We just raised a $30M Series A: Read our story
MG
President at MT-Data
Real User
Top 20
Awesome stability, great firewall capabilities, and a rather straightforward initial setup

Pros and Cons

  • "The solution allows us to set parameters on where our users can go. We can block certain sites or ads if we want to."
  • "We're working with the entry-level appliances, so I don't know what the higher-end ones are like, however, on the entry-level models I would say commit speeds need to be improved."

What is our primary use case?

We primarily use the solution for the firewalls. We're also using the next-gen features to shape what's going on. For example, to figure out what is allowed out and what isn't allowed out on a layer-7 application-aware firewall. We can block based on the application, as opposed to port access.

How has it helped my organization?

The solution helped us stop being policemen to our users. We don't have to run around telling people they can't do certain things. We can just not allow it and walk away from it. We're not out there seeing who is doing what, we just don't allow the what.

What is most valuable?

The solution allows us to set parameters on where our users can go. We can block certain sites or ads if we want to.

The firewall capabilities are very good.

What needs improvement?

We're working with the entry-level appliances, so I don't know what the higher-end ones are like, however, on the entry-level models I would say commit speeds need to be improved. 

The appliances I'm working on are relatively old now. We're talking five-year old hardware. That slow commit speed might be addressed with just the newer hardware. However, even though it is slow, the speed at which they do their job is very acceptable. The throughput even from a five-year-old appliance shocks me sometimes.

Currently, if I make changes on the firewall and I want to commit changes, that can take two or three minutes to commit those changes. It doesn't happen instantly.

The solution doesn't offer spam filtering. I don't know whether it's part of their plan to add something of that aspect in or not. I can always get spam filtering someplace else. It's not a deal-breaker for me. A lot of appliances do that, and there are just appliances that handle nothing but spam. 

For how long have I used the solution?

I've been using the solution for five years.

What do I think about the stability of the solution?

The stability is awesome. I haven't had any issues with the solution stability-wise. I've got the same firewalls that have been out there for five years and they work great.

What do I think about the scalability of the solution?

I don't work with enterprise-class products. I'm not in that environment. However, so as far as I know, Palo Alto has products that will go that large. Panorama may be able to scale quite well. You can manage all your appliances out of it. They are a very popular license.

Their GlobalProtect license is very much like Cisco's AnyConnect. It does the endpoint security checks. It makes sure they've got the latest patches on and the antivirus running and they've got the latest antivirus definitions and whatnot installed before they allow the VPN connection to happen. It's quite nice.

How are customer service and technical support?

Their support is very good. I've never had any issues with their support. I would say that we've been satisfied with their level of service. 

Occasionally there may be a bit of a language issue based on where their support is located.

How was the initial setup?

The initial setup is pretty typical. It's like any firewall. As long as you've worked with next-gen firewalls, it's just a matter of getting your head around the interface. It's the same sort of thing from one firewall to the other. It's just a matter of learning how Palo Alto does stuff. Palo Alto as a system, for me, makes a whole lot of sense in the way that they treat things. It makes sense and is easy to figure out. That's unlike, for example, the Cisco firewalls that seem to do everything backwards and in a complicated way to me. 

I haven't worked with enough Cisco due to the fact I don't really like the way they work. That isn't to say that Cisco firewalls are bad or anything. It's just that they don't operate the way I think. That might have changed since they acquired FireEye which they bought a couple of years back.

What's my experience with pricing, setup cost, and licensing?

I know the solution is not inexpensive. It depends on what you ultimately sign up for or whether you just want the warranty on the hardware. 

What other advice do I have?

I'm not really a customer. I'm like a consultant. I'm an introduction expert. If I think a client needs a certain technology I point them in the direction of whoever sells it. I do go in and configure it, so I do have experience actually using the product.

When I'm looking for something, I just find someone that sells Palo Alto and I redirect the client towards them. I'm not interested in being in a hardware vendor. There's no money in it. There's so much competition out there with people selling hardware. It doesn't matter where the client gets it from.

We tend to use the 200-series models of the solution.

I'd rate the solution eight out of ten. They do a very good job. The product works well.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
TM
Sr. Engineer at a comms service provider with 51-200 employees
Real User
Top 20
Reliable with a straightforward setup and good security features

Pros and Cons

  • "It's one of the best products I've worked with. It's typically a market leader on Gartner. It's a very respected brand."
  • "The pricing of the solution is quite high. It's one of the most expensive firewall solutions on the market."

What is our primary use case?

The solution is typically used for antivirus and antimalware purposes, to help protect an organization against attacks.

What is most valuable?

The solution offers many different capabilities.

It's one of the best products I've worked with. It's typically a market leader on Gartner. It's a very respected brand.

The solution offers very good security, especially in relation to antivirus activities.

The initial setup is pretty straightforward.

The product is extremely reliable.

What needs improvement?

The pricing of the solution is quite high. It's one of the most expensive firewall solutions on the market.

Clients are typically looking for a solution that's more aggressive in the market.

For example, with Fortinet, they have an SD-WAN that really has many capabilities. For example, it can inject a GSL SIM card along with the MPLS connection. It connects the system within one product. Palo Alto doesn't offer this. This is one area that will need to improve. In Indonesia, the market is growing strategically. Palo Alto has this one product, however, with the limitation of the GSM sim card they are getting left behind. 

For how long have I used the solution?

I started using the solution around 2012 or 2013. It may have been eight years or so. Sometimes I am doing a POC or implementing the solution, so it has been on and off.

What do I think about the stability of the solution?

While the solution itself is okay in terms of stability, there could be issues if the hardware is affected. We have hardware that gets affected by humidity, for example, which can end up affecting a wide range of infrastructure. If the environment is good, the solution will be okay. If we talking about Palo Alto's series starting from the 3,000 to 5,000 or 7,000, Palo Alto has a really stable product.

What do I think about the scalability of the solution?

We set up this solution for companies of all sizes, from small to large enterprises. One of our clients is a telecom, which is quite sizable. They have the most complex configuration. The solution, however, is able to work for any company, no matter what the size. In that sense, it's a scalable option.

That said, the NG firewall is not a typical product that we can scale up on a whim. If we want to scale up in this product, we need to buy a higher series. We have to replace it. If we want to scale out this product, we can do a roll out in another location. Therefore, you can expand it out, however, you do need to change the sizing, which means getting a size or two up.

How are customer service and technical support?

I haven't contacted technical support recently. The last time I spoke to the tech support team was five years ago or maybe as an Operation Engineer three or five years ago. Generally, I found that they were really good at understanding the product. In my experience, they were really helpful. I'd say I was satisfied with their support.

Which solution did I use previously and why did I switch?

I've also used Juniper, however, that may have been three or four years ago or so.

How was the initial setup?

In my case, I have a lot of experience with Palo Alto and the implementation process. Therefore, I don't find it too complex. It's rather straightforward for me. However, I have a long history with the solution. I find the hierarchy of the configuration fairly easy to understand, especially if you compare it to a solution such as Juniper. Juniper is a bit more complex to set up. Whereas, Palo Alto is a bit more straightforward.

How long deployment takes can vary. It really depends on the complexity of the configuration and the environment.

If a client only buys the implementation, they will have to handle the maintenance of the product. It's a good idea to have that type of person in-house.

What's my experience with pricing, setup cost, and licensing?

We find the cost of the solution to be very high. It's quite expensive, and one of the most expensive on the market.

The pricing is related to the complexity of the environment. The more complex the company's requirements, the more it will cost.

What other advice do I have?

We have a partnership with Palo Alto.

I am in pre-sales and often do POCs or do some aspect of evaluating the solution for clients to help them understand the usefulness.

Overall, I really do prefer Palo Alto to other options. I'm the most comfortable with it and I understand it the best out of other solutions such as Juniper or Fortinet.

I'd suggest organizations consider the solution. Yes, it is quite expensive. However, it is also very reliable and is always marked highly in Gartner due to its feature set and usability. It's easy to configure and it's very easy to add more features into your roadmap if you need to. It can easily integrate into a larger holistic security system to help keep a company safe.

In general, I would rate the solution at a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Learn what your peers think about Palo Alto Networks NG Firewalls. Get advice and tips from experienced pros sharing their opinions. Updated: November 2021.
554,529 professionals have used our research since 2012.
SZ
Team Lead Network Infrastructure at a tech services company with 1-10 employees
Real User
Top 5Leaderboard
Stable with good performance and a fairly straightforward setup

Pros and Cons

  • "It's a next-generation firewall and it's pretty stable. You don't have to worry about if you restart it for some maintenance. It will just come back."
  • "Sometimes some of the applications the customer has do not respond as they normally should."

What is our primary use case?

The solution can be used in the data center it can be used as perimeter firewalls and gateways as well. It can be used anywhere. From the systems side, the data center side, or I typically recommend that it be deployed in a VM, as it may be able to see the internet traffic and specifically it would basically look into the details of a virtualized environment as well.

What is most valuable?

It's a next-generation firewall and it's pretty stable. You don't have to worry about if you restart it for some maintenance. It will just come back. Basically, it would come back in a straightforward manner. There are no stability issues.

The one thing that I like about Palo Alto is it's throughput is pretty straightforward. It supports bandwidth and offers throughput for the firewall.  The throughput basically decreases.

Palo Alto actually provides two throughput values. One is for firewall throughput and other is with all features. Whether you use one or all features, its throughput will be the same.

It's performance is better than other firewalls. That is due to the fact that it is based on SPD architecture, not FX. It basically provides you with the SB3 technology, a single path parallel processing. What other brands do is they have multiple engines, like an application engine and IPS engine and other even outside management engines. This isn't like that.

With other solutions, the traffic basically passes from those firewalls one after the other engine. In Palo Alto networks, the traffic basically passes simultaneously on all the engines. It basically improves the throughput and performance of the firewall. There's no reconfiguration required.

What needs improvement?

Palo Alto has all the features that any firewall should have. Other firewalls should actually copy Palo Alto so that they can provide better stability, performance, and protection - at levels that are at least at Palo-Alto's.

This isn't necessarily an issue with the product per se, however, sometimes basically there are some features, depending on the customer environment, do not work as well. Sometimes some of the applications the customer has do not respond as they normally should. Palo Alto support needs to understand the customer requirements and details so that they can resolve customer queries more effectively.

For how long have I used the solution?

I've been using the solution for the past six years at this point.

What do I think about the stability of the solution?

The solution offers very good stability. I don't have issues with bugs or glitches. It's reliable.

What do I think about the scalability of the solution?

We have a variety of customers ad they all have a different amount of users. Some have 50 users. Some have 100 users. Some have 1,000 users as well. It varies quite a bit. In that sense, it scales to meet the customer's needs.

How are customer service and technical support?

I've dealt with technical support in the past. Sometimes it is good and sometimes it's not as good. It depends on the complexity of the deployment. Overall, however, I would say that I have been satisfied with the level of service provided.

Which solution did I use previously and why did I switch?

There are multiple products from different vendors, and I basically deploy different firewalls from different vendors for the customers based on their needs. The solutions I work with include Cisco, Fortinet, and WatchGuard. There are a few others as well.

How was the initial setup?

The initial setup isn't too complex. It's pretty straightforward.

The deployment time basically depends on the deployment model. If it's a VMware model, it's pretty straightforward and you can basically deploy it in half an hour to one hour.

If it is in another deployment model, for example, if it's in Layer 3, it depends on the subnet environment, how many subnets they have, or how the traffic is routing from one end to the other end, etc. 

What about the implementation team?

I'm involved in system integration, so I basically deploy and manage the solution for the other customers.

What other advice do I have?

I'm an integrator. I work with many clients. My clients use both the cloud and on-premises deployment models.

I would recommend the solution to other organizations.

Overall, I would rate it at a nine out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Integrator
JJ
Solutions Architect at a comms service provider with 51-200 employees
Reseller
Top 5
A good solution with great stability and very good Policy Optimizer feature

Pros and Cons

  • "I love the Policy Optimizer feature. I am also completely happy with its stability."
  • "Its reporting can definitely be improved. I would like to have better graphical dashboards and more widgets for more clarity in the reporting area. In a third-generation firewall, you can generate some dashboards. It provides the information that we need, but from the C-level or a higher-level perspective, it is kind of rough and incomplete. Its data loss prevention (DLP) feature is not good enough. Currently, this feature is very basic and not suitable for enterprises. It would be nice if they can include a better DLP feature like Fortinet. We would like to have a local depot of Palo Alto in Latin America. Competitors such as Cisco and Check Point have a local depot here. If there is an issue with their hardware, you can go to the depot, and in about four hours, you can get a replacement device, but that's not the case with Palo Alto Networks because we need to import from Miami. It takes about two to three weeks."

What is our primary use case?

We mainly use it for perimeter protection between the internet and the local network. We are using it for application control. We exploit the applications with some policies about how the network traffic is going to be from the local LAN to the external network and vice versa. We are protecting our network from outsiders and stopping them from getting into the network.

What is most valuable?

I love the Policy Optimizer feature. I am also completely happy with its stability.

What needs improvement?

Its reporting can definitely be improved. I would like to have better graphical dashboards and more widgets for more clarity in the reporting area. In a third-generation firewall, you can generate some dashboards. It provides the information that we need, but from the C-level or a higher-level perspective, it is kind of rough and incomplete.

Its data loss prevention (DLP) feature is not good enough. Currently, this feature is very basic and not suitable for enterprises. It would be nice if they can include a better DLP feature like Fortinet.

We would like to have a local depot of Palo Alto in Latin America. Competitors such as Cisco and Check Point have a local depot here. If there is an issue with their hardware, you can go to the depot, and in about four hours, you can get a replacement device, but that's not the case with Palo Alto Networks because we need to import from Miami. It takes about two to three weeks.

For how long have I used the solution?

I have been using this solution for about three years.

What do I think about the stability of the solution?

I am completely happy with its stability. I have no issues with its stability.

What do I think about the scalability of the solution?

I don't need more scalability. I can use the new features without changing the hardware. The features are completely inside the hardware, so I have no issue with the scalability. Most of our customers are big businesses.

How are customer service and technical support?

I didn't have a very complex call with their technical support.

How was the initial setup?

It depends. It can be complex when we are replacing a solution with Palo Alto Networks and the customer doesn't know how the policy is going to be implemented in the solution. If that is not the case and it is a clean installation, it is very straightforward. It is not at all complex.

The deployment generally takes a whole week. This includes the planning stage and doing the initial setup. It takes about two days to set up a device, power it on, and turn on the policies.

What's my experience with pricing, setup cost, and licensing?

It is an expensive solution.

Which other solutions did I evaluate?

Our clients compare it with Check Point. Palo Alto Network has the application granularity. It enables you to handle the applications, policies, and Policy Optimizer. There is no need for splitting the management plane and the processing plane. In Check Point, you need two devices. You need one device for the management and one for the gateway. Palo Alto has both in one, which is a good feature.

Check Point is a kind of cheaper solution, and we can deploy that application on open servers. The open servers option in Check Point has a huge cost-saving. In terms of performance, I will always choose Palo Alto Network because its IPS feature is superior to Check Point. It is much better than Check Point.

What other advice do I have?

First of all, I would say that the engineer who is going to deploy the solution has to know how the network policy is going to be introduced into the firewall. It is very important for deployment because it is a new concept that Palo Alto introduced in the market. The second thing is to know the policies, not on the layer-4 basis, but in terms of policies, such as SMB, DSTP, and other such things.

I would rate Palo Alto Networks NG Firewalls a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Khawaja AhsanZia
Network Security Engineer at a tech services company with 11-50 employees
Real User
Top 20
Ability to log each and every application provides valuable control

Pros and Cons

  • "Ability to log each and every application."
  • "With new features and applications you get bugs."

What is our primary use case?

I'm a network security engineer and we are platinum partners with Palo Alto. 

What is most valuable?

Initially, there were no application controls offered in the legacy firewall. Now you can log each and every application. It provides valuable control and is the main feature in addition to the security features they're currently offering. All the firewalls - Fortinet, Cisco, Palo Alto -  provide complete visibility and control over your network which you didn't previously have. Now you have user ID and you can implement URL filtering as well, there is control over your network. End user logging is far better with Palo Alto than Fortinet or Cisco, and it helps you to troubleshoot. I'd rate Palo Alto on top. It's comfortable and that's my experience. Cisco and Fortinet provide good services, but Palo Alto offers a very good product.

What needs improvement?

There will always be room for improvement. On a daily basis you get patches for everything. They build new features, apply new technologies and new applications which need to be integrated and with that you get bugs. There are always issues, whether it's hardware or software. 

For how long have I used the solution?

I've been using this solution for five years. 

What do I think about the stability of the solution?

The product is generally stable but with each new update you need to get the OS bug fix. Any security device has a vulnerability which a hacker can exploit and you have to keep on patching.

What do I think about the scalability of the solution?

I work on the system integrator side and work with multiple customers, and this is a scalable solution. 

How are customer service and technical support?

The support level is good, but it depends on the region you're working from. In some countries, the support flexibility is very good. For others, you have different strategies. I'm in Pakistan and Palo Alto has a different strategy here in that they don't directly provide support. You have to add another vendor in between and open a case with them and if they can't resolve your query they activate to Palo Alto. In some countries, Palo Alto directly provides support and in others they can't be contacted directly. In a couple of scenarios, we got involved with an R&D team and told them there was a bug for our end users. Palo Alto escalated that case to an R&D team and they got it fixed in the following patches.

How was the initial setup?

The initial setup is a very smooth process integrated with initial configuration. It's very easy. 

What's my experience with pricing, setup cost, and licensing?

You could say that the cost is higher for Palo Alto, but they are a better product compared to the other principals. 

Which other solutions did I evaluate?

I work with Fortinet as well as Palo Alto. Palo Alto has very extensive logging that Fortinet doesn't offer. To get that with Fortinet you need to purchase FortiAnalyzer for reporting. The logging is so extensive in Palo Alto that you can generate a report and get an analysis on the same firewall. You don't need to procure anything else. The documentation of both Fortinet and Palo Alto is up to standard. They both have very extensive documentation for their products. Both of them offer the same level of knowledge base for their customers and are up to the mark. In terms of support, Fortinet and Cisco allow you to directly open a case and get an engineer on the line. Cisco follows the same model. I'm unable to do that with Palo Alto from Pakistan. 

What other advice do I have?

I would rate this solution an eight out of 10.

Disclosure: My company has a business relationship with this vendor other than being a customer: partner
JH
Technology Manager at a comms service provider with 1,001-5,000 employees
Real User
Easy for clients to connect to their information

Pros and Cons

  • "They have a good system operator in the firewalls and it provides many tools that they can use to protect their networks."
  • "Maybe they could add some tools and more competing services, like servers, but that would increase the cost of the solution."

What is our primary use case?

Our primary use case is for the perimeter connection of our clients in the network. Our client brings their services to their clients, and they have the option to connect to a webpage. With Palo Alto Networks NG Firewalls they can safely provide a username and password to their clients.

It is mainly on-premise, because the majority of the clients at this point want that kind of option. But many of them are already asking for the cloud option, like Prisma, for example.

How has it helped my organization?

It has improved our clients' organizations because previously the clients did not have the option to fully connect. In this solution, they have the opportunity to add services to their web page and book clients.

What is most valuable?

The feature that I have found most valuable is the connection. It's very easy for the clients to connect to their information. They use an SSL connection by BPM.

What needs improvement?

We work very closely with the vendors here and at this point they use external support.

Maybe they could add some tools and more competing services, like servers, but that would increase the cost of the solution.

For how long have I used the solution?

My company has been using Palo Alto Networks NG Firewalls for almost one year. It is new for us. We have more experience with Cisco and Fortinet.

What do I think about the stability of the solution?

In my company, I am responsible for the development of the proposal that we give to the client. We develop the spectrum and the pricing. We make presentations to the customer to explain the solution and answer questions about it.

What do I think about the scalability of the solution?

The scalability is very strong. The vendor provides has high availability.

Our clients are medium sized businesses.

Palo Alto is not a cheap solution. It is expensive. But because of its technology it pays itself back. In each case we work with the vendor to obtain a major discount for their business. I give that discount to our customer, who benefit from the services that we can bring them.

How are customer service and technical support?

This is our first dealing with Palo Alto. With other vendors we have more experience, like with Cisco and Fortinet.

Palo Alto's documentation and manuals are very complete. It's very easy to obtain the information that way.

Which solution did I use previously and why did I switch?

The client still uses Cisco, Fortinet, and Checkpoint. Palo Alto has very good administration tools which is not the case with the others. You can't compare all vendors. Also, the granularity of the information that they can obtain from the firewalls is better.

How was the initial setup?

The initial setup depends. In the case of one client, for example, they have a very complex connection of networks, which is architectural. It is integrated and we need to pick it out and include all the rules that they have and to put in the firewalls which they want to buy in the next month. That kind of job is not easy for us, not just regarding Palo Alto but for other vendors, too.

What other advice do I have?

On a scale of one to ten, I would give Palo Alto Networks NG Firewalls a nine.

I would recommend this product to others.

In terms of what advice I would give to future customers looking into implementing Palo Alto Firewalls, I would tell them that they have a good system operator in the firewalls and that it provides many tools that they can use to protect their networks. You don't find that in the other vendors.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Amar-Patil
Security Engineer at Hitachi Systems, Ltd.
Real User
Enables us to monitor VPN compliance and integrate with multiple vendors

Pros and Cons

  • "With App-ID, we can identify exact traffic. Even if someone tries to fool the firewall with a different port number, or with the correct port number, Palo Alto is able to identify what kind of traffic it is."
  • "The solution has normal authentication, but does not have two-factor or multi-factor authentication. There is room for development there."

What is our primary use case?

These firewalls are only used for perimeter purposes, in gateway mode.

How has it helped my organization?

In addition to our environment being secure, we can monitor compliance of VPN users. Security and monitoring are the two big benefits.

It's also very critical for us that it provides a unified platform that natively integrates all security capabilities. We have multiple vendors and multiple solutions. Palo Alto has to work with them. For example, when it comes to authentication, we can integrate LDAP and RADIUS, among others. And in one of our customer's environments, we have integrated a new, passwordless authentication.

What is most valuable?

Apart from the security, Palo Alto NG Firewalls have nice features like App-ID and User-ID. These are the two most useful features.

With App-ID, we can identify exact traffic. Even if someone tries to fool the firewall with a different port number, or with the correct port number, Palo Alto is able to identify what kind of traffic it is.

With User-ID, we can configure single sign-on, which makes things easy for users. There is no need for additional authentication for a user. And for documentation and reporting purposes, we can fetch user-based details, based on User-ID, and can generate new reports.

Another good feature is the DNS Security. With the help of DNS security, we can block the initial level of an attack, and we can block malicious things from a DNS perspective.

The GlobalProtect VPN is also very useful.

What needs improvement?

The solution has normal authentication, but does not have two-factor or multi-factor authentication. There is room for development there.

For how long have I used the solution?

We have been using Palo Alto Networks NG Firewalls for two years. I've worked on the 800 Series and the 3000 Series.

What do I think about the stability of the solution?

It's quite stable. They are launching a new firmware version, but compared to other products, Palo Alto is quite stable.

How are customer service and support?

I have worked with Palo Alto's support many times and it is quite good. Whenever we create a support ticket, they are on time and they update us in a timely manner. In terms of technical expertise, they have good people who are experts in it. They are very supportive of customers.

How would you rate customer service and support?

Positive

How was the initial setup?

The initial deployment is straightforward; very simple. The primary access for these firewalls is quite simple. We can directly access them, after a few basic steps, and start the configuration. Even the hardware registration process and licensing are quite simple.

The time it takes to deploy a firewall depends upon hardware and upon the customer's environment. But a basic to intermediate deployment takes two to three months.

What was our ROI?

Our customers definitely see ROI with Palo Alto NG Firewalls, although I don't have metrics.

What's my experience with pricing, setup cost, and licensing?

I am not involved in the commercial side, but I believe that Palo Alto is quite expensive compared to others.

Which other solutions did I evaluate?

One of the pros of Palo Alto is the GlobalProtect, which is a VPN solution. GlobalProtect has broader compliance checks. I have worked on Check Point and FortiGate, but they don't have this kind of feature in their firewalls. Also, Check Point does not have DNS Security, which Palo Alto has.

What other advice do I have?

If you're going with Palo Alto, you have to use all its features, including the DNS Security, App-ID, and SSL decryption. Otherwise, there is no point in buying Palo Alto.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
MV
Network Administrator at a healthcare company with 201-500 employees
Real User
Top 5
Great protection without requiring a special dedicated network team; saves us a lot of time

Pros and Cons

  • "Protection from a single packet and ease of making security rules."
  • "It's not so easy to scale out your security capabilities."

What is our primary use case?

We have two 3000 Series Firewalls placed in our primary location. We have two sites and the secondary site uses the primary site for internet access. All traffic to the secondary location goes through a VPN tunnel. I'm a network administrator. 

What is most valuable?

The value of this solution for me is the protection from a single packet and ease of making security rules. It also doesn't require a special dedicated network team, I'm able to do it myself. It's a time saver for me and now in this pandemic period, users have access from home.  

What needs improvement?

I'd like to see some changes to the licensing policies and, on the technical side, improvement in scalability. It's not so easy to scale out your security capabilities. With the situation in business today, everybody lacks money and if you have to increase your resources and to constantly pay more for that, it becomes a problem. 

For how long have I used the solution?

I've been using this solution for 10 years. 

What do I think about the stability of the solution?

It's been 10 years and I don't remember any outages because of a hardware failure or a logical error in configuration. We had problems with servers or switches initially but it works like a charm now. 

What do I think about the scalability of the solution?

Scalability is the main disadvantage of Palo Alto. They call themselves a firewall with router capabilities but it's not a router and it requires a good bandwidth in VPN which could become a problem because you have to scale to really big hardware. We can solve the issue with other solutions, but for me the idea is to have less devices in your environment.
It's all about the hardware.  

How are customer service and technical support?

The support is quite good. A couple of months ago, I sent an email with an issue and we got an answer in 15-20 minutes. In my experience, Palo Alto support is one of the best, maybe the best support available.

Which solution did I use previously and why did I switch?

We previously used Juniper which is currently called Net Screen. I also looked at Sonic Wall. We carried out a proof of concept five years ago and they had to decide whether to go with Palo Alto or another vendor. 

How was the initial setup?

For me, the initial setup is very easy. To get the device running with some capabilities but maybe not all security rules takes about an hour and it's the same for any upgrades. We have around 900 users and one admin person from our organization who deals with any issues. 

What's my experience with pricing, setup cost, and licensing?

Palo Alto is an expensive solution, we currently have a three year contract. I'm not sure what our terms are. People always want cheaper, nobody wants to pay more. In our region, I think if Palo Alto was cheaper, more companies would buy the solution. 

What other advice do I have?

I would absolutely recommend this product, it's expensive but I trust it. There is always room for improvement such as with scalability capabilities in Palo Alto. I know I'm not the only one who thinks this is an issue. It's possible that next time we will try virtualized firewalls, it may be a little cheaper for us. We would consider switching to something else but it would be a big move and quite complicated. Moving to a different vendor is a whole other story.

I rate this solution a nine out of 10. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Product Categories
Firewalls
Buyer's Guide
Download our free Palo Alto Networks NG Firewalls Report and get advice and tips from experienced pros sharing their opinions.