Snort vs. Palo Alto Networks Next-Generation Firewalls - PA Series

Snort

Palo Alto Networks Next-Generation Firewalls - PA Series

Overview
Product	Rating	Most Used By	Product Summary	Starting Price
Snort	Score 8.4 out of 10	N/A	Sourcefire developed Snort, an open source intrusion prevention system capable of real-time traffic analysis and packet logging. Snort was acquired (and is now supported) by Cisco in 2013.	N/A
Next-Generation Firewalls - PA Series	Score 9.3 out of 10	N/A	Palo Alto next-generation firewalls classify all traffic, including encrypted and internal traffic, based on application, application function, user and content. Users can create security policies to enable only authorized users to run sanctioned applications.	N/A

Pricing

Snort

Palo Alto Networks Next-Generation Firewalls - PA Series

Editions & Modules

No answers on this topic

Offerings

Pricing Offerings
Snort	Next-Generation Firewalls - PA Series
Free Trial
No	No
Free/Freemium Version
No	No
Premium Consulting/Integration Services
No	No

Entry-level Setup Fee

No setup fee

Additional Details

—

More Pricing Information

Community Pulse
	Snort	Palo Alto Networks Next-Generation Firewalls - PA Series
Considered Both Products	Snort Verified User Manager Chose Snort Snort was chosen mainly for the ease and cost. With Snort we was able to set up in a matter of minutes without any professional services needed. If you are used to packet tracing the old fashion way, this is the product for you. Incentivized Helpful? Alan Matson, CCNA:S, MCP Senior Network Security Engineer Chose Snort Sourcefire vs. TippingPoint was a no-brainer for us at the time of deployment. Sourcefire has a more well-defined API using REST that can be leveraged for automating tasks. TippingPoint was just releasing an API that was limited. Also at the time, TippingPoint could not meet … Incentivized Helpful? DM David Myers Network Administrator Chose Snort For our organization, the Cisco defense in depth concept works the best. While Cisco can be made to work with other vendors, we have found the best in depth protection by integrating Cisco products for maximum visibility. We had a Barracuda Web Filter, but it was difficult to … Incentivized Helpful?	Next-Generation Firewalls - PA Series No answer on this topic
Top Pros	Pro Malware protection Pro Customizable and easy Pro Add ons	Pro Url filtering Pro Malware protection Pro Application control
Top Cons	Minus Upgrade process Minus Version 5 Minus False positives	Minus Difficult to configure Minus Less documentation Minus Web interface

Features

Snort

Palo Alto Networks Next-Generation Firewalls - PA Series

Firewall

Comparison of Firewall features of Product A and Product B
	Snort - Ratings	Palo Alto Networks Next-Generation Firewalls - PA Series 9.4 21 Ratings 10% above category average
Identification Technologies	00 Ratings	9.921 Ratings
Visualization Tools	00 Ratings	9.021 Ratings
Content Inspection	00 Ratings	9.921 Ratings
Policy-based Controls	00 Ratings	10.021 Ratings
Active Directory and LDAP	00 Ratings	9.920 Ratings
Firewall Management Console	00 Ratings	10.021 Ratings
Reporting and Logging	00 Ratings	7.621 Ratings
VPN	00 Ratings	8.421 Ratings
High Availability	00 Ratings	10.020 Ratings
Stateful Inspection	00 Ratings	10.020 Ratings
Proxy Server	00 Ratings	8.810 Ratings

Best Alternatives
	Snort	Palo Alto Networks Next-Generation Firewalls - PA Series
Small Businesses	AlienVault USM Score 8.0 out of 10	pfSense Score 9.2 out of 10
Medium-sized Companies	CrowdStrike Falcon Score 9.1 out of 10	pfSense Score 9.2 out of 10
Enterprises	CrowdStrike Falcon Score 9.1 out of 10	Cisco Firepower 4100 Series Score 8.9 out of 10
All Alternatives	View all alternatives	View all alternatives

User Ratings
	Snort	Palo Alto Networks Next-Generation Firewalls - PA Series
Likelihood to Recommend	8.1 (5 ratings)	9.5 (37 ratings)
Likelihood to Renew	- (0 ratings)	10.0 (1 ratings)
Usability	- (0 ratings)	10.0 (2 ratings)
Support Rating	- (0 ratings)	8.4 (9 ratings)

User Testimonials
	Snort	Palo Alto Networks Next-Generation Firewalls - PA Series
Likelihood to Recommend	Cisco If a colleague was looking to tighten down their network I can easily recommend Snort to them. It gives you some more peace of mind knowing that its always scanning traffic for malicious looking code. Even things your major firewalls and security hardware might miss, Snort has picked up. Its an easy recommendation for me. Incentivized Verified User Anonymous Read full review	Palo Alto Networks Palo Alto firewall only affords by Large level infrastructure having a budget for Security Prospect. I will recommend it for the Card information industry & Confidential data solutions. Because it provides a bucket of security features that are not easily vulnerable. Incentivized Vinit Sharma Network Administrator Read full review
Pros	Cisco IPS detection. DoS detection. Packet logging. Incentivized Verified User Anonymous Read full review	Palo Alto Networks The PA handles VPN connectivity without missing a beat. We have multiple VPN tunnels in use for redundancy to cloud-based services. The PA has great functionality in supporting failover internet connections, again with the ability to have multiple paths out to our cloud-based services. The PA is updated on the regular with various security updates, we are not concerned with the firewall's ability to see what packets are really flowing across the network. Being able to see beyond just IP and port requests lets you know things are locked down better than traditional firewalls. It is a great overall kit, with URL filtering and other services that fill in the gaps between other solutions without breaking the bank. Incentivized Verified User Anonymous Read full review
Cons	Cisco At times can be unstable with Cisco bugs, require frequent upgrading. FTD images that are being pushed for ASAs are less efficient from an administration standpoint, no CLI. Incentivized Alan Matson, CCNA:S, MCP Senior Network Security Engineer Read full review	Palo Alto Networks Our specific model is a bit slow and outdated and takes up to 10 minutes to commit a configuration change. Nested security rules would be helpful instead of a linear approach. But rule creation in general is very simple. Documentation gives a very straight forward answer to some items but is very vague in others. Support could be a little better. An issue we had a tech was insistent it was the "other guy" and it ended up being the very latest PAN OS upgrade. Incentivized Christopher St.Amand Senior Network Security Engineer Read full review
Likelihood to Renew	Cisco No answers on this topic	Palo Alto Networks The PA5220s have far exceeded what we have expected out of them. It was a bit of a learning curve coming from another vendor, but everything falls into place now with ease. The capabilities of the solution still surprise us, allowing us to remove other costly hardware and providing a single point of management needed Incentivized Verified User Anonymous Read full review
Usability	Cisco No answers on this topic	Palo Alto Networks In my opinion, the Palo Alto Firewall is the simplest firewall in terms of management interfaces; though it has more advanced options that apply to more advanced use cases. Configuring basic features on the firewall is nearly self-explanatory; configuring more advanced features can be met with very thorough vendor documentation. Incentivized Verified User Anonymous Read full review
Support Rating	Cisco No answers on this topic	Palo Alto Networks We've run into a couple undocumented bugs, but that seems to happen with every brand and technology. Any time we've had to engage Palo Alto support they've always been professional, knowledgeable and prompt. In almost all cases we've been able to resolve our issues without having to escalate our tickets. Incentivized PL Paul Luchini Network Engineer Read full review
Alternatives Considered	Cisco For our organization, the Cisco defense in depth concept works the best. While Cisco can be made to work with other vendors, we have found the best in depth protection by integrating Cisco products for maximum visibility. We had a Barracuda Web Filter, but it was difficult to maintain when you had limited scope on what you could block, so we created a whitelist only setup which required a lot of additional manpower. This wouldn't have covered new threats with DNS spoofing and the like. Sourcefire also integrated with our anti-malware platform (Cisco AMP) for even better visibility on what may be happening on the end users workstation. We are planning on adding in Cisco ISE to complete the approach and possibly stealthwatch to cover our bases in the future. The Palo Alto gear was interesting, but it was priced far out of our range. Incentivized DM David Myers Network Administrator Read full review	Palo Alto Networks No one can say any other companies in this time is better than Palo Alto Networks Next-Generatoin Firewalls. Palo Alto offers very advanced features which protect you[r] organization. Advanced malware protection, anti spam, lots of other threats. Incentivized Basant Gupta Executive System Admin Read full review
Return on Investment	Cisco Being open source, ROI on free is hard to beat for something that works. I believe it greatly enhances the security of my network. CD Curt Dickman Owner Read full review	Palo Alto Networks Overall, even though the device is very expensive (both hardware and licensing), the product does produce a decent ROI, given that one (or HA pair) of devices can do so many things, such as anti-virus, anti-malware, URL filtering, SSL decryption, SSL VPN, routing, etc. There will definitely be sticker shock when you're renewal comes up annually (or after 3 years), so be sure to look very carefully at the recurring costs of this product, with respect to licensing and hardware/software maintenance. Incentivized Verified User Anonymous Read full review
ScreenShots