Short Summary of Palo Alto NGFW
What do you like best about the product?
I've been working on Palo Alto for the last two years, and below are the plus points that I want to highlight :
1. Proper documentation and admin guide available on the beacon portal.
2. Advance security over competitors.
3. Suitable for small, mid and enterprise-size organizations.
4. Dashboard and control is very nice
What do you dislike about the product?
My overall experience with Palo Alto is awe-inspiring, but below are a few points that can be improved :
1.It supports only 260-time object schedules, but there are 365 days in a year.
2. SNMP Trap didn't poll power logs on Solarwind.
3. By default, the UDP session out for the ike-esp-udp app is 3600 sec which causes high session table utilization.
What problems is the product solving and how is that benefiting you?
In our organization, we are using this firewall to inspect the VoWiFi traffic. As the traffic is initiated from the internet Zone so, we have applied the Anti Theft Prevention profile, which inspects the traffic for antivirus, antispyware.
Best next gen firewall out there in the market
What do you like best about the product?
It's so easy to use GUI and all the Panorama serves as a one-stop solution to manage all gateways where we can create and manage global objects and networks. Its real-time detection is ahead in the market
What do you dislike about the product?
One of the primary issues with palo alto is the difficulty to do the initial set up. unless other firewalls' initial configuration of palo alto is too difficult but once initial configuration is done, then its way easier
What problems is the product solving and how is that benefiting you?
Palo alto is the go-to solution for firewall process where we decide which traffic needs to be allowed and which to not from the network and its helping as proxy also by hiding internal network to the internet.
Many features are optimized for troubleshooting real-time scenarios, saving a lot of time
What is our primary use case?
Ours is an enterprise environment and some of the services are hosted in our private data centers and some of the servers are hosted on Azure. We have the IPSec tunnels from the firewalls to our own data centers and from the firewall to the cloud as well. It depends on the type of application being hosted.
We are using Panorama for centralized management of all our firewalls around the world, as well as for centralized management of security policies and network settings. We have not completely migrated to the cloud. We are in transit.
How has it helped my organization?
Palo Alto has many features for troubleshooting real-time scenarios. The troubleshooting, compared to other firewalls has been optimized in a way that saves a lot of time.
What is most valuable?
I like the UI. Most things are accessible from the user interface and it is quite user-friendly. With respect to both VM-based firewalls and physical firewalls, it's easy to create updates.
They have a centralized Palo Alto Customer Support Portal and if we require any licenses, such as a next-generation firewall license, we can easily download and integrate them with this solution. We can also schedule periodic updates. That is quite user-friendly.
In terms of functionality, we are using IPSec tunneling and Palo Alto's WildFire feature. We use the security policies, Panorama, and Prisma Cloud as well.
We use Panorama to manage our security policy model across on-prem and public cloud environments. It plays a key role with respect to centralized management, for physical enterprise firewalls and cloud-based firewalls. It gives you centralized control over all the infrastructure. Unified policies can be pushed from that centralized place with templates.
When you deploy VM-Series Firewalls, they are quite flexible. You just have to select the instances, storage, security policies, and firewall rules. Within minutes, you can deploy the firewalls.
We are also able to adjust firewall sizing on the fly, which is important. Initially, we decided on a firewall based on the throughput assumptions. But in peak hours or during a peak month for traffic, we need to scale the firewalls. That should be automatically done. AWS and Azure provide very good features and, by using them, within a second it automatically scales, based on the incoming traffic.
What needs improvement?
Palo Alto has launched different products, such as physical firewalls as well as cloud and VM-based firewalls. Recently, they introduced their Prisma Cloud solution. Compared to the previous technologies, like Panorama, which is used for centralized firewall management, or even individual firewalls, it's a bit challenging to integrate the traditional firewall policies into Prisma Cloud. And the Prisma Cloud interface isn't very user-friendly.
For how long have I used the solution?
Our organization has been using Palo Alto Networks VM-Series for more than five years, and I have worked on this solution for two years.
What do I think about the stability of the solution?
The solution is certainly stable. I have worked with many vendors' firewalls and Palo Alto's are definitely stable.
What do I think about the scalability of the solution?
Obviously, it is scalable as long as you have the licenses and support with Palo Alto. You can implement the firewalls in high-availability mode or use the cloud functionality as well. For scalability, Palo Alto is optimized.
We have 30-plus sites around the world with more than 4,000 users.
How are customer service and support?
Palo Alto has very good support. When you have a valid license, they can replace a device with a new one. They have the CSP portal and you can log in and see all the firewalls listed. You can raise TAC cases with a priority of low, medium, or high, and, based on the priority, they will send an email to you. They have live support as well. In case of an issue, you can call them directly and they will provide the required support.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
Earlier, we were using many vendors' firewalls, per their suitability for our clients. Apart from Palo Alto, we were using Cisco ASA, Check Point, and Juniper. The network grew over the years and each site had its own set of firewalls. The issue was that we had to standardize things across the network. There was also a gradual change in the technology and features available. Our security team thought we needed a better implementation, for optimization and troubleshooting, and something that was friendly for daily operations.
How was the initial setup?
We have both private cloud and hybrid. Some of the services are on the cloud and some are on-prem in our data center. Setting up Palo Alto firewalls is quite easy compared to other vendors.
Migrating our old infrastructure to Palo Alto took four to six months.
We did some pilot project testing with Palo Alto. If, for example, we want to migrate from XYZ vendor to Palo Alto, the very first thing we had to do was capture all the existing security and NAC policies and all the NGFW functionality. Palo Alto has specific features. For example, you can capture the logs in an inline environment, such as what traffic is going to the network, what security policies are there, et cetera. We deployed the Palo Alto firewalls in that way to only capture the traffic. We then analyzed the traffic, and we worked with Palo Alto TAC to understand the security policies and the exact throughput to determine the hardware we were going to use. We monitored all of that for a few months and then we started the migration from other vendors to Palo Alto.
We had 10 engineers involved in the deployment, but each on-site location had its own team as well. Three were senior network architects and the other seven were staff network engineers.
If you want to keep up to date in the network, it requires quite a bit of patching. It has many features, like Unified Threat Management and antivirus that can be auto-updated by scheduling an update for them. But the major patching has to be done manually. In our organization, we do it quarterly.
What was our ROI?
What's my experience with pricing, setup cost, and licensing?
Palo Alto Networks VM-Series is notably cheaper than other firewall vendors, except Fortigate. Fortigate is number one in terms of pricing.
Which other solutions did I evaluate?
Our security team tested various firewalls and it came down to FortiGate and Palo Alto and they found Palo Alto was quite suitable for the network.
What other advice do I have?
Everything is moving to the cloud and we need a solution that can support all the multi-vendor platforms and the new technologies as well. That is quite important for any enterprise organization or service provider nowadays. If we talk about moving existing loads from our own data centers or enterprise sites to the cloud, we need a solution that can take care of everything, such as security compliance, and that is easy to use. Palo Alto is good in those terms.
With the introduction of Prisma Cloud, Palo Alto is encouraging clients to migrate their infrastructure, such as VPN and security solutions to Prisma Cloud. It has been highly optimized compared to Panorama. Palo Alto is promoting it and asking their clients to use Prisma Cloud to improve their security infrastructure.
I would advise, when you deploy a new site, to manage it from the centralized Panorama solution. With Panorama, you have a local login, so even if the internet is down you have access to the firewall management.
We had a situation, when performing patching, where the firewall lost the remote connection via the internet and it had not been onboarded to Panorama. That mean we lost connectivity and we had to involve the onsite technicians. To avoid that scenario, all firewalls should be centrally managed by Panorama.
And for troubleshooting, each firewall should have syslog profiles activated.
Best NGFW you can cosider
What do you like best about the product?
ACC report is fantastic, I also view the statistics and found a lot of useful information
What do you dislike about the product?
Throughput performance is lower compare to other vendors eg: Fortinet
What problems is the product solving and how is that benefiting you?
NGFW features (IPS, wildfire, WF, AV) protect against malware
Allows us to maintain consistent next-generation firewall protection across virtual, private, and public cloud infrastructures using a unified policy model
What is our primary use case?
We use the solution for network protection. Previously, I worked for a physical organization, but last year we moved to a Proof of Concept. Following the POC, we had to deploy the solution in three different geographical locations. We deployed all of the Palo Alto solutions in the hub environment and connected them to another node.
How has it helped my organization?
VM-Series allows us to maintain consistent next-generation firewall protection across virtual, private, and public cloud infrastructures using a unified policy model. We can use the provided templates to generate policies based on both global and local rules.
Panorama plays a vital role in allowing us to maintain a consistent security policy model across on-premises and various public cloud environments. Presently, we utilize Panorama exclusively in the cloud, spanning three different geographical locations: East Asia, Eastern U.S., and Western Europe.
Once we were able to configure Panorama's centralized management system we were able to have uninterrupted connections with no security issues.
Using Panorama helped us streamline our security policies in a cloud-based environment, saving us time. With Panorama, we no longer need to log in and manually adjust the template before transferring data, which increased our comfort level.
What is most valuable?
Palo Alto Networks VM-Series' security features are all good.
Centralized management is valuable because it allows us to configure settings in one location and apply them across all three locations.
What needs improvement?
The migration of workloads to the cloud is difficult because the cloud provider and Palo Alto Networks are different platforms. We had to research many articles online and after our research and development were completed we were able to deploy. The migration of data to the cloud can be more user-friendly and has room for improvement.
The utilization monitoring and GUI have room for improvement.
Sometimes we encounter licensing issues where our licenses are not activated, and as a result, we are required to redeploy. This problem could be related to VM-Series or the template image and how they are integrated with Azure Marketplace.
For how long have I used the solution?
I have been using the solution for one year.
What do I think about the stability of the solution?
How are customer service and support?
The technical support is good.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
Previously, we utilized Azure Firewall, but we found it to be less mature compared to Palo Alto, prompting us to switch to the latter.
How was the initial setup?
The initial setup is straightforward but the deployment portion is complex. We require 15 minutes for one VM deployment.
What other advice do I have?
I give the solution a nine out of ten.
Network Security Solutions
What do you like best about the product?
The GUI interface of the Palo Alto Next-Generation firewall is straightforward to use. Firewall administration and deployment of this device were beneficial in our Production environment. We have around 60 productions of Palo Alto Next-Generation firewall in our environment.
What do you dislike about the product?
Every new software release has a bug; at least, we need to upgrade our Firmware version occasionally to avoid those bugs we encounter in our environment. Yearly we have upgrade activity on each of our firewalls.
What problems is the product solving and how is that benefiting you?
Our company uses it as our Network Security solution in our production environment. We also used a firewall to protect our backend resources facing the internet and for PCI compliance.
Palo Alto Networks Next-Generation Firewall
What do you like best about the product?
Easy to use great interface, the wizard for configuration is helpful and intuitive. Great product!
What do you dislike about the product?
Cost, very expensive and heavy uplift would state it would need long term commitment to implement and gain benefits.
What problems is the product solving and how is that benefiting you?
General administration
Define and manage rule set
Ensure dashboard is self evident to users and setting up of laerts and rules wih ease
NGFW Review
What do you like best about the product?
Palo Alto NGFW is excellent for acting as the first line of defense, with proactive malware filtering, conditional access, and continual content updates. The system is easy to update and maintain from a beginner level to an expert.
What do you dislike about the product?
One of the drawbacks of Palo Alto is the technical support side. We have had mixed experiences when troubleshooting with the recommendations they provide. Not all resolutions to an issue may be a one size fits all type of fix; each environment will be different, so that must always be considered.
What problems is the product solving and how is that benefiting you?
The NGFW in our current environment is used for edge protection, and others are used for internal segmentation. They perform excellently in reducing the filtered traffic to what is genuinely needed within the network.
The Best Next Generation Firewall For your Organization: PALO ALTO
What do you like best about the product?
Palo Alto NGFW is the best firewall available in the market, and this product's stability is incredible. It provides complete visibility and control of our traffic and helps to detect and take prevention measures on vulnerable traffic or malicious event. It has many beneficial features for the organization, like DNS security, which provides sub-features like blocking malicious domains and URL filtering. The following fantabulous features are app-id, user-id and single parallel pass processing, which is the best about Palo alto. If we use different Palo alto firewalls, then we can manage them through panorama and do the changes all in one place, so manageability becomes an easy task. The threat signature database is updated regularly. The configuration part is easy and provides excellent throughput and speed despite the high traffic load.
What do you dislike about the product?
The dashboard or management console is very complex and can not be understood by an average L1 engineer. Configuring policies and making VPN tunnels is a big task and takes time. Talking about the cost, it is the most expensive firewall I have seen. The price is high compared to other firewall vendors. The tech support is not so good. Sometime it becomes tough for priority cases to resolve the issue. They launch a new feature release or some service pack now and then and it becomes tough to adapt to these changes as sometimes they contain bugs and are risky to implement in the production network. There is some issue with the VPN feature of Palo Alto. It needs strong expertise and an excellent team to handle this product.
What problems is the product solving and how is that benefiting you?
We can track down the traffic on the interface, and we can also see the bandwidth consumption that is used by the application. This firewall helped our organization to prevent malicious attacks, what user is using which services and what port, and we can block them according to the requirement. Another use case is that it has a sandboxing technique that helps isolate malicious applications and files containing viruses or malware. We can do DNS security, which is our primary focus and provides threat prevention. We can filter out bad traffic and create VPNs for remote users, and the functionality is flexible. If we compare it to other firewalls like FortiGate and SonicWall, it is the best firewall. The web interface can display all the information about our needs.
Good performance, powerful CLI, and offers zero-day signature updates
What is our primary use case?
We use this product to secure our entire network, for ZTNA structure, and for VPN purposes, allowing access to our servers behind the firewall.
How has it helped my organization?
Using this product has increased our security and has given us much better results in terms of security scans.
Palo Alto embeds machine learning into the core of the firewall to provide online real-time attack prevention, and I would rate that capability an 8 out of 10. It's definitely effective in terms of securing our network against threats that are able to evolve and morph rapidly.
This solution provides a unified platform that natively integrates all of the security capabilities, although we are not using parts of it. For example, we don't use the configuration tools like Panorama.
What is most valuable?
The most valuable feature is the CLI.
We have the firewall configured for zero-day signatures, which is very important to us. We must be HIPAA and PCI compliant, which means that we need those signatures immediately.
There is no noticeable trade-off between security and network performance. In fact, so far, we've not seen any negative network performance with it. We're very impressed in that regard.
What needs improvement?
The web interface, especially when committing changes, remains a bit slower than I would like, but it has improved over the years. Reboots for the VM series do take longer than I would have expected.
For how long have I used the solution?
I have been working with the Palo Alto Networks VM-Series for almost 5 years.
What do I think about the stability of the solution?
This product is very stable. We have had zero problems with stability.
What do I think about the scalability of the solution?
The scalability is fantastic. We're using the lowest-end product right now, and I don't foresee when we'll have to upgrade. We have a long way where we can continue to scale up.
We currently have multiple people that use it for VPN purposes, to access our servers behind the firewall. It is not used nearly as extensively as it should be. However, in the future we will start flowing all of our internet traffic through it.
We're all working remotely, and we're going to be connecting through the firewall. This means that our traffic is going to greatly increase, meaning that our usage will also increase. We'll also be using many more of the features.
How are customer service and support?
The technical support from Palo Alto is good, overall. However, their response times could be a little quicker.
We have not really had any big complaints with the technical support and I would rate them a seven out of ten.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
Prior to using Palo Alto, we were using an on-premises solution by Juniper. When we switched from onsite to the cloud, we changed products.
We made the switch because Juniper became unbearable regarding complexity and performance. It was getting very bad; we couldn't manage it well, and the performance was quite poor.
How was the initial setup?
The initial setup can be quite complex. There is a steep learning curve and we failed at it a few times before we were able to put a production machine into place.
Our final deployment took between three and four hours.
What about the implementation team?
Our in-house team was responsible for the deployment.
What was our ROI?
We have absolutely seen a return on our investment. We are definitely more secure. With the features that are in Palo Alto, we do not have to worry about people busting into our network. Even just out of the box, with the base features, it's very solid. The default configurations are quite secure.
Our return on investment comes from the fact that no longer need to spend hours monitoring our network the way we did before. We've saved man hours and we've saved stress. I am unable put a monetary value to that, but that would be the return.
What's my experience with pricing, setup cost, and licensing?
This is not the cheapest firewall but it's not the most expensive of the options on the market.
The new licensing structure is a little difficult to understand at first, but with the right thought put into it, would like save some money.
Which other solutions did I evaluate?
Beyond Palo Alto, we evaluated two or three other products. Two of them that I can recall are Fortinet and the Microsoft Azure Firewall.
We did some extensive reviews and some extensive testing and what we found is that for the price, Palo Alto gave us the best options. It had the best set of security features. It wasn't the cheapest product but it was the best solution that fit our requirements.
What other advice do I have?
We have not yet implemented the DNS security features but we will in the future.
If one of my colleagues at another company were to say that they were just looking for the cheapest and fastest firewall, I would suggest that they be careful. Palo Alto has a great balance. It's not super expensive compared to other options on the market, and it's quite quick when it comes to throughput and performance.
In summary, this is a good product but I do suggest that people shop around a little bit.
I would rate this solution an eight out of ten.
