Palo Alto Networks NG Firewalls Reviews

We have clients in the government and supermarkets, for example, who use this firewall for integration with EDR, NDR, CN, and IPS.

Palo Alto Networks NG Firewalls' IPS is more complete and is very good. This is a user-friendly solution that is easy to install, and it provides the best protection.

It's very important that Palo Alto Networks NG Firewalls embed machine learning in the core of the firewall to provide inline, real-time attack prevention because all components are moving laterally these days. We need tools that follow the zero-trust model.

These firewalls have helped reduce downtime in our organization as well.

Palo Alto needs to improve their training. They do not invest in their partners. I have been a partner for seven years, and it is very expensive for me to certify my engineers.

I've been working with these firewalls for almost seven years.

The firewalls are very stable.

Palo Alto's scalability is not as good as that of Check Point. With Check Point, I can integrate the firewall with other products.

We do not have technical support in Brazil, so I would rate it a two out of ten. However, Palo Alto's technical support in the US is good, and I would give them a rating of eight out of ten. 

Neutral

I have worked with Check Point, but it's very difficult to configure. Palo Alto is much easier to configure, and the dashboard is very user-friendly as well.

Because I have worked with Palo Alto for seven years, the initial setup is very easy for me. However, new engineers may find the configuration difficult.

Palo Alto Networks NG Firewalls are very expensive compared to other firewalls such as Fortinet. As a result, Palo Alto is losing some of its market share. 

I would rate Palo Alto Networks NG Firewalls an eight out of ten because it's a good product.

I like attending RSA conferences because it gives me the opportunity to see what competitors are doing and what is new on the market.

Attending RSAC does have an impact on our cyber security purchases, but I would like to see manufacturers offer more training, certifications, labs, and demos at RSAC. 

We have had a couple of big projects with government companies here in Ukraine. One of those projects involved three data centers with a lot of security and network requirements, and we implemented Palo Alto as part of this project.

The use case was to build the new data centers with a firewall that would not only work on the perimeter but also for internal traffic. We deployed eight PA-5200 Series firewalls and integrated them with VMware NSX, and they're working together.

One of the points that helped us win the tender is that Palo Alto NG Firewalls embed machine learning in the core of the firewall to provide inline, real-time attack prevention. The customer's security team was asking for this feature from the firewalls because machine learning makes things much easier than manually sitting there with some kind of SIEM and searching for all kinds of attacks and critical issues. The machine learning is really helpful because it's doing the work automatically.

We had a small project with the PA-800 Series appliance where we implemented DNS Security. DNS Security is a good feature because, in the real world with web threats, you can block all web threats and bad sites. DNS Security helps to prevent those threats. It's also very helpful with Zero-day attacks because DNS Security blocks all DNS requests before any antivirus would know that such requests contain a virus or a threat to your PC or your network.

In general, Palo Alto NG Firewalls are 

• easy to manage
• good, reliable appliances
• easy to configure.
  

They also have a good balance between security and traffic. They have good hardware and, for management, they have their own data plane. If traffic is really overloading the data plane, you still have the ability to get into the management tools to see what's going on. You can reset or block some traffic. Not all firewalls have that feature.

They have really good clients, such as a VPN client. You can also enforce security standards on workers in the field. It's a really good product. And now, for endpoint security, they have Cortex XDR. You use the same client, but with additional licenses that enable more features.

The only area I can see for improvement is that Palo Alto should do more marketing.

We work with customers, but we are not using the solution ourselves.

The scalability is really good because they have a chassis version of appliances. They plan to build new chassis. But for the really big projects here in Ukraine, we can easily cover what we need with the PA-8000 Series with Palo Alto chassis appliances.

In our project with the three data centers, each data center was able to process 40 gigs.

First-level support is provided by our distributor Bakotech. They are technical guys and they really know the product. Unlike some support providers who just send you manuals to ready, they're really helpful. You can call them at any time and they get back to you shortly and help.

The initial setup is really easy. If you're working with Palo Alto Panorama, which is their management server, it's very easy to deploy a lot of appliances in a couple of days, because you're just sending out the configuration and templates on a blind device. In a couple of hours that device is working like the rest.

Another valuable aspect of Palo Alto NG Firewalls is that the appliances and software are really reliable in terms of stability and performance. Some firewall vendors don't write real information on their datasheets and, after implementing them, you see that the reality is not the way it was described. For example, when it comes to threat prevention and how much traffic appliances can handle, there was a project where we beat another vendor's firewall because Palo Alto has the real information on its datasheets.

I have some experience with Cisco, on a small project but there was a somewhat older software version, and there was a lot of lag. When changing something in the configuration, once you pushed "commit" you could go have a coffee or do other stuff for 20 minutes or more, because it took a really long time to push that configuration to the device.

If a colleague at another company said to me, "We're just looking for the cheapest and fastest firewall," I would tell them that the cheapest is not the best. If you need really reliable hardware and software, and don't want headaches after the implementation, just buy Palo Alto.

The PA-400 is really strong and not only for SOHO or SMB companies. They have a really big throughput with Threat Prevention and DNS Security enabled. It's a really good appliance in a small size. But it's not only for small companies. The PA-460 can easily handle the traffic of a midsize company, one with 100 or 200 employees, and maybe even a little more. The PA-460 can handle about 5 gigs of traffic. With Threat Prevention, they can handle 2.5 gigabytes of traffic. For a regular office, that's good. It might be a little small for big companies.

Regarding DS tunneling, it is mostly peer-type attacks. With tunneling, it depends on what type of tunneling is used. You need to look at the specific case, at things like whether it was an internal DNS tunnel or one from the outside to the inside between branches. Most of the time, you can see that kind of traffic with a firewall if you have enabled full logging and you drop the logs into a good SIEM, like ArcSight or others. You will see the anomaly traffic via tunnels. You can also switch on decryption so you can decrypt a tunnel and see what is going on inside.

We have had no issues from our customers who are working with Palo Alto NG Firewalls. They fully cover all our customers' needs.

Our primary use case is for the perimeter connection of our clients in the network. Our client brings their services to their clients, and they have the option to connect to a webpage. With Palo Alto Networks NG Firewalls they can safely provide a username and password to their clients.

It is mainly on-premise, because the majority of the clients at this point want that kind of option. But many of them are already asking for the cloud option, like Prisma, for example.

It has improved our clients' organizations because previously the clients did not have the option to fully connect. In this solution, they have the opportunity to add services to their web page and book clients.

The feature that I have found most valuable is the connection. It's very easy for the clients to connect to their information. They use an SSL connection by BPM.

We work very closely with the vendors here and at this point they use external support.

Maybe they could add some tools and more competing services, like servers, but that would increase the cost of the solution.

My company has been using Palo Alto Networks NG Firewalls for almost one year. It is new for us. We have more experience with Cisco and Fortinet.

In my company, I am responsible for the development of the proposal that we give to the client. We develop the spectrum and the pricing. We make presentations to the customer to explain the solution and answer questions about it.

The scalability is very strong. The vendor provides has high availability.

Our clients are medium sized businesses.

Palo Alto is not a cheap solution. It is expensive. But because of its technology it pays itself back. In each case we work with the vendor to obtain a major discount for their business. I give that discount to our customer, who benefit from the services that we can bring them.

This is our first dealing with Palo Alto. With other vendors we have more experience, like with Cisco and Fortinet.

Palo Alto's documentation and manuals are very complete. It's very easy to obtain the information that way.

The client still uses Cisco, Fortinet, and Checkpoint. Palo Alto has very good administration tools which is not the case with the others. You can't compare all vendors. Also, the granularity of the information that they can obtain from the firewalls is better.

The initial setup depends. In the case of one client, for example, they have a very complex connection of networks, which is architectural. It is integrated and we need to pick it out and include all the rules that they have and to put in the firewalls which they want to buy in the next month. That kind of job is not easy for us, not just regarding Palo Alto but for other vendors, too.

On a scale of one to ten, I would give Palo Alto Networks NG Firewalls a nine.

I would recommend this product to others.

In terms of what advice I would give to future customers looking into implementing Palo Alto Firewalls, I would tell them that they have a good system operator in the firewalls and that it provides many tools that they can use to protect their networks. You don't find that in the other vendors.

We're partners. Essentially, we take all the Palo Alto firewall policy information and all the device information, and we put it on a single pane of glass for them.

It provides a unified platform that natively integrates all security capabilities. This communication between security devices or security platforms is pretty important.

It helps to reduce downtime in our organization, but I don't have the metrics.

Their Prisma log collection is pretty great. Our product collects the logs, and it definitely makes the configuration of log collection easier.

Everything has been great. More machine learning would be something great to see, but I don't know if it's a priority for Palo Alto.

We're partners with Palo Alto. We've been partnering with them for about ten years for their firewalls.

It's pretty stable.

It's pretty scalable. Palo Alto does a great job across the board from small businesses to large enterprise solutions.

I have not had direct communication with their support.

We've worked with different firewall solutions such as Check Point, Cisco, ACI, and Fortinet, but Palo Alto is definitely among the ones that I like to work with.

Overall, it provides a wide range of features for securing an environment.

You get what you pay for.

The RSA Conference is great. You get to see a wide range of products all in one place. In terms of security, this is the place to be. It has been a great experience.

I believe attending the RSA Conference has an impact on our organization’s cybersecurity purchases made throughout the year afterward. It gives us a good forecast as to where the industry is going and what's to come so that we can be better prepared to partner with all different vendors.

To a colleague at another company who says, “We are just looking for the cheapest and fastest firewall,” I would say that Palo Alto is definitely not the cheapest. It's one of those things where you prefer quality.

Overall, I'd rate this solution a nine out of ten.

We use Palo Alto as our perimeter firewall. We also use the GlobalProtect VPN solution.

It gives visibility into different threats. There is a wide range of threats that can be identified.

We collect logs from Palo Alto into our Rapid7 SIEM solution. It's pretty well integrated. This integration is important because we don't necessarily want a solution from the same vendor. I know Palo Alto has Cortex for collection. Being open to other vendors in order to ingest the data or logs is a great thing.

Palo Alto has embedded machine learning in the core of the firewall to provide inline, real-time attack prevention, which is important because AI is the future. All cybersecurity companies are going to start using it. It's definitely a good thing. We just need to make sure that there's still the human component because AI can still fail.

Palo Alto has a wide range of different appliances or virtual machines. It can be installed anywhere from a small branch to a data center. It helps to secure small businesses to large enterprises.

The most valuable feature is advanced URL filtering. Its prevention capabilities and DNS security are also valuable. It pinpoints any suspicious activities and also prevents the users from doing certain things. For example, DNS security prevents users from reaching certain websites, so it's really interesting.

Palo Alto should improve their support. It's sometimes difficult to get the right technician or engineer to fix the problem as soon as possible.

We have been using Palo Alto for at least five years. 

They're pretty robust. They also have Unit 42, which is their threat intelligence team. They make you feel safer because they can identify the threats and then implement protection from those into their firewall.

Scalability is pretty good on the virtual side. Because the virtual environment licensing model is based on credit, if you don't wanna use UI protection tomorrow, you can get rid of it and use those credits for another product or another license.

Because of the pandemic, there's a lot of turnover and the quality of the support technicians is not great. I hope they will improve. I would rate their support a seven out of ten.

Neutral

I didn't use any other solution previously.

It was straightforward. They have great documentation. We use Palo Alto in the Azure environment, and their Azure documentation is one of the best documentation I've ever seen. It's very detailed. It can be confusing sometimes because there's a lot of information, but it's definitely good. They're good at documenting, and their knowledge base is really interesting for troubleshooting. There's a lot of useful information.

We deployed it ourselves. We didn't use any company to deploy it.

It's hard to tell. It's preventing attacks, but I don't have any specific case where I can say whether a particular attack would not have been blocked by another vendor.

It can be quite expensive, but there's a good incentive for the three-year contracts. The part that is especially confusing is for the virtual environment. The credits or the licensing system can be very confusing.

We didn't evaluate any other options.

As a result of my experience with Palo Alto NGFW, to a colleague at another company who says, “We are just looking for the cheapest and fastest firewall,” I would say that the cheapest and fastest means there is a potential risk of breach. Even though Palo Alto is quite expensive, it definitely makes you feel secure. The configuration of the appliances or virtual machines is pretty straightforward, so you don't need to be highly trained in order to be the administrator of the platform.

It's important to attend an RSA Conference even if you're already a customer. That's because you might not be necessarily aware of the new products, so going to an RSA Conference can help you identify new solutions that may be valuable for your company. 

Attending an RSA Conference will have an impact on our organization’s cybersecurity purchases made throughout the year afterward. There are a lot of different vendors that I've found, and I will probably get in touch soon.

Overall, I would rate this solution a nine out of ten.

We primarily use the solution for our internal network.

The active features on the solution are excellent.

The dashboard and management console are both very user-friendly. Everything is easy to navigate.

The interface is very nice. We generally like the UI the product offers.

The ability to check cases could be improved upon. We find that most of the packets we have to directly open with the PA. Until then, it's possible that there cannot be any support.

Take, for example, the XDR. The XDR is the real power to all our solutions from PA, however, when we are using their XDR, we have directly to contact PA. It's like this for the licensing or for any technical issues.

The solution could offer better pricing. We'd like it if it could be a bit more affordable for us.

The solution should offer SD-WAN.

We've been using the solution since 2016. It's been quite a few years now, at this point.

The solution is quite stable. We don't have bugs or glitches. It doesn't crash or freeze. It's quite good and we've been happy with it.

We haven't tried to expand the solution or to scale it up. It's not an aspect of the solution our company has explored just yet. Therefore, I can't speak to its capabilities in this aspect. I'm not sure what exactly is possible.

I don't have any experience with technical support. I've never had to contact them. Other colleagues would be the ones that deal with this aspect. I wouldn't be able to comment on their level of knowledge of responsiveness.

We're also using Check Point as a firewall.

The initials setup was pretty straightforward. It was not complex at all for us. We didn't run into any issues during the implementation.

The licensing is paid on a yearly basis. 

The pricing could be better, however, the cost depends on the sizing of the product. The pricing, therefore, varies from company to company for the most part.

We have a partnership with Palo Alto.

We're using the 5000 series of Palo Alto. It's a next-generation firewall. We're currently using the Management Gateway and Virtual Firewall. Also, the Endpoint Solution.

I'd recommend the solution to other organizations. We've been pretty happy with it so far.

I'd rate the solution at an eight out of ten.

We use the firewall for securing the data center. We have designed it to be a two-stage firewall. We have a perimeter firewall which is not Palo Alto, and then the Palo Alto firewall which is acting as a data center firewall. We are securing our internal network, so we have created different security zones. And we assign each zone a particular task.

We have found the application control to be the most valuable feature. Also, Layer 7, because all other products are working up to the maximum capacity. But Palo Alto is benefiting us, especially in application control management. We are able to differentiate between Oracle traffic and SQL traffic.

The solution needs some management tool enhancements. It could also use more reporting tools. And if the solution could enhance the VPN capabilities, that would be good.

The solution is very stable, but I think the local providers have no sufficient products. We are looking for more support. 

The solution is very scalable. We are trying to increase usage. We are planning already to increase our internet center. We are planning to extend our users to around 1,500. Currently, we have about 700 users.

The local consultant support needs some improvement. External support is sufficient for us.

The initial setup was easy for us to implement.

We used a consultant for the deployment portion.

I would rate this solution 7 out of 10.

The product’s most valuable feature is security.

Palo Alto Networks NG Firewalls work slowly for vulnerability management. Its performance could be faster.

We have been using Palo Alto Networks NG Firewalls for five years.

The product is stable. I rate its stability a ten out of ten.

I rate the product’s scalability a nine out of ten.

The technical support services are good. They respond immediately.

Positive

We used FortiGate earlier. We plan to switch again to FortiGate as per our vendor’s preference.

The initial setup process is quite easy. It took less than a month to complete.

I rate the product’s pricing an eight out of ten.

We evaluated Check Point. We decided to go to Palo Alto for better pricing.

I rate Palo Alto Networks NG Firewalls a nine out of ten.