Palo Alto Networks Next-Generation Firewalls - PA Series vs. VMware NSX

Palo Alto Networks Next-Generation Firewalls - PA Series

VMware NSX

Overview
Product	Rating	Most Used By	Product Summary	Starting Price
Palo Alto Networks Next-Generation Firewalls - PA Series	Score 9.3 out of 10	N/A	Palo Alto next-generation firewalls classify all traffic, including encrypted and internal traffic, based on application, application function, user and content. Users can create security policies to enable only authorized users to run sanctioned applications.	$1.50 per hour per available zone
VMware NSX	Score 8.5 out of 10	N/A	VMware NSX is network virtualization technology. VMware NSX is no longer sold as a standalone product and is now available as a part of VMware Cloud Foundation.	N/A

Pricing

Palo Alto Networks Next-Generation Firewalls - PA Series

VMware NSX

Editions & Modules

No answers on this topic

Offerings

Pricing Offerings
Palo Alto Networks Next-Generation Firewalls - PA Series	VMware NSX
Free Trial
No	No
Free/Freemium Version
No	No
Premium Consulting/Integration Services
No	No

Entry-level Setup Fee

No setup fee

Additional Details

Users may also choose to pay per gigabyte of data used starting at .065/GB. Note that prices listed here reflect installations via Amazon Web Services. Pricing may differ if other service providers are used.

—

More Pricing Information

Community Pulse
	Palo Alto Networks Next-Generation Firewalls - PA Series	VMware NSX
Considered Both Products	Palo Alto Networks Next-Generation Firewalls - PA Series Verified User Professional Chose Palo Alto Networks Next-Generation Firewalls - PA Series I've been really happy with our Palo Alto [solutions] and we're replacing a good chunk of our ASAs with Palo Alto. As far as firewalls go the Palo Alto firewalls are significantly better in my opinion, but we still use ASAs as VPN devices in a few scenarios and they work just … Incentivized Helpful?	VMware NSX Verified User Professional Chose VMware NSX We use both ACI & NSX. They both provide a programmable network and in future releases of ACI they will allow you to stretch fabrics into the cloud like you can do with NSX. ACI, when compared to NSX, turned out to be significantly cheaper, but it also was lacking certain … Incentivized Helpful?

Features

Palo Alto Networks Next-Generation Firewalls - PA Series

VMware NSX

Firewall

Comparison of Firewall features of Product A and Product B
	Palo Alto Networks Next-Generation Firewalls - PA Series 8.7 23 Ratings 1% above category average	VMware NSX - Ratings
Identification Technologies	9.523 Ratings	00 Ratings
Visualization Tools	7.523 Ratings	00 Ratings
Content Inspection	10.023 Ratings	00 Ratings
Policy-based Controls	10.023 Ratings	00 Ratings
Active Directory and LDAP	9.522 Ratings	00 Ratings
Firewall Management Console	9.023 Ratings	00 Ratings
Reporting and Logging	8.023 Ratings	00 Ratings
VPN	9.023 Ratings	00 Ratings
High Availability	9.522 Ratings	00 Ratings
Stateful Inspection	9.022 Ratings	00 Ratings
Proxy Server	5.011 Ratings	00 Ratings

Best Alternatives
	Palo Alto Networks Next-Generation Firewalls - PA Series	VMware NSX
Small Businesses	pfSense Score 9.4 out of 10	No answers on this topic
Medium-sized Companies	Quantum Firewalls and Security Gateways Score 9.6 out of 10	No answers on this topic
Enterprises	Quantum Firewalls and Security Gateways Score 9.6 out of 10	No answers on this topic
All Alternatives	View all alternatives	View all alternatives

User Ratings
	Palo Alto Networks Next-Generation Firewalls - PA Series	VMware NSX
Likelihood to Recommend	9.5 (39 ratings)	7.0 (3 ratings)
Likelihood to Renew	10.0 (1 ratings)	- (0 ratings)
Usability	9.0 (4 ratings)	- (0 ratings)
Support Rating	8.4 (9 ratings)	- (0 ratings)

User Testimonials
	Palo Alto Networks Next-Generation Firewalls - PA Series	VMware NSX
Likelihood to Recommend	Palo Alto Networks Palo Alto Networks Next-Generation Firewalls - PA Series are extremely versatile. Whether it be a one office location or multiple sites, the Panorama interface allows centralized management. I've found Palo Alto does a great job with their updates and supporting customers. As a cybersecurity professional, I like that Palo Alto's products offer a wide range of controls to support defense in depth. It is easy for security and network infrastructure teams to use the same consoles to deliver performance with security built in. Incentivized Verified User Anonymous Read full review	VMware by Broadcom With proper design, VMware NSX can and should be deployed to virtually any VMware virtualization environment, but the deployment should be tailored to the needs of that environment. There isn't really a one size fits all deployment design for all environments. That versatility is what provides its greatest strength to a business. Incentivized CH Christina Harding Network System Administrator Read full review
Pros	Palo Alto Networks The PA handles VPN connectivity without missing a beat. We have multiple VPN tunnels in use for redundancy to cloud-based services. The PA has great functionality in supporting failover internet connections, again with the ability to have multiple paths out to our cloud-based services. The PA is updated on the regular with various security updates, we are not concerned with the firewall's ability to see what packets are really flowing across the network. Being able to see beyond just IP and port requests lets you know things are locked down better than traditional firewalls. It is a great overall kit, with URL filtering and other services that fill in the gaps between other solutions without breaking the bank. Incentivized Verified User Anonymous Read full review	VMware by Broadcom End to end encryption on the wire. Micro-segmentation. Integrates well with existing VMWare environment. Integrates well with our existing network. Incentivized Verified User Anonymous Read full review
Cons	Palo Alto Networks Our specific model is a bit slow and outdated and takes up to 10 minutes to commit a configuration change. Nested security rules would be helpful instead of a linear approach. But rule creation in general is very simple. Documentation gives a very straight forward answer to some items but is very vague in others. Support could be a little better. An issue we had a tech was insistent it was the "other guy" and it ended up being the very latest PAN OS upgrade. Incentivized Christopher St.Amand Senior Network Security Engineer Read full review	VMware by Broadcom Interoperability in multi-vendor environments Advanced networking and packet acceleration options can be improved Incentivized Verified User Anonymous Read full review
Likelihood to Renew	Palo Alto Networks The PA5220s have far exceeded what we have expected out of them. It was a bit of a learning curve coming from another vendor, but everything falls into place now with ease. The capabilities of the solution still surprise us, allowing us to remove other costly hardware and providing a single point of management needed Incentivized Verified User Anonymous Read full review	VMware by Broadcom No answers on this topic
Usability	Palo Alto Networks The few aspects of the Palo Alto Networks Next-Generation Firewalls - PA Series that could use improvement - such as slow commit times, which I hear they have improved on in the newest models - are vastly outshined by everything else these appliances provide. We have been using the Palo Alto Networks Next-Generation Firewalls - PA Series appliances for more than 10 years and plan to continue using them for the foreseeable future. Incentivized Verified User Anonymous Read full review	VMware by Broadcom No answers on this topic
Support Rating	Palo Alto Networks We've run into a couple undocumented bugs, but that seems to happen with every brand and technology. Any time we've had to engage Palo Alto support they've always been professional, knowledgeable and prompt. In almost all cases we've been able to resolve our issues without having to escalate our tickets. Incentivized PL Paul Luchini Network Engineer Read full review	VMware by Broadcom No answers on this topic
Alternatives Considered	Palo Alto Networks We are using Cisco ASA before in our environment but when it comes to deep scanning & layer 7 security it doesn't have that capability. After using Palo Alto Networks Next-Generation Firewall we are using sandboxing & advance malware protection that provides high-level end-user security. Also after implementing it we can easily monitor user-level traffic. Incentivized Vinit Sharma Network Administrator Read full review	VMware by Broadcom We use both Cisco ACI and VMware NSX, and while they have different strengths and capabilities, I would recommend VMware NSX, as it can be used in all VMware environments, without costly physical infrastructure changes. Cisco ACI provides some of the same capabilities, but not all. It's focus relies on physical networking changes. Incentivized CH Christina Harding Network System Administrator Read full review
Return on Investment	Palo Alto Networks Overall, even though the device is very expensive (both hardware and licensing), the product does produce a decent ROI, given that one (or HA pair) of devices can do so many things, such as anti-virus, anti-malware, URL filtering, SSL decryption, SSL VPN, routing, etc. There will definitely be sticker shock when you're renewal comes up annually (or after 3 years), so be sure to look very carefully at the recurring costs of this product, with respect to licensing and hardware/software maintenance. Incentivized Verified User Anonymous Read full review	VMware by Broadcom Ability to move workloads more easily with the ability to stretch/move networks across multiple physical locations. The added flexibility allows you to expedite tech refreshes since you're no longer constrained by the hardware. Incentivized Verified User Anonymous Read full review
ScreenShots