Palo Alto Networks NG Firewalls Reviews

We use this solution as our central firewall, but not as a perimeter firewall. For our perimeter, we use another solution. 

Our organization consists of roughly 2,000 to 3,000 employees. 

Identifying applications is very easy with this solution.

I don't like the reporting. The reports it provides are not helpful. They should include more executive summaries and other important information — they're too technical.

I have been using this solution for three years. 

The stability is excellent. 

The technical support is good, but not excellent. Their responses can be quite vague and unhelpful at times. 

We used to use Checkpoint. We stopped using it because the price was too high. 

Considering our limited amount of experience, the initial setup was easy. Deployment took one month. 

A local reseller team of roughly three to five people implemented it for us — it was a great experience. 

We evaluated Palo Alto, Checkpoint, Fortinet, and Cisco Firepower. Overall, it came down to the price — that's why we went with Palo Alto Networks NG Firewalls.

This solution is very particular; it's only suited to specific companies — it's a commercial opportunity. 

Overall, on a scale from one to ten, I would give this solution a rating of eight. 

We use it to control what users may access internally and externally, which covers everything. We are using its latest version. The model that we are using is 3220.

Its flexibility is the most valuable.

Its price can be better. They should also provide some more examples of configurations online.

I have been using this solution for one and a half years.

It is very stable.

We haven't scaled it because if you want to scale it upwards, you have to change the firewall.

I have sometimes used the local support here in Norway. That has been okay. There are no problems.

I have tried Sophos, Cisco, and FortiGate. This is the best firewall.

The initial setup is easy. There is good documentation for this.

Its price can be better. Licensing is on a yearly basis.

I would rate Palo Alto Networks NG Firewalls a ten out of ten. It is the best solution I have tried. I am happy with this solution.

We have multiple IPS applications, and other multiple use cases.

We are using pretty much all of the features. This is deployed in our parameter and pretty much provides for different functionalities, for all incoming traffic and outgoing traffic.

The support could be improved.

The next release could use more configuration monitoring on this one, and additional features on auditing.

The solution is generally stable. There are no issues. We have forty-thousand users.

The solution is scalable, yes. We don't plan on increasing usage.

We are being provided with decent support but some of the RCS, some of the issues can be resolved much faster.

We were using Check Point. We switched because of certain features: entire equity, ideas, application visibility, single interfacing, etc.

The initial setup was complex. We're in the process of replacing it in seventy or so locations, and setup is still ongoing, but going well. It was complex because of the multiple zones that we had to create. We had multiple interfaces so there are multiple complexities that we had to address. We don't require extra staff to maintain the solution.

We implemented through a system integrator.

We have seen a return on investment. 

I don't have data points, but some of the use cases that we have already delivered to the organization have shown that a lot of threats have been identified and has been blocked. I don't know how you can quantify that. At the same time, the effort was significantly reduced on the deployment of new routes based on this.

I think, if you compare, they're a little costly next to Cisco of Check Point, but they offer a lot of other additional features to look at. The licensing is annual, and there aren't any additional fees on top of that.

We actually did not but we were using two or three other products already, so we had a good idea of what to expect.

I'd say the blueprint of the implementation needs to be ready before you start the implementation of the product. The product is generally stable and the team provides a good presence on it, but at the end, if you're putting it in the mission-critical data center, the planning needs to be extensive.

I would rate this solution an eight and a half out of ten.

In manufacture, we use this solution as a firewall and an internal gateway. Additionally, we use it for traffic control which keeps strategic traffic separate from production traffic.

The technology's very good. We have had a lot of good experience with this solution. We have done a lot of implementation for our clients and we have not had a lot of problems with this solution.

For an upcoming release, they could improve on the way to build security rules per user. Palo Alto has this functionality but in implementation, we had some problem. This functionality should be better in our opinion.

I have been using the solution for more than seven years.

In my experience, the stability is very good. 

We have more than 700 people using the solution in my company.

We have had a good experience with technical support.

We have used FortiGate in the past and we prefer this one.

The setup was complex.

Depending on the project, specific environment, and performance the deployment could take some time.

With the licensing we pay for it annually, the price could be cheaper.

If someone looking for stability and the leader in next-generation firewall technology, I would choose this solution.

I would recommend this solution to others.

I rate Palo Alto Networks NG Firewalls a ten out of ten.

The solution is typically used for antivirus and antimalware purposes, to help protect an organization against attacks.

The solution offers many different capabilities.

It's one of the best products I've worked with. It's typically a market leader on Gartner. It's a very respected brand.

The solution offers very good security, especially in relation to antivirus activities.

The initial setup is pretty straightforward.

The product is extremely reliable.

The pricing of the solution is quite high. It's one of the most expensive firewall solutions on the market.

Clients are typically looking for a solution that's more aggressive in the market.

For example, with Fortinet, they have an SD-WAN that really has many capabilities. For example, it can inject a GSL SIM card along with the MPLS connection. It connects the system within one product. Palo Alto doesn't offer this. This is one area that will need to improve. In Indonesia, the market is growing strategically. Palo Alto has this one product, however, with the limitation of the GSM sim card they are getting left behind. 

I started using the solution around 2012 or 2013. It may have been eight years or so. Sometimes I am doing a POC or implementing the solution, so it has been on and off.

While the solution itself is okay in terms of stability, there could be issues if the hardware is affected. We have hardware that gets affected by humidity, for example, which can end up affecting a wide range of infrastructure. If the environment is good, the solution will be okay. If we talking about Palo Alto's series starting from the 3,000 to 5,000 or 7,000, Palo Alto has a really stable product.

We set up this solution for companies of all sizes, from small to large enterprises. One of our clients is a telecom, which is quite sizable. They have the most complex configuration. The solution, however, is able to work for any company, no matter what the size. In that sense, it's a scalable option.

That said, the NG firewall is not a typical product that we can scale up on a whim. If we want to scale up in this product, we need to buy a higher series. We have to replace it. If we want to scale out this product, we can do a roll out in another location. Therefore, you can expand it out, however, you do need to change the sizing, which means getting a size or two up.

I haven't contacted technical support recently. The last time I spoke to the tech support team was five years ago or maybe as an Operation Engineer three or five years ago. Generally, I found that they were really good at understanding the product. In my experience, they were really helpful. I'd say I was satisfied with their support.

I've also used Juniper, however, that may have been three or four years ago or so.

In my case, I have a lot of experience with Palo Alto and the implementation process. Therefore, I don't find it too complex. It's rather straightforward for me. However, I have a long history with the solution. I find the hierarchy of the configuration fairly easy to understand, especially if you compare it to a solution such as Juniper. Juniper is a bit more complex to set up. Whereas, Palo Alto is a bit more straightforward.

How long deployment takes can vary. It really depends on the complexity of the configuration and the environment.

If a client only buys the implementation, they will have to handle the maintenance of the product. It's a good idea to have that type of person in-house.

We find the cost of the solution to be very high. It's quite expensive, and one of the most expensive on the market.

The pricing is related to the complexity of the environment. The more complex the company's requirements, the more it will cost.

We have a partnership with Palo Alto.

I am in pre-sales and often do POCs or do some aspect of evaluating the solution for clients to help them understand the usefulness.

Overall, I really do prefer Palo Alto to other options. I'm the most comfortable with it and I understand it the best out of other solutions such as Juniper or Fortinet.

I'd suggest organizations consider the solution. Yes, it is quite expensive. However, it is also very reliable and is always marked highly in Gartner due to its feature set and usability. It's easy to configure and it's very easy to add more features into your roadmap if you need to. It can easily integrate into a larger holistic security system to help keep a company safe.

In general, I would rate the solution at a nine out of ten.

Our primary use case was to configure our PSAs for our customized configuration. 

I like that it has high security. 

The whole performance takes a long time. It takes a long time to configure. 

I have been using Palo Alto for six years. 

I contact Palo Alto by email or by phone. Their support is good. 

I have previously worked with Cisco ASA. Palo Alto is a lot easier especially in regards to security. It is a well-integrated software.

The difficulty of the deployment depends on our clients' environment and their requests.

We require a two-member team for support. 

In terms of how long it takes to deploy, again, it depends on the customers' environment. If the request is easy, it can take around two weeks.

I would rate Palo Alto a nine out of ten. 

In the next release, they should simplify the deployment process. 

We primarily use the solution for the firewalls. We're also using the next-gen features to shape what's going on. For example, to figure out what is allowed out and what isn't allowed out on a layer-7 application-aware firewall. We can block based on the application, as opposed to port access.

The solution helped us stop being policemen to our users. We don't have to run around telling people they can't do certain things. We can just not allow it and walk away from it. We're not out there seeing who is doing what, we just don't allow the what.

The solution allows us to set parameters on where our users can go. We can block certain sites or ads if we want to.

The firewall capabilities are very good.

We're working with the entry-level appliances, so I don't know what the higher-end ones are like, however, on the entry-level models I would say commit speeds need to be improved. 

The appliances I'm working on are relatively old now. We're talking five-year old hardware. That slow commit speed might be addressed with just the newer hardware. However, even though it is slow, the speed at which they do their job is very acceptable. The throughput even from a five-year-old appliance shocks me sometimes.

Currently, if I make changes on the firewall and I want to commit changes, that can take two or three minutes to commit those changes. It doesn't happen instantly.

The solution doesn't offer spam filtering. I don't know whether it's part of their plan to add something of that aspect in or not. I can always get spam filtering someplace else. It's not a deal-breaker for me. A lot of appliances do that, and there are just appliances that handle nothing but spam. 

I've been using the solution for five years.

The stability is awesome. I haven't had any issues with the solution stability-wise. I've got the same firewalls that have been out there for five years and they work great.

I don't work with enterprise-class products. I'm not in that environment. However, so as far as I know, Palo Alto has products that will go that large. Panorama may be able to scale quite well. You can manage all your appliances out of it. They are a very popular license.

Their GlobalProtect license is very much like Cisco's AnyConnect. It does the endpoint security checks. It makes sure they've got the latest patches on and the antivirus running and they've got the latest antivirus definitions and whatnot installed before they allow the VPN connection to happen. It's quite nice.

Their support is very good. I've never had any issues with their support. I would say that we've been satisfied with their level of service. 

Occasionally there may be a bit of a language issue based on where their support is located.

The initial setup is pretty typical. It's like any firewall. As long as you've worked with next-gen firewalls, it's just a matter of getting your head around the interface. It's the same sort of thing from one firewall to the other. It's just a matter of learning how Palo Alto does stuff. Palo Alto as a system, for me, makes a whole lot of sense in the way that they treat things. It makes sense and is easy to figure out. That's unlike, for example, the Cisco firewalls that seem to do everything backwards and in a complicated way to me. 

I haven't worked with enough Cisco due to the fact I don't really like the way they work. That isn't to say that Cisco firewalls are bad or anything. It's just that they don't operate the way I think. That might have changed since they acquired FireEye which they bought a couple of years back.

I know the solution is not inexpensive. It depends on what you ultimately sign up for or whether you just want the warranty on the hardware. 

I'm not really a customer. I'm like a consultant. I'm an introduction expert. If I think a client needs a certain technology I point them in the direction of whoever sells it. I do go in and configure it, so I do have experience actually using the product.

When I'm looking for something, I just find someone that sells Palo Alto and I redirect the client towards them. I'm not interested in being in a hardware vendor. There's no money in it. There's so much competition out there with people selling hardware. It doesn't matter where the client gets it from.

We tend to use the 200-series models of the solution.

I'd rate the solution eight out of ten. They do a very good job. The product works well.

We use this solution for Zero Trust Data Center Segmentation with layer 2 Palo Alto firewalls. Segmentation has allowed us to put servers into Zones based off VLAN tags applied at the Nutanix level and can change "personalities" with the change of a VLAN tag. Palo Alto calls the "Layer 2 rewrite". By default, all traffic runs through a pair of 5000 series PAs and nothing is trusted. All North and South, East and West traffic is untrusted. No traffic is passed unless it matched a rule in the firewalls. There is a lot of upfront work to get this solution to work but once implemented adds/moves/changes are easy.

This solution not only provides better security than flat VLAN segments but allows easy movement throughout the lifecycle of the server.

The most valuable feature is the ease of use of the central Panorama to control all firewalls as one unit for baseline rules and then treat each firewall separately when needed.

I wish that the Palos had better system logging for the hardware itself.

We have been using this solution for four years.