Palo Alto Networks NG Firewalls Reviews

I use Palo Alto Networks NG Firewalls as a perimeter firewall for VPN accesses to secure data centers and complex networks, involving multiple sites connecting through a single point to the internet. At that point, I set up the security for all sites.

Palo Alto Networks NG Firewalls is most beneficial for network security as they use AI and machine learning, which are especially effective against zero-day attacks. Their AI is adept at identifying potential attacks or unusual traffic. Among the top three vendors—Fortinet, Check Point, and Palo Alto Networks—I find Palo Alto Networks to be the most efficient in dealing with zero-day threats due to their advanced use of AI and machine learning.

I believe the configuration part can be improved, particularly because the management tools like Panorama and the cloud management solutions are not fully aligned. Additionally, the routing configuration within Palo Alto Networks NG Firewalls is confusing and not logically structured like traditional network equipment, which is challenging, particularly for those accustomed to Cisco's networking logic.

I have been working with Palo Alto Networks NG Firewalls since the second half of 2020, so approximately three years.

Overall, I find the product to be stable with minimal crashes or access issues, comparable to Check Point, but slightly better.

Palo Alto Networks NG Firewalls is scalable but starts at a high price range, which may not be affordable for smaller companies.

Customer service and technical support for Palo Alto Networks is great. They are responsive and helpful.

Neutral

The installation process generally takes about an hour, depending on the complexity of the configuration. An easy setup could be completed in approximately two hours.

Two people are usually involved in the deployment: one technician for installing on-site and conducting basic configuration, and one remote engineer for detailed configuration.

Palo Alto Networks NG Firewalls is the most expensive solution without discussion, which often makes it less competitive for small companies. Management tools like Panorama significantly add to the cost, making it affordable primarily for larger enterprises.

Palo Alto Networks offers an excellent range of products and I generally recommend them unless the price is a concern. They lead the market in complex solutions, though Check Point is a close competitor in NGFWs. The routing aspects could be more logically structured. Overall, I rate Palo Alto Networks NG Firewalls ten out of ten because they are unmatched in their function.

Hybrid Cloud

Other

We use Palo Alto Networks NG Firewalls for visibility and protection of our network.

Our environment primarily uses Windows, and Palo Alto Networks Next-Generation Firewalls can enhance our security integration.

The firewalls help protect our servers, but we do not have a highly sophisticated data center setup.

The most valuable aspect of Palo Alto Networks NG Firewalls is the performance.

The support needs improvement, as the quality of the responses is not great and sometimes solutions take a long time. Configurations related to different operating systems can be complex, and we have encountered issues with Linux systems.

The internal authentication method for connecting to the firewall's internet access requires an SSL certificate. However, the configuration process is complex and currently incompatible with certain operating systems, such as Linux.

I have been working with Palo Alto Networks NG Firewalls for nearly eight years.

Palo Alto Networks NG Firewalls are stable; we have only faced downtime once in the past two years due to a primary firewall maintenance issue where the standby did not come up.

We have not needed to scale up or down, as the solution we have is currently sufficient.

Support is a challenge as the response time is long, and the quality of responses could be improved.

Neutral

I have used Juniper previously and found its security features superior. However, I prefer Palo Alto for its broader range of features and more competitive pricing.

The setup process is somewhat complex, requiring a couple of days. Fine-tuning and configuring SSL authentications internally is difficult.

Palo Alto Networks NG Firewalls are more expensive than Cisco firewalls, but slightly less expensive than Juniper firewalls.

I evaluated Cisco and Juniper before choosing Palo Alto Networks NG Firewalls.

I would rate Palo Alto Networks NG Firewalls seven out of ten.

The maintenance of Palo Alto Networks NG Firewalls is easy.

I use Palo Alto Networks NG Firewalls to handle my perimeter security, which is the most critical point of my network.

Layer 3 and Layer 4 are part of the core functionality of any firewall, but this firewall brings more information into the inspection via Layer 7. Thus, the entire threat landscape has changed for us as a company.

We can integrate all the Palo Alto firewalls to have a single insight experience across all firewalls.

On a major scale, Palo Alto NGFW can be helpful in eliminating some security tools. It doesn't eliminate all of our other security tools, but it does bring down the dependency on some tools.

Security and network performance are of equal importance to us. This solution doesn't compromise your network's performance for security, which is a good trade-off.

The most valuable features are application inspection and sandboxing. Application inspection decides where traffic is transmitted. If I have a perimeter report for a particular service, then other services or malicious services cannot use an open port. In this way, application inspection is doing a fantastic job. We also have a very good sandbox with almost no rate limit. It will inspect any file that comes in and goes out in a dedicated patch to identify malware. Therefore, these two things help me to protect our organization from any bad actors.

It is extremely important for me that Palo Alto Networks NG Firewalls embeds machine learning in the core of the firewall to provide inline, real-time attack prevention. The way that they handle the traffic is very useful for us. The firewall creates a benchmark of known traffic patterns that every endpoint would have using machine learning. Machine learning creates a baseline of how the traffic goes in and out. When there is a deviation in the normal behavior, it gives me a threat indication via a reporting feature that shows us how the current traffic has deviated from the usual traffic. This is a very good feature, which is important for my organization to have on a daily basis.

It gives me a better experience when handling security holes. 

Our upgrades brought some rule reviewing features by default, without having to depend on third-party tools to perform the rule reviewing. That has been a good feature.

I would like them to bring in some features that would encourage traffic shaping or bandwidth routing, like other UTM firewalls, because the solution should be capable of limiting the bandwidth for rules.

If Palo Alto Networks could bring in session tracking, like FortiGate, then we can remove another cybersecurity tool. If they could say "This is user-based, not IP-based," using user attribute-based rules, then that would be helpful for a small- or medium-scale company because they could use a single device instead of two or three devices.

I have been using it for four years.

The stability is very good. After the upgrade, every other process was smoother. We haven't often seen bugs or operational hazards in terms of the device. 

Scalability is always available. If you are ready to invest the money, then you can add another box. Every device has its limitations though. NGFW has its own limitations, where it cannot scale beyond a certain point. Those limitations have already been published and users need to be aware of them when they are planning to buy a firewall.

The size of my environment is 3,000 to 4,000 users. We are a larger organization with 60 to 80 VLANs. There are approximately 3,600 endpoints accessing them. Day in, day out, we have a lot of network access change requests coming in that need to be performed. 

In terms of maintaining the firewalls for our space and cost, there are about 15 team members. It is a huge environment with 10 different clusters of Palo Altos. From our operational perspective, we need 15 team members.

On a practical scale, it depends on the size of your organization. If it is a small organization, I think two to three members should be sufficient enough to handle the solution. When you have a smaller organization with a maximum of 20 different VLANs, where there is a size limit of 50 to 100 users/employees, then two or three members would be sufficient enough to handle it. However, it all depends upon the number of endpoints that are the nodes and how many nodes the firewall is protecting.

The technical support is good. I would rate them as 10 out of 10. 

They are able to support me and the issues that have arisen, which have been very minimal. For cases where we break something in the configuration or any bug that is out of control, they are good in understanding and analyzing our issues as well as providing a solution for them. That is why I rated them as 10.

Positive

The initial setup was straightforward, not complex. We migrated from a different vendor to this platform. We had our goals and objectives in front of us. So, we had a good project plan before migrating everything.

I have multiple clusters. For the largest cluster, the migration took three to four weeks.

We used an integrator for the deployment.

We are monitoring the metrics. We have certain metrics to find ROI, e.g., it could be zero-days, the number of inclusions that this solution has blocked successfully, or the amount of malware that it has stopped. We identify this information via the sandboxing feature, which determines what other normal firewalls would have let in. We consider the amount of data that we process and the regulatory fines that would have arisen, if not for this solution. That is how our return of investment is calculated.

If the cost is your main priority, Palo Alto would be a bit high. However, if you are ready to hear about return of investment, then I would convince you to go for Palo Alto.

I am using three or four firewalls from different vendors. I know their capabilities as well as the strengths and weaknesses of each vendor. 

We have evaluated different firewalls and found Palo Alto best suited for boundary networks. Fortinet handles our user-facing firewalls. Between FortiGate and Palo Alto, there is Cisco.

We did a SWOT analysis on all the firewalls. We determined the best firewalls based on their throughput and protection suites. For example, a user-facing firewall doesn't need to be jam-packed with security features. However, a perimeter firewall is between the trusted and untrusted networks, so more security features are needed.

We are using a different DNS Security solution, so we haven't used Palo Alto NGFW’s DNS Security.

Explore the features that the solution offers. There are a lot. If you can use the features to their fullest potential, that would be best. 

If you are just doing an L3 and L4 inspection, then Palo Alto Networks might not be best suited for that environment. If you are going to use the features of an NGFW, then I would tell you about the solution's features and return of investment based on what you are protecting. 

We implemented Palo Alto Networks NG Firewalls as our intrusion prevention system to filter layer seven traffic and perform SSL inspection through deep packet inspection at the application layer.

We use Palo Alto Networks NG Firewalls for layer three packet filtering of east-west and north-south traffic and layer seven filtering through web filtering.

Palo Alto Networks NG Firewalls include Panorama, a unified platform providing a complete overview of our security features. This centralized management tool offers a single pane of glass for monitoring all security touchpoints through metrics, streamlining our network infrastructure protection. As a crucial component of our perimeter defence strategy, Panorama is integral to our overall network security priorities.

The machine learning feature embedded in Palo Alto Networks NG Firewalls for inline, real-time attack prevention is essential for proactive incident response and mitigation.

We realized their advantages within the first month of deploying Palo Alto Networks NG Firewalls. While those unfamiliar with the firewall's capabilities may not immediately recognize the benefits, those with a deeper understanding have seen positive results almost instantly.

Palo Alto Networks offers a diverse range of firewall models, catering to small offices, entry-level needs, and large data centres. This consistency in their product line allows them to effectively secure organizations of all sizes, from small to medium-sized businesses to extensive data centres. Considering their out-of-the-box protection across different work environments, I would give Palo Alto Networks a rating of nine out of ten for consistency.

Palo Alto Networks NG Firewalls have helped our organization reduce downtime by safeguarding against DDoS attacks, phishing attempts, and other malicious threats. These firewalls effectively prevent unauthorized access to our enterprise infrastructure.

The most valuable features are IPS and stateful inspection. Stateful inspection simplifies firewall management by automatically allowing return traffic for established connections, eliminating the need to create separate policies for inbound and outbound traffic within the same session.

Palo Alto Networks Next-Generation Firewalls are expensive and could become more competitive with reduced costs.

I have been using Palo Alto Networks NG Firewalls for five years.

Palo Alto Networks NG Firewalls are highly stable.

Since Palo Alto Networks NG Firewalls are physical hardware devices, they offer scalability but are limited by the hardware's capabilities.

The technical support of Palo Alto is fantastic.

Positive

I previously used Cisco ASA firewalls but switched to Palo Alto Networks NG Firewalls because Cisco ASA does not offer next-generation firewall capabilities like stateful.

The deployment was straightforward, even though we received some assistance from Palo Alto engineers.

The deployment was completed in five days. Prior to execution, we planned the integration of the firewall into our infrastructure. This high-level plan involved identifying the network, provisioning the firewall, connecting network cables, configuring the firewall, and conducting tests.

Our logs indicate a significant number of attempted unauthorized access or attacks on our infrastructure, which the Palo Alto NG Firewalls have successfully blocked. Given this evidence of the firewall's effectiveness in protecting our systems, I believe it demonstrates a strong return on investment.

Palo Alto Networks NG Firewalls are expensive.

I would rate Palo Alto Networks NG Firewalls ten out of ten.

Even though Palo Alto might be more expensive, I would always recommend it because you typically get better equipment for your investment.

Occasionally, we need to upgrade the operating system, which is considered maintenance. Although we have a high availability setup with two firewalls, an active one and a backup, they typically run continuously without issues.

We have 1,000 users across multiple locations that utilize Palo Alto Networks NG Firewalls in our organization.

I recommend always having a proper plan and considering not only the cost but also the technical benefits in terms of the next-generation firewall features offered by Palo Alto.

On-premises

It is on-prem. We wanted to implement a multiple architecture for our network security. That is why we looked at the Palo Alto product. It is famous for its multi-layer security architecture and firewall.

There are five users: two senior expert administrators and one junior administrator from our data center team and two security engineers from our security team.

It has a solid network security with some robust tools. We can block unexpected attacks, especially zero-day attacks. Since they use the Pan-OS engine, they can collect attacks from all over the world and analyze them. They can then protect against zero-day attacks and unexpected attacks.

There are regular signature updates. You are filtering your objects from external sources. It has also helped to prevent external attacks more quickly. We have the solution enabled to prevent SQL injection attacks.

Palo Alto blocks loopholes where we cannot fix all our vulnerabilities, providing protection.

With secure application enablement, we can protect against application ID. 

Another feature is its malware detection and prevention. DNS Security filters URLs, blocks malicious domains, and provides signature-based protection. They also have Panorama security. We prefer Palo Alto Networks for our parameter security because of these features.

It is not like a traditional firewall. It has sophisticated technology that uses machine learning against cyber attacks, preventing them.

The DNS Security feature is capable of proactively detecting and blocking malicious domains, which are a headache because you can never filter enough. Malicious domains increase in number everyday. That is why using machine learning is a perfect solution for preventing these types of malicious domain attacks.

We don't have to use other advanced technologies due to the solution's UTM capabilities, such as antivirus, anti-spam, and anti-spyware.

With its single-pass technology, the firewalls are capable of analyzing SSL traffic using less CPU and memory.

I would like them to improve their GUI interface, making it more user-friendly.

I would like the dashboard to have real-time analytics.

We have been using it for almost three years.

Compared to other solutions, it is very stable.

The technical support is perfect. I would rate them as nine out of 10.

Positive

Before 2008, we used only core firewall architecture for our network. Then, we needed to enhance our security as we moved toward the cloud. We needed to protect our network from external threats so we decided to go with multi-layer architecture. 

We use several products: Palo Alto, Checkpoint, and three products. Among those products, Palo Alto's performance and product security features are very good. 

We only used Juniper firewalls for our core Firewall. We switched because we wanted to move to a multi-layer architecture.

The initial setup was straightforward. The initial configuration took one to two hours. You need to configure the policies and features. Since we had to do performance tuning, it took us two to three weeks.

It is very easy to deploy. It needs two network engineers.

It is a good investment with the five-year extended support. You don't have to pay any additional costs for five years. You also save on costs because you don't need to purchase other products or technology to manage attacks. That can all be done from Palo Alto. We have seen a 20% to 30% return on investment.

Compared to other products, the pricing is flexible and reasonable. 

We did a PoC with several products, then we selected Palo Alto for its enhanced security features and multi-layer aspects. We also selected it for its speed and performance. Performance doesn't slow down when analyzing SSL traffic.

We are currently using a single firewall architecture. Next year, we will probably move to a dual firewall architecture.

I would recommend Palo Alto Networks NGFW, especially for parameter-level security.

I would rate the product as 10 out of 10.

On-premises

Amazon Web Services (AWS)

I'm working in a company that focuses on giving support to different enterprise companies. We help customers with a virtual environment as well as on-prem firewalls.

Before the COVID situation, most of the firewalls were on-prem firewalls, and during the pandemic, there were a lot of problems trying to deliver the firewalls and put them in place. It was taking a lot of time. So, most of the customers have taken a virtual approach for that. A lot of customers with on-prem firewalls are going for a virtual approach.

We are using the most recent version of it.

Palo Alto NG Firewalls help you a lot to have a context of everything. With traditional firewalls or Layer 3 firewalls, we're more focused to determine the source and destination IPs on a specific port. It could be USB or something else, but with next-generation firewalls, you can have more information, such as the user who used it, as well as the application consumed by this user. That's a genuine value that these next-generation firewalls bring in understanding that a user on the network is consuming Port 443 but using Facebook. It is determined by the payload. It can examine the packet, check the payload, and identify the applications. The next-generation firewalls are also more focused on protection.

There are new features that are based on machine learning to protect your network and identify any vulnerabilities. They are pretty good too. With the normal firewalls that we have, the policies are based on ports and IP source and destination. For example, as a part of my policy, I have allowed UDP ports 145 or 345, and for authentication, I have allowed LDAP and other protocols. However, there is a possibility of a breach. Even if I have determined that the traffic is from my active directory servers to the users, when I internally open ports 145 and 345 for all the protocols and all the applications, it creates a vulnerability in my network. If I create the specific rule where I establish that my application is going to be LDAP, and these ports will only be open for LDAP, I am closing the gap. I'm making my network safer, and I'm being more specific and more granular. That's the detail we need nowadays to prevent different types of attacks. The idea is to be more specific and only give the permissions that are needed. We should try to avoid giving more privileges because that creates a vulnerability gap. The customers appreciate being specific and having very descriptive rules for their use cases and blocking other types of communications, which is not that good with normal firewalls.

Palo Alto NG Firewalls embed machine learning in the core of the firewall to provide inline, real-time attack prevention, which is very important. Attackers are innovating every moment, and the attacks are becoming more sophisticated and unpredictable. They are not as predictable as they were in the past. Therefore, it is important to have something at the back in the form of machine learning to help you to interpret and analyze any kind of attack in real-time and protect you from a breach. Technology is very important because you can lose a lot of money or information if you don't have a good security posture and the right tools to prevent a breach or attack.

The machine learning in Palo Alto NG Firewalls is helpful for securing your networks against threats that are able to evolve and morph rapidly. They have advanced threat prevention and advanced URL filtering. WildFire is also useful. It gives you an analysis of malicious files. It detects the files in the sandbox and lets you know in minutes if a new file could be malware, which is helpful for advanced threat prevention. It can quickly give you a lot of context and protection.

DNS security is something that is the focus and a part of the threat prevention profile, and you get different types of options. They collect a lot of information from the experience of other users to determine different problems, such as a malicious page or domain, and use advanced predictive analysis and machine learning to instantly block DNS-related attacks. Their Unit 42 Threat Intelligence team helps the security teams a lot to determine and prevent threats. I haven't had any issue with DNS security. Generally, we recommend the step-by-step approach during the implementation. We recommend starting with a couple of users, analyzing the traffic, and ensuring that the signatures are accurate and policies are established. You have an option to put exceptions for DNS signatures, but in my experience, I didn't have to make many exceptions. You can definitely do it, but it is generally very accurate.

DNS Security provides protection against sneakier attack techniques like DNS tunneling. For DNS tunneling, my approach is to use an SSH proxy. There is a feature in Palo Alto to decrypt SSH traffic and block the application. For example, you see it as SSH, but after you decrypt that traffic, you can see it as SSH tunneling and you can actually block it. You can put things like a sinkhole in order to prevent this traffic.

Palo Alto NG Firewalls provide a unified platform that natively integrates all security capabilities, which is very important. You get a lot of information. For example, in the monitor tab, you can review whether files are transmitted or not, received or not. You can also see the logs related to a threat or a URL that is malicious or is being blocked by your profiles. You have all that information in your hand, and you can review it in a very organized way, which has been very valuable for me. It helped me a lot to understand the problems that a customer can have in the field.

Palo Alto NG Firewalls allow you to enable all logical firewalling functions on a
single platform. You can segment your network into Zones. With Zones, you can separate and allow the traffic in a more specific way. For example, you can separate your visitors or guests into different zones. It is helpful in terms of the cost. This is something that could help you to reduce the cost because you don't have to put in a lot of tools for doing the same thing, but it is something that I'm not an expert in.

The first time I came across these firewalls, what surprised me the most was their web user interface. It is complete and gives you a lot of information. You can do 80% of the things related to your network and firewall through the web UI. In some of the other devices, the UI is not as complete. App-ID is also very valuable in customer networks. When you're seeing a lot of traffic in your network, you can see in your web UI which users have the applications that are consuming the most bandwidth. You have a broad context, which is very good.

Palo Alto can do a little bit better when it comes to the User-ID part. I've been facing problems related to double authentication. You have a computer user, but you also have a VPN user, and when you do a single sign-on to another page, these logs can sometimes generate a problem notification. It doesn't happen a lot, but in some networks, it could be a problem. It would be very helpful to have the ability to restrict the connections that you can have in your VPN. For example, if you have the credentials, you can connect with the same user account from different computers or devices. If you have the domain information, you can connect from different devices. That's a problem that they need to address and resolve. They should ensure that at any moment, only one person is connected through a specific user account.

I have been using this solution for almost five years.

There are no issues with stability. In most cases, they are very stable. 

We recommend our customers to have an HA configuration with active/passive, which is very good in Palo Alto. It takes seconds to change from one firewall to another, which provides reliability and prevents loss of service because of a hardware problem or a network problem on a device. Having an HA environment makes your network resilient.

It depends on the type. If you have a virtual firewall, it is easier to scale to meet your needs. It also depends on the work that you have done during the implementation. It depends on your design, which should be based on a customer's current needs and growth. There are Palo Alto firewalls with different throughput rates to support traffic and encryption. That's why you need to determine and talk about the expectation that a customer has for growth. We do a lot of that so that the customers can have a very robust tool that will help them to secure their network during the coming years without the need to change the device. We understand that it is a huge investment, and they want this product to be there for them for the maximum duration.

For the firewall part, there are complete and very good resources out there to help you. Most of the time, I go through them, and someone has had the same issue in the past. There is a lot of information about the issues that have been solved in the past and how to troubleshoot them. They're very accurate with that. They're very good.

Positive

It depends. If a customer has had another firewall, you need to go through an analysis of their network to understand the rules they have and then translate and introduce them to the Palo Alto methodology. Palo Alto helps us a lot with tools like Expedition, which is a migration tool. Expedition helps you to import the existing configuration from other brands. Overall, it is very straightforward if you have experience. Otherwise, there is a lot of documentation about how you can use the Expedition tool in order to have a successful migration. 

If it is a greenfield deployment where the customer is going to have it for the first time, the configuration is very straightforward. If you don't have any other firewalls, the implementation duration depends on the granularity that a consumer wants and the complexity of their network. The main job is going to be related to the authentication of the users and User-ID. In general, if you have just ten rules, you can do it in three to four days.

In terms of maintenance, they are continuously checking and reviewing if there are some breaches or there are any exploits or new applications. It is continuously updating itself on a weekly or daily basis. They are continuously developing new versions. They have a lot of documentation that we share with the customers for information about the best-recommended version or the version with fewer issues. Their documentation is complete in that aspect, and it gives you a lot of information. You have access to the known issues of released versions. Palo Alto is continuously working on new versions and fixing the glitches of previous versions. You might have to upgrade to a new version because a particular problem is resolved in it.

To someone who says that they are just looking for the cheapest and fastest firewall, I would say that I understand that businesses need to reduce the cost, but such a solution is an investment, and in the future, it's going to help you. If you go to the cheapest solution that could do most of the things, but not all, you could face problems. You could have a breach that would cost you a lot more money than having a good security posture. The number of attacks is going to increase more and more. We have to take them seriously and invest in new and powerful tools for protection. The investment that you do today can save your company tomorrow.

They are trying to come up with new things and innovate every year with new licenses. For example, a couple of years ago, they brought the IoT part, which is something that became popular. They try to innovate a lot and bring out new licenses, but you need to understand your needs to know which licenses are better for you. You should consult a good team and obtain a license that is good for you. That's because not all the licenses are important for your environment. For example, if you are not familiar, or you don't have any future plans for IoT, you don't require a license for that. You should focus on the licenses that you really need and are going to generate value for you. You should focus on your security needs and understand which firewall model can give you the protection and the ability to grow over time based on your projections. Your licensing should include good threat prevention, URL filtering, DNS security, and WildFire in order to have a very secure environment. 

It is a complete solution, and it provides a lot of protection to the users and the network, but it is not something for device protection. For that, you would need something like Cortex, which can help you determine abnormal behavior in an endpoint. 

Palo Alto is trying to combine different products to protect different areas. A next-gen firewall is very good for your network, but, for your endpoints, you can have Cortex. These two solutions can then work together. They speak the same language and have a full integration to protect all your environment. Nowadays, there are a lot of people working from their homes. They are exposed to different types of threats. They connect to your environment through a VPN, but when they disconnect, they do their daily tasks on the device, and while doing that, they may go through a bad page or execute a file that can corrupt the computer. You can determine this and stop attackers from connecting to and infiltrating your network. Palo Alto tries to separate the breaches or the attack areas, and they have a very good product in each area. You can make these products work together in order to have a very strong platform.

I would rate this solution a nine out of ten.

We basically use it to protect our network from various malicious activities out there. We have two subscriptions. We have the WildFire subscription, which is similar to DNS filtering. We also have Threat Protection, which allows the firewall to inspect traffic up to Layer 7. It inspects applications as well as unknown applications, quarantining and stopping things. So, you are not always chasing, "What applications should I be running on this device?" It does a good job of all of that. The management of it is a little tricky, but that is how it goes.

We are running the PA-3250s. We have two of them. They operate in Active/Passive mode. Therefore, if one fails, then the other one takes over. 

It is pretty important to have embedded machine learning in the core of the firewall to provide inline, real-time attack prevention, because all these different attacks and threats are constantly evolving. So, you want to have something beyond just hard pass rules. You want it to learn as it is going along. Its machine learning seems pretty good. It seems like it is catching quite a few things.

There is a web-based GUI to do management, but you need to know how the machine or firewall operates. There are hundreds of different menus and options. I have used other firewalls before. Just implementing or designing a policy with Palo Alto, if you want a certain port to be open to different IP addresses, then that could take 20 to 25 clicks. That is just testing it out. It is quite complex to do. Whereas, with other places, you tell it, "Okay, I want this specific port open and this IP address to have access to it." That was it. However, not with Palo Alto, which is definitely more complex.

The VPN is only available for Windows and Mac iOS environments. We have a variety of iPads, iPhones, and Android stuff that wouldn't be able to utilize the built-in VPN services.

I would like easier management and logging. They can set up some profiles instead of having you create these reports yourself. However, you should be able to set it up to give you alerts on important things faster.

We have had this in place for four years. I have been at the school for almost a year and a half. So, this is my second year here at the school, so my experience with it has probably been a year and change. I use other firewall solutions, but I have gotten pretty comfortable with the Palo Alto solution.

It is very stable. We have never had any issues with any failures on it.

I haven't felt any performance lags on it. It has been handling everything just fine.

We purchased it a few years ago. Since then, we have had a lot more clients on our network, and it has handled all that fine. You go into it and just have to scale it higher. Palo Alto doesn't give you too many choices. There is not a medium; it is either very small or very big. So, you don't have a choice in that.

We have never had to call Palo Alto. Secure Works does all our support maintenance on it.

I have been here for a year and a half. Before, the firewall that they were using (Barracuda) was barely adequate for what we were doing. We got new ones simply, not because we had a software/hardware-type attack, but because we had a social engineering attack where one of the folks who used to work for us went on to do some crazy things. As a result, the reaction was like, "Oh, let's get a new firewall. That should stop these things in the future."

The initial setup was pretty complex because they did not do it themselves. They actually hired some folks who put it in. 

We use Secureworks, which is a big security company. They actually send an alert when there are problems with the firewall or if there are security issues. They handled the deployment. 

We also use another company called Logically to monitor the firewall in addition to all our other devices.

Active/Passive mode is very redundant, but they require you to buy all the associated licensing for both firewalls, which is kind of a waste of money because you are really only using the services on one firewall at a time.

I would suggest looking at your needs, because this solution's pricing is very closely tied to that. If you decide that you are going to need support for 1,000 connections, then make sure you have the budget for it. Plan for it, because everything will cost you.

If another school would call and ask me, I would say, "It's not the cheapest. It's very fast, but it's not the cheapest firewall out there."

I have been looking at different firewalls because our service and maintenance contracts are up on it. We have two different outsourced folks who look at the firewall and help us do any configurations. My staff and I lack the knowledge to operate it. For any change that we need to make, we have to call these other folks, and that is just not sustainable.

We are moving away from this solution because of the pricing and costs. Everything costs a lot. We are moving to Meraki MS250s because of their simplicity. They match the industry better. I have called the bigger companies, and Meraki matches the size, then the type of institution that we are.

If someone was looking for the cheapest and fastest firewall product, I would suggest looking at the Meraki products in the educational space. I think that is a better fit.

Its predictive analytics and machine learning for instantly blocking DNS-related attacks is doing a good job. I can't be certain because we also have a content filter on a separate device. Together, they kind of work out how they do DNS filtering. I know that we haven't had any problems with ransomware or software getting installed by forging DNS.

DNS Security for protection against sneakier attack techniques, like DNS tunneling, is good. I haven't had a chance to read the logs on those, but it does pretty well. It speaks to the complexity of the firewall. It is hard to assess information on it because there is just a lot of data. You need to be really good at keeping up with the logs and turning on all the alerts. Then, you need to have the time to dig through those because it could be blocking something, which it will tell you.

I haven't read the NSS Labs Test Report from July 2019 about Palo Alto NGFW, but it sounds interesting. Though it is a little bit of snake oil, because the worst attacks that we had last year were purely done through social engineering and email. I feel like this is an attack vector that the firewall can't totally block. So, before you put something in, like Palo Alto Firewalls, you need to have your security policy in place first.

I would rate this solution as eight out of 10. Technically, it is a good solution, but for usability and practicality, I would take points off for that.

We are a consulting group that specializes in deploying Palo Alto Networks NG Firewalls for a telecom-related partner in Pakistan. Additionally, we implemented global protection for remote users. Furthermore, we configured different policies for internal users based on their job designations and privileges, such as URL filtering and application controls.

Palo Alto Networks NG Firewalls' advanced machine learning capabilities offer real-time attack prevention and are crucial in our security setup. We implemented a multi-layered security approach and are currently working towards a zero-trust model, including defense for development. According to the Gartner report, Palo Alto ranks second after Check Point, highlighting the significance of security in our environment.

We access all the firewalls via Panorama. We configured certain global user profiles to allow access to our site for remote or work-from-home situations, which we then access through GlobalProtect.

Before we started to use Palo Alto Networks NG Firewalls, we had a different FortiGate firewall that presented several issues such as deep security URL filtering and throughput issues. However, with Palo Alto, we were able to address these problems, particularly with the use of parallel processing. We have successfully deployed inbound and outbound SSL inspection, as well as different URL filtering, making Palo Alto a more resilient option compared to other products.

It is important the solution provides a unified platform that natively integrates all security capabilities. Compared to other products, Palo Alto Networks NG Firewalls' unified platform is a ten out of ten and suitable for all environments. 

Palo Alto Networks NG Firewalls help fill security leaks by enhancing confidentiality, integrity, and availability.

Palo Alto Networks NG Firewalls help automate multiple security tools and unify them.

The solution assisted us with managing our network operations and reducing related costs. We use various Network Management Systems to monitor our network, including Palo Alto which we monitor from its dashboard. Additionally, we use various Security Operations Center solutions, as well as SolarWinds. We also utilize different monitoring platforms to track network traffic.

The WildFire feature offers protection against Zero-Day attacks, and we find that Palo Alto is a valuable tool for mitigating such attacks using WildFire.

Palo Alto's single architecture provides parallel processing and reliability as well as superior visibility compared to other products. The reporting feature is excellent and can impress management during presentations or when accessing logs.

The application IDs, application controls, URL filtering, visibility, monitoring, and reporting are the most valuable features.

I would like to have an on-prem sandbox solution included in a future update.

The cost has room for improvement.

I have been using the solution for five years.

I give the stability a nine out of ten.

I give the scalability a ten out of ten.

The technical team is good.

Positive

The initial setup is straightforward. I give the setup a ten out of ten. The deployment took three months to complete. We require five to six people for deployment.

The implementation is completed in-house.

The cost of Palo Alto Network NG Firewalls is significantly higher compared to Huawei. For instance, while we can buy a Huawei box for 100 rupees, a Palo Alto box costs 100,000 rupees.

I give the solution a nine out of ten.

Palo Alto Networks NG Firewalls is an impressive product.

The solution is used for our enterprise clients.

Although Palo Alto is not the most inexpensive firewall solution, it is worth the cost to ensure proper protection for our networks.

Palo Alto PA-400 series cost and performance for small offices are good.

On-premises