Palo Alto Networks VM-Series Reviews

We use Palo Alto Networks VM-Series to offer services to our customers as a managed security service provider. We provide solutions and services to our customers across the globe. For example, if I want to host a firewall in the cloud or somewhere where the physical appliance is not a possibility, we provide that image of the firewall on virtual machines.

It helps in offering advanced protection against malware and anti-spyware, which is based on customer feedback stating the product has very good threat prevention capabilities.

Very good reliability and feature set, such as advanced protection against malware, anti-spyware, and Wildfire. It also has good VPN capabilities and integration capabilities.

The scalability could be improved further. The virtual instances of the firewall are not as scalable as their hardware firewalls.

We have been using Palo Alto Networks VM-Series firewalls for over five years.

I find the solution to be a good, stable product.

The virtual instances are not as scalable as the hardware firewalls.

A separate team handles implementation. I am mostly involved in the designing aspect of the product.

It is hard to get into the ROI aspect. Generally, ROI can be determined by comparing a physical appliance-based firewall versus a virtual instance of a firewall.

Pricing can be an issue when competing with products like Fortinet, which often offer similar functionality at a lower cost.

There are many competitors like Fortinet offering similar functionality.

I'd rate the solution nine out of ten.

I am the team manager responsible for various security products. My customers use Palo Alto Networks products, and I am working with Palo Alto partners. We support a variety of solutions including Strata firewalls, Prisma SD-WAN, and Wildfire for advanced threat protection.

Wildfire, a sandboxing product, allows for analyzing malware in virtual machines. Its strength lies in threat intelligence, which is significant for proactive defense. Palo Alto's robust threat intelligence supports new updates, and I can open cases directly with their Threat Intelligence team. Customers appreciate the throughput and reliability of VM-Series Firewalls, as they can be managed efficiently through Panorama.

I find it difficult to reach technical support at Palo Alto Networks. Most customers go for partner-enabled support, which involves multiple layers, leading to delays. Additionally, the technical maturity level of support is not always high, resulting in dissatisfaction. The pricing of Palo Alto is relatively high, particularly for smaller companies.

I have been familiar with Wildfire for nearly five years. I have been working with the VM-Series for nearly two years.

Palo Alto products are stable compared to others. Stability issues may arise when exceeding throughput limits, but hardware is generally very stable.

Scalability is a strength of Palo Alto VM-Series. They are easy to upgrade, and with credit licensing, they scale effectively according to demand.

I can give Palo Alto Networks technical support a six out of ten. It is very hard to reach, and the process can be lengthy and frustrating because support involves several layers.

Neutral

Initial setup is easy, especially in public cloud environments where VM-Series can be obtained from the marketplace.

Our ROI is measured in terms of catch rate, however, customers often focus on the total price of the product rather than detailed ROI calculations.

Palo Alto is expensive in terms of pricing, particularly when comparing features to cost. Their Premier Support is also very expensive and not widely chosen by customers.

I would recommend Check Point and Fortinet as alternatives for companies where the budget is a concern.

I would recommend Palo Alto VM-Series to others and rate it an eight out of ten. However, for companies below midsize, it may not be a fit due to cost. For those companies, I suggest considering products like Check Point or Fortinet.

I use it for two main reasons. In case there is a customer query, Palo Alto firewall is one of the vendors that we support for syslogs, rule management, change management, and traffic monitoring. 

Our product is used to query the firewall and provide a dashboard that raises alarms if any suspicious activity is detected. It involves the management of the firewall. We have a partnership with Palo Alto, and I have worked with VM-Series. 

When a customer encounters an issue with our product in accordance with Palo Alto, I analyze the problem and provide solutions. Additionally, I have constructed a lab with network devices for partner training. This lab uses Palo Alto firewalls for communication.

By using this firewall, we were able to address a lot of customer queries and answer to their VM-Series. This helped us retain our customers and gain confidence from them.

Palo Alto is easy to use. The UI is very easy to understand and does not require any certification or highly skilled technician to handle the firewall. It is very user-friendly and straightforward out of the box.

An area for improvement would be AI-related features, particularly in rule management or threat intelligence. Focusing on AI-based threat detection would be beneficial. 

Additionally, enhancing the ease of accessing technical support would be useful.

I have been using Palo Alto Networks VM-Series for about three to four years.

Stability is good. Once it is configured, it is stable, and I would rate it nine out of ten. I have not experienced any outages with Palo Alto, unlike other vendors like Sophos.

Scalability is good, and I would rate it eight out of ten. We use it for testing with a low load, and it works well. In production setups, I have observed it being used effectively with a large number of transactions per second.

Reaching technical support is challenging, and I may not be eligible for direct support since I'm not a customer. It involves multiple channels. I would rate their technical support seven out of ten.

Neutral

I previously used Cisco ASA, an older version, due to its market leadership at the time. We moved to Palo Alto due to multiple customer requests for other solutions like Sophos, FortiGate, SonicWall, and WatchGuard.

The initial setup was very easy and can be rated nine out of ten. It is straightforward to configure, and the UI is simple.

I did everything myself. One person is sufficient for the deployment and maintenance of five to seven firewalls.

The return on investment is seen in customer retention and addressing their queries rather than in revenue.

I'm not the right person to give a rating for pricing, as I use a not-for-sale license provided by Palo Alto for testing.

We evaluated Cisco ASA, but due to diverse customer demands and requests for vendors like Sophos, FortiGate, SonicWall, and WatchGuard, we extended our support to Palo Alto as well.

For software application firewalls, this is the best solution. If you are using it in a cloud or as an application firewall, then Palo Alto Networks VM-Series is the best one for you.

I would rate it an eight out of ten.

All the PwC offices in Pakistan use Palo Alto in their environment. It is a global solution.

Palo Alto is a good product. The features are up to the mark. No other product can compete with Palo Alto’s features. The filtering feature is good. We can block the traffic and examine the report easily. The blocking functionality works very well compared to other firewalls. I rate the ability of the tool to keep up with the trends in firewalls an eight out of ten.

The product must create some awareness in Pakistan. People are less aware of Palo Alto. Everyone knows about Fortinet and Cisco. Very few vendors are promoting the tool.

I have been using the solution for four to five years.

The stability is fine. I rate the stability a seven out of ten.

I rate the product’s scalability an eight out of ten. We have 2500 users. We use the tool daily. All our traffic passes through it.

I rate the ease of setup a seven out of ten. The setup is moderately easy. The product is deployed on the cloud. The deployment takes two to three days since it has global rules.

The tool was deployed in-house.

We have seen an ROI of 60% to 70%.

Companies in Pakistan have limited budgets. Palo Alto is more expensive than other products. So, people are reluctant to put Palo Alto in their environment. It's too costly compared to other tools. I rate the pricing a nine out of ten.

We had deployed the solution in 2018. We used a different product before, but my organization switched to Palo Alto. It was the management’s decision. Overall, I rate the tool an eight out of ten.

Our company sometimes uses a data center edge firewall from Cisco, Fortinet, Forcepoint, or any other vendor, and the solution is used to cover apps and data. 

The threat prevention and WildFire features are the most valuable features. DNS is another good feature of the product. 

The flexible throughput in Palo Alto Networks VM-Series can be improved. The customers of our organization demand 500 meg throughput and the payment also depends on it. The basic firewall from Palo Alto has the size of one gig, and it isn't logical for a customer to buy for one gig when just 500 meg is required. Palo Alto Networks VM-Series should become a more flexible firewall. 

VM management in an environment is difficult with Palo Alto Networks VM-Series, but it can be smoothly managed through Panorama. The vendor can work on enhancing and processing that will not affect the server itself or the VM firewall protection. In our company, we have multiple VMs implemented on the same server, and the Palo Alto Networks VM-Series is used to protect these VMs completely. The tools being used should not affect the operations between VMs. 

I have been using Palo Alto Networks VM-Series for almost four years. 

I would rate the stability of the product a nine out of ten. I am facing multiple stability issues with other competitor tools in our company. 

I would rate the scalability a seven out of ten. I would've rated Palo Alto Networks VM-Series more if the flexible throughput was better. I would rate the scalability of other competitor tools a four out of ten. Palo Alto Networks VM-Series is suitable for businesses of every size or scale. 

The vendor provides two support modules: backline and premium support. If you need to open a case directly with Palo Alto to solve a problem, you must purchase premium support.

Premium support is highly expensive—almost five times the cost of availing backline support. Local distributors of the product manage the backline support and have extended response time, and the team might not have mature knowledge to solve issues. 

The solution's initial setup process is very easy. A hybrid deployment model is available for Palo Alto Networks VM-Series. Panorama can manage the solution's VM, physical, and cloud versions, making it an impressive monitoring tool. 

A more mature and enhanced tool can be used in integration to migrate from other competitor solutions to Palo Alto Networks VM-Series. For instance, if a customer has a legacy firewall from Cisco or Fortinet and there is a need to migrate to Palo Alto, I will require a mature migration tool that will make the process easier for engineers to migrate the rules, policies, and application IDs.  

The licensing model should be improved. Palo Alto Networks VM-Series is the most expensive tool among competitors. 

Palo Alto Networks VM-Series and the competitor products provide multiple series of bandwidth, features, implementation models and capable management tools. But Palo Alto Networks VM-Series is the most stable compared to all other competitor tools. The signature or behavior of the database is more mature in Palo Alto Networks VM-Series than others. 

Palo Alto Networks VM-Series allows you to analyze the behavior of any traffic or probable attack. 

The solution easily integrates with the client's cloud security architecture. If in our company, we get a customer who's depending on the container, then security is required for the container from OpenShift or any other vendor, I use Prisma to secure the environment instead of traditional firewalls. 

The solution's sizing and architecture are highly expensive. It's an effective and stable firewall that detects all attacks. Palo Alto Networks VM-Series can adapt quickly to an organization's changing security or policy needs. Overall, I would rate the product an eight out of ten. I will definitely recommend Palo Alto Networks VM-Series to other users. 

Ours is an enterprise environment and some of the services are hosted in our private data centers and some of the servers are hosted on Azure. We have the IPSec tunnels from the firewalls to our own data centers and from the firewall to the cloud as well. It depends on the type of application being hosted.

We are using Panorama for centralized management of all our firewalls around the world, as well as for centralized management of security policies and network settings. We have not completely migrated to the cloud. We are in transit.

Palo Alto has many features for troubleshooting real-time scenarios. The troubleshooting, compared to other firewalls has been optimized in a way that saves a lot of time.

I like the UI. Most things are accessible from the user interface and it is quite user-friendly. With respect to both VM-based firewalls and physical firewalls, it's easy to create updates.

They have a centralized Palo Alto Customer Support Portal and if we require any licenses, such as a next-generation firewall license, we can easily download and integrate them with this solution. We can also schedule periodic updates. That is quite user-friendly.

In terms of functionality, we are using IPSec tunneling and Palo Alto's WildFire feature. We use the security policies, Panorama, and Prisma Cloud as well.

We use Panorama to manage our security policy model across on-prem and public cloud environments. It plays a key role with respect to centralized management, for physical enterprise firewalls and cloud-based firewalls. It gives you centralized control over all the infrastructure. Unified policies can be pushed from that centralized place with templates.

When you deploy VM-Series Firewalls, they are quite flexible. You just have to select the instances, storage, security policies, and firewall rules. Within minutes, you can deploy the firewalls.

We are also able to adjust firewall sizing on the fly, which is important. Initially, we decided on a firewall based on the throughput assumptions. But in peak hours or during a peak month for traffic, we need to scale the firewalls. That should be automatically done. AWS and Azure provide very good features and, by using them, within a second it automatically scales, based on the incoming traffic.

Palo Alto has launched different products, such as physical firewalls as well as cloud and VM-based firewalls. Recently, they introduced their Prisma Cloud solution. Compared to the previous technologies, like Panorama, which is used for centralized firewall management, or even individual firewalls, it's a bit challenging to integrate the traditional firewall policies into Prisma Cloud. And the Prisma Cloud interface isn't very user-friendly. 

Our organization has been using Palo Alto Networks VM-Series for more than five years, and I have worked on this solution for two years.

The solution is certainly stable. I have worked with many vendors' firewalls and Palo Alto's are definitely stable.

Obviously, it is scalable as long as you have the licenses and support with Palo Alto. You can implement the firewalls in high-availability mode or use the cloud functionality as well. For scalability, Palo Alto is optimized.

We have 30-plus sites around the world with more than 4,000 users.

Palo Alto has very good support. When you have a valid license, they can replace a device with a new one. They have the CSP portal and you can log in and see all the firewalls listed. You can raise TAC cases with a priority of low, medium, or high, and, based on the priority, they will send an email to you. They have live support as well. In case of an issue, you can call them directly and they will provide the required support.

Positive

Earlier, we were using many vendors' firewalls, per their suitability for our clients. Apart from Palo Alto, we were using Cisco ASA, Check Point, and Juniper. The network grew over the years and each site had its own set of firewalls. The issue was that we had to standardize things across the network. There was also a gradual change in the technology and features available. Our security team thought we needed a better implementation, for optimization and troubleshooting, and something that was friendly for daily operations.

We have both private cloud and hybrid. Some of the services are on the cloud and some are on-prem in our data center. Setting up Palo Alto firewalls is quite easy compared to other vendors.

Migrating our old infrastructure to Palo Alto took four to six months. 

We did some pilot project testing with Palo Alto. If, for example, we want to migrate from XYZ vendor to Palo Alto, the very first thing we had to do was capture all the existing security and NAC policies and all the NGFW functionality. Palo Alto has specific features. For example, you can capture the logs in an inline environment, such as what traffic is going to the network, what security policies are there, et cetera. We deployed the Palo Alto firewalls in that way to only capture the traffic. We then analyzed the traffic, and we worked with Palo Alto TAC to understand the security policies and the exact throughput to determine the hardware we were going to use. We monitored all of that for a few months and then we started the migration from other vendors to Palo Alto.

We had 10 engineers involved in the deployment, but each on-site location had its own team as well. Three were senior network architects and the other seven were staff network engineers.

If you want to keep up to date in the network, it requires quite a bit of patching. It has many features, like Unified Threat Management and antivirus that can be auto-updated by scheduling an update for them. But the major patching has to be done manually. In our organization, we do it quarterly.

It is worth the cost.

Palo Alto Networks VM-Series is notably cheaper than other firewall vendors, except Fortigate. Fortigate is number one in terms of pricing.

Our security team tested various firewalls and it came down to FortiGate and Palo Alto and they found Palo Alto was quite suitable for the network.

Everything is moving to the cloud and we need a solution that can support all the multi-vendor platforms and the new technologies as well. That is quite important for any enterprise organization or service provider nowadays. If we talk about moving existing loads from our own data centers or enterprise sites to the cloud, we need a solution that can take care of everything, such as security compliance, and that is easy to use. Palo Alto is good in those terms.

With the introduction of Prisma Cloud, Palo Alto is encouraging clients to migrate their infrastructure, such as VPN and security solutions to Prisma Cloud. It has been highly optimized compared to Panorama. Palo Alto is promoting it and asking their clients to use Prisma Cloud to improve their security infrastructure.

I would advise, when you deploy a new site, to manage it from the centralized Panorama solution. With Panorama, you have a local login, so even if the internet is down you have access to the firewall management.

We had a situation, when performing patching, where the firewall lost the remote connection via the internet and it had not been onboarded to Panorama. That mean we lost connectivity and we had to involve the onsite technicians. To avoid that scenario, all firewalls should be centrally managed by Panorama.

And for troubleshooting, each firewall should have syslog profiles activated.

The main concern is VPN. If you're using Azure Firewall, you still need a VPN gateway to terminate your VPN connection. Azure Firewall doesn't remove the need for another VPN gateway, especially for point-to-site VPN. So you have to use another VPN appliance. With Palo Alto and FortiGate, for example, you can have an all-in-one solution. The VPN gateway and all the other features are available.

Palo Alto Networks VM-Series has everything centralized. You have the VPN solution, firewall, routing, UDR, flexibility, updates, and full visibility of your traffic. You can also perform log debugging. It provides all the things that Azure's firewall doesn't offer. Plus, you have full ownership of your device.

Firstly, Palo Alto should update their documentation to make it more readable and provide easier-to-follow instructions through videos. This would help people learn and deploy the product more easily. Even if the product itself is excellent, lacking proper documentation and troubleshooting guidance renders it less useful. It won't be helpful even if it's rock solid but lacks sufficient information and tutorials.

I've been using Palo Alto as a VM for about three months. I use the latest version.

It is a stable solution. I would rate the stability a ten out of ten.

It is a scalable solution. We have more than 20 entities using this solution. 

Customer service and support are great. The response time is good. My experience with them was very good. 

I used Azure Firewall for a while, but then I removed it and installed Palo Alto.

The setup requires professional people to work on it. It's not straightforward. Knowledge is needed to adapt it to your platform. 

So, it's not an entry-level solution; it requires professional and expert-level skills.

I deployed the solution myself. The deployment process took about three to four days. It depends on your production environment because I had to migrate production.

Only one person is required for deployment and maintenance. 

I can't make a suggestion because it depends on the specific needs they have. They can consider using the entry-level version or opt for the expert lab, depending on their workload.

Overall, I would rate the solution a nine out of ten. 

For remote access and securing our perimeter, Palo Alto Networks VM-Series greatly enhances our network security posture. It serves as a primary firewall for enterprise security and ensures secure remote access to our environment. As for traffic handling in our multi-cloud deployment, Palo Alto Networks' solution effectively manages it, delivering on its promises.

We've integrated all necessary functions into a single box shop currently. This setup is convenient for those who aren't yet in the cloud and prefer to stick with familiar tools. However, there's now a plethora of cloud-based tools that offer similar functionalities, leading to potential duplication and increased costs. 

In terms of security breaches, the product aids in categorizing and monitoring traffic, allowing for the identification of potentially malicisous or incorrectly formatted applications. While there are often false positives, the product has successfully detected unauthorized traffic streams.

I believe that the licensing and overall cost could be more transparent and aligned with how features are utilized, especially considering the duplication of features. 

Sometimes, it's challenging to determine which features to activate or deactivate.

I have been using Palo Alto Networks VM-Series for the past 5 years.

In terms of stability, it's quite reliable once it's up and running. I'd rate it a 9 out of 10. However, it's not a perfect 10 due to the need for manual intervention, especially during firmware upgrades and certificate management. This aspect isn't as seamless as with cloud-native firewalls.

As for scalability, it can be scalable if deployed correctly from the start. Regarding usage, the number of users will likely remain consistent, but the deployment of various firewall types may increase. This could include different instances or flavors beyond the Palo Alto VM series, such as cloud-native versions on Azure or from other vendors. 

The support team is quick, knowledgeable, and responsive. They address issues promptly and escalate them efficiently if needed. Overall, we haven't encountered any significant problems.

We managed the deployment in-house, which presented some challenges.

As for technical staffing, we aim to reduce the team size needed for deployment, ideally managing it with minimal personnel or even through code automation. Currently, we don't have a dedicated firewall team.

Regarding pricing, I initially downloaded the product for feature comparison purposes, not specifically due to pricing concerns. However, the current licensing model can be a sore point as we're paying for features we're not fully utilizing. Simplifying the pricing structure would be beneficial, especially given the duplication of services in some cases, leading to increased costs.

I'd rate it a 9, considering it's an industry-leading firewall with excellent support and features. However, as more customers shift to cloud-native solutions, some unique features of the Palo Alto solution may become less relevant. The company may need to offer a more robust and feature-rich solution to remain competitive. Currently, the monolithic nature of the firewall can be challenging to maintain and secure, which could impact its future viability compared to more agile competitors like Cisco.

When considering the Palo Alto Networks VM-Series, organizations need to carefully assess their specific use case and the extent of changes planned for the firewall. It's crucial to determine if all features are necessary and if they are not replicated elsewhere in the infrastructure. For those already operating in a cloud-native environment, leveraging native security features may be more cost-effective, as they are already included in the package. Conversely, organizations accustomed to traditional on-premises setups may prefer a single firewall device for security. Ongoing support and the frequency of changes to be made on the firewall should be factored in, as these can significantly impact the overall cost and effectiveness of the solution.