TrustRadius

Snort vs. Palo Alto Networks Next-Generation Firewalls - PA Series

Overview
ProductRatingMost Used ByProduct SummaryStarting Price
Snort
Score 8.4 out of 10
N/A
Sourcefire developed Snort, an open source intrusion prevention system capable of real-time traffic analysis and packet logging. Snort was acquired (and is now supported) by Cisco in 2013.N/A
Palo Alto Networks Next-Generation Firewalls - PA Series
Score 9.3 out of 10
N/A
Palo Alto next-generation firewalls classify all traffic, including encrypted and internal traffic, based on application, application function, user and content. Users can create security policies to enable only authorized users to run sanctioned applications.N/A
Pricing
SnortPalo Alto Networks Next-Generation Firewalls - PA Series
Editions & Modules
No answers on this topic
No answers on this topic
Offerings
Pricing Offerings
SnortPalo Alto Networks Next-Generation Firewalls - PA Series
Free Trial
NoNo
Free/Freemium Version
NoNo
Premium Consulting/Integration Services
NoNo
Entry-level Setup FeeNo setup feeNo setup fee
Additional Details
More Pricing Information
Community Pulse
SnortPalo Alto Networks Next-Generation Firewalls - PA Series
Considered Both Products
Snort
Verified User
Manager
Chose Snort
Snort was chosen mainly for the ease and cost. With Snort we was able to set up in a matter of minutes without any professional services needed. If you are used to packet tracing the old fashion way, this is the product for you.
DM
David Myers
Network Administrator
Chose Snort
For our organization, the Cisco defense in depth concept works the best. While Cisco can be made to work with other vendors, we have found the best in depth protection by integrating Cisco products for maximum visibility. We had a Barracuda Web Filter, but it was difficult to …
Palo Alto Networks Next-Generation Firewalls - PA Series

No answer on this topic

Top Pros
Top Cons
Features
SnortPalo Alto Networks Next-Generation Firewalls - PA Series
Firewall
Comparison of Firewall features of Product A and Product B
Snort
-
Ratings
Palo Alto Networks Next-Generation Firewalls - PA Series
9.4
22 Ratings
9% above category average
Identification Technologies00 Ratings10.022 Ratings
Visualization Tools00 Ratings8.022 Ratings
Content Inspection00 Ratings10.022 Ratings
Policy-based Controls00 Ratings10.022 Ratings
Active Directory and LDAP00 Ratings9.021 Ratings
Firewall Management Console00 Ratings9.022 Ratings
Reporting and Logging00 Ratings10.022 Ratings
VPN00 Ratings9.022 Ratings
High Availability00 Ratings10.021 Ratings
Stateful Inspection00 Ratings10.021 Ratings
Proxy Server00 Ratings8.810 Ratings
Best Alternatives
SnortPalo Alto Networks Next-Generation Firewalls - PA Series
Small Businesses
AlienVault USM
AlienVault USM
Score 7.1 out of 10
pfSense
pfSense
Score 9.4 out of 10
Medium-sized Companies
CrowdStrike Falcon
CrowdStrike Falcon
Score 9.1 out of 10
Sophos SG Firewall Appliances
Sophos SG Firewall Appliances
Score 9.4 out of 10
Enterprises
CrowdStrike Falcon
CrowdStrike Falcon
Score 9.1 out of 10
Cisco Adaptive Security Appliance (ASA) Software
Cisco Adaptive Security Appliance (ASA) Software
Score 9.0 out of 10
All AlternativesView all alternativesView all alternatives
User Ratings
SnortPalo Alto Networks Next-Generation Firewalls - PA Series
Likelihood to Recommend
8.1
(5 ratings)
10.0
(38 ratings)
Likelihood to Renew
-
(0 ratings)
10.0
(1 ratings)
Usability
-
(0 ratings)
9.0
(3 ratings)
Support Rating
-
(0 ratings)
8.4
(9 ratings)
User Testimonials
SnortPalo Alto Networks Next-Generation Firewalls - PA Series
Likelihood to Recommend
Cisco
If a colleague was looking to tighten down their network I can easily recommend Snort to them. It gives you some more peace of mind knowing that its always scanning traffic for malicious looking code. Even things your major firewalls and security hardware might miss, Snort has picked up. Its an easy recommendation for me.
Verified User
Anonymous
Read full review
Palo Alto Networks
Palo Alto Networks Next-Generation Firewalls - PA Series are extremely versatile. Whether it be a one office location or multiple sites, the Panorama interface allows centralized management. I've found Palo Alto does a great job with their updates and supporting customers. As a cybersecurity professional, I like that Palo Alto's products offer a wide range of controls to support defense in depth. It is easy for security and network infrastructure teams to use the same consoles to deliver performance with security built in.
Verified User
Anonymous
Read full review
Pros
Cisco
  • IPS detection.
  • DoS detection.
  • Packet logging.
Verified User
Anonymous
Read full review
Palo Alto Networks
  • The PA handles VPN connectivity without missing a beat. We have multiple VPN tunnels in use for redundancy to cloud-based services.
  • The PA has great functionality in supporting failover internet connections, again with the ability to have multiple paths out to our cloud-based services.
  • The PA is updated on the regular with various security updates, we are not concerned with the firewall's ability to see what packets are really flowing across the network. Being able to see beyond just IP and port requests lets you know things are locked down better than traditional firewalls.
  • It is a great overall kit, with URL filtering and other services that fill in the gaps between other solutions without breaking the bank.
Verified User
Anonymous
Read full review
Cons
Cisco
  • At times can be unstable with Cisco bugs, require frequent upgrading.
  • FTD images that are being pushed for ASAs are less efficient from an administration standpoint, no CLI.
Alan Matson, CCNA:S, MCP | TrustRadius Reviewer
Alan Matson, CCNA:S, MCP
Senior Network Security Engineer
Read full review
Palo Alto Networks
  • Our specific model is a bit slow and outdated and takes up to 10 minutes to commit a configuration change.
  • Nested security rules would be helpful instead of a linear approach. But rule creation in general is very simple.
  • Documentation gives a very straight forward answer to some items but is very vague in others.
  • Support could be a little better. An issue we had a tech was insistent it was the "other guy" and it ended up being the very latest PAN OS upgrade.
Christopher St.Amand | TrustRadius Reviewer
Christopher St.Amand
Senior Network Security Engineer
Read full review
Likelihood to Renew
Cisco
No answers on this topic
Palo Alto Networks
The PA5220s have far exceeded what we have expected out of them. It was a bit of a learning curve coming from another vendor, but everything falls into place now with ease. The capabilities of the solution still surprise us, allowing us to remove other costly hardware and providing a single point of management needed
Verified User
Anonymous
Read full review
Usability
Cisco
No answers on this topic
Palo Alto Networks
In my opinion, the Palo Alto Firewall is the simplest firewall in terms of management interfaces; though it has more advanced options that apply to more advanced use cases. Configuring basic features on the firewall is nearly self-explanatory; configuring more advanced features can be met with very thorough vendor documentation.
Verified User
Anonymous
Read full review
Support Rating
Cisco
No answers on this topic
Palo Alto Networks
We've run into a couple undocumented bugs, but that seems to happen with every brand and technology. Any time we've had to engage Palo Alto support they've always been professional, knowledgeable and prompt. In almost all cases we've been able to resolve our issues without having to escalate our tickets.
PL
Paul Luchini
Network Engineer
Read full review
Alternatives Considered
Cisco
For our organization, the Cisco defense in depth concept works the best. While Cisco can be made to work with other vendors, we have found the best in depth protection by integrating Cisco products for maximum visibility. We had a Barracuda Web Filter, but it was difficult to maintain when you had limited scope on what you could block, so we created a whitelist only setup which required a lot of additional manpower. This wouldn't have covered new threats with DNS spoofing and the like. Sourcefire also integrated with our anti-malware platform (Cisco AMP) for even better visibility on what may be happening on the end users workstation. We are planning on adding in Cisco ISE to complete the approach and possibly stealthwatch to cover our bases in the future. The Palo Alto gear was interesting, but it was priced far out of our range.
DM
David Myers
Network Administrator
Read full review
Palo Alto Networks
We are using Cisco ASA before in our environment but when it comes to deep scanning & layer 7 security it doesn't have that capability. After using Palo Alto Networks Next-Generation Firewall we are using sandboxing & advance malware protection that provides high-level end-user security. Also after implementing it we can easily monitor user-level traffic.
Vinit Sharma | TrustRadius Reviewer
Vinit Sharma
Network Administrator
Read full review
Return on Investment
Cisco
  • Being open source, ROI on free is hard to beat for something that works.
  • I believe it greatly enhances the security of my network.
CD
Read full review
Palo Alto Networks
  • Overall, even though the device is very expensive (both hardware and licensing), the product does produce a decent ROI, given that one (or HA pair) of devices can do so many things, such as anti-virus, anti-malware, URL filtering, SSL decryption, SSL VPN, routing, etc.
  • There will definitely be sticker shock when you're renewal comes up annually (or after 3 years), so be sure to look very carefully at the recurring costs of this product, with respect to licensing and hardware/software maintenance.
Verified User
Anonymous
Read full review
ScreenShots