Palo Alto Networks NG Firewalls Reviews

We were mainly using it because we had two ISP links, so it was a kind of gateway device. Whenever a link went down, the firewall used to automatically switch over to the secondary link so that the internet connectivity is kind of highly available.

It worked fine normally.

The VPN connectors should be better. We had some challenges in terms of the VPN with Palo Alto Networks NG Firewall, and that's one of the main reasons why we moved to Sophos.

Its load handling can also be improved. There were challenges when traffic was high. During peak business hours, it did not function very well. There was a lot of slowness, and the users used to complain, especially when they were connecting from outside. We even reported this to the support team.

Their support should also be improved. Technical support was a bit of a concern while using this solution. We didn't get very good support from the Palo Alto team.

I have been using this solution for almost two to three years.

It was fine normally, but during peak business hours, it used to have challenges. We faced this issue at least two to three times a month.

It is not very scalable. We had around 100 users. We had around ten people in our IT team.

Support was a bit of a concern while using this solution. The support that we received was not too great, which caused a lot of issues. They were not very customer friendly.

This was the first firewall that we used. 

I didn't do the installation.

I would not recommend this solution. I am sure they will come up with better models to overcome some of the challenges that we faced, but I would definitely not recommend this particular model.

I would rate Palo Alto Networks NG Firewalls a six out of ten.

We shifted an existing network from Cisco to Palo Alto. It was like a branch to head office network.

We have done public and private cloud deployments as well as on-prem deployments. We are using versions 8, 9, and 10.

IoT security is most valuable in the current version. Content IDs, DDoS protection, zone protection, and DLP are the most prominent features in Palo Alto Networks NG Firewall. It is easier to configure than other solutions.

People sometimes find it more expensive as compared to other solutions. There are also fewer training opportunities for Palo Alto than Cisco and other vendors.

I have been using this solution for the last four or five years.

It is working fine.

Its scalability has been fine for our use cases. It is good for large-scale environments, and there are no problems.

Their technical support is excellent. 

It is very straightforward. They also have a very good script, so it runs very smoothly.

It is expensive as compared to other brands.

If we are comparing firewalls, this is the best firewall. I would rate Palo Alto Networks NG Firewall a nine out of ten.

These firewalls are only used for perimeter purposes, in gateway mode.

In addition to our environment being secure, we can monitor compliance of VPN users. Security and monitoring are the two big benefits.

It's also very critical for us that it provides a unified platform that natively integrates all security capabilities. We have multiple vendors and multiple solutions. Palo Alto has to work with them. For example, when it comes to authentication, we can integrate LDAP and RADIUS, among others. And in one of our customer's environments, we have integrated a new, passwordless authentication.

Apart from the security, Palo Alto NG Firewalls have nice features like App-ID and User-ID. These are the two most useful features.

With App-ID, we can identify exact traffic. Even if someone tries to fool the firewall with a different port number, or with the correct port number, Palo Alto is able to identify what kind of traffic it is.

With User-ID, we can configure single sign-on, which makes things easy for users. There is no need for additional authentication for a user. And for documentation and reporting purposes, we can fetch user-based details, based on User-ID, and can generate new reports.

Another good feature is the DNS Security. With the help of DNS security, we can block the initial level of an attack, and we can block malicious things from a DNS perspective.

The GlobalProtect VPN is also very useful.

The solution has normal authentication, but does not have two-factor or multi-factor authentication. There is room for development there.

We have been using Palo Alto Networks NG Firewalls for two years. I've worked on the 800 Series and the 3000 Series.

It's quite stable. They are launching a new firmware version, but compared to other products, Palo Alto is quite stable.

I have worked with Palo Alto's support many times and it is quite good. Whenever we create a support ticket, they are on time and they update us in a timely manner. In terms of technical expertise, they have good people who are experts in it. They are very supportive of customers.

Positive

The initial deployment is straightforward; very simple. The primary access for these firewalls is quite simple. We can directly access them, after a few basic steps, and start the configuration. Even the hardware registration process and licensing are quite simple.

The time it takes to deploy a firewall depends upon hardware and upon the customer's environment. But a basic to intermediate deployment takes two to three months.

Our customers definitely see ROI with Palo Alto NG Firewalls, although I don't have metrics.

I am not involved in the commercial side, but I believe that Palo Alto is quite expensive compared to others.

One of the pros of Palo Alto is the GlobalProtect, which is a VPN solution. GlobalProtect has broader compliance checks. I have worked on Check Point and FortiGate, but they don't have this kind of feature in their firewalls. Also, Check Point does not have DNS Security, which Palo Alto has.

If you're going with Palo Alto, you have to use all its features, including the DNS Security, App-ID, and SSL decryption. Otherwise, there is no point in buying Palo Alto.

An NG firewall provides an additional level of network security and vigilance. It also helps us manage activities using privileges and a zero-trust approach. 

I like the firewall's vulnerability management features, which give you reminders to update your system and update your OS. Palo Alto Networks NG Firewalls provide a unified platform that integrates all security capabilities. It provides pretty good consistency across locations. 

The built-in machine learning features provide some automation, but I think there should be an option for manual review because nothing replaces the human eye. 

We have used NG Firewalls for a little more than a year and a half. 

Palo Alto Networks NG Firewalls are pretty stable. 

Palo Alto Networks NG Firewalls scale up enough for my workplace. Beyond that, I could not say. 

Our main use of this solution is to create micro segmentations only in the public cloud, and use the data we receive to see threats passing through the Vnets.

We have found that this solution has improved not only the level of security that is in place, but also reduced the amount of operational time needed for us to handle cloud-based security.

We have found the SSL decryption within this solution to be great; you can enable this feature and have the ability to see more of what is happening across your network.

We also really like the Wi-Fi service feature of this solution.  It has a great base of information, and uses machine learning to improve recognition of issues and threats.

We would like to see improvement in the web interface for this solution, so that it can handle updates without manual intervention to put the data in order.

We have been working with this solution for two years.

We have found this to be a stable solution during our time working with it.

As it is cloud-based, the solution is easily scalable.

We have found the technical support for this solution to be very good; we just open a support chat window and we have assistance when we need it.

Positive

We previously used Fortinet, and changed to this solution because of the superior performance.

The initial setup of this solution was very easy, and the deployment took just under two weeks to complete.

We used a consultancy team from Add Valley Services for our implementation of this solution, and their service was great.

We would advise that this solution has a higher price point than other comparable products, however, the license fee covers all the features that the solution can provide and there are not extra costs involved.

We would recommend that organizations implementing this solution use a good consulting service and plan extensively up front, before implementation, in order to ensure a smooth deployment with no issues.

We would rate this solution as 10 out of 10.

Our primary use case of the Palo Alto firewall is to control incoming and outgoing traffic as the firewall is deployed at the perimeter. Also we have used a VPN in that device so remote users can access the internal networks. We are partners with Palo Alto and I'm from the implementation team and work as a technology consultant. 

The GUI is very simple in Palo Alto and I like that. We rarely have any issues but when we do, the stability of the solution is very good. All the options they offer; creating objects, configuring VPN, it's all pretty simple and straightforward. The solution is continuously in use in our company. 

The support could definitely be improved. Whenever I call the tech engineers, there's a long wait time. For an additional feature, I'd like to see the segmentation in policy. Check Point has a good feature for segmenting policies that I'd like to see implemented in Palo Alto. It would make things easier for the operation team to create & identify particular policies, or to place a policy in that segment. Finally, there are limitions to the hardware in the number of objects & policy we can create is limited which is not the case with Check Point or FortiGate.

The stability is good in the Palo Alto firewall.

The Palo Alto firewall cannot increase the RAM and we can't do that either. We're unable to increase any physical boundaries of the firewall. That is one of the cons of Palo Alto. Our organization is pretty large and I am currently working on Palo Alto for three clients. I have a total of about 10 clients who are using the Palo Alto firewall. 

The initial setup is pretty straightforward. We just had to do the initial configuration of hardware, deploy our Panorama VM and integrate with hardware firewall, and it is pretty simple. It's also quite self-explanatory. 

We have five-year contracts with Palo Alto. I know the solution is on the expensive side but I'm not involved in licensing and don't have the numbers. 

I have also worked on Check Point and FortiGate, the hardware firewall. The Check Point Firewall has three-tier architecture where one security gateway & management server is there & smart dashboard is deployed on Windows. The application is required to control the Gateways. On other hand In Palo Alto, we just take GUI access of the firewall or Panorama to deploy any security policies and the architecture is very simple. As mentioned, the downside of Palo Alto is that there is a limitation to the number of objects that can be created. 

I would 100% recommend this solution and they have provided pretty good documentation on their website, so it's easy for operations as well.

I rate this solution a nine out of 10. 

I'm a network security engineer and we are platinum partners with Palo Alto. 

Initially, there were no application controls offered in the legacy firewall. Now you can log each and every application. It provides valuable control and is the main feature in addition to the security features they're currently offering. All the firewalls - Fortinet, Cisco, Palo Alto -  provide complete visibility and control over your network which you didn't previously have. Now you have user ID and you can implement URL filtering as well, there is control over your network. End user logging is far better with Palo Alto than Fortinet or Cisco, and it helps you to troubleshoot. I'd rate Palo Alto on top. It's comfortable and that's my experience. Cisco and Fortinet provide good services, but Palo Alto offers a very good product.

There will always be room for improvement. On a daily basis you get patches for everything. They build new features, apply new technologies and new applications which need to be integrated and with that you get bugs. There are always issues, whether it's hardware or software. 

I've been using this solution for five years. 

The product is generally stable but with each new update you need to get the OS bug fix. Any security device has a vulnerability which a hacker can exploit and you have to keep on patching.

I work on the system integrator side and work with multiple customers, and this is a scalable solution. 

The support level is good, but it depends on the region you're working from. In some countries, the support flexibility is very good. For others, you have different strategies. I'm in Pakistan and Palo Alto has a different strategy here in that they don't directly provide support. You have to add another vendor in between and open a case with them and if they can't resolve your query they activate to Palo Alto. In some countries, Palo Alto directly provides support and in others they can't be contacted directly. In a couple of scenarios, we got involved with an R&D team and told them there was a bug for our end users. Palo Alto escalated that case to an R&D team and they got it fixed in the following patches.

The initial setup is a very smooth process integrated with initial configuration. It's very easy. 

You could say that the cost is higher for Palo Alto, but they are a better product compared to the other principals. 

I work with Fortinet as well as Palo Alto. Palo Alto has very extensive logging that Fortinet doesn't offer. To get that with Fortinet you need to purchase FortiAnalyzer for reporting. The logging is so extensive in Palo Alto that you can generate a report and get an analysis on the same firewall. You don't need to procure anything else. The documentation of both Fortinet and Palo Alto is up to standard. They both have very extensive documentation for their products. Both of them offer the same level of knowledge base for their customers and are up to the mark. In terms of support, Fortinet and Cisco allow you to directly open a case and get an engineer on the line. Cisco follows the same model. I'm unable to do that with Palo Alto from Pakistan. 

I would rate this solution an eight out of 10.

We are a solution provider and this is one of the firewall solutions that we implement for our customers. We present this product to customers and also handle the onsite installation.

Our clients use it to secure their network infrastructure.

The most valuable feature is WildFire, which blocks sophisticated attacks and distinguishes it from other traditional firewall functions.

I would like to see better third-party orchestration so that it is easier for the team to work with different products. 

Improvements should be made in the Cortex module.

I worked with this next-generation firewall for about four months as I rotated between departments.

We have had no complaints about stability.

Scalability has not been a problem. Our customers for this firewall are large companies in industries such as banking.

I have not been in contact with technical support.

The initial setup is quite straightforward compared to other brands of firewalls. The deployment takes about one month.

Our in-house team handles the deployment and maintenance for our customers.

My advice for anybody who is considering this product is that it is a useful firewall and high-ranking compared to others.

I would rate this solution an eight out of ten.