Palo Alto Networks Next-Generation Firewalls - PA Series
Score 9.3 out of 10
N/A
Palo Alto next-generation firewalls classify all traffic, including encrypted and internal traffic, based on application, application function, user and content. Users can create security policies to enable only authorized users to run sanctioned applications.
N/A
Pricing
Cisco AnyConnect
Palo Alto Networks Next-Generation Firewalls - PA Series
Editions & Modules
No answers on this topic
No answers on this topic
Offerings
Pricing Offerings
Cisco AnyConnect
Palo Alto Networks Next-Generation Firewalls - PA Series
Palo Alto Networks Next-Generation Firewalls - PA Series
Considered Both Products
Cisco AnyConnect
No answer on this topic
Palo Alto Networks Next-Generation Firewalls - PA Series
Verified User
Professional
Chose Palo Alto Networks Next-Generation Firewalls - PA Series
I've been really happy with our Palo Alto [solutions] and we're replacing a good chunk of our ASAs with Palo Alto. As far as firewalls go the Palo Alto firewalls are significantly better in my opinion, but we still use ASAs as VPN devices in a few scenarios and they work just …
Palo Alto Networks Next-Generation Firewalls - PA Series
Likelihood to Recommend
Cisco
Internet speed is good. supporting RDP network for accessing, and as compared to other VPN like FortiClient, it has good speed! It's bypassing SSO login and we don't need to provide credentials or form based authentication for each time. Many websites or private sites are safely accessible via Cisco AnyConnect VPN. It's essentially used for Work From Home or public networks.
Palo Alto Networks Next-Generation Firewalls - PA Series are extremely versatile. Whether it be a one office location or multiple sites, the Panorama interface allows centralized management. I've found Palo Alto does a great job with their updates and supporting customers. As a cybersecurity professional, I like that Palo Alto's products offer a wide range of controls to support defense in depth. It is easy for security and network infrastructure teams to use the same consoles to deliver performance with security built in.
Any Connect is building a stable VPN connection across any different kinds of networks. So it gives me the assumption that I will be sitting in the office and work locally on my workplace, but I get this assumption nearly from everywhere.
The PA handles VPN connectivity without missing a beat. We have multiple VPN tunnels in use for redundancy to cloud-based services.
The PA has great functionality in supporting failover internet connections, again with the ability to have multiple paths out to our cloud-based services.
The PA is updated on the regular with various security updates, we are not concerned with the firewall's ability to see what packets are really flowing across the network. Being able to see beyond just IP and port requests lets you know things are locked down better than traditional firewalls.
It is a great overall kit, with URL filtering and other services that fill in the gaps between other solutions without breaking the bank.
Manual Administrative Config: The Enrollment requires the user to enroll from their end and can't just be "Setup" for the user unless you act as the user. For things like SMS text, it would be nice just to put it in place and have it work without a "Setup/Enrollment" process. This does, however ensure the user understands the process.
Active Directory Sync and Azure Sync Did not automatically match up accounts and duplicate, so I had to do it manually, to be fair the account usernames do not match the Email Address which is used for Azure so it would be difficult.
Duo Support and Cisco Support seem to have not been integrated with each other well, most support tickets end up with a Duo expert and a Cisco Firewall Expert on at the same time, though this has improved dramatically.
They did not force my Admin to use an NTP Server off the bat, which would have fixed a few issues we had that persisted for a while until he started using one. (A bit old fashioned)
As I am getting all the services which are expected. I would highly recommend the organization to renew the use. But if I get better services than Cisco AnyConnect then I would definitely give that one try however it needs to have more resiliency and trustworthiness then only can move towards other provider.
The PA5220s have far exceeded what we have expected out of them. It was a bit of a learning curve coming from another vendor, but everything falls into place now with ease. The capabilities of the solution still surprise us, allowing us to remove other costly hardware and providing a single point of management needed
Compared to other products that I have used, Cisco gives me more information and it is easy for me to understand what's happening from the application, which is Cisco AnyConnect, which other vendors don't. It's very hard for me if I have to work with other applications, I have to get support from the application owner vendor. But in Cisco, I myself can read through and get this thing. Now with that being very comfortable, I mean very, very useful. I would like to get to more detail in a more simplified way. There are plenty of things. It is also where there is something it gives me in a simplified way. This is what has happened that would help me in some cases. But always there is a scope for improvement in any product. I never rate any product to 10, even if it's better because there is always room for improvement. So I personally feel we can still make this better. It is a good product, but we can still make it better
In my opinion, the Palo Alto Firewall is the simplest firewall in terms of management interfaces; though it has more advanced options that apply to more advanced use cases. Configuring basic features on the firewall is nearly self-explanatory; configuring more advanced features can be met with very thorough vendor documentation.
Thus far, I have not encountered any outages to Cisco AnyConnect. Any firmware updates are completed infrequently and efficiently such that the users don’t experience noticeable downtime. I have not encountered any errors running the platform at any time of day or night , or from any geographical location. Provided a hard-wired or WiFi internet connection is available, expect Cisco AnyConnect to run without unexpected interruption.
Absolutely no speed issues, and I see no evidence of slowdowns across any of the multiple platforms I use daily. It's operation is completely invisible most of the time, except where there is a loss of connection due to server issues or a loss of power. Everything loads quickly and accurately.
Their support team is extraordinary and quick responding. All support team members have great product knowledge and takes very minimum time for query resolution. Support is available on phone, emails, etc. As per my experience with their support team, I will rate them with 10 stars here because it was truly exceptional.
We've run into a couple undocumented bugs, but that seems to happen with every brand and technology. Any time we've had to engage Palo Alto support they've always been professional, knowledgeable and prompt. In almost all cases we've been able to resolve our issues without having to escalate our tickets.
Our Managed Services vendor helped us with the implementation. When we initially setup our AnyConnect using MFA for remote connectivity, the setup was easy and straight forward and worked just fine. After a year, we decided to change to an "always on" feature and use machine and user based security certificates instead of MFA. We had to open a ticket with Cisco support and have their assistance getting this feature to work. Turned out they had a small bug in the code for that version of AnyConnect and it has since been corrected. We have had no issues with the upgrades since that time. The deployment of the software to the user machines was done with SCCM and was straight forward. The user machine upgrades are easy - when the user machine connects and sees a new version available, it upgrades itself! What could be easier?
I have tried the above too. I have noticed that the consistency and reliability that connect provides are way better than theirs. Integration with 2-factor authentication apps is something extremely important, and I am not sure if this two software provide such functionality. Network stability and speed are also not as good as Cisco Anyconnect.
We are using Cisco ASA before in our environment but when it comes to deep scanning & layer 7 security it doesn't have that capability. After using Palo Alto Networks Next-Generation Firewall we are using sandboxing & advance malware protection that provides high-level end-user security. Also after implementing it we can easily monitor user-level traffic.
Cisco AnyConnect has been a speedy, reliable, and efficient tool for the creation of your own VPN whatever location that you've brought your laptop. Customer support is consistently top-notch, coming up with quick fixes to whatever difficulties are thrown your way. I would not hesitate to reccommend Cisco AnyConnect to any business that needs connected employees throught the world.
We are able to seamlessly work on multiple clients daily, and it allows us to quickly handle more projects at the same time.
Cisco AnyConnect has allowed our own company's coworkers to remotely connect back to the corporate network, easily assisting work schedules and processes, during the COVID-19 pandemic. Being forced to work remotely, meant our processes still happened quickly and efficiently, by being able to leverage and use Cisco AnyConnect VPN.
Even prior to the COVID-19 pandemic, I have worked 100% remotely for a few years now. This was always due to the reliable connectivity and ease of use with Cisco AnyConnect VPN. I live 2+ hours from our nearest corporate office, and even further from some of my client locations, and I have always been able to connect to any of my multiple Cisco AnyConnect VPN connections, within seconds.
Overall, even though the device is very expensive (both hardware and licensing), the product does produce a decent ROI, given that one (or HA pair) of devices can do so many things, such as anti-virus, anti-malware, URL filtering, SSL decryption, SSL VPN, routing, etc.
There will definitely be sticker shock when you're renewal comes up annually (or after 3 years), so be sure to look very carefully at the recurring costs of this product, with respect to licensing and hardware/software maintenance.
