Palo Alto Networks Next-Generation Firewalls - PA Series
Score 9.1 out of 10
N/A
Palo Alto Network’s Next-Generation Firewalls is a firewall option integrated with other Palo Alto security products. Released in late 2023, the PA-7500 ML-Powered NextGeneration Firewall (NGFW) enables enterprise-scale organizations and service providers to deploy security in high-performance environments.
$1.50
per hour per available zone
Trellix Endpoint Security ENS
Score 8.3 out of 10
N/A
Trellix Endpoint Security (ENS) solutions apply proactive threat intelligence and defenses across the entire attack lifecycle to keep organizations safer and more resilient.
N/A
Pricing
Palo Alto Networks Next-Generation Firewalls - PA Series
Trellix Endpoint Security ENS
Editions & Modules
No answers on this topic
No answers on this topic
Offerings
Pricing Offerings
Palo Alto Networks Next-Generation Firewalls - PA Series
Trellix Endpoint Security ENS
Free Trial
Yes
No
Free/Freemium Version
No
No
Premium Consulting/Integration Services
No
No
Entry-level Setup Fee
No setup fee
No setup fee
Additional Details
Users may also choose to pay per gigabyte of data used starting at .065/GB. Note that prices listed here reflect installations via Amazon Web Services. Pricing may differ if other service providers are used.
—
More Pricing Information
Community Pulse
Palo Alto Networks Next-Generation Firewalls - PA Series
Trellix Endpoint Security ENS
Features
Palo Alto Networks Next-Generation Firewalls - PA Series
Trellix Endpoint Security ENS
Firewall
Comparison of Firewall features of Product A and Product B
Palo Alto Networks Next-Generation Firewalls - PA Series
8.7
23 Ratings
1% above category average
Trellix Endpoint Security ENS
-
Ratings
Identification Technologies
9.523 Ratings
00 Ratings
Visualization Tools
7.523 Ratings
00 Ratings
Content Inspection
10.023 Ratings
00 Ratings
Policy-based Controls
10.023 Ratings
00 Ratings
Active Directory and LDAP
9.522 Ratings
00 Ratings
Firewall Management Console
9.023 Ratings
00 Ratings
Reporting and Logging
8.023 Ratings
00 Ratings
VPN
9.023 Ratings
00 Ratings
High Availability
9.522 Ratings
00 Ratings
Stateful Inspection
9.022 Ratings
00 Ratings
Proxy Server
5.011 Ratings
00 Ratings
Endpoint Security
Comparison of Endpoint Security features of Product A and Product B
Palo Alto Networks Next-Generation Firewalls - PA Series
-
Ratings
Trellix Endpoint Security ENS
8.4
15 Ratings
1% below category average
Anti-Exploit Technology
00 Ratings
8.413 Ratings
Endpoint Detection and Response (EDR)
00 Ratings
8.214 Ratings
Centralized Management
00 Ratings
9.115 Ratings
Hybrid Deployment Support
00 Ratings
7.98 Ratings
Infection Remediation
00 Ratings
8.314 Ratings
Vulnerability Management
00 Ratings
8.112 Ratings
Malware Detection
00 Ratings
9.115 Ratings
Best Alternatives
Palo Alto Networks Next-Generation Firewalls - PA Series
Trellix Endpoint Security ENS
Small Businesses
pfSense
Score 9.4 out of 10
ThreatLocker
Score 9.4 out of 10
Medium-sized Companies
pfSense
Score 9.4 out of 10
CrowdStrike Falcon
Score 9.1 out of 10
Enterprises
Palo Alto Networks Virtualized Next-Generation Firewalls - VM Series
Palo Alto Networks Next-Generation Firewalls - PA Series
Trellix Endpoint Security ENS
Likelihood to Recommend
Palo Alto Networks
Palo Alto Networks Next-Generation Firewalls - PA Series are extremely versatile. Whether it be a one office location or multiple sites, the Panorama interface allows centralized management. I've found Palo Alto does a great job with their updates and supporting customers. As a cybersecurity professional, I like that Palo Alto's products offer a wide range of controls to support defense in depth. It is easy for security and network infrastructure teams to use the same consoles to deliver performance with security built in.
It provides great web security and will protect your devices against viruses and malware when paired with other security software and hardware. For instance, we have multiple layers of security set up so if McAfee misses something then one of our other barriers will catch the infection or intrusion before it reaches the network. I would not suggest using this product as a standalone agent because I do not think it will be as effective when working by itself. The dashboard also makes it convenient to manage devices, policies, and settings from wherever you are so it's an ideal solution for any IT department to use. I would just suggest using something else as a backup so your network isn't left vulnerable.
The PA handles VPN connectivity without missing a beat. We have multiple VPN tunnels in use for redundancy to cloud-based services.
The PA has great functionality in supporting failover internet connections, again with the ability to have multiple paths out to our cloud-based services.
The PA is updated on the regular with various security updates, we are not concerned with the firewall's ability to see what packets are really flowing across the network. Being able to see beyond just IP and port requests lets you know things are locked down better than traditional firewalls.
It is a great overall kit, with URL filtering and other services that fill in the gaps between other solutions without breaking the bank.
The amount of false detections especially the negative ones needed to be reduced.
It requires more optimization. It tends to make the PCs slower.
It almost doesn't have the ability to heal. This is very important as we need our sensitive data to be recoverable.
It doesn't have any free scanning functionality. Our users using personal machines cannot scan in case of an incident. This could be added like Malwarebytes.
The PA5220s have far exceeded what we have expected out of them. It was a bit of a learning curve coming from another vendor, but everything falls into place now with ease. The capabilities of the solution still surprise us, allowing us to remove other costly hardware and providing a single point of management needed
The few aspects of the Palo Alto Networks Next-Generation Firewalls - PA Series that could use improvement - such as slow commit times, which I hear they have improved on in the newest models - are vastly outshined by everything else these appliances provide. We have been using the Palo Alto Networks Next-Generation Firewalls - PA Series appliances for more than 10 years and plan to continue using them for the foreseeable future.
We've run into a couple undocumented bugs, but that seems to happen with every brand and technology. Any time we've had to engage Palo Alto support they've always been professional, knowledgeable and prompt. In almost all cases we've been able to resolve our issues without having to escalate our tickets.
The support of product was very good when we initially implemented the solution. We were getting fats replies and could see the customer approach. After a while the level of support was not following the SLA's and the replies were getting very confusing and late.
We are using Cisco ASA before in our environment but when it comes to deep scanning & layer 7 security it doesn't have that capability. After using Palo Alto Networks Next-Generation Firewall we are using sandboxing & advance malware protection that provides high-level end-user security. Also after implementing it we can easily monitor user-level traffic.
Unlike Trellix Endpoint Security Symantec Endpoint provides less information about events on the user side. Trellix give an opportunity to see information about virus detection on a user machine as quick as it possible, so we were able to catch the signs of virus propagation early and prevent the spread of damage
Overall, even though the device is very expensive (both hardware and licensing), the product does produce a decent ROI, given that one (or HA pair) of devices can do so many things, such as anti-virus, anti-malware, URL filtering, SSL decryption, SSL VPN, routing, etc.
There will definitely be sticker shock when you're renewal comes up annually (or after 3 years), so be sure to look very carefully at the recurring costs of this product, with respect to licensing and hardware/software maintenance.
From an auditing standpoint, we can show that our workstations/servers are protected.
Even though it cant identify more advanced/targeted malware, it is still good to identify the more obvious malware which occurs daily in my enterprise.
Since it can be easily deployed, the products can easily get deployed on all systems in the environment for optimal anti-malware protection.
