Palo Alto Networks Next-Generation Firewalls - PA Series vs. SonicWall TZ

It is well-suited for a company needing strong edge security with ease of administration. It comes standard with many features such as VPN, Application ID and "Day-1 Config" that make the networks it protects secure from the very start. Palo is definitely a premium product and is much more expensive than other firewalls, but the value is realized immediately. The robust options for firewall rules/policies allow the administrator to apply security in new and creative ways to hit the sweet spot between security and usability.

Incentivized

Based on my experience, this is a solid platform for a small to mid sized company, especially when there is someone who has IT experience, or can get outsourced IT help. I would not recommend for someone who is a technology novice. Also, this is a competent device for someone who is looking to add VPN services for remote workers.

Incentivized

• The PA handles VPN connectivity without missing a beat. We have multiple VPN tunnels in use for redundancy to cloud-based services.
• The PA has great functionality in supporting failover internet connections, again with the ability to have multiple paths out to our cloud-based services.
• The PA is updated on the regular with various security updates, we are not concerned with the firewall's ability to see what packets are really flowing across the network. Being able to see beyond just IP and port requests lets you know things are locked down better than traditional firewalls.
• It is a great overall kit, with URL filtering and other services that fill in the gaps between other solutions without breaking the bank.

Incentivized

• If you have multiple sites and you want the connect the sites through secure medium this is best firewall for you.
• There are very advanced features helps you to connect the device easily and securely.
• Easy to connect the sites through advanced routing protocols.

Incentivized

• Setting up certain things can be somewhat complicated due to the numerous options and abstractions involved.
• It would be nice to have somewhere to get simple canned reports easily.
• It would be nice to be able to remove options we never use from various setup dialogs.

Incentivized

• There are Service Bundles in SonicWall TZ that are Unlicensed and do not know why they have not be Activated - would need help to further understand benefits
• Do not know why Standard Support is Unlicensed
• WiFi range of TZ270W is very limited - need to add Access Points or Extended to obtain adequate coverage

Incentivized

The PA5220s have far exceeded what we have expected out of them. It was a bit of a learning curve coming from another vendor, but everything falls into place now with ease. The capabilities of the solution still surprise us, allowing us to remove other costly hardware and providing a single point of management needed

Incentivized

It can be a little tricky at first if you have never used the product or a firewall before. If you have experience with firewalls in general, it does not take long to learn the Palo Alto Networks Next-Generation Firewalls - PA Series interface. They offer great training resources and knowledge base articles to help get up to speed.

Incentivized

Overall the new interface is very logical and easy to navigate. We did struggle at first coming from the older interface and finding our way around the new. But our new users found it very simple to find what they were looking for. One negative we do all struggle with is packet cpature not always being clear how its set/what is being monitored. this could do with more information on teh intial page instead of having to look for it

Incentivized

We've run into a couple undocumented bugs, but that seems to happen with every brand and technology. Any time we've had to engage Palo Alto support they've always been professional, knowledgeable and prompt. In almost all cases we've been able to resolve our issues without having to escalate our tickets.

Incentivized

Once you get to a competent technician the support experience is better. But I have found that the lower tiers of support are very slow to respond (like 1 email per day) and you typically have to re-explain yourself a couple times before they get it. I have not used Phone support, and that may be a better experience.

Incentivized

We are using Cisco ASA before in our environment but when it comes to deep scanning & layer 7 security it doesn't have that capability. After using Palo Alto Networks Next-Generation Firewall we are using sandboxing & advance malware protection that provides high-level end-user security. Also after implementing it we can easily monitor user-level traffic.

Incentivized

SonicWall and WatchGuard are both fine appliances, but I am accustomed to the Barracuda NG. The Barracuda Control Center is so powerful and useful that it beats out the other two. SonicWall does a great job of dividing up firewall rules and NAT policies, but this is a preference among engineers.

• We used to outsource our Firewall and it's management. Not only did we find their SLA's to be lacking, in general, but communication between us was horrible. Many times we could not understand them and that resulted in less than desirable rule creation or troubleshooting.
• Since we no longer have to pay a company for 24/7 management (and SLOW SLA's) we are saving a ton of money each year. Also our fellow employee's are much happier that things can be resolved in a timely manner.

Incentivized

• We have three SonicWall TZ devices and they are very helpful in a VPN set up.
• The subscription costs for the different features has a great return on investment. It is very well worth the money.
• The antivirus component has been very effective on the computers and servers the SonicWall TZ device protects.

Incentivized