Palo Alto Networks VM-Series Reviews

I am the team manager responsible for various security products. My customers use Palo Alto Networks products, and I am working with Palo Alto partners. We support a variety of solutions including Strata firewalls, Prisma SD-WAN, and Wildfire for advanced threat protection.

Wildfire, a sandboxing product, allows for analyzing malware in virtual machines. Its strength lies in threat intelligence, which is significant for proactive defense. Palo Alto's robust threat intelligence supports new updates, and I can open cases directly with their Threat Intelligence team. Customers appreciate the throughput and reliability of VM-Series Firewalls, as they can be managed efficiently through Panorama.

I find it difficult to reach technical support at Palo Alto Networks. Most customers go for partner-enabled support, which involves multiple layers, leading to delays. Additionally, the technical maturity level of support is not always high, resulting in dissatisfaction. The pricing of Palo Alto is relatively high, particularly for smaller companies.

I have been familiar with Wildfire for nearly five years. I have been working with the VM-Series for nearly two years.

Palo Alto products are stable compared to others. Stability issues may arise when exceeding throughput limits, but hardware is generally very stable.

Scalability is a strength of Palo Alto VM-Series. They are easy to upgrade, and with credit licensing, they scale effectively according to demand.

I can give Palo Alto Networks technical support a six out of ten. It is very hard to reach, and the process can be lengthy and frustrating because support involves several layers.

Initial setup is easy, especially in public cloud environments where VM-Series can be obtained from the marketplace.

Our ROI is measured in terms of catch rate, however, customers often focus on the total price of the product rather than detailed ROI calculations.

Palo Alto is expensive in terms of pricing, particularly when comparing features to cost. Their Premier Support is also very expensive and not widely chosen by customers.

I would recommend Check Point and Fortinet as alternatives for companies where the budget is a concern.

I would recommend Palo Alto VM-Series to others and rate it an eight out of ten. However, for companies below midsize, it may not be a fit due to cost. For those companies, I suggest considering products like Check Point or Fortinet.

Ours is an enterprise environment and some of the services are hosted in our private data centers and some of the servers are hosted on Azure. We have the IPSec tunnels from the firewalls to our own data centers and from the firewall to the cloud as well. It depends on the type of application being hosted.

We are using Panorama for centralized management of all our firewalls around the world, as well as for centralized management of security policies and network settings. We have not completely migrated to the cloud. We are in transit.

Palo Alto has many features for troubleshooting real-time scenarios. The troubleshooting, compared to other firewalls has been optimized in a way that saves a lot of time.

I like the UI. Most things are accessible from the user interface and it is quite user-friendly. With respect to both VM-based firewalls and physical firewalls, it's easy to create updates.

They have a centralized Palo Alto Customer Support Portal and if we require any licenses, such as a next-generation firewall license, we can easily download and integrate them with this solution. We can also schedule periodic updates. That is quite user-friendly.

In terms of functionality, we are using IPSec tunneling and Palo Alto's WildFire feature. We use the security policies, Panorama, and Prisma Cloud as well.

We use Panorama to manage our security policy model across on-prem and public cloud environments. It plays a key role with respect to centralized management, for physical enterprise firewalls and cloud-based firewalls. It gives you centralized control over all the infrastructure. Unified policies can be pushed from that centralized place with templates.

When you deploy VM-Series Firewalls, they are quite flexible. You just have to select the instances, storage, security policies, and firewall rules. Within minutes, you can deploy the firewalls.

We are also able to adjust firewall sizing on the fly, which is important. Initially, we decided on a firewall based on the throughput assumptions. But in peak hours or during a peak month for traffic, we need to scale the firewalls. That should be automatically done. AWS and Azure provide very good features and, by using them, within a second it automatically scales, based on the incoming traffic.

Palo Alto has launched different products, such as physical firewalls as well as cloud and VM-based firewalls. Recently, they introduced their Prisma Cloud solution. Compared to the previous technologies, like Panorama, which is used for centralized firewall management, or even individual firewalls, it's a bit challenging to integrate the traditional firewall policies into Prisma Cloud. And the Prisma Cloud interface isn't very user-friendly. 

Our organization has been using Palo Alto Networks VM-Series for more than five years, and I have worked on this solution for two years.

The solution is certainly stable. I have worked with many vendors' firewalls and Palo Alto's are definitely stable.

Obviously, it is scalable as long as you have the licenses and support with Palo Alto. You can implement the firewalls in high-availability mode or use the cloud functionality as well. For scalability, Palo Alto is optimized.

We have 30-plus sites around the world with more than 4,000 users.

Palo Alto has very good support. When you have a valid license, they can replace a device with a new one. They have the CSP portal and you can log in and see all the firewalls listed. You can raise TAC cases with a priority of low, medium, or high, and, based on the priority, they will send an email to you. They have live support as well. In case of an issue, you can call them directly and they will provide the required support.

Positive

Earlier, we were using many vendors' firewalls, per their suitability for our clients. Apart from Palo Alto, we were using Cisco ASA, Check Point, and Juniper. The network grew over the years and each site had its own set of firewalls. The issue was that we had to standardize things across the network. There was also a gradual change in the technology and features available. Our security team thought we needed a better implementation, for optimization and troubleshooting, and something that was friendly for daily operations.

We have both private cloud and hybrid. Some of the services are on the cloud and some are on-prem in our data center. Setting up Palo Alto firewalls is quite easy compared to other vendors.

Migrating our old infrastructure to Palo Alto took four to six months. 

We did some pilot project testing with Palo Alto. If, for example, we want to migrate from XYZ vendor to Palo Alto, the very first thing we had to do was capture all the existing security and NAC policies and all the NGFW functionality. Palo Alto has specific features. For example, you can capture the logs in an inline environment, such as what traffic is going to the network, what security policies are there, et cetera. We deployed the Palo Alto firewalls in that way to only capture the traffic. We then analyzed the traffic, and we worked with Palo Alto TAC to understand the security policies and the exact throughput to determine the hardware we were going to use. We monitored all of that for a few months and then we started the migration from other vendors to Palo Alto.

We had 10 engineers involved in the deployment, but each on-site location had its own team as well. Three were senior network architects and the other seven were staff network engineers.

If you want to keep up to date in the network, it requires quite a bit of patching. It has many features, like Unified Threat Management and antivirus that can be auto-updated by scheduling an update for them. But the major patching has to be done manually. In our organization, we do it quarterly.

It is worth the cost.

Palo Alto Networks VM-Series is notably cheaper than other firewall vendors, except Fortigate. Fortigate is number one in terms of pricing.

Our security team tested various firewalls and it came down to FortiGate and Palo Alto and they found Palo Alto was quite suitable for the network.

Everything is moving to the cloud and we need a solution that can support all the multi-vendor platforms and the new technologies as well. That is quite important for any enterprise organization or service provider nowadays. If we talk about moving existing loads from our own data centers or enterprise sites to the cloud, we need a solution that can take care of everything, such as security compliance, and that is easy to use. Palo Alto is good in those terms.

With the introduction of Prisma Cloud, Palo Alto is encouraging clients to migrate their infrastructure, such as VPN and security solutions to Prisma Cloud. It has been highly optimized compared to Panorama. Palo Alto is promoting it and asking their clients to use Prisma Cloud to improve their security infrastructure.

I would advise, when you deploy a new site, to manage it from the centralized Panorama solution. With Panorama, you have a local login, so even if the internet is down you have access to the firewall management.

We had a situation, when performing patching, where the firewall lost the remote connection via the internet and it had not been onboarded to Panorama. That mean we lost connectivity and we had to involve the onsite technicians. To avoid that scenario, all firewalls should be centrally managed by Panorama.

And for troubleshooting, each firewall should have syslog profiles activated.

The main concern is VPN. If you're using Azure Firewall, you still need a VPN gateway to terminate your VPN connection. Azure Firewall doesn't remove the need for another VPN gateway, especially for point-to-site VPN. So you have to use another VPN appliance. With Palo Alto and FortiGate, for example, you can have an all-in-one solution. The VPN gateway and all the other features are available.

Palo Alto Networks VM-Series has everything centralized. You have the VPN solution, firewall, routing, UDR, flexibility, updates, and full visibility of your traffic. You can also perform log debugging. It provides all the things that Azure's firewall doesn't offer. Plus, you have full ownership of your device.

Firstly, Palo Alto should update their documentation to make it more readable and provide easier-to-follow instructions through videos. This would help people learn and deploy the product more easily. Even if the product itself is excellent, lacking proper documentation and troubleshooting guidance renders it less useful. It won't be helpful even if it's rock solid but lacks sufficient information and tutorials.

I've been using Palo Alto as a VM for about three months. I use the latest version.

It is a stable solution. I would rate the stability a ten out of ten.

It is a scalable solution. We have more than 20 entities using this solution. 

Customer service and support are great. The response time is good. My experience with them was very good. 

I used Azure Firewall for a while, but then I removed it and installed Palo Alto.

The setup requires professional people to work on it. It's not straightforward. Knowledge is needed to adapt it to your platform. 

So, it's not an entry-level solution; it requires professional and expert-level skills.

I deployed the solution myself. The deployment process took about three to four days. It depends on your production environment because I had to migrate production.

Only one person is required for deployment and maintenance. 

I can't make a suggestion because it depends on the specific needs they have. They can consider using the entry-level version or opt for the expert lab, depending on their workload.

Overall, I would rate the solution a nine out of ten. 

All the PwC offices in Pakistan use Palo Alto in their environment. It is a global solution.

Palo Alto is a good product. The features are up to the mark. No other product can compete with Palo Alto’s features. The filtering feature is good. We can block the traffic and examine the report easily. The blocking functionality works very well compared to other firewalls. I rate the ability of the tool to keep up with the trends in firewalls an eight out of ten.

The product must create some awareness in Pakistan. People are less aware of Palo Alto. Everyone knows about Fortinet and Cisco. Very few vendors are promoting the tool.

I have been using the solution for four to five years.

The stability is fine. I rate the stability a seven out of ten.

I rate the product’s scalability an eight out of ten. We have 2500 users. We use the tool daily. All our traffic passes through it.

I rate the ease of setup a seven out of ten. The setup is moderately easy. The product is deployed on the cloud. The deployment takes two to three days since it has global rules.

The tool was deployed in-house.

We have seen an ROI of 60% to 70%.

Companies in Pakistan have limited budgets. Palo Alto is more expensive than other products. So, people are reluctant to put Palo Alto in their environment. It's too costly compared to other tools. I rate the pricing a nine out of ten.

We had deployed the solution in 2018. We used a different product before, but my organization switched to Palo Alto. It was the management’s decision. Overall, I rate the tool an eight out of ten.

For remote access and securing our perimeter, Palo Alto Networks VM-Series greatly enhances our network security posture. It serves as a primary firewall for enterprise security and ensures secure remote access to our environment. As for traffic handling in our multi-cloud deployment, Palo Alto Networks' solution effectively manages it, delivering on its promises.

We've integrated all necessary functions into a single box shop currently. This setup is convenient for those who aren't yet in the cloud and prefer to stick with familiar tools. However, there's now a plethora of cloud-based tools that offer similar functionalities, leading to potential duplication and increased costs. 

In terms of security breaches, the product aids in categorizing and monitoring traffic, allowing for the identification of potentially malicisous or incorrectly formatted applications. While there are often false positives, the product has successfully detected unauthorized traffic streams.

I believe that the licensing and overall cost could be more transparent and aligned with how features are utilized, especially considering the duplication of features. 

Sometimes, it's challenging to determine which features to activate or deactivate.

I have been using Palo Alto Networks VM-Series for the past 5 years.

In terms of stability, it's quite reliable once it's up and running. I'd rate it a 9 out of 10. However, it's not a perfect 10 due to the need for manual intervention, especially during firmware upgrades and certificate management. This aspect isn't as seamless as with cloud-native firewalls.

As for scalability, it can be scalable if deployed correctly from the start. Regarding usage, the number of users will likely remain consistent, but the deployment of various firewall types may increase. This could include different instances or flavors beyond the Palo Alto VM series, such as cloud-native versions on Azure or from other vendors. 

The support team is quick, knowledgeable, and responsive. They address issues promptly and escalate them efficiently if needed. Overall, we haven't encountered any significant problems.

We managed the deployment in-house, which presented some challenges.

As for technical staffing, we aim to reduce the team size needed for deployment, ideally managing it with minimal personnel or even through code automation. Currently, we don't have a dedicated firewall team.

Regarding pricing, I initially downloaded the product for feature comparison purposes, not specifically due to pricing concerns. However, the current licensing model can be a sore point as we're paying for features we're not fully utilizing. Simplifying the pricing structure would be beneficial, especially given the duplication of services in some cases, leading to increased costs.

I'd rate it a 9, considering it's an industry-leading firewall with excellent support and features. However, as more customers shift to cloud-native solutions, some unique features of the Palo Alto solution may become less relevant. The company may need to offer a more robust and feature-rich solution to remain competitive. Currently, the monolithic nature of the firewall can be challenging to maintain and secure, which could impact its future viability compared to more agile competitors like Cisco.

When considering the Palo Alto Networks VM-Series, organizations need to carefully assess their specific use case and the extent of changes planned for the firewall. It's crucial to determine if all features are necessary and if they are not replicated elsewhere in the infrastructure. For those already operating in a cloud-native environment, leveraging native security features may be more cost-effective, as they are already included in the package. Conversely, organizations accustomed to traditional on-premises setups may prefer a single firewall device for security. Ongoing support and the frequency of changes to be made on the firewall should be factored in, as these can significantly impact the overall cost and effectiveness of the solution.

I use the solution in my company to block threats, detect vulnerabilities, and protect the organization's internal network.

The most valuable feature of the solution stems from the fact that its UI is good since it offers options. In terms of being compliant with the firewall security standards, the product falls in the first or second place. The product can also be considered as NGFW. In general, the product is user-friendly.

The reporting part of the product is an area of concern where improvements are required. Compared to Palo Alto Networks VM-Series's reports, FortiGate NGFW provides users with reports that are easy to understand.

I have been using Palo Alto Networks VM-Series for three to four years.

The product's stability is good. Considering the cloud availability, I can say that the product is 99.99 percent stable. The firewall functions properly on the cloud, and there has been no downtime in the last couple of years. Unless the cloud services from Microsoft Azure go down, the firewall works properly.

My company has 1,000 users of the product, but not all of them are connected to the product all the time since my company has three different fire products running in the cloud. I would say there are around 600 Palo Alto Networks VM-Series users.

The technical support for the solution is very good.

The product's deployment phase is not complex. The tool is easy to deploy.

The solution is deployed on the cloud.

There is a need to make payments toward a yearly subscription-based model in which you need to add modules that you want to use in your company.

I can't elaborate on how the product was deployed in our company's existing infrastructure since the product was not deployed by our company, as the vendor handled it. The product can be deployed on the cloud platform you want to use. If you are using Azure's cloud services, then we select VM-Series, take care of the configurations, and upload the required details to get the product.

In terms of the product's ability to improve our company's network security posture, I see that the tool keeps our systems protected since all the network traffic is routed through the tool. The tool provides protection against any malicious traffic that attempts to get into the company network as such networks get blocked and quarantined by the firewall. Been blocked on the firewall network. Malicious components in the network don't enter our company's internal network, so the users are protecting the systems attached to the internal traffic.

My company has not integrated the product with any third-party software.

Speaking about the benefits of dynamic scalability, I would say that my company has not used the product's scalability features. I don't think there is anything wrong with the tool's scalability functionalities.

The tool is good for enterprise-level organizations because it has many options for users in its office. The product also comes with a lot of add-ons. If you can leverage the benefits of everything the product offers, then it can be useful. It is easy if you want to integrate the tool or connect it with other applications or third-party software, and you can do cloud monitoring and SIEM. The tool also works with XDR products. In general, the tool has its pros and is good software.

I have not encountered any issues with policy management in the product.

The product helps find vulnerabilities in the system, especially opened ports and unwanted ports that are open. If there are any issues, you can explore your system further with Nmap and with the help of a given IP address.

I rate the tool an eight out of ten.

The most valuable feature of the solution is the zero-trust security architecture.

The solution's licensing could be improved, and training should be included before installation.

I have been using Palo Alto Networks VM-Series for four years.

There are always glitches in every product, but the solution is reliable overall.

I rate the solution a nine out of ten for stability.

I haven’t faced any issues with the solution’s scalability. Our clients for the solution are large corporate or global customers.

The solution’s technical support is very good.

Positive

The solution's initial setup is easy if you have training and know what to do. The solution's deployment time depends a lot on the customer's requirements. It takes around half an hour to install the solution.

The smaller firewalls, like the PA-400 Series, are very good priced. Some of the challenges come with licensing and support on the larger boxes. Sometimes, it's cheaper to buy a new firewall with licensing instead of renewing the licenses of an old firewall.

Suppose you have a PA-3000 Series firewall. By the time of its renewal, Palo Alto will come up with the PA-1400 Series with better performance than the old PA-3000 Series. If the customer had one of the older ones, it would be cheaper for them to buy a new firewall on a lower tier and then get the licenses.

The solution is deployed both on-premises and on the cloud. Palo Alto Networks VM-Series helps in securing our public cloud infrastructure. It is easy to integrate Palo Alto Networks VM-Series with other solutions. We have integrated the solution with Aruba ClearPass Policy Manager. It is easy to maintain the solution.

It is very important for users to get the solution implemented properly in the customer's network.

Overall, I rate the solution ten out of ten.

We primarily use the solution for cloud firewalling, SASE, ZTNA, and CASB compared to the hardware-based NGFW or cloud firewalls.

The product is easy to use and deploy, and it enhances the overall security posture while deploying the application in the cloud. The most effective features of the solution for threat prevention are Layer 7 inspection, SSL decryption, IPS, and the web filtering profile. You can use the solution to easily protect your data from cyber criminals, including insider or outside-based attacks.

The solution is easy to deploy, easy to manage, and easy to create policies. An organization's overall security posture can be improved by deploying Palo Alto Networks VM-Series firewall.

The DLP functionality or data classification can be improved in the solution's basic firewalling.

I have been using Palo Alto Networks VM-Series for two to three years.

Palo Alto Networks VM-Series is a stable solution.

I rate the solution a nine out of ten for stability.

Compared to Checkpoint Maestro Firewall, the solution's scalability is not up to the mark. We'll need to upgrade the firewall for any tech refresh, throughput requirement, or hardware-based incremental. We have more than 100 customers for Palo Alto Networks VM-Series.

The solution’s technical support is great.

The solution’s initial setup is straightforward.

The solution's deployment time depends on the business application or business requirement. Based on that, the solution is easy to deploy and use.

Based on the customer budget, they can choose from 12-month, 36-month, or 60-month licensing models. The solution is quite expensive compared to Fortinet, Check Point, or Cisco. Customers can go for the solution's premium version, which I wouldn't say is expensive because it secures important data.

We cannot say that we have achieved 100% security by deploying the solution, but we have added one more security layer to protect us from security threats or attackers. For deployment, we have more than 400 engineers handling our SOC, including the MSS part, the security of business center implementation, and manageability.

Deploying the solution does not provide a 100% data safeguard, but it adds another security layer. The solution provides single-pass parallel processing (SP3) architecture, which is more effective than other firewall vendors. From the hardware and architecture perspective, the solution is good compared to Check Point or Fortinet firewalls.

Overall, I rate the solution an eight out of ten.

We use the solution for inter-VPC traffic segmentation and inspection. I also use it for external interfaces.

The product gives us the ability to do malware detection and file inspection.

The tool provides ease of use for GUI management and deployment. The product provides more visibility into our traffic. It also helps with troubleshooting a bit of high-level next-generation platforms. The auto-update feature of App-ID is valuable. Traffic monitoring, threat monitoring, and dashboards are the most impactful for our network security.

Having visibility and alerts and being able to react to them is valuable. The integration of VM-Series with cloud services has helped us a lot to streamline our security operations. The solution has ease of use. The web interface and the traffic monitoring are more centralized.

The cost must be improved. The tool is very costly.

I have been using the solution for more than five years.

I rate the tool’s stability a nine or ten out of ten.

I rate the tool’s scalability an eight or nine out of ten.

The technical support is really good. I rate the technical support a nine or ten out of ten.

We deploy AWS VPC as a virtual appliance, as a security VPC. The initial deployment was moderately easy. It is not complex, though.

I have used Juniper. Palo Alto’s next-generation features are better than Juniper’s.

The cloud service providers are also coming up with similar features. It can get really competitive for Palo Alto. People who want to use the solution must engage the system engineer for the deployment, vetting process, and initial implementation. Overall, I rate the product a nine to ten out of ten.

We use this product to secure our entire network, for ZTNA structure, and for VPN purposes, allowing access to our servers behind the firewall.

Using this product has increased our security and has given us much better results in terms of security scans.

Palo Alto embeds machine learning into the core of the firewall to provide online real-time attack prevention, and I would rate that capability an 8 out of 10. It's definitely effective in terms of securing our network against threats that are able to evolve and morph rapidly.

This solution provides a unified platform that natively integrates all of the security capabilities, although we are not using parts of it. For example, we don't use the configuration tools like Panorama.

The most valuable feature is the CLI.

We have the firewall configured for zero-day signatures, which is very important to us. We must be HIPAA and PCI compliant, which means that we need those signatures immediately.

There is no noticeable trade-off between security and network performance. In fact, so far, we've not seen any negative network performance with it. We're very impressed in that regard.

The web interface, especially when committing changes, remains a bit slower than I would like, but it has improved over the years. Reboots for the VM series do take longer than I would have expected. 

I have been working with the Palo Alto Networks VM-Series for almost 5 years.

This product is very stable. We have had zero problems with stability.

The scalability is fantastic. We're using the lowest-end product right now, and I don't foresee when we'll have to upgrade. We have a long way where we can continue to scale up.

We currently have multiple people that use it for VPN purposes, to access our servers behind the firewall. It is not used nearly as extensively as it should be. However, in the future we will start flowing all of our internet traffic through it.

We're all working remotely, and we're going to be connecting through the firewall. This means that our traffic is going to greatly increase, meaning that our usage will also increase. We'll also be using many more of the features.

The technical support from Palo Alto is good, overall. However, their response times could be a little quicker.

We have not really had any big complaints with the technical support and I would rate them a seven out of ten.

Neutral

Prior to using Palo Alto, we were using an on-premises solution by Juniper. When we switched from onsite to the cloud, we changed products.

We made the switch because Juniper became unbearable regarding complexity and performance. It was getting very bad; we couldn't manage it well, and the performance was quite poor. 

The initial setup can be quite complex. There is a steep learning curve and we failed at it a few times before we were able to put a production machine into place.

Our final deployment took between three and four hours.

Our in-house team was responsible for the deployment.

We have absolutely seen a return on our investment. We are definitely more secure. With the features that are in Palo Alto, we do not have to worry about people busting into our network. Even just out of the box, with the base features, it's very solid. The default configurations are quite secure.

Our return on investment comes from the fact that no longer need to spend hours monitoring our network the way we did before. We've saved man hours and we've saved stress. I am unable put a monetary value to that, but that would be the return.

This is not the cheapest firewall but it's not the most expensive of the options on the market.

The new licensing structure is a little difficult to understand at first, but with the right thought put into it, would like save some money. 

Beyond Palo Alto, we evaluated two or three other products. Two of them that I can recall are Fortinet and the Microsoft Azure Firewall.

We did some extensive reviews and some extensive testing and what we found is that for the price, Palo Alto gave us the best options. It had the best set of security features. It wasn't the cheapest product but it was the best solution that fit our requirements.

We have not yet implemented the DNS security features but we will in the future. 

If one of my colleagues at another company were to say that they were just looking for the cheapest and fastest firewall, I would suggest that they be careful. Palo Alto has a great balance. It's not super expensive compared to other options on the market, and it's quite quick when it comes to throughput and performance.

In summary, this is a good product but I do suggest that people shop around a little bit.

I would rate this solution an eight out of ten.