VM-Series Next-Generation Firewall Bundle 1 [VM-300]
Palo Alto NetworksExternal reviews
150 reviews
from
External reviews are not included in the AWS star rating for the product.
Strong firewall with good visibility but setup can be complex
What do you like best about the product?
The most valuable feature is the level of visibility into network traffic. It makes it much easier to identify threats and manage applications compared to traditional firewalls. The policy management is flexible, and the reporting tools give our team useful insights into potential risks. Integration with cloud environments is also a big advantage, since it allows us to apply consistent security policies across on-premises and cloud workloads.
What do you dislike about the product?
The initial deployment process was more challenging than expected, and the learning curve for new administrators is steep. While the product is powerful, configuring policies correctly can take time and sometimes requires additional training. Support is generally good but can be slow during peak hours. Pricing is also on the higher side, which may be a concern for smaller organizations.
What problems is the product solving and how is that benefiting you?
Palo Alto Networks NGFW helps us centralize network security and reduce gaps between different tools. Before using it, managing firewalls and intrusion detection separately created extra work and slowed down compliance checks. Now, we can enforce consistent security policies across on-premises and cloud environments, respond faster to threats, and get better visibility into network traffic. It has reduced manual tasks and improved overall confidence in our security posture. At the same time, configuring complex policies can take time, and pricing can be challenging for growing organizations, so there’s room for improvement.
Reliable, Secure, and Intelligent Firewall Solution
What do you like best about the product?
The best part about Palo Alto Networks Next-Generation Firewalls is their ability to provide deep visibility and control over network traffic without compromising performance. The user interface is intuitive, and the integration with threat intelligence ensures that the firewall can detect and prevent both known and emerging threats in real time.
What do you dislike about the product?
The initial setup and configuration can be complex, especially for administrators who are new to the platform. The learning curve is somewhat steep, and fine-tuning security policies requires time and expertise. Licensing can also feel a bit confusing, as different features often require separate subscriptions.
What problems is the product solving and how is that benefiting you?
Palo Alto Networks Next-Generation Firewalls are helping us prevent advanced threats, control applications, and secure remote access for users across different locations. They provide deep visibility into traffic, which makes it easier to detect and stop malicious activity before it impacts operations. The granular policies reduce risks, improve compliance, and save time for the IT team by simplifying management through centralized monitoring. Overall, it has strengthened our security posture while keeping network performance stable.
Palo Alto Networks Next-Generation Firewalls
What do you like best about the product?
Palo Alto Networks Next-Generation Firewalls are excellent for their advanced threat prevention, providing superior visibility and control over applications, users, and content. Their unique App-ID, User-ID, and Content-ID technologies enable highly granular and effective security policies. This comprehensive approach, combined with features like WildFire for zero-day threat analysis, significantly enhances an organization's overall security posture.
What do you dislike about the product?
While Palo Alto Networks' Next-Generation Firewalls offer strong security, their primary drawbacks are often cited as high cost and complexity. The extensive features and advanced capabilities come with a steep learning curve and expensive licensing, which can be prohibitive for smaller organizations. Additionally, some users have reported issues with performance degradation when enabling all advanced security features and have noted that customer support can be inconsistent.
What problems is the product solving and how is that benefiting you?
Palo Alto Networks Next-Generation Firewalls are designed to address the challenges of modern, application-driven networks and sophisticated cyber threats. They solve the problem of limited visibility and control that traditional firewalls have by identifying and controlling traffic based on the application, user, and content, not just IP addresses and ports. This allows for the creation of precise security policies, which directly benefits me by reducing the attack surface, simplifying network management, and providing robust protection against a wide range of threats, including zero-day attacks and malware hidden in encrypted traffic.
Sources
Sources
PCNSE-certified with experience deploying, configuring, and managing Palo Alto NGFWs.
What do you like best about the product?
Palo Alto NGFWs provide exceptional visibility and control over network traffic, seamless integration with security tools, advanced threat prevention, and user-friendly management via Panorama. The App-ID and Content-ID features are incredibly effective at identifying and blocking threats in real time, enhancing overall security posture.
What do you dislike about the product?
While Palo Alto NGFWs deliver top-tier security, initial setup and policy configuration can be complex for beginners. Licensing costs and subscription renewals can also be expensive, and frequent updates may require planned downtime in high-availability environments. Additionally, some advanced features have a steep learning curve.
What problems is the product solving and how is that benefiting you?
Palo Alto NGFWs help prevent advanced threats, stop malware, and control applications with precision. Their App-ID, User-ID, and Threat Prevention features improve network visibility, reduce attack surface, and ensure compliance. This has strengthened our security posture, minimized downtime, and allowed faster, more confident incident response.
Comprehensive Protection with Palo Alto Networks Next-Generation Firewalls
What do you like best about the product?
I like that Palo Alto Networks Next-Generation Firewalls are easy to use, very reliable, and give strong protection against all kinds of cyber threats. They make it simple to see and control what’s happening on the network, which helps keep everything safe.
What do you dislike about the product?
They can be a bit expensive compared to other options, and sometimes setting up advanced features takes extra time and expertise. Updates can also cause brief interruptions if not planned well.ease of integration and customer support
What problems is the product solving and how is that benefiting you?
It protects our network from hackers, viruses, and unwanted traffic. This keeps our data safe, reduces downtime, and gives us peace of mind knowing our systems are secure.
Powerfull firewall, with many features and powerfull tools to strengthen a network.
What do you like best about the product?
I enjoy using the zone based firewall system. It allows you to group interfaces into zones rather than having a single interface per zone, which helps in large networks. It also has powerfull tools to monitor and improve an existing network, such as using the ACC and policy optimiser.
The routing engine is quite good, allows you to create complex routing paths which is usually reserved for larger routing devices.
Deploying on a VM compared to physical appliances is also great.
TAC is quite quick to reespond to any issues.
The routing engine is quite good, allows you to create complex routing paths which is usually reserved for larger routing devices.
Deploying on a VM compared to physical appliances is also great.
TAC is quite quick to reespond to any issues.
What do you dislike about the product?
Not being able to select mgmt interface in a different order when deploying as a VM.
Having a limitation of 1 subnet per interface as a DHCP scope.
ACC feels outdated, it should be updated to a more easier to understand interface.
Having a limitation of 1 subnet per interface as a DHCP scope.
ACC feels outdated, it should be updated to a more easier to understand interface.
What problems is the product solving and how is that benefiting you?
Being able to create policies that use application type rather than port. Which is a game changer to traiditonal firewalls using port based policies.
Although not used a lot, using user based policies further strengthens policy access, incorporating zero trust architecture is easier.
Dynamic threat updates helps secure devices and services without manual intervention.
Although not used a lot, using user based policies further strengthens policy access, incorporating zero trust architecture is easier.
Dynamic threat updates helps secure devices and services without manual intervention.
Cybersecurity with AI Muscles | A Look at Palo Alto Networks
What do you like best about the product?
it’s just super helpful ‘cause you can actually see what’s going on in your network and stop bad stuff before it gets messy. And like, everything’s in one spot, so you’re not jumping between a million tools. Makes life easier,
What do you dislike about the product?
Tbh the setup can be a pain, especially if you’re new to it. There's kinda a learning curve, and some stuff feels more complicated than it needs to be
What problems is the product solving and how is that benefiting you?
With Palo Alto, we’ve implemented application-aware policies to control traffic more precisely, especially between sensitive services. It’s helped us enforce zero-trust principles by segmenting traffic based on user identity and device context
Reliable and feature-rich firewall solution for enterprise security needs.
What do you like best about the product?
One thing I really like is how intuitive the user interface is. The dashboard makes it easy to monitor traffic and set up policies without needing to dig through complex menus. The threat prevention and application control features are also top-notch, especially the App-ID feature that gives more granular control over traffic. The performance has been rock solid even during peak loads. Their integration with cloud-based threat intelligence helps a lot with zero-day attacks and emerging threats.
What do you dislike about the product?
The main downside is the learning curve in the beginning. If you’re new to Palo Alto, the terminology and rule management style are a bit different compared to other firewalls like Cisco or Fortinet. Also, licensing costs can add up quickly if you want all the advanced features like WildFire or Threat Prevention. Another small gripe is that some firmware upgrades have caused brief outages, so you need to plan maintenance windows carefully.
What problems is the product solving and how is that benefiting you?
Multiple security challenges - access, traffic monitoring, preventing malicious activity/programs. Also the provision of details when it comes to the specific user and apps and access records makes it easier to manage
It has been defenitely great
What do you like best about the product?
The way that it can be used also how easy is to understand everything, truly a powerful tool to use in the CiberSecurity area, helps a lot when matter most
What do you dislike about the product?
I would not say that is dislike, however interface could be more user friendly, however it is still great for what it does and what it helps, keep it up
What problems is the product solving and how is that benefiting you?
One again I would not say that there is a problem at all, everything works as expected how is expected, so no problems, things that could improve however it’s great
Rock-solid perimeter security with unmatched application visibility
What do you like best about the product?
Palo Alto’s App-ID and Threat Prevention engines give us granular control over traffic we never had with our previous stateful firewall. We can write policies around business apps instead of IP/port combos, then verify exactly what was allowed/blocked in the detailed logs. WildFire zero-day analysis has already caught two pieces of unknown malware in the last quarter, and the cloud signatures hit our gateways within minutes. Centralized management in Panorama is another highlight one commit pushes our rules to three sites, so audit time dropped from hours to minutes.
What do you dislike about the product?
Licensing is pricey and can be confusing (Threat Prevention, WildFire, DNS Security, etc.). The web UI occasionally lags when committing large rule-set changes, and the learning curve for first-time admins is steep expect to spend time in the docs or take the EDU-210 course. Support is generally solid, but faster response requires the higher-tier contract.
What problems is the product solving and how is that benefiting you?
Before we moved to Palo Alto, we juggled a traditional port-based firewall, a separate IPS, and far too many manual rules. That setup left gaps: users could tunnel apps over random ports, malware sometimes slipped past signature updates, and every audit felt like a scavenger hunt through spreadsheets.
The PA NGFWs solved three big headaches at once:
1. App-based policy instead of IP/port juggling. With App-ID we now write 15 clean rules around business apps rather than dozens of port rules. Audits take minutes, not hours.
2. Built-in threat and zero-day protection. WildFire and DNS Security catch phishing callbacks and unknown executables before they land on endpoints. Since go-live we’ve seen a \~70 % drop in malware tickets and zero ransomware scares.
3. Unified visibility and management. Panorama pushes configs to HQ and branches in one commit, and the detailed logs make troubleshooting a two-minute task instead of a war-room event.
Bottom line: fewer security incidents, cleaner audits, and a lot more time for the team to focus on strategic projects instead of constant rule-tweaking.
The PA NGFWs solved three big headaches at once:
1. App-based policy instead of IP/port juggling. With App-ID we now write 15 clean rules around business apps rather than dozens of port rules. Audits take minutes, not hours.
2. Built-in threat and zero-day protection. WildFire and DNS Security catch phishing callbacks and unknown executables before they land on endpoints. Since go-live we’ve seen a \~70 % drop in malware tickets and zero ransomware scares.
3. Unified visibility and management. Panorama pushes configs to HQ and branches in one commit, and the detailed logs make troubleshooting a two-minute task instead of a war-room event.
Bottom line: fewer security incidents, cleaner audits, and a lot more time for the team to focus on strategic projects instead of constant rule-tweaking.
showing 1 - 10