Palo Alto Networks NG Firewalls Reviews

Our primary use for the solution is as a perimeter device and firewall. 

Suppose a packet enters our organization with a new, unknown signature. In that case, the firewall can upload it to the primary database and generate user alerts to inform users of the malicious signature, blocking it if necessary.

The solution's most valuable feature is the robust firewall, which we can also use as a UTM device. 

The Wi-Fi analysis and zero-day threat prevention are very good features. 

The product defends our production, blocks files, and prevents data leakage. It's a complete package for advanced security, which is excellent for a firewall.

It's beneficial and vital to us that Palo Alto NGFW embeds machine learning in the firewall's core to provide inline, real-time attack prevention. Suppose it observes any abnormalities in our traffic. In that case, the product can detect that through machine learning and generate a lock so we can mitigate an attack or a vulnerability in the system.   

Palo Alto NGFW's machine learning works well to secure our network against threats that can evolve and morph rapidly. A particular strategy we encounter on our system is when a packet comes in and behaves abnormally. Palo Alto detects the abnormality, generates an alert, and responds based on our policies by blocking or discarding the package.   

We use the firewall's DNS security, and it's excellent for blocking DNS attacks thanks to the continuously updating Palo Alto threat database. For example, the product blocks users from accessing sites with a known malicious DNS.

The price could be more friendly, which would be good for Palo Alto and us. If the price were a little lower, then it would be a viable option for mid-level businesses, who may not be able to deploy at the current price point.

We've been using the solution for one and a half years. 

The solution is very stable and robust. 

The product is scalable and very easy to configure; we enjoy the configuration and operation of the firewall. 

We contacted Palo Alto technical support on several occasions, and they're excellent; they always try to resolve our issues as soon as possible. 

Positive

We previously used Cisco ASA and Check Point NGFW and switched to the Palo Alto solution because it offers more robust and complete protection and features.

The initial setup is straightforward, and it depends on the network configuration. If we want to make few network changes, we can deploy the firewall in Virtual Wire mode, and we don't have to mess with IP addresses and so on. If we want to deploy with a new configuration, we can do that in Layer 3 mode.

If we upload a pre-planned configuration to our network firewall, the deployment can take as little as 10-15 minutes. We have a team of nine engineers responsible for daily policies, troubleshooting, etc.

We deployed via an in-house team; we have a big team, so we deploy ourselves whenever possible.

The solution is worth the money for organizations operating in critical environments with lots of sensitive data and information. Data leaks can lead to broken trust with clients and a suffering reputation in the business community, including brand damage.

Palo Alto NGFW is relatively expensive compared to the competition.

I rate the solution 10 out of 10.

Palo Alto NGFW provides a unified platform that natively integrates all security capabilities, which is an important feature. It provides a robust kind of security counter at the perimeter level.  

The solution's unified platform helps eliminate security holes. For example, the firewall can easily block attempted SQL injections with the help of App-ID. 

Palo Alto NGFW's unified helped to eliminate multiple network security tools and the effort needed to get them to work with each other. The solution provides vulnerability assessment and protection, antivirus prevention, data leak prevention, file blocking, site blocking, and application blocking, all in one product. It's an excellent firewall device and very useful for our network. 

We have the zero-delay signatures feature implemented with our firewall, and it's essential because attack signatures are updated immediately. Attackers are trying to find new ways to harm our network daily, and the zero-delay feature makes it so that the network is updated in seconds, and the first user to see a new threat is the only one to experience first exposure. This functionality improved our security.   

To a colleague at another company who says they are looking for the cheapest and fastest firewall, it depends on their environment. I recommend Palo Alto or Check Point if they are a financial institution. If they are a mid-level non-financial institution, I recommend Cisco Secure Firewall because it's also a good firewall.

To someone looking to use Palo Alto NGFW for the first time, analyze the packet flow of your organization and understand which types of packets you're getting and which type of services you are providing in your data center or enterprise. Multiple data centers require a high security level, so I recommend activating the Layer 7 feature.

The biggest lesson I learned from using the solution is the importance of following all the steps in the operation manual when upgrading or updating. 

We use the solution for IPS. Palo Alto's firewall is really good compared to firewalls like FortiGate, Cisco, or any other competitor.

We're able to monitor traffic based on the source destination and geolocation. The firewall allows us to restrict user access. For example, we have restricted user access to the chat feature on Facebook.

There are about 170 total users on the client side. On the administrative side, we have two or three people.

We're using version PA-200. The solution is deployed on-premises.

We reduced access to unwanted websites by 80%. It allows us to optimize user efficiency. For example, I have restricted the calling feature on LinkedIn, so people can still use LinkedIn, but they aren't able to dial out or receive calls.

We restricted social media sites so that only basic features can be used. The monitoring functionality allows us to see which users are using which websites,  the frequency, and the level of usage. It improves the network monitoring in our organization and gives us the required control level to restrict user access.

Palo Alto Next-Gen Firewall has Panorama, which is a unified platform that natively integrates all security capabilities, but I haven't worked with it yet.

The unified platform gives us more visibility and restricts unwanted guests and unwanted traffic. It gives us more insight into network traffic so that we can analyze it.

It helps eliminate multiple network security tools and the effort needed to get them to work together. Previously, I used other network monitoring tools for bandwidth monitoring. Now, the security features and wireless detection are in a single platform, so it definitely reduces the need for multiple platforms.

It has affected our network operations and network-related costs, but it's not the main benefit. The main benefit is the visibility and not having to maintain or manage multiple platforms. It's a bit costly because it has a lot of features, and each feature has a cost. It's important to do a cost-benefit analysis and know the requirements of your organization. We don't have to manage five to seven platforms and we're getting all the information in a single platform, so we can compromise a little bit on the cost side.

The packet level inspection is the most valuable feature. The traffic restriction features allow us to restrict the sub-features of any platform.

I really like the security aspects. That's why it's highly rated on Gartner. The antivirus definitions, updates, and malware detection are pretty good.

It embeds machine learning in the core of the firewall to provide inline real-time attack prevention, which is a very nice feature. It's part of the add-on services subscription. The autonomous behavior toward malware and potential risk is pretty good. 

Machine learning is really good to have. We received some false positives with machine learning, which was the main problem we had with it.

It's very important to me that the solution integrates natively with security solutions. Inside attacks are very rare. Most attacks are generated from the outside or from a public site, so having Palo Alto is really important on a public site.

Palo Alto is like Microsoft. It has varied features, but it's too technical. A lot of the features could be simplified. The procedure, process, features, and usability could be more simple.

It's too complex and sometimes the process to implement a single thing is hectic.

I have been using this solution for about eight months.

The solution is stable.

It's scalable. If you use the virtual solution, you may need to change the subscription.

I haven't directly worked with Palo Alto's technical support, but their community logs have been really helpful and we can find the answer to almost anything. The documentation is good.

We previously used Fortinet and Cisco.

We switched to Palo Alto because it's an all-in-one solution. We were attracted by its level of detection, level of monitoring, and level of packageable inspection.

The setup is straightforward. Deployment took a week. 

I haven't used it inline directly. First, I did a port mirror. Once I was fully satisfied with the level of detection, I put all of my traffic through it.

We use two or three administrative staff for maintenance. 

The price is high.

We evaluated other features, but we chose Palo Alto early on in the process because of the features and usability.

I would rate this solution an eight out of ten. 

In terms of a trade-off between security and network performance, I would rate it more toward network security. We have a lot of other alternatives for monitoring but not for the security side or antivirus detection.

I would highly recommend Palo Alto. If you want a cheap solution, I would recommend Sophos. But if someone is looking for real-time protection, I would suggest that they go with the virtual instance of Palo Alto, which is PA-200 VM, because it simply fulfills our requirements.

For personal use or SMEs, the price of PA-400 is high, but the security and performance are worth it.

The solution is more towards the front of the security stack.

We use both AWS and Alibaba Cloud.

The single pass architecture has helped a lot in the implementation and maintenance of Palo Alto Networks. It changed the customer's opinion on UTM platforms. In the past, when customers used UTM platforms, they feared the security features would impact the performance and slow down the network, causing some instability. However, with the single pass architecture, Palo Alto has demonstrated that you can use a lot of the security features without having an impact on the security and network performance. Therefore, most of our customers will dare to use most of Palo Alto Networks' security features.

• Application identification
• Antivirus
• Vulnerability protection
• URL filtering
• SSL VPN
• IPsec VPN

Palo Alto NGFW provides a unified platform that natively integrates all security capabilities. Most of our customers are busy. They cannot afford the time to learn very complicated user interfaces and configuration procedures. With Palo Alto Networks, they offered a unified user interface for all its NG Firewall products and Panorama. I think it reduces some of our customers' maintenance time. 

Palo Alto NGFW’s unified platform has helped our customers eliminate security holes. With a unified platform, customers can deploy the NG Firewall both in the data center edge, inside the data center, and in the product/public cloud environments. They have the same user interfaces and platform, so they can be maintained by a single unified platform called Panorama. Customers can use Palo Alto Network NG Firewalls in all the places where they need to protect their environments. This helps to decrease security holes.

Over the past one or two years, Palo Alto Networks has added a lot of features into the NG Firewall products. I think this is becoming more complicated for our customers. Therefore, we could use some best practices, best practice tools, and implementation guides for some of the complicated features.

I have been using it for eight years, though my company does not use it.

Compared to its competitors, the stability of NG Firewalls is very good. We have faced some strange problems with the hardware platform or operating system. Most of these customer cases come from complicated configs and bugs. However, stability is very good overall.

Scalability is not that good. Palo Alto Networks NG Firewalls product is for middle-sized and small businesses. It has fixed parts and capacities for processing. Some of their higher-end products have the scalability to expand capacities, but only a few customers can afford their larger product.

I would rate it as eight to nine out of 10. Most of the technical engineers, who provide support for our customers, are efficient. There are one or two Tier 1 tech support engineers who often don't have answers.

Palo Alto NGFW’s unified platform has helped to eliminate multiple network security tools and the effort needed to get them to work together with each other. Before using Palo Alto Networks NG Firewalls, customers might need to implement Layer 4 firewalls, IPS and possibly an antivirus, gateways, and maybe web proxies for all their devices. With Palo Alto NGFW’s unified platform, if a customer can do all the config and security policies on one platform, then this will merge all their security things onto a single platform.

The initial setup is not complex; it is straightforward. Our users only need a cable and some basic steps to configure the management interface. Then, it can set up the NG Firewall and ensure that the network and routing are working as expected in the environment. I think its steps are easier than most of its competitors. The initial setup takes one or two hours.

The full setup time depends on the features, then whether the environment or customer needs are complicated or not.

For our implementation strategy, we talk to our customers and work out documents for all their configs, which includes basic information that we need to know for implementing the firewall. Then, we follow the documents and do the implementation. We also may modify some content of the documents as the project processes.

It needs one or two employees with enough skills to manage and maintain it. They may need to modify firewalls, firewalls security rules, and possibly inspect alerts that are generated from firewalls.

By having a customer operate on a unified platform, they can do the application control, traffic control, threat protection, and URL filtering on a single platform. This effectively reduces the workload on all their networks and security tools.

Cheap and faster are the opposite sides of security. Security inspections have some technical and money costs. If you just purchase some cheap, fast firewalls, then you will lose a lot of the security features and fraud protection capabilities.

My company uses Cisco Firepower NGFW Firewall, not Palo Alto Networks NG Firewalls. We started our cooperation with Cisco a lot longer than with Palo Alto Networks. We have been working with Cisco to expand their business in China for more than 20 years, which is why the leaders in our company might be choosing Cisco products.  

Most of our customers have been using Palo Alto Networks for a long time and do not want to change to another vendor. The unified user interface is a big benefit for them.

Palo Alto NGFW’s DNS Security is an effective way to detect and block DNS tunneling attacks, because most competitors do not have these techniques to detect the DNS tunneling on a single device. They require maybe a SIM or some analysts. So, this is something quite creative for Palo Alto Networks.

For our customers, I would tell them that Palo Alto Networks NG Firewalls is easy to use, but probably difficult to master. It has a very easy to use interface and configuration utility, but it has a lot of advanced features that need some deep knowledge of the product.

No product can guarantee 100% evasions being blocked, but I think Palo Alto is among the top of the threat inspection vendors. From the NSS Labs Test Report, we can see that Palo Alto Networks always has a top score.

Machine learning in a single firewall is not that accurate or important for our customers. Since it will only see some network traffic, it cannot connect everything together, like endpoints and servers. Therefore, our customers do not value the machine learning techniques on a single firewall very much.

We may review the alerts generated by machine learning modules, then we can see if the alerts are real alerts, not false positives. This may tell us how efficient machine learning is.

Very few customers in China have used the Palo Alto NGFW’s DNS Security module. It is a new feature that was introduced only two years ago. Customers already know what the product can provide in terms of protection. Its DNS Security provides something that is not really easy to understand. Also, it increases the cost of the firewall because it requires another license to be implemented, and the cost is not low.

DNS Security is very impressive, and I think it will be an efficient way to block the rapidly changing threat landscape and maybe Zero-day attack methods.

Biggest lesson learnt: If you want to protect something, you need to gain visibility of the entire network. NG Firewalls provides a deep visibility into network traffic.

I would rate Palo Alto Networks NG Firewalls as nine out of 10.

We are managing services for our customers. I am mostly dedicated to Palo Alto.

I have had a very good experience with Palo Alto firewalls and Panorama. We have used Palo Alto firewalls for multiple use cases. We have used them at the perimeter as well as in the data center. I have experience in 5000 series, 7000 series, and 3000 series. I have worked with most of them.

We are able to meet 99% of the requirements of our customers. It is a good solution to have in the data center as well as at the perimeter.

Palo Alto Networks NG Firewalls provide a unified platform that natively integrates all security capabilities.

Machine learning as well as AI have been added. About 99% of new malware or signatures can be blocked with machine learning and AI. Rather than sending these new signatures to a verifier, they are automatically blocked by leveraging machine learning and AI.

Palo Alto has different types of series. They have 800, 400, and 200 series for small branches, and then they have 1000 series for smaller branches. For a data center, they have the 3000 series and 5000 series. For big ISPs, they have 7000 series where we can also do virtualization. We can have separation and even multi-tenancy at the core level, which is something amazing. Also, we can share policies, objects, and virtual systems. That helps the network infrastructure security engineer to achieve their use cases. It provides a fast and amazing experience.

There is a reduction in downtime because it is a stable firewall. It helps our customers to have a stable network. Most of our customers have high availability. If the customers configure it well, they will have a good experience. They will not have any data loss.

It has a very good user interface. The documentation is also very good. It is very useful for monitoring things.

The integration with RADIUS, LDAP, and other servers also works very well. API integration is also very nice. The way security policies can be configured is also amazing. The Quality of Service can also be achieved. All these things are nice.

Palo Alto is a leader in the market when it comes to performance, virtualization, and the cloud platform. It is working well. In my opinion, nothing can be added at this time. However, when it comes to the cost, Palo Alto firewalls are the most expensive.

I have been working with this solution for about seven years.

It is stable. Almost everything is fine.

It is fairly scalable. Especially when you have a firewall as a service, scalability is good. Even if it is a physical firewall, a customer can simply do a tech refresh.

Their technical support is good, but they take time. Most of the time, they are occupied. We experience delays in their replies.

Neutral

I have experience with other products such as Cisco ASA, Cisco Firepower, Fortinet FortiGate, and Fortinet FortiManager, but I have mainly worked with Palo Alto firewalls.

The main competitor is Fortinet FortiGate. Palo Alto firewalls provide more control over features and give you more capabilities for control. The administrator has the required visibility to do that. Fortinet seems to have a UTM solution with multiple network and security features comprising Fortinet FortiGate, FortiSwitch, FortiAnalyzer, and FortiManager.

Our customers deploy these firewalls in the cloud as well as on-premises. On-prem, it is straightforward, but on the cloud, you require a different design.

In terms of the implementation strategy, we need to size the firewall in the correct way. For maintenance, there should be a support contract for each and every security solution, especially for the firewalls because they are very critical.

I am not from presales or sales, but as a brand, Palo Alto is more expensive than other firewalls. They have different licenses. As a customer, if you know what you are going to purchase exactly, you will get a good price. The price will vary based on whether you are going for the 7000 series, 5000 series, or 3000 series.

Overall, the price makes sense because you have IoT security, antivirus security, DNS security, anti-spyware, and many other features. They have a solution to implement SASE. So, it is very expandable for new challenges, and the return on investment can be achieved simply.

I would rate Palo Alto Networks NG Firewalls a nine out of ten.

I have used it in a couple of different ways. One way was to use it as a perimeter device and to act like a traditional firewall for controlling the traffic in and out of the network and doing intrusion detection. It was more of a filtering-type device for remote access and VPNs. 

At another job, we used it as a site-to-site VPN. We scanned customer applications and code over a site-to-site VPN. These were the two main use cases that I have done over the last eight years with Palo Alto.

It integrates very well with AWS Cloud. We use the VM-Series of Palo Alto firewalls. It is good.

It is very important that Palo Alto Networks NG Firewalls provide a unified platform that natively integrates all security capabilities. That is because it is a very sophisticated environment when you start talking about the cloud and software-defined networking. When you think about that level of complexity, to have somebody like Palo Alto and AWS work together to make the deployment of those devices seamless is an incredible benefit to users.

There are different types of modules to provide defense for customers. It is pretty amazing.

It can secure data centers consistently across all workplaces. It is no secret that Palo Alto has made a large footprint in the industry when it comes to those types of security services. When you talk about the data centers and things like that, Palo Alto scales well. They are doing a great job.

In terms of downtime reduction, downtime is relative. There are many different types of elements that can cause downtime. It could be some type of attack or just a configuration change. However, things like Panorama and high availability embedded in the platform allow for high availability.

The ease of updating the platform was valuable. We could easily update the OS and different modules within the platform. It was a fairly user-friendly and easy-to-use platform. 

We found it to be fairly stable as well. It was largely stable.

Overall, when you consider how sophisticated the appliance or the platform is, they have done a remarkable job. It is probably as good as it can be in terms of being highly sophisticated but having a very small leap to learn the platform and deploy it. I do not have many complaints about the platform.

I have worked with this solution for about eight years.

Palo Alto has a great support ecosystem. I only had one issue with somebody, but we got that addressed. It was just like any industry or business. You are going to have some people who do not want to act right, but overall, they have high-quality support.

I would rate them an eight out of ten. I am a customer, and I am involved in high-pressure situations. I am always going to say that I want a quicker response, but when I am being flat-out honest and reasonable, they are as good as they could possibly be without overstepping.

Positive

We have used Check Point. I did not like Check Point at all. It is very cumbersome, so I definitely would not recommend it. 

I found the Cisco ASA line to be overly complicated for what it needs to be, but that is the history of Cisco. They have very capable devices, but they are definitely not as friendly, in my opinion. I would give a nod to Palo Alto. Palo Alto GUI seems to be a little bit easier to navigate. Cisco devices have always been very capable, but they have a steeper learning curve.

It is fairly simple. It is as simple as it can be to get started.

The number of people required depends on the environment and the type of project that you are doing. If you are designated to deploy it as a perimeter device, you do not need that many people. If you have a situation where it is in the cloud and you have to do a lot of other things to get traffic to the device, configure the interfaces in the cloud, and later create policies and bring everything into Palo Alto, it is a more sophisticated process. You need somebody very knowledgeable about that, or you need multiple people to work that out.

We have had some complex scenarios, but I was fairly knowledgeable about AWS and the firewalls, so I was able to put everything together myself. I did not require any third-party help.

It is a pretty significant return on investment if a device does what it says it will do, and it has a small learning curve and good stability.

I do not have much opinion on that because I have not been involved in the procurement process of the Palo Alto devices with the exception of pay-as-you-go through AWS, but all of this stuff is very expensive, in my opinion.

I will be a little bit pessimistic and rate it a nine out of ten, but I feel that it is a ten.

I am using it primarily for on-premise network protection.

I find all the features valuable, including the segmentation and cloud-distributed security profiles. The Altice Optice spyware, URL protection, and additional features are valuable since they prevent breaches and downtime. I can put it in standby mode and failover to another firewall if needed, which enhances security.

The product is already good, so I do not have specific future features to recommend. These are not the cheapest firewalls; they are quite expensive.

I have been using the solution for about ten years.

The product is very stable. I hardly encounter any stability problems.

Scalability is not really the case. Since the NextGen Firewalls are hardware-based, if I want to scale up, I need new hardware. It is not really scalable.

Customer service is great. I always work with a support center, and they escalate issues to Palo Alto if needed. It depends on the support center, and sometimes, if there is a complex problem, it can take a while. However, most of the time, it is quite fast. I would rate it at eight or nine out of ten.

Positive

It is hard to measure security benefits as long as I am secure and not experiencing issues.

Solutions like Fortinet are available. I always receive orders from Fortinet offers something similar to the Palo Alto universe, however, it is always more expensive.

I would suggest implementing virtual software firewalls. This allows scaling to any size and migrating to the cloud if desired. I would rate this firewall a nine out of ten. It is a very good firewall.

We partner with vendors primarily to foster better understanding and relationships. Our core business is system integration, where we cater to diverse customer requirements. A customer might approach us with a specific need, and we deliver. A product like Palo Alto's XDR or EDR endpoint protection is popular due to its features, but ultimately, the choice depends on individual customer requirements, including extra services or integrations. We currently have around six customers using Palo Alto.

Aside from the usual content filtering and application filtering, the primary driving force for Palo Alto Networks NG Firewalls has been the SD-WAN. Additionally, ADR has also been a significant factor. All our clients also use Palo Alto as their firewall solution.

Palo Alto NG Firewalls offer a comprehensive platform that consolidates all security features, making them the preferred choice for our clients implementing SD-WAN and ADR solutions due to their integrated threat management capabilities.

Palo Alto NG Firewalls' embedding of machine learning into the firewall's core is crucial. They provide a cloud-based sandbox platform, enabling offloading of numerous tasks and offering AI-powered solutions to detect advanced or new threats. Palo Alto's methods for achieving this are impressive.

Some of the benefits our clients have seen using Palo Alto NG Firewalls include rapid deployment to their branches thanks to SD-WAN, improved control over branch networks, and enhanced overall environmental protection. It's important to remember that firewall security is product-dependent, and attackers often target widely deployed products for maximum impact. This explains the prevalence of attacks on popular firewalls like FortiGate and Checkpoint. Interestingly, Palo Alto is not as frequently targeted because attackers seek large-scale impact, making niche platforms like Palo Alto less appealing. Staying on a less common platform can offer a security advantage by attracting less unwanted attention from potential attackers.

Palo Alto NG Firewalls help secure our data centers across all workplaces. We also leverage a cloud platform for edge security.

Palo Alto NG Firewalls help reduce our clients' downtime. They are rarely attacked, and their uptime is over 99 percent.

Our clients find the most valuable features in Palo Alto Networks NG Firewalls to be the user-friendly interface, extensive capabilities, and highly granular rule creation process. This level of granularity allows for precise control and customization in network security policies.

Some of our clients find the price of the NG Firewalls to be expensive.

The UI needs to be more user-friendly to attract novice users.

I have been using Palo Alto Networks NG Firewalls for four years.

I would rate the stability of Palo Alto Networks NG Firewalls nine out of ten.

The entry-level Palo Alto Networks NG Firewalls lack scalability, but their higher-end counterparts offer this feature. Overall, I would rate their scalability a six out of ten.

The Palo Alto support is excellent.

Positive

The initial deployment is straightforward for technical people. The number of people required for deployment depends on the environment, but one or two people are usually sufficient. For example, in a branch scenario, one person might handle the headquarters while the other visits the branches. However, even at headquarters, there could be more than one person depending on the customer's services, enabling them to collaborate on creating rules, modifying requirements, or gathering information while someone else focuses on the deployments.

Usually, our clients see a return on investment after the first year of deployment.

I find the pricing of Palo Alto Networks NG Firewalls to be reasonable. The price is based on that selected package, with the lowest starting at $3,000 annually.

I would rate Palo Alto Networks NG Firewalls nine out of ten.

I would recommend Palo Alto Networks NG Firewalls, but it ultimately comes down to the organization's needs. Some organizations are almost entirely cloud-based, while others rely on the Internet for a few specific tasks and may have on-premises processing or branch offices. The ideal firewall solution varies depending on the specific environment and use cases; a firewall that performs well for one organization might not be the best fit for another.

The primary reason people opt for cloud or hybrid solutions is to manage workloads or services already operating in the cloud. This trend extends to Palo Alto Networks NG Firewalls, where the cloud versions are gaining popularity. However, many users prefer the on-premise version of the firewalls to safeguard their on-premise infrastructure. This may involve physical or virtual appliances as long as they remain on-premise and not in the cloud.

Other than updates, Palo Alto Networks NG Firewalls rarely require physical maintenance because most data centers are clean.

Palo Alto Networks NG Firewalls are excellent firewalls but require technical expertise and dedicated resources for deployment. However, with technical know-how, they are easy to configure and deploy and offer flexibility for adaptation to various environments. We highly recommend them for SD-WANs and VPNs due to their high compatibility.

We use Palo Alto Networks NG Firewalls as internet firewalls, LAN or WAN firewalls, as well as data center firewalls.

When you apply App-ID and User-ID and Content-ID, you will protect your environment more than with any other firewall. That's because Palo Alto is a leader in App-ID. They invented it. It knows the application and who's communicating with it, and how it is used inside a network. If you use Palo Alto as your internet firewall, for example, when your employee accesses the internet, you will determine which applications he's communicating with, including which ports and the behavior of the user. That helps protect your environment.

The Palo Alto NG Firewalls unified platform has helped to eliminate security holes in our customers' environments. When you have multiple firewalls from Palo Alto to protect more than one segment, such as the LAN, WAN, internet, and data center segments, you can manage all of these from a single point with Palo Alto Panorama. It makes it easy to configure and monitor all of these segments.

The most valuable features are the power of the threat prevention and the WildFire service. Its strength comes from the huge number of sensors all over the world. The firewalls have a rich library of signatures.

Also, the new generation of Palo Alto firewalls includes machine learning embedded in the hardware itself and that is effective in the new era of attacks. Nowadays, we don't know the behavior of the attacks, so we need a product to learn along with us: How an attack will affect us and how the attack will enter a corporate environment. That's why the machine learning aspect is important.

They also provide a unified platform that natively integrates all security capabilities. You can configure or change anything in the firewall itself from the management console, and there is a separate console for managing all the firewalls you have, called Panorama. It's a very good central manager. I like Panorama. It is the most powerful and capable central manager of firewalls. It gives you very rich information about your environment, and what is moving inside it. It helps you to configure it easily.

It's also important that the NSS Labs test report from July 2019 about Palo Alto's NG Firewalls showed that 100 percent of the evasions were blocked. NSS Labs is the most accurate public report that all my customers want to see. All my customers ask about NSS Labs and where Palo Alto is positioned in their reports. To position Palo Alto, I will show my customer the NSS Lab report. It's the most important report.

In addition, in the last two series, Palo Alto separated the engines. That means you will not face any issue with the performance or the firewalls. There is an engine for performance, an engine for the IPS, and another engine for other features. There isn't only a single engine responsible for all these features.

The IoT could be better. IoT environments will be part of IT and measuring these zones will make your IT environment more resistant to attacks. You need a powerful firewall to secure the IoT segment, the same way that Palo Alto Firewalls do for the IT segment.

Also, if you enable SSL you will face a problem. The throughput of the firewall will be degraded. SSL is a big issue on all firewalls. All products suffer from issues with SSL, but Palo Alto firewalls suffer more from it.

I have been using Palo Alto Networks NG Firewalls for at least four years, but for my company it has been almost 10 years.

I have worked with many Palo Alto models, including the PA-3000 Series, the new PA-3020 Series, and the new-generation PA-3400. I have worked with the PA-800 Series and the 5K as well.

Our company provides services for the whole cycle, from design and sizing to ordering and implementation. We provide all professional services. And we support systems after implementation.

It's a very stable firewall.

If you choose a model, from PA-3000 or PA-400, or the PA-5000 Series, you should size it correctly from the beginning, and you must consider expansion, otherwise you could face a big problem, as it's not scalable. But, if you have a big company, and you've chosen it as a data center firewall, you can choose a modular version, so that it is easily scalable.

There are two types of support. If you choose partner support, you will face a big problem because it will take more time to reach Palo Alto. But if you choose direct support from the vendor, they will support you very well.

Positive

It's very simple to deploy Palo Alto NG Firewalls into our clients' environments. One of my professional service team engineers was able to do an implementation on his own after shadowing just one implementation. He didn't take any courses or do any formal training. He was just a shadow on a single implementation. After that, he did an implementation. It's a very easy firewall.

The time it takes to deploy this firewall depends on the environment. If it's a complicated environment, a big corporate environment, the number of policies and rules and segments will be the determining factor. But it won't take that long. If you enable App-ID, you will need more time. App-ID is one of the most powerful tools inside NG Firewalls from Palo Alto, but it needs professional engineers to implement it. After that, you will have a very good security tool.

Our customers certainly see ROI from Palo Alto firewalls. For example, if a bank doesn't have Palo Alto firewalls, or any technology from Palo Alto, they will face many attacks, which would be resolved by Palo Alto. These attacks could compromise some of their customers and result in taking their money. What will the bank do then? The ROI comes from protecting customers.

Palo Alto is one of the most expensive firewalls in the world. Everyone knows that. But you need at least one layer from Palo Alto to protect your environment because it is the strongest company in the security field.

The licensing model for container security is complicated for me and for my customers.

I deal with Fortinet Fortigate firewalls, Forcepoint firewalls, and Cisco firewalls every day. We sell and implement them, like Palo Alto.

Palo Alto now has the IoT license on the firewall. They can protect you from DNS attacks. The WildFire license is a very rich license, and other vendors don't have that. And if your firewall is an internet edge firewall, Palo Alto GlobalProtect will give you a host compliance check without adding anything else. Also App-ID and Content-ID are very good and very mature, unlike with other vendors.

I have also used Palo Alto NGFW’s DNS Security for two of my customers. It's a good addition to the firewall, but it's not perfect. Palo Alto is not specialized in DNS attacks. There are a lot of companies that specialize in DNS attacks. They are more mature than Palo Alto in this area. Palo Alto is not like Akamai or Infoblox or EfficientIP, as those companies are specialized in DNS, DNS servers, and DNS attacks. Palo Alto is not only a DNS company.

Someone who says, "We are just looking for the cheapest and fastest firewall?" can get a free firewall, but they will not be protected. They will not be updated against the latest attacks all over the world.

There are tools on the Palo Alto portal that can be used to enhance the configuration of your Palo Alto product and they are free.

Overall, I love Palo Alto.