management server is there & smart dashboard is deployed on Windows. The application is required to control the Gateways. On other hand In Palo Alto, we just take GUI access of the firewall or Panorama to deploy any security policies and the architecture is very simple. As mentioned, the downside of Palo Alto is that there is a limitation to the number of objects that can be created. 

I would 100% recommend this solution and they have provided pretty good documentation on their website, so it's easy for operations as well.

I rate this solution a nine out of 10. 

We use this solution as our central firewall, but not as a perimeter firewall. For our perimeter, we use another solution. 

Our organization consists of roughly 2,000 to 3,000 employees. 

Identifying applications is very easy with this solution.

I don't like the reporting. The reports it provides are not helpful. They should include more executive summaries and other important information — they're too technical.

I have been using this solution for three years. 

The stability is excellent. 

The technical support is good, but not excellent. Their responses can be quite vague and unhelpful at times. 

We used to use Checkpoint. We stopped using it because the price was too high. 

Considering our limited amount of experience, the initial setup was easy. Deployment took one month. 

A local reseller team of roughly three to five people implemented it for us — it was a great experience. 

We evaluated Palo Alto, Checkpoint, Fortinet, and Cisco Firepower. Overall, it came down to the price — that's why we went with Palo Alto Networks NG Firewalls.

This solution is very particular; it's only suited to specific companies — it's a commercial opportunity. 

Overall, on a scale from one to ten, I would give this solution a rating of eight. 

We have two 3000 Series Firewalls placed in our primary location. We have two sites and the secondary site uses the primary site for internet access. All traffic to the secondary location goes through a VPN tunnel. I'm a network administrator. 

The value of this solution for me is the protection from a single packet and ease of making security rules. It also doesn't require a special dedicated network team, I'm able to do it myself. It's a time saver for me and now in this pandemic period, users have access from home.  

I'd like to see some changes to the licensing policies and, on the technical side, improvement in scalability. It's not so easy to scale out your security capabilities. With the situation in business today, everybody lacks money and if you have to increase your resources and to constantly pay more for that, it becomes a problem. 

I've been using this solution for 10 years. 

It's been 10 years and I don't remember any outages because of a hardware failure or a logical error in configuration. We had problems with servers or switches initially but it works like a charm now. 

Scalability is the main disadvantage of Palo Alto. They call themselves a firewall with router capabilities but it's not a router and it requires a good bandwidth in VPN which could become a problem because you have to scale to really big hardware. We can solve the issue with other solutions, but for me the idea is to have less devices in your environment.
It's all about the hardware.  

The support is quite good. A couple of months ago, I sent an email with an issue and we got an answer in 15-20 minutes. In my experience, Palo Alto support is one of the best, maybe the best support available.

We previously used Juniper which is currently called Net Screen. I also looked at Sonic Wall. We carried out a proof of concept five years ago and they had to decide whether to go with Palo Alto or another vendor. 

For me, the initial setup is very easy. To get the device running with some capabilities but maybe not all security rules takes about an hour and it's the same for any upgrades. We have around 900 users and one admin person from our organization who deals with any issues. 

Palo Alto is an expensive solution, we currently have a three year contract. I'm not sure what our terms are. People always want cheaper, nobody wants to pay more. In our region, I think if Palo Alto was cheaper, more companies would buy the solution. 

I would absolutely recommend this product, it's expensive but I trust it. There is always room for improvement such as with scalability capabilities in Palo Alto. I know I'm not the only one who thinks this is an issue. It's possible that next time we will try virtualized firewalls, it may be a little cheaper for us. We would consider switching to something else but it would be a big move and quite complicated. Moving to a different vendor is a whole other story.

I rate this solution a nine out of 10. 

We primarily use the solution as security - as a next-generation firewall.

The application control portion of the solution is its most valuable aspect.

The malware protection on offer is excellent.

The initial setup is very easy.

We found the scalability to be quite good.

The stability is excellent.

Technical support is great.

The interface is very user-friendly.

Either the application or the vendor needs to provide a more updated list of internet applications.

The price of the solution is very high.

We've been dealing with the solution for about three or so years at this point. It's been a while now.

The solution has been extremely stable. There are no bugs or glitches. It doesn't crash or freeze. It's very reliable.

We tend to work with enterprise-level organizations.

The scalability is quite good. If a company needs to scale, it can do so with ease.

We found the technical support to be quite good. They are helpful, knowledgeable, and responsive. We have no complaints. We are very satisfied with the service they provide to us.

We also work with Fortinet.

I'd likely recommend Palo Alto over Fortinet as I find Palo Alto to be more user-friendly. The performance is also very good.

We found the initial setup to be very simple and straightforward. It was not overly complex or difficult. A company shouldn't have any trouble implementing the solution.

The deployment is also very quick. It only takes about ten to 15 minutes or so.

The cost, overall, is pretty expensive.

We are a Palo Alto partner. We are a systems integrator.

I'd recommend the solution. If a company has the budget, I would suggest the product to them. If a customer has a more limited budget, however, I would highly recommend Fortinet as an option.

I'd rate the solution at an eight out of ten.