Many features are optimized for troubleshooting real-time scenarios, saving a lot of time
What is our primary use case?
Ours is an enterprise environment and some of the services are hosted in our private data centers and some of the servers are hosted on Azure. We have the IPSec tunnels from the firewalls to our own data centers and from the firewall to the cloud as well. It depends on the type of application being hosted.
We are using Panorama for centralized management of all our firewalls around the world, as well as for centralized management of security policies and network settings. We have not completely migrated to the cloud. We are in transit.
How has it helped my organization?
Palo Alto has many features for troubleshooting real-time scenarios. The troubleshooting, compared to other firewalls has been optimized in a way that saves a lot of time.
What is most valuable?
I like the UI. Most things are accessible from the user interface and it is quite user-friendly. With respect to both VM-based firewalls and physical firewalls, it's easy to create updates.
They have a centralized Palo Alto Customer Support Portal and if we require any licenses, such as a next-generation firewall license, we can easily download and integrate them with this solution. We can also schedule periodic updates. That is quite user-friendly.
In terms of functionality, we are using IPSec tunneling and Palo Alto's WildFire feature. We use the security policies, Panorama, and Prisma Cloud as well.
We use Panorama to manage our security policy model across on-prem and public cloud environments. It plays a key role with respect to centralized management, for physical enterprise firewalls and cloud-based firewalls. It gives you centralized control over all the infrastructure. Unified policies can be pushed from that centralized place with templates.
When you deploy VM-Series Firewalls, they are quite flexible. You just have to select the instances, storage, security policies, and firewall rules. Within minutes, you can deploy the firewalls.
We are also able to adjust firewall sizing on the fly, which is important. Initially, we decided on a firewall based on the throughput assumptions. But in peak hours or during a peak month for traffic, we need to scale the firewalls. That should be automatically done. AWS and Azure provide very good features and, by using them, within a second it automatically scales, based on the incoming traffic.
What needs improvement?
Palo Alto has launched different products, such as physical firewalls as well as cloud and VM-based firewalls. Recently, they introduced their Prisma Cloud solution. Compared to the previous technologies, like Panorama, which is used for centralized firewall management, or even individual firewalls, it's a bit challenging to integrate the traditional firewall policies into Prisma Cloud. And the Prisma Cloud interface isn't very user-friendly.
For how long have I used the solution?
Our organization has been using Palo Alto Networks VM-Series for more than five years, and I have worked on this solution for two years.
What do I think about the stability of the solution?
The solution is certainly stable. I have worked with many vendors' firewalls and Palo Alto's are definitely stable.
What do I think about the scalability of the solution?
Obviously, it is scalable as long as you have the licenses and support with Palo Alto. You can implement the firewalls in high-availability mode or use the cloud functionality as well. For scalability, Palo Alto is optimized.
We have 30-plus sites around the world with more than 4,000 users.
How are customer service and support?
Palo Alto has very good support. When you have a valid license, they can replace a device with a new one. They have the CSP portal and you can log in and see all the firewalls listed. You can raise TAC cases with a priority of low, medium, or high, and, based on the priority, they will send an email to you. They have live support as well. In case of an issue, you can call them directly and they will provide the required support.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
Earlier, we were using many vendors' firewalls, per their suitability for our clients. Apart from Palo Alto, we were using Cisco ASA, Check Point, and Juniper. The network grew over the years and each site had its own set of firewalls. The issue was that we had to standardize things across the network. There was also a gradual change in the technology and features available. Our security team thought we needed a better implementation, for optimization and troubleshooting, and something that was friendly for daily operations.
How was the initial setup?
We have both private cloud and hybrid. Some of the services are on the cloud and some are on-prem in our data center. Setting up Palo Alto firewalls is quite easy compared to other vendors.
Migrating our old infrastructure to Palo Alto took four to six months.
We did some pilot project testing with Palo Alto. If, for example, we want to migrate from XYZ vendor to Palo Alto, the very first thing we had to do was capture all the existing security and NAC policies and all the NGFW functionality. Palo Alto has specific features. For example, you can capture the logs in an inline environment, such as what traffic is going to the network, what security policies are there, et cetera. We deployed the Palo Alto firewalls in that way to only capture the traffic. We then analyzed the traffic, and we worked with Palo Alto TAC to understand the security policies and the exact throughput to determine the hardware we were going to use. We monitored all of that for a few months and then we started the migration from other vendors to Palo Alto.
We had 10 engineers involved in the deployment, but each on-site location had its own team as well. Three were senior network architects and the other seven were staff network engineers.
If you want to keep up to date in the network, it requires quite a bit of patching. It has many features, like Unified Threat Management and antivirus that can be auto-updated by scheduling an update for them. But the major patching has to be done manually. In our organization, we do it quarterly.
What was our ROI?
What's my experience with pricing, setup cost, and licensing?
Palo Alto Networks VM-Series is notably cheaper than other firewall vendors, except Fortigate. Fortigate is number one in terms of pricing.
Which other solutions did I evaluate?
Our security team tested various firewalls and it came down to FortiGate and Palo Alto and they found Palo Alto was quite suitable for the network.
What other advice do I have?
Everything is moving to the cloud and we need a solution that can support all the multi-vendor platforms and the new technologies as well. That is quite important for any enterprise organization or service provider nowadays. If we talk about moving existing loads from our own data centers or enterprise sites to the cloud, we need a solution that can take care of everything, such as security compliance, and that is easy to use. Palo Alto is good in those terms.
With the introduction of Prisma Cloud, Palo Alto is encouraging clients to migrate their infrastructure, such as VPN and security solutions to Prisma Cloud. It has been highly optimized compared to Panorama. Palo Alto is promoting it and asking their clients to use Prisma Cloud to improve their security infrastructure.
I would advise, when you deploy a new site, to manage it from the centralized Panorama solution. With Panorama, you have a local login, so even if the internet is down you have access to the firewall management.
We had a situation, when performing patching, where the firewall lost the remote connection via the internet and it had not been onboarded to Panorama. That mean we lost connectivity and we had to involve the onsite technicians. To avoid that scenario, all firewalls should be centrally managed by Panorama.
And for troubleshooting, each firewall should have syslog profiles activated.
Allows us to maintain consistent next-generation firewall protection across virtual, private, and public cloud infrastructures using a unified policy model
What is our primary use case?
We use the solution for network protection. Previously, I worked for a physical organization, but last year we moved to a Proof of Concept. Following the POC, we had to deploy the solution in three different geographical locations. We deployed all of the Palo Alto solutions in the hub environment and connected them to another node.
How has it helped my organization?
VM-Series allows us to maintain consistent next-generation firewall protection across virtual, private, and public cloud infrastructures using a unified policy model. We can use the provided templates to generate policies based on both global and local rules.
Panorama plays a vital role in allowing us to maintain a consistent security policy model across on-premises and various public cloud environments. Presently, we utilize Panorama exclusively in the cloud, spanning three different geographical locations: East Asia, Eastern U.S., and Western Europe.
Once we were able to configure Panorama's centralized management system we were able to have uninterrupted connections with no security issues.
Using Panorama helped us streamline our security policies in a cloud-based environment, saving us time. With Panorama, we no longer need to log in and manually adjust the template before transferring data, which increased our comfort level.
What is most valuable?
Palo Alto Networks VM-Series' security features are all good.
Centralized management is valuable because it allows us to configure settings in one location and apply them across all three locations.
What needs improvement?
The migration of workloads to the cloud is difficult because the cloud provider and Palo Alto Networks are different platforms. We had to research many articles online and after our research and development were completed we were able to deploy. The migration of data to the cloud can be more user-friendly and has room for improvement.
The utilization monitoring and GUI have room for improvement.
Sometimes we encounter licensing issues where our licenses are not activated, and as a result, we are required to redeploy. This problem could be related to VM-Series or the template image and how they are integrated with Azure Marketplace.
For how long have I used the solution?
I have been using the solution for one year.
What do I think about the stability of the solution?
How are customer service and support?
The technical support is good.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
Previously, we utilized Azure Firewall, but we found it to be less mature compared to Palo Alto, prompting us to switch to the latter.
How was the initial setup?
The initial setup is straightforward but the deployment portion is complex. We require 15 minutes for one VM deployment.
What other advice do I have?
I give the solution a nine out of ten.
Palo Alto Networks Next-Generation Firewall
What do you like best about the product?
Easy to use great interface, the wizard for configuration is helpful and intuitive. Great product!
What do you dislike about the product?
Cost, very expensive and heavy uplift would state it would need long term commitment to implement and gain benefits.
What problems is the product solving and how is that benefiting you?
General administration
Define and manage rule set
Ensure dashboard is self evident to users and setting up of laerts and rules wih ease
The Best Next Generation Firewall For your Organization: PALO ALTO
What do you like best about the product?
Palo Alto NGFW is the best firewall available in the market, and this product's stability is incredible. It provides complete visibility and control of our traffic and helps to detect and take prevention measures on vulnerable traffic or malicious event. It has many beneficial features for the organization, like DNS security, which provides sub-features like blocking malicious domains and URL filtering. The following fantabulous features are app-id, user-id and single parallel pass processing, which is the best about Palo alto. If we use different Palo alto firewalls, then we can manage them through panorama and do the changes all in one place, so manageability becomes an easy task. The threat signature database is updated regularly. The configuration part is easy and provides excellent throughput and speed despite the high traffic load.
What do you dislike about the product?
The dashboard or management console is very complex and can not be understood by an average L1 engineer. Configuring policies and making VPN tunnels is a big task and takes time. Talking about the cost, it is the most expensive firewall I have seen. The price is high compared to other firewall vendors. The tech support is not so good. Sometime it becomes tough for priority cases to resolve the issue. They launch a new feature release or some service pack now and then and it becomes tough to adapt to these changes as sometimes they contain bugs and are risky to implement in the production network. There is some issue with the VPN feature of Palo Alto. It needs strong expertise and an excellent team to handle this product.
What problems is the product solving and how is that benefiting you?
We can track down the traffic on the interface, and we can also see the bandwidth consumption that is used by the application. This firewall helped our organization to prevent malicious attacks, what user is using which services and what port, and we can block them according to the requirement. Another use case is that it has a sandboxing technique that helps isolate malicious applications and files containing viruses or malware. We can do DNS security, which is our primary focus and provides threat prevention. We can filter out bad traffic and create VPNs for remote users, and the functionality is flexible. If we compare it to other firewalls like FortiGate and SonicWall, it is the best firewall. The web interface can display all the information about our needs.
Good performance, powerful CLI, and offers zero-day signature updates
What is our primary use case?
We use this product to secure our entire network, for ZTNA structure, and for VPN purposes, allowing access to our servers behind the firewall.
How has it helped my organization?
Using this product has increased our security and has given us much better results in terms of security scans.
Palo Alto embeds machine learning into the core of the firewall to provide online real-time attack prevention, and I would rate that capability an 8 out of 10. It's definitely effective in terms of securing our network against threats that are able to evolve and morph rapidly.
This solution provides a unified platform that natively integrates all of the security capabilities, although we are not using parts of it. For example, we don't use the configuration tools like Panorama.
What is most valuable?
The most valuable feature is the CLI.
We have the firewall configured for zero-day signatures, which is very important to us. We must be HIPAA and PCI compliant, which means that we need those signatures immediately.
There is no noticeable trade-off between security and network performance. In fact, so far, we've not seen any negative network performance with it. We're very impressed in that regard.
What needs improvement?
The web interface, especially when committing changes, remains a bit slower than I would like, but it has improved over the years. Reboots for the VM series do take longer than I would have expected.
For how long have I used the solution?
I have been working with the Palo Alto Networks VM-Series for almost 5 years.
What do I think about the stability of the solution?
This product is very stable. We have had zero problems with stability.
What do I think about the scalability of the solution?
The scalability is fantastic. We're using the lowest-end product right now, and I don't foresee when we'll have to upgrade. We have a long way where we can continue to scale up.
We currently have multiple people that use it for VPN purposes, to access our servers behind the firewall. It is not used nearly as extensively as it should be. However, in the future we will start flowing all of our internet traffic through it.
We're all working remotely, and we're going to be connecting through the firewall. This means that our traffic is going to greatly increase, meaning that our usage will also increase. We'll also be using many more of the features.
How are customer service and support?
The technical support from Palo Alto is good, overall. However, their response times could be a little quicker.
We have not really had any big complaints with the technical support and I would rate them a seven out of ten.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
Prior to using Palo Alto, we were using an on-premises solution by Juniper. When we switched from onsite to the cloud, we changed products.
We made the switch because Juniper became unbearable regarding complexity and performance. It was getting very bad; we couldn't manage it well, and the performance was quite poor.
How was the initial setup?
The initial setup can be quite complex. There is a steep learning curve and we failed at it a few times before we were able to put a production machine into place.
Our final deployment took between three and four hours.
What about the implementation team?
Our in-house team was responsible for the deployment.
What was our ROI?
We have absolutely seen a return on our investment. We are definitely more secure. With the features that are in Palo Alto, we do not have to worry about people busting into our network. Even just out of the box, with the base features, it's very solid. The default configurations are quite secure.
Our return on investment comes from the fact that no longer need to spend hours monitoring our network the way we did before. We've saved man hours and we've saved stress. I am unable put a monetary value to that, but that would be the return.
What's my experience with pricing, setup cost, and licensing?
This is not the cheapest firewall but it's not the most expensive of the options on the market.
The new licensing structure is a little difficult to understand at first, but with the right thought put into it, would like save some money.
Which other solutions did I evaluate?
Beyond Palo Alto, we evaluated two or three other products. Two of them that I can recall are Fortinet and the Microsoft Azure Firewall.
We did some extensive reviews and some extensive testing and what we found is that for the price, Palo Alto gave us the best options. It had the best set of security features. It wasn't the cheapest product but it was the best solution that fit our requirements.
What other advice do I have?
We have not yet implemented the DNS security features but we will in the future.
If one of my colleagues at another company were to say that they were just looking for the cheapest and fastest firewall, I would suggest that they be careful. Palo Alto has a great balance. It's not super expensive compared to other options on the market, and it's quite quick when it comes to throughput and performance.
In summary, this is a good product but I do suggest that people shop around a little bit.
I would rate this solution an eight out of ten.
THE BEST NEXT GENERATION FIREWALL
What do you like best about the product?
It is one the best network security tool which orovides all round protection to your network and endpoints. This is easy to deploy and manage providing software and hardware together which are all developed all by PA. Having different plane for control and management is very helpful.
What do you dislike about the product?
1. It is more on the expensive side if you compare with other firewall solutions.
2. Buying license for different usecase is also an expense.
3. Log analysis and review is not really user friendly.
What problems is the product solving and how is that benefiting you?
1. This enables us to cover all the network and endpoints which is really helpful in avoiding all the types of vulnerabilities.
2. Managing vpn is also amazing and managing client networks as well.
Recommendations to others considering the product:
Go for it if you have kind of bank balance required.
Palo Alto, Reliable High Performance Firewall Solution!
What do you like best about the product?
Palo Alto is a solution that provides software and hardware as a complete setup. The other vendors could be deployed as an open server. I mainly consider Palo Alto like iPhone which develops it's own software; iOS and produces the hardware as iPhone. Also, I consider the other rival vendors like Android as an OS and this OS is capable to work with Samsung, Google, Sony, Xiaomi, Oppo, etc. hardware.
What do you dislike about the product?
The zone limitations give me a headache always. And also log screen and log searching syntax are very complicated and not user-friendly. This interface needs to be revised by a UX Designer
What problems is the product solving and how is that benefiting you?
Palo Alto is one of the leaders in Next-Generation Firewall solutions. We can do App-ID, Content-ID, and User-ID based on Application Control. Also, we can manage security policies and NAT policies which are based on Access Control or port control. Site to site VPN works well without any problem but is hard to configure on the Dashboard; you can add the definitions as objects and use them in VPN policies
Recommendations to others considering the product:
Sizing is important before deploy. Initial setup is supposed to be done by an experienced expert.
Solid NGFW Solution
What do you like best about the product?
Reliable and stable NGFW solution, with good features
What do you dislike about the product?
Management integration isn't as complete and seamless as some other solutions
What problems is the product solving and how is that benefiting you?
Various different use cases for clients as I work for a systems integrator. They have realised many different benefits, including consolidation of services, greater granularity of inspection at the edge and in the data centre, etc.
Rock Solid Firwall Platform
What do you like best about the product?
It is one of the most fully-featured and well-supported layer 7 firewalls on the market.
What do you dislike about the product?
The user interface is still somewhat less intuitive than I would like. A moderate learning curve.
What problems is the product solving and how is that benefiting you?
Replaced and consolidated out-dated firewall technology, URL filter appliances, and IDS sensors. We did find PaloAlto to be surprisingly willing to negotiate and acquired firewalls at a very competitive price. This came as a pleasant surprise.
Great features and performance
What do you like best about the product?
1. Dedicated management interface for managing and initial configuration of the device.
2. Regular threat signatures and updates.
3. We can import addresses and URL objects from the external server.
4. We can configure and manage with REST API integration.
5. Great throughput and connection speed is fair even in high traffic load.
6. Deep visibility into the network activity through Application and Command Control.
What do you dislike about the product?
1. Committing the configuration takes more time.
2. When CPU is 100 percent, then GUI takes very long to respond.
3. Booting time is very long.
What problems is the product solving and how is that benefiting you?
1. Enforcing web filtering and application control policies to reduce bandwidth usage.
2. Remote access of the internal servers by connecting to the Global Protect VPN.
3. Taking monthly security reports and usage reports.
4. Using WAN interfaces equally using SDWAN plugin.
5. Restricting communication between LAN and DMZ zones and allowing connection only for selected users.
Recommendations to others considering the product:
It is an excellent product, and there are a lot of security features to implement.
