AWS WAF vs. Palo Alto Networks Next-Generation Firewalls - PA Series

Overview
ProductRatingMost Used ByProduct SummaryStarting Price
AWS WAF
Score 6.8 out of 10
N/A
Amazon Web Services offers AWS WAF (web application firewall) to protect web applications from malicious behavior that might impede the applications functioning and performance, with customizable rules to prevent known harmful behaviors and an API for creating and deploying web security rules.
$0.60
per 1 million requests
Palo Alto Networks Next-Generation Firewalls - PA Series
Score 9.1 out of 10
N/A
Palo Alto Network’s Next-Generation Firewalls is a firewall option integrated with other Palo Alto security products. Released in late 2023, the PA-7500 ML-Powered NextGeneration Firewall (NGFW) enables enterprise-scale organizations and service providers to deploy security in high-performance environments.
$1.50
per hour per available zone
Pricing
AWS WAFPalo Alto Networks Next-Generation Firewalls - PA Series
Editions & Modules
Resource Type - Request
$0.60
per 1 million requests
Resource Type - Rule
$1.00
per month (prorated hourly)
Resource Type - Web ACL
$5.00
per month (prorated hourly)
No answers on this topic
Offerings
Pricing Offerings
AWS WAFPalo Alto Networks Next-Generation Firewalls - PA Series
Free Trial
NoYes
Free/Freemium Version
NoNo
Premium Consulting/Integration Services
NoNo
Entry-level Setup FeeNo setup feeNo setup fee
Additional DetailsUsers may also choose to pay per gigabyte of data used starting at .065/GB. Note that prices listed here reflect installations via Amazon Web Services. Pricing may differ if other service providers are used.
More Pricing Information
Community Pulse
AWS WAFPalo Alto Networks Next-Generation Firewalls - PA Series
Features
AWS WAFPalo Alto Networks Next-Generation Firewalls - PA Series
Firewall
Comparison of Firewall features of Product A and Product B
AWS WAF
-
Ratings
Palo Alto Networks Next-Generation Firewalls - PA Series
8.9
24 Ratings
3% above category average
Identification Technologies00 Ratings9.724 Ratings
Visualization Tools00 Ratings8.024 Ratings
Content Inspection00 Ratings9.724 Ratings
Policy-based Controls00 Ratings10.024 Ratings
Active Directory and LDAP00 Ratings9.323 Ratings
Firewall Management Console00 Ratings9.024 Ratings
Reporting and Logging00 Ratings8.024 Ratings
VPN00 Ratings8.724 Ratings
High Availability00 Ratings9.323 Ratings
Stateful Inspection00 Ratings9.023 Ratings
Proxy Server00 Ratings7.012 Ratings
Best Alternatives
AWS WAFPalo Alto Networks Next-Generation Firewalls - PA Series
Small Businesses
Cloudflare
Cloudflare
Score 8.6 out of 10
pfSense
pfSense
Score 9.4 out of 10
Medium-sized Companies
Cloudflare
Cloudflare
Score 8.6 out of 10
pfSense
pfSense
Score 9.4 out of 10
Enterprises
F5 Big-IP Advanced WAF
F5 Big-IP Advanced WAF
Score 9.3 out of 10
Palo Alto Networks Virtualized Next-Generation Firewalls - VM Series
Palo Alto Networks Virtualized Next-Generation Firewalls - VM Series
Score 9.5 out of 10
All AlternativesView all alternativesView all alternatives
User Ratings
AWS WAFPalo Alto Networks Next-Generation Firewalls - PA Series
Likelihood to Recommend
8.9
(9 ratings)
9.5
(39 ratings)
Likelihood to Renew
9.0
(1 ratings)
10.0
(1 ratings)
Usability
9.0
(2 ratings)
9.0
(4 ratings)
Support Rating
9.0
(2 ratings)
8.4
(9 ratings)
User Testimonials
AWS WAFPalo Alto Networks Next-Generation Firewalls - PA Series
Likelihood to Recommend
Amazon AWS
Well Suited: 1. To prevent DDOS attacks: AWS WAF has a lot of managed rules to prevent DDOS attacks based on traffic origination from a particular IP or IP reputation etc. 2. To rate-limit requests: Well it sounds familiar like preventing DDOS attacks, but it can also be used to rate-limit requests originating from the same IP address. We have used this feature so that we can test multiple failure scenarios for our application. 3. To prevent Data crawling: The BOT control feature allows us to prevent BOTs from crawling data on our websites. Not Suited: 1. To integrate applications outside of AWS Cloud: As I mentioned in my previous comments, this type of integration requires a custom implementation of another AWS resource.
Read full review
Palo Alto Networks
Anywhere where high performance and application-specific rules are necessary would be a great fit. Palo Alto NG firewalls are exceptionally well suited to doing application-based rules, rather than service-based rules, although they can still easily do those. The cost might make it less well-suited for smaller installations or where the more complicated setup procedures are too much for a user with limited proficiency to handle.
Read full review
Pros
Amazon AWS
  • Protect any application against the most common attacks.
  • Provides better visibility of web traffic.
  • It allows us to control the traffic in different ways in which it is enabled or blocked through the implementation of security rules developed personally according to our needs.
  • It is able to block common attacks such as SQL code injection.
  • It allows defining specific rules for applications, thus increasing web security as they are developed.
Read full review
Palo Alto Networks
  • The PA handles VPN connectivity without missing a beat. We have multiple VPN tunnels in use for redundancy to cloud-based services.
  • The PA has great functionality in supporting failover internet connections, again with the ability to have multiple paths out to our cloud-based services.
  • The PA is updated on the regular with various security updates, we are not concerned with the firewall's ability to see what packets are really flowing across the network. Being able to see beyond just IP and port requests lets you know things are locked down better than traditional firewalls.
  • It is a great overall kit, with URL filtering and other services that fill in the gaps between other solutions without breaking the bank.
Read full review
Cons
Amazon AWS
  • AWS WAF is a bit costly if used for single applications.
  • they should provide attack-wise protection, like if my certain type of application is vulnerable to DDOS then I should be able to buy WAF, especially for that attack.
  • CLI tool to test in offline mode if possible.
Read full review
Palo Alto Networks
  • The interface is a little complicated at first. This is common for all firewall products I've used but Palo Alto could definitely update the UI.
  • Firewall rule audits are cumbersome. I have been using third-party tools to assist with the management. It would be great if Palo Alto could build out this functionality within Panorama.
  • Best-Practice Assessment (BPA) is not well advertised. These are very useful but require reaching out to your rep. Palo Alto should look at automating this and building it into QBR touchpoints with their customers.
Read full review
Likelihood to Renew
Amazon AWS
We have been using AWS WAF for the past 3 years in front of our websites. We find it useful in preventing data crawling, DDOS attacks, etc on our websites, and hence we are going to use it in the future as well. AWS WAF is one of the best Firewalls in business.
Read full review
Palo Alto Networks
The PA5220s have far exceeded what we have expected out of them. It was a bit of a learning curve coming from another vendor, but everything falls into place now with ease. The capabilities of the solution still surprise us, allowing us to remove other costly hardware and providing a single point of management needed
Read full review
Usability
Amazon AWS
The product is highly scalable. It is easy to configure the rules and thereby helps us to mitigate many vulnerabilities. The interface and programming of the firewall provisions were easy to setup. Amazon clearly spent a lot of time figuring this out and perfecting it. It allows users to do customized configurations based on their needs. It provides protection against a number of security issues like XSS, SQL injection, etc. I would definitely recommend this for protecting your infra as you scale, since this basically protects and filters all requests hitting your application server.
Read full review
Palo Alto Networks
PA Series firewalls provides good value for the price spent on them. Specially the 3K and 5K series devices contains hardware which keeps the management access smooth even during the peak hours of data traffic. The next gen firewall filtering services does function well (except for some bugs).
Read full review
Support Rating
Amazon AWS
If you're intending to use AWS WAF, I would say that you absolutely should sign up for support. AWS Support is excellent and they can help you in a really good way to solve your issues.
Read full review
Palo Alto Networks
We've run into a couple undocumented bugs, but that seems to happen with every brand and technology. Any time we've had to engage Palo Alto support they've always been professional, knowledgeable and prompt. In almost all cases we've been able to resolve our issues without having to escalate our tickets.
Read full review
Alternatives Considered
Amazon AWS
Easy of use. Setup and configuration is fairly quick. There are the usual advantages of it being a cloud solution where you can buy into the solution, configure it and set it up and get it up and running. If you are already a subscriber to AWS, having a native service has its advantages.
Read full review
Palo Alto Networks
We are using Cisco ASA before in our environment but when it comes to deep scanning & layer 7 security it doesn't have that capability. After using Palo Alto Networks Next-Generation Firewall we are using sandboxing & advance malware protection that provides high-level end-user security. Also after implementing it we can easily monitor user-level traffic.
Read full review
Return on Investment
Amazon AWS
  • Implementing this AWS service has been really favorable because when creating custom rules we give more specific protection to our applications against vulnerabilities that cause them to be consuming other resources or running with errors.
  • It allows us to control the traffic of our business applications, which is really favorable, given that in this way we can decide that you can access them and not.
  • It is extremely advantageous that we can establish rules in a centralized way since it saves time, as well as it allows us to protect several applications at the same time by reusing the rules established above.
  • It allows you to save time and money because we only pay for what is used.
Read full review
Palo Alto Networks
  • We used to outsource our Firewall and it's management. Not only did we find their SLA's to be lacking, in general, but communication between us was horrible. Many times we could not understand them and that resulted in less than desirable rule creation or troubleshooting.
  • Since we no longer have to pay a company for 24/7 management (and SLOW SLA's) we are saving a ton of money each year. Also our fellow employee's are much happier that things can be resolved in a timely manner.
Read full review
ScreenShots