What do you like best about the product?

Best thing about Palo Alto Networks Next-Generation Firewalls is Transparency and AppID.
Often times you'll find other vendors referencing max throughput which is measured in really strict conditions and/or without utilizing full security features on firewall. This is often times really missleading. When you look at PANW firewall throughput, it's measured while having all the beneficial services running.

AppID is really mind blowing part of the Firewall. From Reducing the attack surface by approving exactly what is the bare minimum of necessary apps. (Firewall it self offloads this for you, using the Policy Optimizer) all the way to knowing the impact of using such appliactions.

Generaly, features by themselves are something that you expect from firewall to have, however the approach that was taken, Reducing the Attack surface, is really what makes the ZTNA possible. All the way from segmentation, continuously inspecting the traffic, only from specific users/groups, and only allowed applications is a unbeatable combination.

What do you dislike about the product?

I only dislike commit time, when you want to make a fast change and see result quickly, you must pass through commit that takes around 45 sec to complete.

What problems is the product solving and how is that benefiting you?

PANW Firewall is providing a complete platform for enabling ZTNA.
From creating a security zones (aka Segments), and only allowing traffic within explicitly defined zones,
Implementing user identification (either transparent or explicit) which has endless posibilities.
Using Security Profiles to inspect allowed traffic.
Using Decryption that is not intrusive by default. (Firewall bypasses decryption on certain errors, so users are not escalating to support)