Next-Generation Firewalls - PA Series

Next-Generation Firewalls - PA Series

Score 9.2 out of 10
Palo Alto Networks Next-Generation Firewalls - PA Series


What is Next-Generation Firewalls - PA Series?

Palo Alto next-generation firewalls classify all traffic, including encrypted and internal traffic, based on application, application function, user and content. Users can create security policies to enable only authorized users to run sanctioned applications.
Read more

Recent Reviews

Read all reviews


Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards

Popular Features

View all 11 features
  • Policy-based Controls (21)
  • Content Inspection (21)
  • Identification Technologies (21)
  • Visualization Tools (21)

Video Reviews

Leaving a video review helps other professionals like you evaluate products. Be the first one in your network to record a review of Next-Generation Firewalls - PA Series, and make your voice heard!

Return to navigation


View all pricing

What is Next-Generation Firewalls - PA Series?

Palo Alto next-generation firewalls classify all traffic, including encrypted and internal traffic, based on application, application function, user and content. Users can create security policies to enable only authorized users to run sanctioned applications.

Entry-level set up fee?

  • No setup fee


  • Free Trial
  • Free/Freemium Version
  • Premium Consulting / Integration Services

Would you like us to let the vendor know that you want pricing?

35 people want pricing too

Alternatives Pricing

What is Azure Firewall?

Microsoft's Azure Firewall is a managed cloud-based network security service that protects Azure Virtual Network resources.

What is pfSense?

pfSense is a firewall and load management product available through the open source pfSense Community Edition, as well as a the licensed edition, pfSense Plus (formerly known as pfSense Enterprise). The solution provides combined firewall, VPN, and router functionality, and can be deployed through…

Return to navigation



A firewall is a filter that stands between a computer or computer network and the Internet. Each firewall can be programmed to keep specific traffic in or out

9.6Avg 8.5
Return to navigation

Product Details

What is Next-Generation Firewalls - PA Series?

Palo Alto Network’s Next-Generation Firewalls is a firewall option integrated with other Palo Alto security products. NGFWs classify and monitor all traffic, including encrypted and internal traffic, based on application, function, user, and content. Palo Alto emphasizes the Zero Trust policy, through which users can create security policies to enable only authorized users to run sanctioned applications, reducing the surface area of cyber attacks across the organization.

Palo Alto’s NGFW provides in-firewall encryption and decryption, as well as data and application segmentation. It integrates with PA’s WildFire malware prevention service and supports easy adoption with an open-source tool for firewall migration. It encompasses on-premises and cloud environments for full-system security.

Next-Generation Firewalls - PA Series Technical Details

Operating SystemsUnspecified
Mobile ApplicationNo

Frequently Asked Questions

Palo Alto next-generation firewalls classify all traffic, including encrypted and internal traffic, based on application, application function, user and content. Users can create security policies to enable only authorized users to run sanctioned applications.

Reviewers rate Policy-based Controls and High Availability and Stateful Inspection highest, with a score of 10.

The most common users of Next-Generation Firewalls - PA Series are from Mid-sized Companies (51-1,000 employees).
Return to navigation


View all alternatives
Return to navigation


(1-25 of 37)
Companies can't remove reviews or game the system. Here's why
Diego Carmignani | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Company wants to create a secured on-premise Datacenter. To do that we implemented 2 PA VM500 in Active-Passive mode and configured them with Layer7 policies and Micro-segmentation. In this way we monitor in\out traffics and also lateral movements between datacenter services
  • Easy web management interface
  • Search is powerfull and easly
  • Many L7 Applications recognize for policies
  • SD-WAN feature is quite difficult
  • Dedicated logging server missing
  • Entry PA Appliance has slowly web interface
  • Commit configuration is slower than other competitors
Palo Alto is recommended in Enterprise environments because is a standard de facto Top of rack Firewall In Datacenter is important to have visibility of all traffic and configure the right and simple policies to manage IT. Palo Alto OS is stable and easy to learn. If you need to put multiple Appliances in remote sites maybe you'll have an issue with the price: it's not cheap.
Score 10 out of 10
Vetted Review
Verified User
We utilize 5260's at both our Datacenters running in HA Pair mode for redundancy and 3220's running in HA Pair mode at each remote office. All production network traffic is routed via our datacenter firewalls due to our VDI infrastructure, and web traffic uses the local office Palo Alto Networks Next- Generations Firewalls - PA Series for egress. All policies are managed via device groups on Panorama.
  • Palo Alto Networks Next-Generation Firewalls - PA Series are excellent at utilizing URL filtering to provide us very granular access to individuals or Active directory groups as needed.
  • The Palo Alto Networks Next-Generation Firewalls - PA Series adds multiple defense layers to include, Anti Spyware, Anti-Malware, File blocking, URL filtering, and we also incorporate the.
  • Wildfile malware protection subscription.
  • SSL Inspection was very manageable by creating decryption policies by URL category.
  • The Global Protect VPN setup could be a little more intuitive.
  • Creating IPSec VPN tunnels can be a little challenging. Would be nice if they grouped and forced entries in all the necessary places as a guide.
Palo Alto Networks Next-Generation Firewalls - PA Series makes the perfect sized Firewall for every Organization, including the use of Virtual firewalls for tiny remote offices. They are relatively easy to configure out of the box and provide very granular configuration settings for all scenarios. They can perform DHCP as well as multi-factor authentication. Having previously used Cisco ASA and Checkpoint, Palo Alto Networks Next-Generation Firewalls - PA Series are much easier to configure and maintain.
For ease of implementation, enhanced - easy to use security policy configuration and overall added security threat protection, Palo Alto Networks Next-Generation Firewalls - PA Series is the best in class, in my opinion. They provide deep insights in your network environment you can't easily find in the Cisco ASA and Checkpoint competitors. I highly recommend a POC if you are looking for a next-generation firewall solution.
Kelvin Goh | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Palo Alto NGFW helps to protect web and network traffic which up to layer 7. There are many new threats and malware and Palo Alto NGFW is able to prevent and identity any potential threats. Palo Alto NGFW comes with WildFire which able to perform file analysis to detect any zero-day threats which can be very efficient to protect the organization.
  • WildFire file analysis.
  • Threat prevention.
  • DNS security.
  • Fasten policy deployment.
  • Provide more threat details.
  • Visibility over file analysis details.
Palo Alto NGFW can be managed by Palo Alto Panorama which provides centralized management. This has greatly simplified the administration and daily operation tasks. Most of the configurations are available in Panorama which can be deployed to the managed devices. Somehow the policy deployment is not instantly and required to perform a commit before the configurations are applied to the firewall.
Score 10 out of 10
Vetted Review
Verified User
Palo Alto [Networks Next-Generation Firewalls] is being used as a security product on our perimeter. We have different segments and different entities using Palo Alto in a campus as well as data center environments. It is securing external threats to penetrate inside our organization showing application visibility along with the threat intelligence feature to mitigate risk.
  • Application visibility
  • Single pass architecture
  • GUI clarity
  • SDWAN without licensing
  • URL filtering is basic; should be included in base license
  • PA devices should come with secure defaults
Single Pass Architecture is the best among all the security products I have worked upon. Features clarity and working solutions [that] are easy to find and deploy. However, this device being on the expensive side makes it difficult to implement for small offices, which is, in my opinion, very difficult to penetrate the market. Sometimes, people do see money/budget. :)
Score 10 out of 10
Vetted Review
Verified User
We have deployed Palo Alto Networks Next-Generation Firewalls - PA Series in our Head office in High availability mode. This Palo Alto Networks Next-Generation Firewalls - PA Series is deployed on the internet gateway/perimeter to filter only good traffic and around 300 users and 30-35 servers are connected behind this firewall. Also, this firewall is responsible to prevent intruders, do gateway level Antivirus inspection, Malware filtering, URL filtering, anti-spyware, and file filtering for users to upload or download. We have also procured DNS security and Wildfire Sandbox along with the firewall.
  • Palo Alto Networks Next-Generation Firewalls - PA Series gives predictive performance, as per our sizing and requirements
  • It is integrated very well with internal features it is providing, like, Wildfire Sandbox integrated with gateway AV and URL filtering engine
  • Seamlessly integrates with 3rd party tools and systems, like integration with ClearPass from HPE Aruba for user auth, syslog integration, etc
  • Enhanced security features like EDL, Credential theft prevention, DNS Security, ML based firewall, which we cannot find in another solutions
  • Palo Alto Networks Next-Generation Firewalls - PA Series provides platform for network security but lacks features for additional features like built-in MFA, cloud based management, etc
  • In file filtering and AV module, there could be a few optional features of white listing a specific file by its name or hash value or some other detail.
  • Compared to other vendors, this is costly, but again, feature-rich and hence cannot be with other firewalls.
Palo Alto Networks Next-Generation Firewalls - PA Series is adopted by companies in every industry. Palo Alto is best suited as a perimeter or gateway level firewall for protection against modern threats, advanced attackers, and also for users to access the Internet safely. The reason being, this is purely an application-layer firewall, and performance is based on bandwidth and sessions classified on the application layer rather than just Layer 3/Layer 4 inspections. It has security features that you can add on as subscriptions and the best part is each feature is integrated with one another internally as well.
Binita Kharbanda | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
We started our Palo Alto journey by securing our organization's data center resources and it didn't fail us. It matched up to our expectations in terms of security and control, which we are able to achieve with Palo Alto Next-Generation Firewalls. We are using Palo Alto's advanced threat prevention technologies to protect our DC.
  • App filtering
  • Sandboxing
  • Wildfire
  • Firewall throughput
  • CLI configuration is tough
  • Cost is too high.
  • TAC support response.
Palo Alto Networks can be perfect suited for mid/large size organizations who are looking to secure their infrastructure or data center as it provides complete preventions against today's zero-day attacks. It keeps updating the malicious signatures with its wildfire database. Its app filtering is the best in the market; we can get so much efficiency.
Chirag Deol | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Palo Alto Networks Next-Generation Firewalls - PA Series is one of the best firewall it fulfills all the security parameters. In simple word if I say it's a powerful device against any type of bad actors, attacks, phishing, malware attacks. I [have] used it for [the] past 2 years and [I] still don't see any other firewalls who stand against Palo Alto.
  • Application Level filtering is the best feature which is known as AppID.
  • Content filtering also the best function which is known as ContentID.
  • Data Encryption is very strong.
  • Sandboxing also very good function.
  • Heavy budget small level company can't afford.
  • Only pro level security engineer can handle or work on it.
  • To remember CLI based command is very difficult.
If your organization is [a] really big company, you have [a] very good budget, and your client data is very critical, like credit card information then Palo Alto Networks Next-Generation Firewalls - PA Series is the best option to secure your data. Sandboxing and data leak prevention feature of Palo Alto easily catch any breaches inside your infra and block bad actors to access your data.
rahul Verma | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Palo Alto is really the most powerful and advanced feature-loaded firewall. I have been working on this product from 2 years. In this time I've explored the various advanced features like app controls, advanced IPs and content filtering. This firewall is always a favorite for every security consultant. The advanced features makes this firewall more secure and more powerful.
  • Anti-spyware.
  • Anti virus capabilities.
  • Anti malware protection.
  • Application based control.
  • User identification.
  • Advanced security features.
  • Palo Alto is really expensive firewall.
  • Complicated command line.
Some organizations can't afford this firewall because this is very expensive but you will get the all latest security features. Mostly preferred for those businesses who deal with personal credit card information and you want to scan every packet. Sandbox and advanced malware protection scan your every packet deeply and with the help of app controls and content filtering, url filtering you can put more restrictions on your users.
Vinit Sharma | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
We are using Palo Alto Firewall because of the advance features they have & we are using content filtering & application filtering features for preventing malicious traffic & unauthorize access. The IDS/IPS & Advance malware protection feature provides a deep scanning feature & also provides sandboxing for advance level deep filtering of packets.
  • Application filtering
  • Content filtering
  • Advance malware protection
  • Deep Scanning
  • Sandboxing
  • Easy to Configure through GUI
  • Anti-Spoofing & Anti-Spam
  • It's complicated to implement it into existing network
  • Packet flow is not easy to understand for the beginners
  • Expensive as compare to other available solutions
  • Less documentation available
Palo Alto firewall only affords by Large level infrastructure having a budget for Security Prospect. I will recommend it for the Card information industry & Confidential data solutions. Because it provides a bucket of security features that are not easily vulnerable.
Basant Gupta | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Palo Alto Networks Next- Generation Firewall is one of the best-loaded security weapons against any type of security threats. This is one of the best and top of every other companies firewall. If you have a large organization that wants to spend lots of money on deep security then this firewall is best for you. I am working and reading about this firewall for the last two years. I don't think this is weak from any security features.
  • Application control.
  • Content filtering.
  • Advanced IPS.
  • Advanced routing.
  • Deep packet inspection.
  • Malware protection.
  • Sand boxing.
  • Hard to configure through CLI.
  • Very expensive.
I don't thin[k] small organization can afford this. This is best for big budget organization and those who worry for security want deep level inspection. You can put more restriction on users and control the application an[d] content. This firewall is always up to date with latest attack and protect from them.
Chandan Singh Rathore | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
We started using Palo Alto to achieve network security including the URL filtering/ application control. And we were able to achieve the app control with Palo Alto NFGW. We used IPS to prevent the known attacks and also used it's advanced sandboxing to prevent the zero-day attacks.
  • Anti-malware
  • Sandboxing
  • App control
  • URL filtering
  • User-friendly GUI
  • Difficult to configure via CLI.
  • Documentation insufficient.
  • Migration from other vendor to PA in existing network.
Palo Alto is best suited for the largest enterprises where budget is not a constraint. Palo Alto can provide the best technologies to prevent known and unknown attacks. It can also provide sandboxing. App control feature is so powerful in Palo Alto and can be leveraged in organizations.
Score 9 out of 10
Vetted Review
Verified User
Palo Alto Networks Next-Generation Firewalls - PA Series is really a very good product in the category of NGFW firewalls--they have all the advance features that can help you tighten your perimeter gateway security layer. Their hold on and understanding about security threats and their deep understanding about the application helps us deal with a dynamically changing threat landscape. We are using Palo Alto Networks Next-Generation Firewalls - PA Series as a network firewall as well as a first layer of defense to deal with external threats. Configuration and administration of all the advance features is very easy and can be done via GUI, wo there's no need to remember so many CLI commands. Very easy and robust up-gradation process.
  • Firewall performance during threat analysis
  • Wildfire support to protect from zero-day threats
  • Huge database of applications and behavior knowledge
  • Virtual wire inline deployment mode
  • In the field of GP VPN
  • Cloud segment
  • Third-party integration support
Palo Alto Networks Next-Generation Firewalls - PA Series are best suited for threat hunting, web filtering, app detection, and user identification via the same box at gateway level, without impacting the performance of the firewall.

They are bit costlier firewalls, so they would not be suited for SOHO environments.
Score 9 out of 10
Vetted Review
Verified User
We are using two Palo Alto PA-5220 firewalls in a high availability configuration as our data center/HQ head-end firewalls as well as our Global Protect VPN portal and gateway. They are used agency-wide for both data center and user traffic, and have allowed us to combine features from our past firewall, VPN and content/URL filtering solutions into one.
  • It does an excellent job of securing by applications rather than relying on ports.
  • With the separate management and data planes we've never experience performance issues.
  • Content updates (apps, URLs, threats) are seamless and automatic.
  • It is very flexible and powerful on the network configuration side.
  • When web managing, you cannot sort by columns by clicking on a column.
  • Palo Alto does not officially bless specific versions as recommended.
  • The Global Protect client upgrade process does not provide feedback on progress.
  • Logging queries sometimes take a while to complete.
Palo Alto PA Series firewalls are well suited to be your main firewall/NAT/VPN/content/URL filtering gateway. It simplifies management and design by having all of these features integrated into one device. It also handles our AD and terminal server user identification requirements well, which a lot of other products don't do at all. Finally, it scales up well since you can manage all of your Palo Alto firewalls from a single Panorama server.
We've run into a couple undocumented bugs, but that seems to happen with every brand and technology. Any time we've had to engage Palo Alto support they've always been professional, knowledgeable and prompt. In almost all cases we've been able to resolve our issues without having to escalate our tickets.
Adam Morrison | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Palo Alto Networks Next-Generation Firewalls is used as our routing, security, and network core at the resort. All traffic that flows from one network to another must go through our Palo Alto. When I came aboard at Pearl River Resort and Casino the Palo Alto was already the core router and firewall. I was a little hesitant about this design. However, after using the system and seeing the performance and benefits of the Palo Alto I am very impressed with the security it can provide and still meet our needed levels of performance.
  • Security Enforcement and Review - The Palo Alto firewall provides all the advanced features you would expect from a modern firewall. Zones based rules, Layer 4 and down rules, and application firewall rules.
  • User Definition - The Palo Alto firewall has direct AD integration. This allows rules to be based not just on source an destination information, but also on which security group in the AD that user belong. For example you can limit access to out of band networks to only the users that need it.
  • Line Rate Traffic Analysis - When doing my home work I found that Palo Alto firewalls provide high speed analysis to traffic with additional processors to allow line speed results.
  • No cloud analytics - I believe industry as a whole is moving to a management suite powered by ML. Palo has a great product, but currently there is no ML backed platform.
  • SD WAN - Palo has just announced the addition of SDWAN in its upcoming 9.1 release. I feel they are a bit late to the game compared to others like Fortinet.
  • Web based interface can still seem slow at time when compared to more modern HTML 5 interfaces.
Palo Alto is well suited when you need to provide multiple layers of visibility and security between areas. The tools available in the Palo Alto allow to you quickly see which traffic is being allowed, denied, and why. This helps greatly improve mean time to resolution when there are issues. An area that is not so useful is on a tight budget. Palo Alto firewall is not cheap and you will need to purchase two to have a redundant core.
The feedback I have gotten from my staff is that the support is excellent. They are quick to respond and are willing to hop on a WebEx and look at configuration issues with you directly. We have had a few issues the "pull logs and wait" routine on some features, but overall they have been great.
Score 10 out of 10
Vetted Review
Verified User
Palo Alto serves as our perimeter defense product, from threat assessment on the internal network, to ingressing connectivity from the internet. Provides inline web proxy and ssl inspection without the need of other machines/hardware. A few problems it solves are: 1) perimeter defenses, 2) sanity and 3) DFARs.
  • Inline rule threat assessment
  • Good information dataplane and graphics
  • GlobalProtect VPN needs a user launchable option from pre-logon. This has been a challenge for government customers for years. Their competitor Cisco AnyConnect has SBL.
  • Quality of upgrades/updates has been getting worse throughout the years. As of recent things they supposedly fixed have been making it back into the newer updates causing more headache for administrators to roll back. Especially if the update addresses a CVE.
  • Some of the lower end units do not perform to the spec on paper - 220/800.
I cannot see a scenario where a Palo Alto firewall would not be well suited. It's security end to end in a box. The only challenge is cost. And if you size it appropriately for a medium business in a single location a PA 850 is an adequate device witn 10G connectivity. For 25K roughly you get peace of mind. That's a small price for a business.
It's hit or miss on support.
I often solve my problems before they can figure it out.

When I cant, its usually a hardware replacement.
October 14, 2019

Palo Alto NGFW

Score 10 out of 10
Vetted Review
Verified User
We use Palo Alto NGFW as our main on-site firewall. There are several units (5000-series) for failover purposes. Firewalls are needed for CIPA compliance and for general Internet Security. We also use the GlobalProtect SSL VPN to provide access to LAN for remote users. We use web-filtering, application filtering (App-ID), etc.
  • Web filtering by category is done better than competing solutions (FortiGate, for example). There is a significantly smaller number of false negatives, at least in my experience, on Palo Alto firewalls than on competing solutions.
  • Logging. Firewall logs on the Palo Alto are very comprehensive. Firewall stores a lot of information about client connections and log filtering options are incredible.
  • Reliable. Palo Alto firewalls we are using were trouble-free so far both software and hardware-wise.
  • Very good VPN solution. GlobalProtect VPN works very well - stable and high performance. As it is hard to troubleshoot issues with remote clients, good performance by SSL VPN client is an important point.
  • Expensive. Palo Alto offerings are usually more expensive than products of competing companies (Cisco ASA, FortiGate, SonicWall, etc.).
  • Can be complicated to use. Both the Web interface and the CLI of the Palo Alto firewall are quite sophisticated. It is much harder to perform the configuration of the Palo Alto firewall than a Fortinet one.
  • Subscriptions. To properly use the firewall, subscription packages are needed, and licensing can be confusing and/or expensive.
Palo Alto is generally a very good device. For organizations looking for more basic UTM device, capabilities of the Palo Alto can be an overkill. There is also a learning curve with the PanOS. FortiGate is a good alternative for organizations with simpler requirements, in my opinion (deployed both Palo Altos and FortiGates). For an organization with significant demands for filtering of network connectivity (k-12 education, finance, etc.) Palo Alto should the first choice due to robust logging, great capabilities to block traffic by application or category, etc.
As Palo Altos proved themselves to be quite reliable, I do not have much experience with customer support. One important thing regarding Palo Alto is incredible amount of training available online. Most vendors cannot match Palo Alto in this regard.
Score 9 out of 10
Vetted Review
Verified User
Our NextGen Firewalls are being used to protect north and south traffics and also monitor the east and west traffics as well.
  • Easy policies deployment
  • Great at zero day protection
  • Very intuitive admin console
  • Great for HA environments and real-time protections
  • Price
  • License
If you are looking for the best NextGen firewall, PA Series firewall is a great products.
I've used it and love the overall performance and protection Palo Alto Networks Next-Generation Firewalls provides.
Score 9 out of 10
Vetted Review
Verified User
As with any organization, ours org needed to replace existing infrastructure. At the time we were strictly a Cisco shop top down, but we were open for other bids as well. After a demo, we purchased Palo Alto 5220 based firewalls, with the intent to use it as the central point of authority for all network traffic for our campus. The Palo Alto (PA) firewall is used as the gateway device for all traffic within our organization.
  • The PA handles VPN connectivity without missing a beat. We have multiple VPN tunnels in use for redundancy to cloud-based services.
  • The PA has great functionality in supporting failover internet connections, again with the ability to have multiple paths out to our cloud-based services.
  • The PA is updated on the regular with various security updates, we are not concerned with the firewall's ability to see what packets are really flowing across the network. Being able to see beyond just IP and port requests lets you know things are locked down better than traditional firewalls.
  • It is a great overall kit, with URL filtering and other services that fill in the gaps between other solutions without breaking the bank.
  • Documentation that is available for solutions from Palo Alto is great. If you find yourself in a situation where something has not been previously documented or implemented, you will have to find out solutions yourself.
  • The ability to use the API for push/pull information with the firewall was a major selling point. However, some items a person would expect to be readily available through the API do not exist, so either you have to go without or do extensive amount of work to put together, sort, and clean the data from multiple sources (I am looking at you dhcp logs).
The Palo Alto device is well suited for a direct replacement for any traditional or other firewall. There is little room for error on this device, it will do exactly what you have it configured for. Between security zones, security policies, nat policies, policy based forwarding, and everything in between, you have to keep your head on straight when making big or small changes.

The Palo Alto does have one overall issue our users report more than anything. The Palo Alto is a strict NAT device, so unless you have the ability to 1 to 1 map IP addresses for your users who need something beside strict NAT limitations, the Palo Alto will cause you grief.
I have had to engage in support multiple times. These times of engaging support was not due to an issue with the firewall itself, but for assistance in troubleshooting with one of our ISPs connection issues. The support staff was very accommodating, treating our issue as if it was an issue with the firewall itself until we proved otherwise. The support staff followed up later to verify what recommendations had been followed by our ISP, which lead our issue to resolution.
Score 9 out of 10
Vetted Review
Verified User
The Palo Alto Networks Next-Generation Firewalls - PA Series firewalls are being used to protect the internal assets to our organization as well as being sold to other customers to help provide them threat protection. The customer use case varies greatly and this product allows all of our customers to be provided a level of protection to fit their needs. The GUI driven interface has allow our support staff to develop their skill set rapidly with this product.
  • Security performance
  • Implementation
  • Managment
  • Cloud features
  • Value
  • Support
Palo Alto's advanced features, like application visibility, make it a very attractive product.The the sluggishness of Palo Alto's Panorama interface when managing a large number of appliances is sometimes a pain point. There is continual development into the product which makes it very easy to use and the constant improvements have made our clients very happy. The security patching is easy and the HA works without issue. If you really want to be in the CLI to manage your firewall then this may not be the product for you. It is very GUI driven to do almost all of the functions to setup and troubleshoot the devices as a whole.
The support staff with Palo Alto have been very responsive and worked with us to solve any and all issues. Complex issues do take some time, but they do a good job staying engaged and working through the problem until resolution. The support portal has been great to use and setting up admin users is very easy compared to others I have used.
Score 10 out of 10
Vetted Review
Verified User
Our network uses the Palo Alto PA-Series firewall as an internet edge facing security gateway, focusing on traditional firewalling, SSL decryption, URL-filtering, and threat mitigation. There are two departments that use the firewall, which are the Security team and the Network Engineering team. Our main goal is to ensure that access to internal networks is secured and access to external networks is limited to appropriate sites.
  • Simple Policy Management
  • Easy-to-read Documentation
  • On-Board Troubleshooting Tools
  • URL-Filtering rules are complex
  • Some Cryptic Error Messages
  • Undocumented software bugs
The Palo Alto PA-Series firewall is well suited to a standards based network environment. Any network that utilizes standards-based protocols in lieu of proprietary (e.g. Cisco EIGRP) would do well to utilize a Palo Alto firewall, especially if that network were concerned about central management of security. A scenario that would be less appropriate for a Palo Alto firewall is one that isn't well versed in different security technologies.
I've called customer support for Palo Alto on several occasions, and every time I've been met with courteous, quick help that answered all of my questions or solved the issue at hand. The support team at Palo Alto is knowledgeable and responsive. When not dealing with the support personnel directly, I've found that the vendor documentation and regular software upgrades are very handy as well.
Score 7 out of 10
Vetted Review
Verified User
We are using Palo Alto firewalls in our remote branches. We have five offices and each one is connected via VPN tunnel through the internet with a firewall. We are using this for the whole organization and we created a required policy to filter the traffic. It has the best feature like APP ID, content ID and wildfire to keep it updated.
  • Deployment is easy and its function is understandable.
  • Due to its advanced SP3 architecture it runs data plain and management plain separately.
  • Technical support is good and fast
  • The product is already perfect
Palo alto is suitable for all scenarios. It is best to use in big organization and to integrate firewall with other security products.
Irteza Rana | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Palo Alto NGFW is top of the line next gen firewalls with application layer visibility. We use Palo Alto firewalls heavily in our network for fulfilling our security needs. It addresses all the firewall functionalities, routing, and protection of not only our physical infrastructure but also our public cloud.
  • It provides application layer visibility and deep packet inspection capabilities.
  • Only VM based firewalls to provide security on the public cloud.
  • It supports advanced features like threat protections, URL filtering, and wildfire.
  • Supports advanced routing OSPF/BGP/RIP.
  • Palo Alto is still new on VM and protection of the public cloud. Features like high availability and encryption/decryption can also be introduced just like in the physical firewall.
  • Throughput capacities over IPSEC VPN can be improved on lower model firewalls including PA-220 , PA-3000 series.
  • Interaction with multi-factor applications like duo can enhance access security.
Palo Alto is fully capable of securing the public cloud. Palo Alto VM series can fully integrate with any public cloud including AWS/Google Cloud and Azure. It can also be integrated with existing physical firewalls to support the hybrid cloud model. Advance features like traps, URL filtering, and AI features adds intelligence to the firewall. Palo Alto is suitable for companies who have a presence in both the public and private cloud.
Cory Brester | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
The PA is used for the entire company. It has been used as a stand-alone for the one building as well as site to site VPN with a second building and mandatory VPN access for remote employees.
  • The URL filtering is awesome.
  • Wildfire is an amazing feature.
  • Traffic reporting is very useful.
  • Expandability is easy, you can easily add additional services.
  • Configure ability is not as simple for someone who isn’t an expert.
  • Support goes overseas and while they have been very helpful, there are often issues communicating.
Any small to large business that wants high availability. The redundancy of the PAs is well worth the extra cost.
Score 10 out of 10
Vetted Review
Verified User
We started implementing Palo Alto a year or two ago to increase our security posture and increase segmentation between our infrastructure services, shared services, and client networks. By utilizing the Palo Next-Generation Firewalls and WildFire we're able to much more quickly identify and isolate new security threats. They played an integral part in keeping WannaCry from becoming a major problem for us.
  • Ease of use.
  • Fast response to new security threats (WildFire).
  • Application aware firewall (App-ID).
  • Logging is fantastic and easy to see what's being blocked/allowed basically in real time.
  • Durability/reliability is surprisingly good, only issue we've had is a couple issues with faulty power supplies, but all our units have redundant power supplies so it was a non-issue.
  • Support is surprisingly good.
  • Cost, these firewalls are awesome, but not cheap.
If you have the money there really isn't anything better on the market. The Palo Alto [solutions] have a web UI that is easy enough to use that most people are comfortable using them within a day or two. Whereas our Cisco ASAs, ACI, Routers and firewall service modules can take a while for people to get the hang of and feel comfortable using them. About the only place that I can think of where I wouldn't use Palo Alto would be small branch office where budgets are generally much tighter.
Score 9 out of 10
Vetted Review
Verified User
Palo Alto (PAN) is used by a division of ours who did not have a full-time network person. We found the product easy and intuitive to work with, which is why our team truly enjoys using the PAN products. The wildfire product addressed and dealt with threats in real time, without a major performance hit like Cisco Sourcefire embedded modules within the 55xx-x series.
  • Easy to learn and use the web-based console. Learn the platform and be able to manage any Palo Alto device.
  • No separate management for control/data plane like the checkpoint.
  • VPN is VERY easy to set up, even double/twice NAT VPN, and can use VTI for route-based VPN setups.
  • Units are far more expensive than competitors. It's worth it, but the price point can scare potential clients off.
Palo Alto firewalls are really great in the following scenarios: firewall functionality at the core and edge, plus, threat, Malware/Virus/DDOS management is embedded into the system. The speed is amazing, even with deep packet inspection. The devices are not rugged and are not well suited for industrial environments. The cost of products is higher than other vendors, but you are also getting a lot more than just a stateful firewall/packet filter.
Return to navigation