Palo Alto next-generation firewalls classify all traffic, including encrypted and internal traffic, based on application, application function, user and content. Users can create security policies to enable only authorized users to run sanctioned applications.
N/A
Pricing
Cisco AnyConnect
Palo Alto Networks Next-Generation Firewalls - PA Series
Palo Alto Networks Next-Generation Firewalls - PA Series
Considered Both Products
Cisco AnyConnect
No answer on this topic
Next-Generation Firewalls - PA Series
Verified User
Professional
Chose Palo Alto Networks Next-Generation Firewalls - PA Series
I've been really happy with our Palo Alto [solutions] and we're replacing a good chunk of our ASAs with Palo Alto. As far as firewalls go the Palo Alto firewalls are significantly better in my opinion, but we still use ASAs as VPN devices in a few scenarios and they work just …
Palo Alto Networks Next-Generation Firewalls - PA Series
Likelihood to Recommend
Cisco
It's well suited for the mobile task force we have at Engel for all the information workers, the salespersons, and the salespeople that are abroad and are not often on the Engel premises but are on customer premises. So for them, it's the only really good tool to connect to central IT resources. But when I look to the future way of utilizing cloud resources and having a hybrid approach and having SaaS services like Salesforce, which are running natively in the cloud, then AnyConnect might not be suitable for them because anyway, I have a direct connection via an HTTPS tunnel to run all my SAS applications. I would not see any benefit of using AnyConnect in this case. So the more a company runs in the cloud, the less it needs AnyConnect.
Palo Alto firewall only affords by Large level infrastructure having a budget for Security Prospect. I will recommend it for the Card information industry & Confidential data solutions. Because it provides a bucket of security features that are not easily vulnerable.
Cisco AnyConnect connects the machine with the VPN very smoothly in a few clicks also provides security with Multi-Factor Authentication.
It Provides the facility of creating Network groups such as Local and Project Network so that user can limit the connectivity options.
The System scan feature is so robust, it Scans the System every time we connect to a new network and remembers the older Network and does not Scans while we connect to usual Netwroks.
The PA handles VPN connectivity without missing a beat. We have multiple VPN tunnels in use for redundancy to cloud-based services.
The PA has great functionality in supporting failover internet connections, again with the ability to have multiple paths out to our cloud-based services.
The PA is updated on the regular with various security updates, we are not concerned with the firewall's ability to see what packets are really flowing across the network. Being able to see beyond just IP and port requests lets you know things are locked down better than traditional firewalls.
It is a great overall kit, with URL filtering and other services that fill in the gaps between other solutions without breaking the bank.
Manual Administrative Config: The Enrollment requires the user to enroll from their end and can't just be "Setup" for the user unless you act as the user. For things like SMS text, it would be nice just to put it in place and have it work without a "Setup/Enrollment" process. This does, however ensure the user understands the process.
Active Directory Sync and Azure Sync Did not automatically match up accounts and duplicate, so I had to do it manually, to be fair the account usernames do not match the Email Address which is used for Azure so it would be difficult.
Duo Support and Cisco Support seem to have not been integrated with each other well, most support tickets end up with a Duo expert and a Cisco Firewall Expert on at the same time, though this has improved dramatically.
They did not force my Admin to use an NTP Server off the bat, which would have fixed a few issues we had that persisted for a while until he started using one. (A bit old fashioned)
This is software is easy to use, easy to maintain, easy to support, cost effective, and extremely secure. We will continue to use it for all employees well into the future. We have already renewed our licenses for another 5 years - that's how confident we are that this software will remain a primary security solution for our firm.
The PA5220s have far exceeded what we have expected out of them. It was a bit of a learning curve coming from another vendor, but everything falls into place now with ease. The capabilities of the solution still surprise us, allowing us to remove other costly hardware and providing a single point of management needed
Compared to other products that I have used, Cisco gives me more information and it is easy for me to understand what's happening from the application, which is Cisco AnyConnect, which other vendors don't. It's very hard for me if I have to work with other applications, I have to get support from the application owner vendor. But in Cisco, I myself can read through and get this thing. Now with that being very comfortable, I mean very, very useful. I would like to get to more detail in a more simplified way. There are plenty of things. It is also where there is something it gives me in a simplified way. This is what has happened that would help me in some cases. But always there is a scope for improvement in any product. I never rate any product to 10, even if it's better because there is always room for improvement. So I personally feel we can still make this better. It is a good product, but we can still make it better
In my opinion, the Palo Alto Firewall is the simplest firewall in terms of management interfaces; though it has more advanced options that apply to more advanced use cases. Configuring basic features on the firewall is nearly self-explanatory; configuring more advanced features can be met with very thorough vendor documentation.
Thus far, I have not encountered any outages to Cisco AnyConnect. Any firmware updates are completed infrequently and efficiently such that the users don’t experience noticeable downtime. I have not encountered any errors running the platform at any time of day or night , or from any geographical location. Provided a hard-wired or WiFi internet connection is available, expect Cisco AnyConnect to run without unexpected interruption.
Their support team is extraordinary and quick responding. All support team members have great product knowledge and takes very minimum time for query resolution. Support is available on phone, emails, etc. As per my experience with their support team, I will rate them with 10 stars here because it was truly exceptional.
We've run into a couple undocumented bugs, but that seems to happen with every brand and technology. Any time we've had to engage Palo Alto support they've always been professional, knowledgeable and prompt. In almost all cases we've been able to resolve our issues without having to escalate our tickets.
We are quite satisfied with the deployment. We might extend our deployment. My suggestion to everyone will be utilizing Cisco cloud infra as well. As it will give you some nice features like cloud based firewall, DNS Security and threat intelligence. Threat intelligence was a key decision maker for us and people should not ignore it.
I have tried the above too. I have noticed that the consistency and reliability that connect provides are way better than theirs. Integration with 2-factor authentication apps is something extremely important, and I am not sure if this two software provide such functionality. Network stability and speed are also not as good as Cisco Anyconnect.
No one can say any other companies in this time is better than Palo Alto Networks Next-Generatoin Firewalls. Palo Alto offers very advanced features which protect you[r] organization. Advanced malware protection, anti spam, lots of other threats.
We are able to seamlessly work on multiple clients daily, and it allows us to quickly handle more projects at the same time.
Cisco AnyConnect has allowed our own company's coworkers to remotely connect back to the corporate network, easily assisting work schedules and processes, during the COVID-19 pandemic. Being forced to work remotely, meant our processes still happened quickly and efficiently, by being able to leverage and use Cisco AnyConnect VPN.
Even prior to the COVID-19 pandemic, I have worked 100% remotely for a few years now. This was always due to the reliable connectivity and ease of use with Cisco AnyConnect VPN. I live 2+ hours from our nearest corporate office, and even further from some of my client locations, and I have always been able to connect to any of my multiple Cisco AnyConnect VPN connections, within seconds.
Overall, even though the device is very expensive (both hardware and licensing), the product does produce a decent ROI, given that one (or HA pair) of devices can do so many things, such as anti-virus, anti-malware, URL filtering, SSL decryption, SSL VPN, routing, etc.
There will definitely be sticker shock when you're renewal comes up annually (or after 3 years), so be sure to look very carefully at the recurring costs of this product, with respect to licensing and hardware/software maintenance.
