We changed our name from IT Central Station: Here's why
MIhajlo MItev
System Administrator at a mining and metals company with 51-200 employees
Real User
Top 20
Easy to create custom policies, easy to upgrade, and very stable
Pros and Cons
  • "Everything is easy in Palo Alto Networks NG Firewall. It is very stable, easy to configure, and easy to upgrade. It is also very easy to create custom policies and applications. Everything can be done with the click of a button. It is also good for the protection of web services. Nowadays, they have a rather new DNS security feature, which is pretty good and functional. We did a one-month trial, and it is the best product for the firewall network."
  • "Its price can be improved. It is expensive. Other vendors have pre-configured policies for the protection of web servers. Palo Alto has an official procedure for protecting the web servers. Many people prefer pre-configured policies, but for me, it is not an issue."

What is our primary use case?

We use it as a firewall. We have VPN, IPSec, or site-to-site VPN. We also protect our few internal web services. 

What is most valuable?

Everything is easy in Palo Alto Networks NG Firewall. It is very stable, easy to configure, and easy to upgrade. It is also very easy to create custom policies and applications. Everything can be done with the click of a button. 

It is also good for the protection of web services. Nowadays, they have a rather new DNS security feature, which is pretty good and functional. We did a one-month trial, and it is the best product for the firewall network.

What needs improvement?

Its price can be improved. It is expensive.

Other vendors have pre-configured policies for the protection of web servers. Palo Alto has an official procedure for protecting the web servers. Many people prefer pre-configured policies, but for me, it is not an issue. 

For how long have I used the solution?

I have been using this solution for almost six years.

What do I think about the scalability of the solution?

Our version is not scalable. The new version is scalable on the network interface. It comes with slots where you can put your SFP if you want a fiber or copper. 

We have almost 600 users who use it for accessing the internet. We have about 50 to 70 VPN connections.

How are customer service and technical support?

I didn't contact them because I don't get any technical issues with any feature of the firewall. I didn't have the need to open a case. If I have any issue, I am able to resolve it by using my cell phone and taking help from the internet. 

Which solution did I use previously and why did I switch?

I was using Check Point before Palo Alto. I am very disappointed with Check Point because I had to reboot power three to five times a week. Palo Alto Networks NG Firewall is comparatively very easy to manage and use. It has better logic for configuration than other firewalls.

How was the initial setup?

The initial setup was straightforward. When I migrated from Check Point to Palo Alto Networks NG Firewall, it took about an hour and a half to reconfigure all policies and services.

What about the implementation team?

I deployed it myself. The logic is very easy when you configure it. I did 90% percent of deployment on my own. For the remaining 10% deployment, I found the information on the internet. 

I am the only user working on this firewall. I am a system administrator.

What's my experience with pricing, setup cost, and licensing?

It is a little bit expensive than other firewalls, but it is worth every penny. There are different licenses for the kinds of services you want to use. When we buy a new product, we go for a three-year subscription.

What other advice do I have?

We have not had any issue with this solution. I really hope that we continue to use this solution. Its price is higher than other solutions, and the company might go for another firewall.

I would recommend this solution to other users. I would rate Palo Alto Networks NG Firewalls a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Server Administrator and Operation Manager at a computer software company with 501-1,000 employees
Real User
Top 20
Good security with very good web content control and capable of scaling
Pros and Cons
  • "The stability of the product has been good over the years."
  • "The cost of the device is very high."

What is our primary use case?

We primarily use the product for web browsing and in order to protect some sites that we are publishing to the web internet.

What is most valuable?

The solution is very helpful in controlling spam.

The product offers very good web content control and various aspects of security.

The stability of the product has been good over the years.

The initial setup is very easy. Compared to Cisco or other solutions, Palo Alto is very easy to implement and administer. They are both very easy.

What needs improvement?

I can't recall a feature that was missing. It's a pretty complete solution.

The cost of the device is very high.

To buy license support is very slow. For renewing devices and products, it's slow in terms of contacting and activating upgraded devices.

For how long have I used the solution?

I've been using the solution for four years at this point. It's been a while. We've been using it over the last 12 months as well.

What do I think about the stability of the solution?

The stability is excellent. It's reliable. We don't deal with bugs or glitches. It doesn't crash or freeze. Overall, it's been very good in terms of performance.

What do I think about the scalability of the solution?

We have not proven the scalability yet. We're planning to extend our office within the next year or six months to eight months. We are buying some appliances for the process of extending our office.

Currently, around 1,000 people use this solution.

How are customer service and technical support?

We've never been in touch with technical support. Having never dealt with them, I wouldn't be able to speak to how they are in terms of services.

Which solution did I use previously and why did I switch?

We also use Barracuda and Cisco for certain aspects of security.

How was the initial setup?

The initial setup is pretty straightforward. It's quite easy to implement.

The deployment takes about one week, or maybe a bit less, depending on the requirements. That includes both implementing and training.

Currently, two people are required for deployment and maintenance of the product

What about the implementation team?

We implement the solution with our network team. We implement the solution ourselves. We don't need the help of integrators or consultants.

What's my experience with pricing, setup cost, and licensing?

The pricing is quite high on Palo Alto.

On the lower end, it's likely to cost $15,000 for renovation and support.

Which other solutions did I evaluate?

We evaluated Cisco, Juniper, and Dell among other solutions before ultimately choosing this solution. Cisco can be complex in terms of device management compared to other options, for example. Cisco can be cheaper than Palo Alto, but that is not always the case.

What other advice do I have?

I'm not sure which version of the solution we're using. We use a physical appliance.

We're using three different models, for the most part.

My company is an outsourcing company that deploys software and testing.

The solution is very user-friendly and easy to manage and administrate. For that reason, I would rate the product at a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Learn what your peers think about Palo Alto Networks NG Firewalls. Get advice and tips from experienced pros sharing their opinions. Updated: January 2022.
564,599 professionals have used our research since 2012.
Senior Network & Security Administrator at a consultancy with 1,001-5,000 employees
Real User
Top 5
I like how the threat protection model functions, including the vulnerability and anti-spyware aspects
Pros and Cons
  • "The feature that I like the most is its IPS model, the WildFire model. I really like how the whole threat protection model functions, including the vulnerability and anti-spyware aspects. That is really awesome."
  • "In terms of what could be improved, comparatively the price is very high. That would be the one thing."

What is our primary use case?

Normally, we use our firewall at the perimeter level. We are using Palo Alto Networks NG Firewalls as a firewall as well as using a few of their functionalities like the Vulnerability Protection, its IPS module. Additionally, we have remote VPN's on those firewalls, like GlobalProtect. So we are using all the features which are provided by Palo Alto.

What is most valuable?

The feature that I like the most is its IPS model, the WildFire model. I really like how the whole threat protection model functions, including the vulnerability and anti-spyware aspects. That is really awesome.

What needs improvement?

In terms of what could be improved, comparatively the price is very high. That would be the one thing. But technically-speaking, it's perfect.

For how long have I used the solution?

I have been working with Palo Alto Networks NG Firewalls for around five years.

What do I think about the scalability of the solution?

In terms of scalability, normally, we procure the devices based on the future perspective, so there should be a lot of scalability. We never face scalability issues with Next Generation Palo Alto Firewall - it comes with the scalability.

We have around 11,000 to 12,000 users across the globe.

How are customer service and technical support?

Technical support is pretty good. We get a timely response. There will be plus/minus where we do not getting a response, but not regularly, just one or two cases among, let's say, 20 or 30. As far as my experiences with the tech support go, it's pretty good, very straightforward support. It's not like they're playing on the call and taking their time. It is really straightforward.

How was the initial setup?

The initial setup depends on the office locations of the data center. If that particular firewall is part of the data center, then yes, it is a complex design as well as a complex traffic flow. But for normal office locations, it is pretty straightforward. So it is a mix depending on the location of where the particular firewall is going to be put.

What other advice do I have?

I would recommend Palo Alto Networks NG Firewalls. If a company has the budget and wants to have the next generation of firewalls then they should go for the Palo Alto, because whatever state of features they provide, it's pretty awesome. But if there is a budget constraint there are several other products which give you similar kinds of features but with less cost.

On a scale of one to ten, I would give Palo Alto Networks NG Firewalls an 8.

Nothing is perfect. There are features that they should add. One of the features that I'm looking at is when it comes to the Vulnerability Protection. We are blocking the threats which are, by default, updated by the Palo Alto Threat Engine. Currently, there is no scope of manually adding the external database to the firewall so the firewall will convert that database to their own. This is currently not functional with the current version. There are a few functions that they could add that are available with other vendors. That's why I am giving the 8.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Security Presales Solutions Architect at a tech services company with 201-500 employees
Real User
Top 20
Good performance, ease of use, and reliability
Pros and Cons
  • "In general, its performance and ease of use are the most valuable. Its performance is good, stable, and reliable. The user interface is friendly and easy to use. Customers find it easy to work with and easy to learn."
  • "They can work on the price. They are a little bit expensive, and not all customers are able to afford this solution. Taking into consideration that there is huge competition in the market and there are multiple firewall companies that are much cheaper than them and offer almost the same features, it would be good to improve the price."

What is our primary use case?

We are a system and development company, and we sell this solution and many other solutions to our customers. 

We work on all the models, not a specific one. The model depends on the sizing. We also consider future expansion of a customer's environment for deploying a model.

What is most valuable?

In general, its performance and ease of use are the most valuable. Its performance is good, stable, and reliable. The user interface is friendly and easy to use. Customers find it easy to work with and easy to learn.

What needs improvement?

They can work on the price. They are a little bit expensive, and not all customers are able to afford this solution. Taking into consideration that there is huge competition in the market and there are multiple firewall companies that are much cheaper than them and offer almost the same features, it would be good to improve the price.

For how long have I used the solution?

I have been using this solution for three to four years.

What do I think about the stability of the solution?

It is stable.

What do I think about the scalability of the solution?

It is scalable. They offer multiple platforms, such as hardware appliances as well as virtual appliances. You can deploy as many virtual appliances as you want. Palo Alto supports the latest technologies, such as micro-segmentation, and NSX integration with Nutanix Acropolis Hypervisor. They offer multiple options to cover almost every deployment scenario and architecture for most of the customers.

How are customer service and technical support?

I don't deal with the technical support team because I am a presales person. Our technical support team handles the tickets and open tickets for support.

How was the initial setup?

The initial setup is not that easy. Deployment duration depends on the complexity of the solution, that is, how many firewalls will be installed, and are there any sorts of integrations or any other solution. It also depends if it is just a single box deployment or there is an extra box or two boxes. It might take one week to two weeks depending on the environment, the complexity of the data center, and the complexity of the integration with other technologies. It may take one month or more if the implementation is huge, and there are multiple boxes to be implemented and to be integrated with other solutions.

What's my experience with pricing, setup cost, and licensing?

It is a little bit expensive.

What other advice do I have?

I would recommend this solution based on a customer's requirements. I sell solutions from a lot of firewall vendors. I have the flexibility to recommend based on the budget of a project. I would recommend Palo Alto or any other vendor if the environment and all the conditions are available and suitable for that deployment. A lot of times, we make POC or proof of concepts to show the customer the value of the products and how to deal with them to convince them to buy it.

I would rate Palo Alto Networks NG Firewalls an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Swapnil Talegaonkar
Technology consultant at a tech services company with 501-1,000 employees
Real User
Top 5Leaderboard
GUI is very user friendly, good documentation provided, implementation is straightforward
Pros and Cons
  • "The GUI is simple and the solution is straightforward."
  • "Support should be improved, wait times can be long."

What is our primary use case?

Our primary use case of the Palo Alto firewall is to control incoming and outgoing traffic as the firewall is deployed at the perimeter. Also we have used a VPN in that device so remote users can access the internal networks. We are partners with Palo Alto and I'm from the implementation team and work as a technology consultant. 

What is most valuable?

The GUI is very simple in Palo Alto and I like that. We rarely have any issues but when we do, the stability of the solution is very good. All the options they offer; creating objects, configuring VPN, it's all pretty simple and straightforward. The solution is continuously in use in our company. 

What needs improvement?

The support could definitely be improved. Whenever I call the tech engineers, there's a long wait time. For an additional feature, I'd like to see the segmentation in policy. Check Point has a good feature for segmenting policies that I'd like to see implemented in Palo Alto. It would make things easier for the operation team to create & identify particular policies, or to place a policy in that segment. Finally, there are limitions to the hardware in the number of objects & policy we can create is limited which is not the case with Check Point or FortiGate.

What do I think about the stability of the solution?

The stability is good in the Palo Alto firewall.

What do I think about the scalability of the solution?

The Palo Alto firewall cannot increase the RAM and we can't do that either. We're unable to increase any physical boundaries of the firewall. That is one of the cons of Palo Alto. Our organization is pretty large and I am currently working on Palo Alto for three clients. I have a total of about 10 clients who are using the Palo Alto firewall. 

How was the initial setup?

The initial setup is pretty straightforward. We just had to do the initial configuration of hardware, deploy our Panorama VM and integrate with hardware firewall, and it is pretty simple. It's also quite self-explanatory. 

What's my experience with pricing, setup cost, and licensing?

We have five-year contracts with Palo Alto. I know the solution is on the expensive side but I'm not involved in licensing and don't have the numbers. 

Which other solutions did I evaluate?

I have also worked on Check Point and FortiGate, the hardware firewall. The Check Point Firewall has three-tier architecture where one security gateway & management server is there & smart dashboard is deployed on Windows. The application is required to control the Gateways. On other hand In Palo Alto, we just take GUI access of the firewall or Panorama to deploy any security policies and the architecture is very simple. As mentioned, the downside of Palo Alto is that there is a limitation to the number of objects that can be created. 

What other advice do I have?

I would 100% recommend this solution and they have provided pretty good documentation on their website, so it's easy for operations as well.

I rate this solution a nine out of 10. 

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
Hari Pandu Dairi
Network Engineer at a tech services company with 201-500 employees
Real User
Top 5
A next-generation firewall solution with an efficient parallel processing feature
Pros and Cons
  • "I like the architecture because it separates the management plan process and the data plan process."
  • "I think visibility can be improved."

What is most valuable?

I like the architecture because it separates the management plan process and the data plan process. When I perform something CPU-intensive on management configurations, it doesn't disturb the data plan.

On the data plan, it uses parallel processing. This makes the security process and network process is more efficient.

What needs improvement?

I think visibility can be improved. If I use the Panorama monitoring dashboard, it's still the same with or without Panorama. Even with monitoring, we don't get any valuable information. 

If I am a customer, I will take many variables into considerations. If I choose to use Panorama, there should be a difference between when I use it and when I'm not. If I'm a customer who paid for Panorama even when I have many firewalls, I won't get good visibility of the information I need to easily monitor our security environment.

My customers have been attacked by ransomware. It's difficult to understand how the ransomware got through Palo Alto Panorama and Palo Alto dashboard monitoring from reporting. It makes it difficult to conclude what happened on the traffic which passed through Palo Alto. As such, I have to generate an all block report CSV file and analyze it through Excel.

For how long have I used the solution?

I've been using Palo Alto Networks NG Firewalls for about two years.

What do I think about the stability of the solution?

On performance and stability, I've never heard any complaints. The product is running well and easily maintained by an admin.

What do I think about the scalability of the solution?

I think scalability's the same as any other firewall. If we look to scale five years later, it will be scalable to perform the change. This model on Palo Alto makes it easy to add a new network, so Palo Alto offers more scalability.

How are customer service and technical support?

Technical support is still not good for me.

How was the initial setup?

The initial setup is so simple. We just needed to make a password and make it a point to point connection. I think it's that simple; make a point to point connection, access the web UI, perform initial configuration so the firewall can be managed through the network, and then we can manage everything through the web UI.

What's my experience with pricing, setup cost, and licensing?

The device is very expensive compared to Cisco and Fortinet. But many of my customers use Palo Alto as Palo Alto is the standard of their organization.

What other advice do I have?

I'd tell potential users of Palo Alto Networks NG Firewalls that their decision depends on their budget. If you have an adequate budget, then I recommend Palo Alto. If you have a limited budget, you need to consider your needs and look at Cisco ASA's price and Fortinet's price.

On a scale from one to ten, I would give Palo Alto Networks NG Firewalls an eight.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Chief of IT security department at a financial services firm with 1,001-5,000 employees
Real User
The DPI ability to understand web applications and build access rules on web application categories are great features
Pros and Cons
  • "We have found the DPI ability to understand web applications and build access rules on web application categories first to be a great feature."
  • "They could improve their support and pricing and maybe integration. It's a little more expensive that Check Point but the quality is better. Integration with firewall endpoints could be better. Palo Alto does have very good malware or antivirus protection. I think they could improve on that front."

What is our primary use case?

We use these firewalls on-premise. We use them as a central gateway for internet security. We also use them for organizing access to the internet from organizations, and security access rules.

What is most valuable?

We have found the DPI ability to understand web applications and build access rules on web application categories first to be a great feature. The firewalls have good integration and good log journals' integration with Qradar. This is how the system produces user logs, how they build, how they structure the logs is stable to integrate with SIEM. For example, Check Point is not so good in this category.

What needs improvement?

They could improve their support and pricing and maybe integration. It's a little more expensive than Check Point but the quality is better. Integration with firewall endpoints could be better. Palo Alto does have very good malware or antivirus protection. I think they could improve on that front.

For how long have I used the solution?

We have been using the Palo Alto Networks Next-Generation Firewalls for about 12 months. We are using the latest version.

What do I think about the stability of the solution?

We have found Palo Alto Networks Next-Generation Firewalls to be a very stable solution and very convenient solution.

What do I think about the scalability of the solution?

We don't have any problems with the performance. It works very good. We have not had any problems. If we compare with Check Point, Check Point is not really good in stability, not for monitoring. That is why we didn't choose Check Point to move to Palo Alto.

How are customer service and technical support?

We are satisfied with Palo Alto's support. We don't need to contact them frequently but when we do it is a good experience.

Which solution did I use previously and why did I switch?

If we compare with Check Point, Check Point is not really good in stability, not for monitoring. That is why we didn't choose Check Point to move to Palo Alto. Compared with Check Point, it's excellent. It's very good. It's even better than Cisco also. So for this kind of usage scenario, it's very good. We don't use it as a regular firewall or perimeter firewall. We use it only as an internet gateway. But for an internet gateway, it's very good.

How was the initial setup?

It was a very straightforward install and we were able to perform it from the Palo Alto books available. It only took one or two days for the installation. No problem with SIEM integrations or with the security policies. It's just worked as expected.

What about the implementation team?

We performed the installation in house from the Palo Alto books available. 

What other advice do I have?

I would give Palo Alto Networks Next-Generation Firewalls a rating of nine on a scale of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Kamlesh Ridhorkar
Sr. Solution Architect at a tech vendor with 501-1,000 employees
Reseller
Top 5
Good interface and dashboards with excellent application visibility
Pros and Cons
  • "The interface and dashboards are good."
  • "The pricing could be improved upon."

What is most valuable?

The solution has many great features. I don't know if there's one single one that stands above and beyond everything, however.

The application visibility is excellent. There is no other solution that does it quite as well. Palo Alto definitely has an edge in that sense.

The ability of the security features to adapt is also very good. They offer great DNS protection.

They include everything from a network point of view and a security perspective. For the most part, the endpoints are great.

The interface and dashboards are good.

What needs improvement?

The GSW needs some improvements right now.

The endpoints could use improvement. The solution is mostly a cloud solution now, and there are a lot of competing solutions that are playing in the space and may be doing things a bit better.

The pricing could be improved upon.

For how long have I used the solution?

We've been dealing with the solution for the last four or five years at least.

What do I think about the stability of the solution?

The stability of the solution is good. It's quite reliable. I haven't experienced bugs or glitches that affect its performance. It doesn't crash.

What do I think about the scalability of the solution?

If you size everything appropriately, you shouldn't have any issues with scaling. It's quite good. Users can scale it up if they need to.

How are customer service and technical support?

I'd say that technical support is excellent. They are very helpful. We've quite satisfied with the level of support we got from the company.

Which solution did I use previously and why did I switch?

I've never dealt with Huawei, however, our company has worked with Cisco, Dell, and HP among other solutions.

What's my experience with pricing, setup cost, and licensing?

The pricing of the solution is quite high. It's too expensive, considering there's so much competition in the space.

There aren't extra costs on top of the standard licensing policy. Still, Palo Alto seems to be adding some premium costs that competitors just don't have.

What other advice do I have?

While we mainly deal with on-premises deployment models, occasionally we also do hybrid deployments.

We're not a customer. We're a systems integrator. We're a reseller. We sell solutions to our clients.

Palo Alto is very good at policymaking. It's like they have a single policy that you can use. Other solutions don't have single policy use, which means you have to configure everything. There may be many consoles or many tasks that you'll have to worry about other solutions. Multiple task configuration should not be there, and yet, for many companies, it is. This isn't the case with Palo Alto. Palo Alto is easy compared to Fortinet. 

It's overall a very solid solution. I would rate it nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: reseller
Product Categories
Firewalls
Buyer's Guide
Download our free Palo Alto Networks NG Firewalls Report and get advice and tips from experienced pros sharing their opinions.