Palo Alto Networks NG Firewalls Reviews

An NG firewall provides an additional level of network security and vigilance. It also helps us manage activities using privileges and a zero-trust approach. 

I like the firewall's vulnerability management features, which give you reminders to update your system and update your OS. Palo Alto Networks NG Firewalls provide a unified platform that integrates all security capabilities. It provides pretty good consistency across locations. 

The built-in machine learning features provide some automation, but I think there should be an option for manual review because nothing replaces the human eye. 

We have used NG Firewalls for a little more than a year and a half. 

Palo Alto Networks NG Firewalls are pretty stable. 

Palo Alto Networks NG Firewalls scale up enough for my workplace. Beyond that, I could not say. 

Our main use of this solution is to create micro segmentations only in the public cloud, and use the data we receive to see threats passing through the Vnets.

We have found that this solution has improved not only the level of security that is in place, but also reduced the amount of operational time needed for us to handle cloud-based security.

We have found the SSL decryption within this solution to be great; you can enable this feature and have the ability to see more of what is happening across your network.

We also really like the Wi-Fi service feature of this solution.  It has a great base of information, and uses machine learning to improve recognition of issues and threats.

We would like to see improvement in the web interface for this solution, so that it can handle updates without manual intervention to put the data in order.

We have been working with this solution for two years.

We have found this to be a stable solution during our time working with it.

As it is cloud-based, the solution is easily scalable.

We have found the technical support for this solution to be very good; we just open a support chat window and we have assistance when we need it.

Positive

We previously used Fortinet, and changed to this solution because of the superior performance.

The initial setup of this solution was very easy, and the deployment took just under two weeks to complete.

We used a consultancy team from Add Valley Services for our implementation of this solution, and their service was great.

We would advise that this solution has a higher price point than other comparable products, however, the license fee covers all the features that the solution can provide and there are not extra costs involved.

We would recommend that organizations implementing this solution use a good consulting service and plan extensively up front, before implementation, in order to ensure a smooth deployment with no issues.

We would rate this solution as 10 out of 10.

I am a reseller of Palo Alto Networks.

The solution is user-friendly. It's secure and easy to understand your network visibility, control the network, and prevent attacks.

The pricing could be improved. They need to work on the setup over the firewall, VLAN, and PPPoE.

It's stable.

It's scalable.

I seldom call technical support because it's easy to understand and configure the solution.

It could be less expensive.

I would rate this solution 9 out of 10.

If you want to have a secure network, use Palo Alto. 

We primarily use the solution as a datacenter firewall for 0 trust security model

From my experience, comparing it to other products, the granularity you can have in the application is very good. The application detection is excellent. It's certainly one of the best. 

The engine detector application is usually one of the best compared to any other firewall on the market, in my opinion.  With it, I can do a lot of rules based on the application. If you have multiple internet links, you can have an application export from one link, and an application wire from another link. You can have security on the application. The security, for example, can have different functionalities. Basically, the granularity of rules is amazing in Palo Alto.

They have a good reputation for their antivirus capabilities.

The solution offers a strong URL based system or detection for malicious URL or malicious files. 

They even have a machine learning algorithm. They do a lot of very advanced detection for files and URLs. 

Once you deploy the product, you can basically forget about it. It has high customer satisfaction because it's always just working.

The solution would benefit from having a dashboard.

From a normal IPS after attack, routine attack and threat detection attack, in other words, the standard IPS detection attack, I don't see Palo Alto as very good compared to others. The standard network IPS functionality could be better. It's there in solutions like McAfee or Tipping Point, however, I don't see it here in this solution.

We've been working with Palo Alto for about six years now.

From my experience, it's the best hardware compared to other NG firewalls from the perspective of performance stability. While the other firewalls lose 50 or 60% of performance when enabling all policies, Palo Alto loses 10 to 20% maximum, even with enabled IPS and fire detection and all. From our experience performance-wise, it's one of the best hardware solutions for firewalls. 

We haven't lost performance really, so I would describe it as very stable. There are not any issues.

Since the solution is hardware, there are some limitations in terms of scalability.

Usually, in hardware, you can't say it's scalable or not due to the fact that you have the limitations built-in related to the size of the box. The box has a maximum number that it can reach. You can add more hardware, however, the hardware itself is finite.

We usually do a POC first so we can get the figures for performance and we can put in a box that can support 20 or 30 people extra for future expansion.

In general technical support is very good. That said, usually, when we face an issue, we try to solve it ourselves internally before going to level one support. 

In general, we never have had a big issue with support. I don't have much experience with the support team to tell you if they're really good or not. Usually 80% of the cases we open, we talk with the distributor and finish the operation case directly with Palo Alto. It's more like a backend request and therefore I don't have much input that would be objective.

As resellers, we also work with Cisco and some Forcepoint solutions.

I like that in Cisco there's more security parts, like IPS, and a Demandware engine.

I like Cisco, in general, more than Palo Alto if I'm comparing the two. However, from an application perspective, our application's usability and detection and firewall control using an application, it's Palo Alto that's the best on the market. That's, of course, purely from a  firewall point of view. Even in terms of detection of the applications, it has the best system.

The deployment depends on the client's environment as well as how they are using it. For example, an internet NG firewall on the internet, it takes, on average, a week between installation, integration, and tuning. Usually we don't do all the policies because we are system integrator. We do the main policies and we teach the customer and then do a handover to the user for tuning and all the installation extras.

If it's a data center project, it takes more time and effort. It takes a month sometimes due to the fact that we'll be dealing with a lot of traffic. The application and server are usually harder to control than internet applications like Facebook and other standard applications, and easier on the internet. Then there's also internal applications, custom applications, migrating applications, finance education applications, etc., which are not always direct from the customer or directly known.

In short, the implementation isn't always straightforward. There can be quite a bit of complexity, depending on the company.

In general, I prefer hardware, and Palo Alto's is quite good. However, we have a couple of virtual deployments for cases as well.

I would definitely recommend the solution. It's one of the best firewalls on the market. I've worked with four different vendors in the past, and some of the most mature NG firewalls are Palo Alto's. It's their main business, so they are able to really focus on the tech. They spend a lot of time on R&D. They're always leading the way with new technologies. 

While Cisco has more main products, Palo Alto really does focus in on NG firewalls. That's why I always see them as a leader in the space.

I'd rate the solution nine out of ten.

I am using the solution for protecting the network organization from threats.

The best features of this solution are URL filtering and traffic visibility.

The areas that need to improve are network protection and user identification.

In the next release of the solution the VPN could improve because it is not as good as competitors.

I have been using this solution within the past 12 months.

This solution is stable and reliable.

We have 10 employees using this solution in my organization. We are in the beginning phases of testing and will increase usage if the test phase results are favorable.

The technical support is responsive.

The initial setup was easy.

We are on an annual license for this solution. I am happy with the price and when comparing it to other solutions it is priced competitively.

I have evaluated Sophos firewalls and I found Palo Alto solutions better because of the protection and web filters.

I would recommend this solution to others.

I rate Palo Alto Networks NG Firewalls a seven out of ten.

We use this solution to protect our network.

This solution has helped our organization by protecting the perimeter of our network from both internal and external threats.

There are plenty of features available in this solution, such as attack blocker and spam blocker. Additionally, it is very robust and in-depth.

The solution is not straightforward.

I have been using this solution for approximately eight years.

The solution is very stable.

The scalability is good. We have approximately 500 users using this solution in my company.

The initial setup was complex. The full installation, including customize to meet our requirements, took approximately one month.

We used the help from an integrator team for the implementation.

The technical support is satisfactory.

The price of the solution is on the higher side compared to competitors.

We are currently looking for a better-priced solution.

This is a very good solution but it is very expensive.

I rate Palo Alto Networks NG Firewalls a six out of ten.

We are using it for data center protection, intrasystem security, endpoints protection, load balancing, and DHCP.

The App-ID, Content-ID, User-ID, and encryption and decryption are valuable features.

They can improve the handling and management of User-ID. They should also improve its price. Their technical support can also be improved.

I have been using this solution for three years.

It is stable and reliable.

We went from 4 devices to 16 devices, and it was not a big problem. Currently, we don't have any plans to increase its usage. Our network won't grow over the next two years. It will stay as it is.

Their technical support is sometimes lousy, but sometimes, it is okay. Their technical support can be improved.

Its initial setup is not too complex for an environment like this.

Its price should be improved.

I would recommend this solution. I would rate Palo Alto Networks NG Firewalls an eight out of ten.

Our primary use case of the Palo Alto firewall is to control incoming and outgoing traffic as the firewall is deployed at the perimeter. Also we have used a VPN in that device so remote users can access the internal networks. We are partners with Palo Alto and I'm from the implementation team and work as a technology consultant. 

The GUI is very simple in Palo Alto and I like that. We rarely have any issues but when we do, the stability of the solution is very good. All the options they offer; creating objects, configuring VPN, it's all pretty simple and straightforward. The solution is continuously in use in our company. 

The support could definitely be improved. Whenever I call the tech engineers, there's a long wait time. For an additional feature, I'd like to see the segmentation in policy. Check Point has a good feature for segmenting policies that I'd like to see implemented in Palo Alto. It would make things easier for the operation team to create & identify particular policies, or to place a policy in that segment. Finally, there are limitions to the hardware in the number of objects & policy we can create is limited which is not the case with Check Point or FortiGate.

The stability is good in the Palo Alto firewall.

The Palo Alto firewall cannot increase the RAM and we can't do that either. We're unable to increase any physical boundaries of the firewall. That is one of the cons of Palo Alto. Our organization is pretty large and I am currently working on Palo Alto for three clients. I have a total of about 10 clients who are using the Palo Alto firewall. 

The initial setup is pretty straightforward. We just had to do the initial configuration of hardware, deploy our Panorama VM and integrate with hardware firewall, and it is pretty simple. It's also quite self-explanatory. 

We have five-year contracts with Palo Alto. I know the solution is on the expensive side but I'm not involved in licensing and don't have the numbers. 

I have also worked on Check Point and FortiGate, the hardware firewall. The Check Point Firewall has three-tier architecture where one security gateway & management server is there & smart dashboard is deployed on Windows. The application is required to control the Gateways. On other hand In Palo Alto, we just take GUI access of the firewall or Panorama to deploy any security policies and the architecture is very simple. As mentioned, the downside of Palo Alto is that there is a limitation to the number of objects that can be created. 

I would 100% recommend this solution and they have provided pretty good documentation on their website, so it's easy for operations as well.

I rate this solution a nine out of 10.