TrustRadius
Palo Alto next-generation firewalls classify all traffic, including encrypted and internal traffic, based on application, application function, user and content. Users can create security policies to enable only authorized users to run sanctioned applications.https://media.trustradius.com/product-logos/DS/BU/ULEO0WQAHCO8.PNGPalo Alto NGFWs a success story waiting for youAs with any organization, ours org needed to replace existing infrastructure. At the time we were strictly a Cisco shop top down, but we were open for other bids as well. After a demo, we purchased Palo Alto 5220 based firewalls, with the intent to use it as the central point of authority for all network traffic for our campus. The Palo Alto (PA) firewall is used as the gateway device for all traffic within our organization.,The PA handles VPN connectivity without missing a beat. We have multiple VPN tunnels in use for redundancy to cloud-based services. The PA has great functionality in supporting failover internet connections, again with the ability to have multiple paths out to our cloud-based services. The PA is updated on the regular with various security updates, we are not concerned with the firewall's ability to see what packets are really flowing across the network. Being able to see beyond just IP and port requests lets you know things are locked down better than traditional firewalls. It is a great overall kit, with URL filtering and other services that fill in the gaps between other solutions without breaking the bank.,Documentation that is available for solutions from Palo Alto is great. If you find yourself in a situation where something has not been previously documented or implemented, you will have to find out solutions yourself. The ability to use the API for push/pull information with the firewall was a major selling point. However, some items a person would expect to be readily available through the API do not exist, so either you have to go without or do extensive amount of work to put together, sort, and clean the data from multiple sources (I am looking at you dhcp logs).,9,Prior to the purchase of Palo Alto NGFW firewalls, we used various other technologies along with our prior firewalls. After the purchase of the PA5220s, we were able to sunset these other technologies. Retired tech, along with a single pane of glass provides us with more resources to move forward with on other areas. Positive impact for our organization with the purchase of our PA-5220s.,Cisco ASA,9,AWS EC2 Container Service, Darktrace,2100,2,Inspection Internet Gateway VPN Direct Connect (BGP) Security Rules,Active/Active internet connection failovers BGP routing for AWS Direct Connect with VPN connectivity for redundancy,Always looking to increase usage of the available API for more automated task creation/closing,10Palo Alto NGFWWe use Palo Alto NGFW as our main on-site firewall. There are several units (5000-series) for failover purposes. Firewalls are needed for CIPA compliance and for general Internet Security. We also use the GlobalProtect SSL VPN to provide access to LAN for remote users. We use web-filtering, application filtering (App-ID), etc.,Web filtering by category is done better than competing solutions (FortiGate, for example). There is a significantly smaller number of false negatives, at least in my experience, on Palo Alto firewalls than on competing solutions. Logging. Firewall logs on the Palo Alto are very comprehensive. Firewall stores a lot of information about client connections and log filtering options are incredible. Reliable. Palo Alto firewalls we are using were trouble-free so far both software and hardware-wise. Very good VPN solution. GlobalProtect VPN works very well - stable and high performance. As it is hard to troubleshoot issues with remote clients, good performance by SSL VPN client is an important point.,Expensive. Palo Alto offerings are usually more expensive than products of competing companies (Cisco ASA, FortiGate, SonicWall, etc.). Can be complicated to use. Both the Web interface and the CLI of the Palo Alto firewall are quite sophisticated. It is much harder to perform the configuration of the Palo Alto firewall than a Fortinet one. Subscriptions. To properly use the firewall, subscription packages are needed, and licensing can be confusing and/or expensive.,10,Palo Alto firewalls dramatically improved web filtering capabilities due to the effective category-based filtering. There is less of a need to block web sites manually, reducing administrative workload. Blocking Applications (App-ID) allowed our organization to have more control over the network and generally proved effective even against applications usually able to avoid firewall filtering (torrent clients, remote access software). Logging capabilities of the firewalls were effectively used for cyber security investigations and compliance. Robust filtering options saved many work hours of investigation.,Fortinet FortiGate and Cisco ASA,10,Aruba Networks Wireless LAN (WLAN), Darktrace, G SuitePalo Alto Networks Next-Generation FirewallsThe Palo Alto Networks Next-Generation Firewalls - PA Series firewalls are being used to protect the internal assets to our organization as well as being sold to other customers to help provide them threat protection. The customer use case varies greatly and this product allows all of our customers to be provided a level of protection to fit their needs. The GUI driven interface has allow our support staff to develop their skill set rapidly with this product.,Security performance Implementation Managment,Cloud features Value Support,9,Virtual platform has allowed for great hardware cost decrease Multi tenancy options have been great,,9,SolidFire, Cisco UCS B-Series, Acronis Backup CloudPalo Alto Security Gateways are Simply SecureOur network uses the Palo Alto PA-Series firewall as an internet edge facing security gateway, focusing on traditional firewalling, SSL decryption, URL-filtering, and threat mitigation. There are two departments that use the firewall, which are the Security team and the Network Engineering team. Our main goal is to ensure that access to internal networks is secured and access to external networks is limited to appropriate sites.,Simple Policy Management Easy-to-read Documentation On-Board Troubleshooting Tools,URL-Filtering rules are complex Some Cryptic Error Messages Undocumented software bugs,10,Improved Security Better Web-Access Control Improved Throughput,10,10,Check Point Next Generation Secure Gateway, Cisco ASA and Juniper SRX,LogRhythm NextGen SIEM Platform, SolarWinds Kiwi Syslog Server, Microsoft AzureTOP GUNS of Next-Generation FirewallsOur NextGen Firewalls are being used to protect north and south traffics and also monitor the east and west traffics as well.,Easy policies deployment Great at zero day protection Very intuitive admin console Great for HA environments and real-time protections,Price License,9,Great product if you can afford it. PA firewall provide best in class NextGen protection Price are too high - depends on what subscription you deployed,Cisco Firepower Management Center (FMC series appliances),8,LogRhythm NextGen SIEM Platform, SolarWinds ipMonitor, Cisco Meraki Wireless Access PointImplimentation is easy with unique SP3 Architecture.We are using Palo Alto firewalls in our remote branches. We have five offices and each one is connected via VPN tunnel through the internet with a firewall. We are using this for the whole organization and we created a required policy to filter the traffic. It has the best feature like APP ID, content ID and wildfire to keep it updated.,Deployment is easy and its function is understandable. Due to its advanced SP3 architecture it runs data plain and management plain separately. Technical support is good and fast,The product is already perfect,7,Palo alto has made positive impact on ROI. It satisfies our business objectives. Palo Alto is user friendly,Cisco ASA,ForeScout CounterACT, Dell EMC Unity, Radware AlteonPalo Alto: Next generation firewalls to secure your Public CloudPalo Alto NGFW is top of the line next gen firewalls with application layer visibility. We use Palo Alto firewalls heavily in our network for fulfilling our security needs. It addresses all the firewall functionalities, routing, and protection of not only our physical infrastructure but also our public cloud.,It provides application layer visibility and deep packet inspection capabilities. Only VM based firewalls to provide security on the public cloud. It supports advanced features like threat protections, URL filtering, and wildfire. Supports advanced routing OSPF/BGP/RIP.,Palo Alto is still new on VM and protection of the public cloud. Features like high availability and encryption/decryption can also be introduced just like in the physical firewall. Throughput capacities over IPSEC VPN can be improved on lower model firewalls including PA-220 , PA-3000 series. Interaction with multi-factor applications like duo can enhance access security.,10,With Palo Alto we have the ability to grow and accommodate all our network infrastructure needs. Even a firewall that is 5 years old is still capable of handling advance requests that come to our business. As our business grows, our presence in the public cloud is growing exponentially. With Palo Alto firewalls we are able to keep up with the pace of this growth and still keep our infrastructure secure. Its ability to integrate with multi-vendor gives us the freedom to be with any network vendor as we grow.,Cisco ASA, Fortinet FortiGate and Barracuda NG Firewall,Cisco Nexus, Aerohive Wireless, Aruba ClearPass, HPE Aruba Ethernet SwitchesPalo is about as good as it gets.We have PA firewalls throughout the City, sizing and capabilities based on the needs of the department.,Having two engines: Routing Engine—The Routing Engine provides three main functions: Creates the packet forwarding switch fabric for the Services Router, providing route lookup, filtering, and switching on incoming data packets, then directing outbound packets to the appropriate interface for transmission to the network. Maintains the routing tables used by the router and controls the routing protocols that run on the router. Provides control and monitoring functions for the router, including controlling power and monitoring system status. Packet Forwarding Engine—Processes packets; applies filters, routing policies, and other features; and forwards packets to the next hop along the route to their final destination. The search functions of the appliances and the OS is pretty good. Better than most firewalls. Engaging support was quicker, which can really make or break your day\week when it comes to an outage.,Building an OSPF tunnel with another vendor is proving difficult. Support cant seem to fix it even in their sandbox environment. The Firewall is extremely granular, sometimes searching can prove tedious and frustrating if you're new to the OS.,9,Great up-time and reliability. May cost a little more but is worth it. Between our PA firewalls and our Juniper switching infrastructure, we are pulling almost .9999 of up-time. There are always problems with vendors working VPN tunnels and protocols together and we have a known issue with OSPF with one of our PA's and another vendor and PA cant seem to figure it out. We're planning on replacing the old legacy box soon to alleviate this dilemma.,SonicWALL Aventail, Fortinet FortiGate and WatchGuard NGFW,VMware ESXi, Hyper-V, Compellent, NimbleGreat Enterprise Level Networks Next-Generation FirewallsWe use Palo Alto Networks Next-Generation Firewalls as our primary firewall and our VPN solution for the company. It is very easy to set up and the firewall itself proves to be very effective in managing traffic. They are an industry leader for Enterprise NGFW appliances with numerous security features to protect companies and their networks.,Very good security features including hardware-level antivirus and intrusion prevention. Customizable firewall rules and NAT policies that will match any network's needs. Great management interface. Different size of appliances for different purposes/environments.,We have seen that occasionally the reporting feature can be buggy and that certain options might be missing from the menu in the report section. This seems to be a known bug and we have been working with PAN support to apply a hotfix patch to address the issue.,9,Technical support is excellent without a doubt, qualified support engineers and responsive. We had a few crises and managed to push through under pressure thanks to the tech support. The ease of use was a strong selling point. The management console is very simple to use and we were up and running in a production environment very quickly without any issues. I like the application awareness of the firewall. Really allows you to monitor what is going on and what users are doing.,SonicWall TZ,Veriato 360, eFax, SonicWall TZPalo Alto Networks Next Generation.The PA is used for the entire company. It has been used as a stand-alone for the one building as well as site to site VPN with a second building and mandatory VPN access for remote employees.,The URL filtering is awesome. Wildfire is an amazing feature. Traffic reporting is very useful. Expandability is easy, you can easily add additional services.,Configure ability is not as simple for someone who isn’t an expert. Support goes overseas and while they have been very helpful, there are often issues communicating.,10,Positive: It has stopped malicious downloads. Positive: allowed us to easily scale as we quickly grew.,SonicWall TZ,Juniper Enterprise Routers, Aruba Networks Wireless LAN (WLAN), Aruba ClearPassA huge improvement over traditional layer 2/3 firewalls.We started implementing Palo Alto a year or two ago to increase our security posture and increase segmentation between our infrastructure services, shared services, and client networks. By utilizing the Palo Next-Generation Firewalls and WildFire we're able to much more quickly identify and isolate new security threats. They played an integral part in keeping WannaCry from becoming a major problem for us.,Ease of use. Fast response to new security threats (WildFire). Application aware firewall (App-ID). Logging is fantastic and easy to see what's being blocked/allowed basically in real time. Durability/reliability is surprisingly good, only issue we've had is a couple issues with faulty power supplies, but all our units have redundant power supplies so it was a non-issue. Support is surprisingly good.,Cost, these firewalls are awesome, but not cheap.,10,Easier to train employees to use. Provides a programmable network security platform that we can integrate with other automation workflows. Less hardware faults/replacements mean that engineers have a better work life balance while maintaining service availability.,Cisco ASA and Juniper SRX,Cisco ASA, Juniper SRX, Cisco Application Centric Infrastructure, Ansible, Oracle Exadata Database Machine, Cisco Catalyst Switches, Cisco Catalyst 3650 Series Switches, Palo Alto Networks URL Filtering PAN-DB, Palo Alto Panorama, Palo Alto Networks Virtualized Next-Generation Firewalls - VM Series, Palo Alto Networks WildFire, Cisco Ethernet Switches, Mellanox Switches, Cisco FabricPath, Cisco Nexus, Cisco Meraki MS Switches, Cisco Routers, Cisco SSL VPN, Apple Remote Desktop, VMware ESXi, VMware Fusion, VMware NSX, VMware Workstation, NetApp FAS series, NetApp SnapMirrorPAN: It costs a lot, but it's worth it!Palo Alto (PAN) is used by a division of ours who did not have a full-time network person. We found the product easy and intuitive to work with, which is why our team truly enjoys using the PAN products. The wildfire product addressed and dealt with threats in real time, without a major performance hit like Cisco Sourcefire embedded modules within the 55xx-x series.,Easy to learn and use the web-based console. Learn the platform and be able to manage any Palo Alto device. No separate management for control/data plane like the checkpoint. VPN is VERY easy to set up, even double/twice NAT VPN, and can use VTI for route-based VPN setups.,Units are far more expensive than competitors. It's worth it, but the price point can scare potential clients off.,9,Bottom line at first, but once they're up and running, they're rock solid.,Check Point Next Generation Firewall, Cisco ASA and Fortinet FortiGatePalo Alto Networks a NGFW leader with little to no competition todayPalo Alto Networks firewalls are replacing legacy port and protocol based firewalls to assist in implementing a security stack that includes layer7 application identification controls, user-based access, threat prevention, as well as zone based segmentation of networks and systems. We are also leveraging Palo Alto Globalprotect for remote-access VPN and testing the new web-based VPN features.,Palo Alto Networks is a leader in zone-based firewall deployments. Palo Alto Networks domain integration makes them a leader in restricting access based on source user/AD group. Palo Alto is continuously developing their Application catalog to help restrict traffic on layer 7 apps not just ports/services.,Palo Alto threat signatures and application signatures are not available to most customers, the black box method makes it hard to determine the root cause of issues in some cases. Some updates - especially for new OS releases are buggy and needs to be fully tested before deployment.,8,Positive ROI - combining firewall technology with threat prevention/detection removing the need (in many cases) of a separate IPS/IDS Positive ROI - combining multiple firewalls into one where appropriate leveraging zone based firewalling Negative ROI - none discovered yet,Fortinet FortiGate, Cisco ASA, Sourcefire Firewalls and Check Point Next Generation FirewallPANTASTICIt's used across the organization, for threat prevention and continuity of operation .,Visibility into traffic Risk reduction High performance without cutting corners on security,The endpoint protection price is not competitive The Ldap integration and user mapping could be more intuitive The client-less VPN can use native RDP client,10,Intrusion reduction . High availability uptime Data leak prevention,Azure Multi-Factor Authentication, FortiSIEM, Microsoft Azure, Sophos Endpoint Protection and Nutanix Acropolis,Nutanix Acropolis, Microsoft Azure, Sophos Endpoint ProtectionPalo Alto will stop the bad guys for you!We utilize Palo Alto Next Generation Firewalls to protect our perimeter network and provide VPN connectivity for site-to-site and endpoint access. The firewall helps to mitigate potential misuse of the internet as well as stopping attacks from shady websites.,AppID is able to see what the actual internet traffic is. For instance instead of port 443 just being "Internet traffic" we can define access to Facebook-base or all the other facets of facebook. UserID allows us to define policies based on group or user access and integrates with our Active Directory. This helps to configure a least access privilege and if we find misuse of the network we can tighten specific users to a stricter policy. GlobalProtect VPN connection helps our employee's connect from home remotely. This provides a very secure connection with minimal configuration. Wildfire provides very up-to-date information regarding global attack mitigations and stopping techniques.,Our specific model is a bit slow and outdated and takes up to 10 minutes to commit a configuration change. Nested security rules would be helpful instead of a linear approach. But rule creation in general is very simple. Documentation gives a very straight forward answer to some items but is very vague in others. Support could be a little better. An issue we had a tech was insistent it was the "other guy" and it ended up being the very latest PAN OS upgrade.,9,We used to outsource our Firewall and it's management. Not only did we find their SLA's to be lacking, in general, but communication between us was horrible. Many times we could not understand them and that resulted in less than desirable rule creation or troubleshooting. Since we no longer have to pay a company for 24/7 management (and SLOW SLA's) we are saving a ton of money each year. Also our fellow employee's are much happier that things can be resolved in a timely manner.,Not Beginner-friendly, but Powerful and ComprehensiveWe used our Palo Alto firewalls to analyze and filter all traffic coming into and leaving our network, including the DMZ.,Web Filtering - Analysis is fast and comprehensive, with all the options one should expect from a professional Web filter. Admins can set options to audit, warn, click-through, password-protect, or block sites based on numerous criteria. Changing site categories is easy and Palo Alto do a good job of being pretty up-to-date on their site catalog. Packet Identification - This is an area where Palo Alto excels. Want to allow your users to use Facebook, but block IM and/or file transfers? Easy. Have an inbound file that says it's a jpeg but is really an Excel spreadsheet? Busted. WildFire - I hated it at first, but it's come a long way. Unknown files can be sent to WildFire for them to sandbox and analyze. The result is fairly fast return times and a process that contributes to the improvement of your firewall's function.,Updates - They happen often and are quick to install, but new definitions with a threat level of critical should be blocked by default, not set to audit-only. SSL Proxy - This works great if you have very little traffic on your PA. If you turn this on, expect to cut the firewall's performance in half. Even then, no SSL Proxy is perfect, so some sites just won't work.,9,Within minutes of installing a PA in passive mode, we were able to identify dozens of attacks on our network. In the first month, we were able to provide executive reviews of attacks on our network, usage statistics of our Internet connections, and use of our cloud resources. Our PA installation helped us discover a major exfiltration attempt, document it, and bring a compelling case against the perpetrator.,Juniper SRX, Smoothwall SWG and Barracuda Web FilterPalo Alto ReviewPalo Alto is used as our primary firewalls. It addresses the problem of outside intrusions and are configured with both basic and advanced firewall features. We are able to protect against application-level threats and it is also used to manage our VPN and MPLS networks. Many features such as dynamic block lists, DLP, web content filtering, advanced threat protection, wildfire, and DDoS protection are available and are in use with our company.,Protects against common threats such as unauthorized vulnerability scans Protects against malware applications and ransomware such as Cryptowall Allows very secure VPN connections for external users,The web content filtering is good, but could be improved Wildfire can take a long time to analyze files Alerts and logs could contain a little more information or intelligence to help narrow down a threat.,10,Dynamic protection against all types of threats Excellent ROI by protecting from otherwise devastating attacks Easy to use GUI reduces staff time for management and administration,Cisco ASA,Symantec Endpoint Protection, Imperva SecureSphere, McAfee Total Protection for Endpoint,Turning advanced features on or off Blocking threats based on criticality Maintaining whitelists.,Initial configuration can take some work Maintaining specific ACL's for specific networks SSL decryption can take some time to implement correctly,No,10Palo Alto PA-3000 series - a valuable and reliable resource for protecting your networkWe are using the Palo Alto Networks PA-3020 to control internet access for the entire organization. The business problems being addressed are: 1. availability of services and information, e.g. protecting against malicious activity that would attempt to destroy or otherwise prevent access to services and information. 2. confidentiality of data and resources 3. integrity of data and resources,It manages software updates particularly well as well as the ability to downgrade software versions. This is a strength because of the need to stay current with patches to fix discovered vulnerabilities and also assurance that if an update causes a serious problem, it is relatively easy to roll it back. Reliability is good. We have not had any unscheduled downtime from the device since we've put it into production. It does a good job identifying threats and potential threats based on vulnerabilities and blocking suspect connections automatically.,I would like to see some guidance on suggested action to take on an identified threat or potential threat beyond just blocking the access. In the Monitor tab/threat, I would like to be able to copy an item in the listing (ip address, url, etc.) directly rather than having to click on the item which automatically puts it into the filter where I can then mark and copy the item. Also, if I want to copy the URL and I click on it, it puts it into the filter as an IP address which I may not necessarily want to copy.,10,I don't know how to put a dollar amount on ROI for this product nor can I say for sure what we may have been protected against had we not had the Palo Alto in place, but we have not had a ransomware attack or other security event since the device has been in place. I know from experience that responding to an event and remediating from an event can be costly in terms of lost user productivity and IT staff man-hours spent. As an IT staff member chiefly responsible for security, I spend less time looking for and blocking potential breaches or attempts since the Palo-Alto automatically detects and blocks many of those automatically without my intervention.,Dell SonicWall and Cisco ASA,Cisco ASA, Unitrends Recovery Series Backup Appliance, Cisco Prime LAN Management SolutionSolid multi-function security solution, but it's not cheap!We use the PA-3000 firewalls to secure our perimeter at our data centers. Our entire organization uses these devices to secure all Internet traffic. We use these firewalls for multiple purposes, including anti-virus, threat detection, DMZ, routing, URL filtering, and malware protection, in both layer 3 active/standby mode as well as vwire mode.,Performs a lot of security functionality all in one device - this is important because especially in today's world, there are a lot of point products out there and it can be difficult for a small or medium-sized business to manage all of them. Having one product saves time, money, and complexity. High availability performance is very good, failover is seamless, which is important for business continuity. GUI is excellent, which makes it very easy for administrators to manage the firewall and see exactly what is happening.,The CLI is a bit confusing, and it's difficult to find what you're looking for. Takes a lot of practice. Definitely not as good as the Cisco CLI. Updating the firmware is often a very dangerous process, especially when jumping minor or major releases. More QA should be done to validate and ensure no issues during upgrades. I'll admit it's gotten better over time, but there is still room for improvement.,8,Overall, even though the device is very expensive (both hardware and licensing), the product does produce a decent ROI, given that one (or HA pair) of devices can do so many things, such as anti-virus, anti-malware, URL filtering, SSL decryption, SSL VPN, routing, etc. There will definitely be sticker shock when you're renewal comes up annually (or after 3 years), so be sure to look very carefully at the recurring costs of this product, with respect to licensing and hardware/software maintenance.,Cisco ASA,NetskopeThe Next Generation is Here - I'm not talking about Millenials!PA's NGFW is being used to secure our internal network, servers and a wide variety of devices from external and in conjunction with the implemented software, internal threats. It is being used across the entire organization including the provision of protective services to several remote areas via VPN & VSAT. It has been implemented to help the company recover from a dearth of support previously provided (or not) by an outside vendor.,It seamlessly performs simultaneous scanning at all levels of the packet, looking for irregularities and/or evidence potential threat activity. This is a most helpful tool, in that it looks to prevent known and/or suspicious packets from entering uninspected into the environment. Additionally, it provides blocking services for known hostile URLs, which helps cut down dramatically on the potential for phishing and other types of intrusions. Finally, PA's NGFW and associated software takes identified suspicious items and "sandboxes" them - sends them for examination /evaluation. The feedback & other support we get from PAN and its local partner is just far above expectation.,The only thing I can suggest is a little more information on available dashboards and how to use them. It could be that I haven't looked in the right place, but at my level, I don't often have the time go surfing through sites to find things. Perhaps a CIO/CSO dashboard with immediate access to other dashboards and high level information.,10,It has dramatically reduced malware and virus intrusions, and supported our efforts at eliminating unauthorized network usage for personal purposes, such as downloading movies, videos and music. That has freed up the network to function according to the bandwidth levels we purchased.,High performance, rock solid firewall solution for Medium to Large businesses.We needed a solution that would detect threats before they were detected by endpoint software and eliminate the threats of exploits and viruses to our end users, including ransomware attacks.,Monitoring and detecting unwanted application access by our users, such as streaming and torrent download sites. Preventing exploits and malware from hitting our network and infecting all end-user PCs and servers. Excellent secure VPN access for our outside staff and partners. The VPN software client is available for PC & Mac as well as mobile client options on Android and Apple stores.,The products are a bit pricey, but feature filled. Their annual services can really add up quickly. The models of devices are somewhat confusing. For instance, we wanted a firewall that had the ability to use Active & Passive fault tolerance, and only the very advanced models (more expensive) do this. It might bring smaller customers in by adding more advanced features to lower-priced models.,9,ROI could be measured in the first few attacks you prevent. IT leaders rarely include the cost of clean-up and preventative scanning of computers and networks in the ROI of a product purchase. Many IT departments do not understand what the financial impact to a business outage would be, but it's one of the most if not THE most critical ROI that should be calculated. In our company, we have too many users, services, applications, and partners who need 24x7 access to our network and to the Internet to compromise with less technology.,Sonicwall, Cisco Pix and Cisco ASA,McAfee Total Protection for Endpoint, Barracuda Email Security Service, TeamViewer, Skype for Business, OneDrive, Microsoft Office 365, Citrix NetScaler, Splunk LightFirewall and Wildfire? Great!PA-500 is being used across our entire organization. We currently use it to filter web traffic with geoblocking, implement our VPN, and for general logging of network activity.,The VPN (GlobalProtect) is easy to use. Logging is done well and in an easy to use situation. The GeoBlocking is exceptional.,The web interface to look at real time events is very slow and clunky. The searching feature is hard to figure out what parameters you use. The GlobalProtect VPN client has a few strange features that have increased support hours. It's easy to work around but caused a few unnecessary tickets.,7,Less time for users to connect to the VPN (globalprotect can be set to be "always on"),Cisco Meraki MX Firewalls,Microsoft SQL Server, Google Drive, ElasticsearchUnspecified
Palo Alto Networks Next-Generation Firewalls - PA Series
60 Ratings
Score 9.1 out of 101
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener noreferrer'>trScore algorithm: Learn more.</a>TRScore

Next-Generation Firewalls - PA Series Reviews

<a href='https://www.trustradius.com/static/about-trustradius-scoring#question3' target='_blank' rel='nofollow noopener noreferrer'>Customer Verified: Read more.</a>
Next-Generation Firewalls - PA Series
60 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener noreferrer'>trScore algorithm: Learn more.</a>
Score 9.1 out of 101

Do you work for this company?

Overall Rating

Reviewer's Company Size

Last Updated

By Topic

Industry

Department

Experience

Job Type

Role

Reviews (1-22 of 22)

Companies can't remove reviews or game the system. Here's why.
No photo available
Score 9 out of 10
Vetted Review
Verified User
Review Source
As with any organization, ours org needed to replace existing infrastructure. At the time we were strictly a Cisco shop top down, but we were open for other bids as well. After a demo, we purchased Palo Alto 5220 based firewalls, with the intent to use it as the central point of authority for all network traffic for our campus. The Palo Alto (PA) firewall is used as the gateway device for all traffic within our organization.
  • The PA handles VPN connectivity without missing a beat. We have multiple VPN tunnels in use for redundancy to cloud-based services.
  • The PA has great functionality in supporting failover internet connections, again with the ability to have multiple paths out to our cloud-based services.
  • The PA is updated on the regular with various security updates, we are not concerned with the firewall's ability to see what packets are really flowing across the network. Being able to see beyond just IP and port requests lets you know things are locked down better than traditional firewalls.
  • It is a great overall kit, with URL filtering and other services that fill in the gaps between other solutions without breaking the bank.
  • Documentation that is available for solutions from Palo Alto is great. If you find yourself in a situation where something has not been previously documented or implemented, you will have to find out solutions yourself.
  • The ability to use the API for push/pull information with the firewall was a major selling point. However, some items a person would expect to be readily available through the API do not exist, so either you have to go without or do extensive amount of work to put together, sort, and clean the data from multiple sources (I am looking at you dhcp logs).
The Palo Alto device is well suited for a direct replacement for any traditional or other firewall. There is little room for error on this device, it will do exactly what you have it configured for. Between security zones, security policies, nat policies, policy based forwarding, and everything in between, you have to keep your head on straight when making big or small changes.

The Palo Alto does have one overall issue our users report more than anything. The Palo Alto is a strict NAT device, so unless you have the ability to 1 to 1 map IP addresses for your users who need something beside strict NAT limitations, the Palo Alto will cause you grief.
Read this authenticated review
No photo available
October 14, 2019

Palo Alto NGFW

Score 10 out of 10
Vetted Review
Verified User
Review Source
We use Palo Alto NGFW as our main on-site firewall. There are several units (5000-series) for failover purposes. Firewalls are needed for CIPA compliance and for general Internet Security. We also use the GlobalProtect SSL VPN to provide access to LAN for remote users. We use web-filtering, application filtering (App-ID), etc.
  • Web filtering by category is done better than competing solutions (FortiGate, for example). There is a significantly smaller number of false negatives, at least in my experience, on Palo Alto firewalls than on competing solutions.
  • Logging. Firewall logs on the Palo Alto are very comprehensive. Firewall stores a lot of information about client connections and log filtering options are incredible.
  • Reliable. Palo Alto firewalls we are using were trouble-free so far both software and hardware-wise.
  • Very good VPN solution. GlobalProtect VPN works very well - stable and high performance. As it is hard to troubleshoot issues with remote clients, good performance by SSL VPN client is an important point.
  • Expensive. Palo Alto offerings are usually more expensive than products of competing companies (Cisco ASA, FortiGate, SonicWall, etc.).
  • Can be complicated to use. Both the Web interface and the CLI of the Palo Alto firewall are quite sophisticated. It is much harder to perform the configuration of the Palo Alto firewall than a Fortinet one.
  • Subscriptions. To properly use the firewall, subscription packages are needed, and licensing can be confusing and/or expensive.
Palo Alto is generally a very good device. For organizations looking for more basic UTM device, capabilities of the Palo Alto can be an overkill. There is also a learning curve with the PanOS. FortiGate is a good alternative for organizations with simpler requirements, in my opinion (deployed both Palo Altos and FortiGates). For an organization with significant demands for filtering of network connectivity (k-12 education, finance, etc.) Palo Alto should the first choice due to robust logging, great capabilities to block traffic by application or category, etc.
Read this authenticated review
No photo available
Score 9 out of 10
Vetted Review
Verified User
Review Source
The Palo Alto Networks Next-Generation Firewalls - PA Series firewalls are being used to protect the internal assets to our organization as well as being sold to other customers to help provide them threat protection. The customer use case varies greatly and this product allows all of our customers to be provided a level of protection to fit their needs. The GUI driven interface has allow our support staff to develop their skill set rapidly with this product.
  • Security performance
  • Implementation
  • Managment
  • Cloud features
  • Value
  • Support
Palo Alto's advanced features, like application visibility, make it a very attractive product.The the sluggishness of Palo Alto's Panorama interface when managing a large number of appliances is sometimes a pain point. There is continual development into the product which makes it very easy to use and the constant improvements have made our clients very happy. The security patching is easy and the HA works without issue. If you really want to be in the CLI to manage your firewall then this may not be the product for you. It is very GUI driven to do almost all of the functions to setup
and troubleshoot the devices as a whole.
Read this authenticated review
No photo available
Score 10 out of 10
Vetted Review
Verified User
Review Source
Our network uses the Palo Alto PA-Series firewall as an internet edge facing security gateway, focusing on traditional firewalling, SSL decryption, URL-filtering, and threat mitigation. There are two departments that use the firewall, which are the Security team and the Network Engineering team. Our main goal is to ensure that access to internal networks is secured and access to external networks is limited to appropriate sites.
  • Simple Policy Management
  • Easy-to-read Documentation
  • On-Board Troubleshooting Tools
  • URL-Filtering rules are complex
  • Some Cryptic Error Messages
  • Undocumented software bugs
The Palo Alto PA-Series firewall is well suited to a standards based network environment. Any network that utilizes standards-based protocols in lieu of proprietary (e.g. Cisco EIGRP) would do well to utilize a Palo Alto firewall, especially if that network were concerned about central management of security. A scenario that would be less appropriate for a Palo Alto firewall is one that isn't well versed in different security technologies.
Read this authenticated review
No photo available
Score 9 out of 10
Vetted Review
Verified User
Review Source
Our NextGen Firewalls are being used to protect north and south traffics and also monitor the east and west traffics as well.
  • Easy policies deployment
  • Great at zero day protection
  • Very intuitive admin console
  • Great for HA environments and real-time protections
  • Price
  • License
If you are looking for the best NextGen firewall, PA Series firewall is a great products.
Read this authenticated review
No photo available
Score 7 out of 10
Vetted Review
Verified User
Review Source
We are using Palo Alto firewalls in our remote branches. We have five offices and each one is connected via VPN tunnel through the internet with a firewall. We are using this for the whole organization and we created a required policy to filter the traffic. It has the best feature like APP ID, content ID and wildfire to keep it updated.
  • Deployment is easy and its function is understandable.
  • Due to its advanced SP3 architecture it runs data plain and management plain separately.
  • Technical support is good and fast
  • The product is already perfect
Palo alto is suitable for all scenarios. It is best to use in big organization and to integrate firewall with other security products.
Read this authenticated review
Irteza Rana profile photo
Score 10 out of 10
Vetted Review
Verified User
Review Source
Palo Alto NGFW is top of the line next gen firewalls with application layer visibility. We use Palo Alto firewalls heavily in our network for fulfilling our security needs. It addresses all the firewall functionalities, routing, and protection of not only our physical infrastructure but also our public cloud.
  • It provides application layer visibility and deep packet inspection capabilities.
  • Only VM based firewalls to provide security on the public cloud.
  • It supports advanced features like threat protections, URL filtering, and wildfire.
  • Supports advanced routing OSPF/BGP/RIP.
  • Palo Alto is still new on VM and protection of the public cloud. Features like high availability and encryption/decryption can also be introduced just like in the physical firewall.
  • Throughput capacities over IPSEC VPN can be improved on lower model firewalls including PA-220 , PA-3000 series.
  • Interaction with multi-factor applications like duo can enhance access security.
Palo Alto is fully capable of securing the public cloud. Palo Alto VM series can fully integrate with any public cloud including AWS/Google Cloud and Azure. It can also be integrated with existing physical firewalls to support the hybrid cloud model. Advance features like traps, URL filtering, and AI features adds intelligence to the firewall. Palo Alto is suitable for companies who have a presence in both the public and private cloud.
Read Irteza Rana's full review
Michael Haberkern profile photo
Score 9 out of 10
Vetted Review
Verified User
Review Source
We have PA firewalls throughout the City, sizing and capabilities based on the needs of the department.
  • Having two engines:
  • Routing Engine—The Routing Engine provides three main functions:
  • Creates the packet forwarding switch fabric for the Services Router, providing route lookup, filtering, and switching on incoming data packets, then directing outbound packets to the appropriate interface for transmission to the network.
  • Maintains the routing tables used by the router and controls the routing protocols that run on the router.
  • Provides control and monitoring functions for the router, including controlling power and monitoring system status.
  • Packet Forwarding Engine—Processes packets; applies filters, routing policies, and other features; and forwards packets to the next hop along the route to their final destination.
  • The search functions of the appliances and the OS is pretty good. Better than most firewalls.
  • Engaging support was quicker, which can really make or break your day\week when it comes to an outage.
  • Building an OSPF tunnel with another vendor is proving difficult. Support cant seem to fix it even in their sandbox environment.
  • The Firewall is extremely granular, sometimes searching can prove tedious and frustrating if you're new to the OS.
Palo Alto ranks as one of the best nex-gen firewalls. Their OS, real-time analytics and their wildfire product is pretty top-notch. They are even branching out in the AV side, just don't have the GUIs integrated well, so it more sites to go to. Instead, one global GUI would be nice.
Read Michael Haberkern's full review
Alex Leung profile photo
Score 9 out of 10
Vetted Review
Verified User
Review Source
We use Palo Alto Networks Next-Generation Firewalls as our primary firewall and our VPN solution for the company. It is very easy to set up and the firewall itself proves to be very effective in managing traffic. They are an industry leader for Enterprise NGFW appliances with numerous security features to protect companies and their networks.
  • Very good security features including hardware-level antivirus and intrusion prevention.
  • Customizable firewall rules and NAT policies that will match any network's needs.
  • Great management interface.
  • Different size of appliances for different purposes/environments.
  • We have seen that occasionally the reporting feature can be buggy and that certain options might be missing from the menu in the report section. This seems to be a known bug and we have been working with PAN support to apply a hotfix patch to address the issue.
Great product and great company to do business with. We are a long time customer and are currently using many of their security products. We find that they focus heavily on ease of use and making deployment as simple as possible which is always a plus for my organization.
Read Alex Leung's full review
Cory Brester profile photo
Score 10 out of 10
Vetted Review
Verified User
Review Source
The PA is used for the entire company. It has been used as a stand-alone for the one building as well as site to site VPN with a second building and mandatory VPN access for remote employees.
  • The URL filtering is awesome.
  • Wildfire is an amazing feature.
  • Traffic reporting is very useful.
  • Expandability is easy, you can easily add additional services.
  • Configure ability is not as simple for someone who isn’t an expert.
  • Support goes overseas and while they have been very helpful, there are often issues communicating.
Any small to large business that wants high availability. The redundancy of the PAs is well worth the extra cost.
Read Cory Brester's full review
No photo available
Score 10 out of 10
Vetted Review
Verified User
Review Source
We started implementing Palo Alto a year or two ago to increase our security posture and increase segmentation between our infrastructure services, shared services, and client networks. By utilizing the Palo Next-Generation Firewalls and WildFire we're able to much more quickly identify and isolate new security threats. They played an integral part in keeping WannaCry from becoming a major problem for us.
  • Ease of use.
  • Fast response to new security threats (WildFire).
  • Application aware firewall (App-ID).
  • Logging is fantastic and easy to see what's being blocked/allowed basically in real time.
  • Durability/reliability is surprisingly good, only issue we've had is a couple issues with faulty power supplies, but all our units have redundant power supplies so it was a non-issue.
  • Support is surprisingly good.
  • Cost, these firewalls are awesome, but not cheap.
If you have the money there really isn't anything better on the market. The Palo Alto [solutions] have a web UI that is easy enough to use that most people are comfortable using them within a day or two. Whereas our Cisco ASAs, ACI, Routers and firewall service modules can take a while for people to get the hang of and feel comfortable using them. About the only place that I can think of where I wouldn't use Palo Alto would be small branch office where budgets are generally much tighter.
Read this authenticated review
No photo available
Score 9 out of 10
Vetted Review
Verified User
Review Source
Palo Alto (PAN) is used by a division of ours who did not have a full-time network person. We found the product easy and intuitive to work with, which is why our team truly enjoys using the PAN products. The wildfire product addressed and dealt with threats in real time, without a major performance hit like Cisco Sourcefire embedded modules within the 55xx-x series.
  • Easy to learn and use the web-based console. Learn the platform and be able to manage any Palo Alto device.
  • No separate management for control/data plane like the checkpoint.
  • VPN is VERY easy to set up, even double/twice NAT VPN, and can use VTI for route-based VPN setups.
  • Units are far more expensive than competitors. It's worth it, but the price point can scare potential clients off.
Palo Alto firewalls are really great in the following scenarios: firewall functionality at the core and edge, plus, threat, Malware/Virus/DDOS management is embedded into the system. The speed is amazing, even with deep packet inspection. The devices are not rugged and are not well suited for industrial environments. The cost of products is higher than other vendors, but you are also getting a lot more than just a stateful firewall/packet filter.
Read this authenticated review
No photo available
Score 8 out of 10
Vetted Review
Verified User
Review Source
Palo Alto Networks firewalls are replacing legacy port and protocol based firewalls to assist in implementing a security stack that includes layer7 application identification controls, user-based access, threat prevention, as well as zone based segmentation of networks and systems. We are also leveraging Palo Alto Globalprotect for remote-access VPN and testing the new web-based VPN features.
  • Palo Alto Networks is a leader in zone-based firewall deployments.
  • Palo Alto Networks domain integration makes them a leader in restricting access based on source user/AD group.
  • Palo Alto is continuously developing their Application catalog to help restrict traffic on layer 7 apps not just ports/services.
  • Palo Alto threat signatures and application signatures are not available to most customers, the black box method makes it hard to determine the root cause of issues in some cases.
  • Some updates - especially for new OS releases are buggy and needs to be fully tested before deployment.
Palo Alto firewalls are great for 99% of any deployment. Their cost is sometimes prohibitive making other technologies better suited for those concerned about cost - but the cost is worth the technology and this should not be a driver to chose Palo Alto Networks. Their web VPN cannot replace other implementations (Cisco, F5, etc.) but is getting better with each release.
Read this authenticated review
Eric V. Zarghami profile photo
October 12, 2018

PANTASTIC

Score 10 out of 10
Vetted Review
Verified User
Review Source
It's used across the organization, for threat prevention and continuity of operation .
  • Visibility into traffic
  • Risk reduction
  • High performance without cutting corners on security
  • The endpoint protection price is not competitive
  • The Ldap integration and user mapping could be more intuitive
  • The client-less VPN can use native RDP client
It's definitely an upgrade. It offers visibility into network. PAN HA configuration pays the dividends. Expands with the network. The firewall can handle high throughput networks while applying security. The 5000 series is a bit an overkill for small businesses. There is going to be a bit of learning curve for Cisco power users who are used to CLI as it heavily relies on GUI .
Read Eric V. Zarghami's full review
Christopher St.Amand profile photo
Score 9 out of 10
Vetted Review
Verified User
Review Source
We utilize Palo Alto Next Generation Firewalls to protect our perimeter network and provide VPN connectivity for site-to-site and endpoint access. The firewall helps to mitigate potential misuse of the internet as well as stopping attacks from shady websites.
  • AppID is able to see what the actual internet traffic is. For instance instead of port 443 just being "Internet traffic" we can define access to Facebook-base or all the other facets of facebook.
  • UserID allows us to define policies based on group or user access and integrates with our Active Directory. This helps to configure a least access privilege and if we find misuse of the network we can tighten specific users to a stricter policy.
  • GlobalProtect VPN connection helps our employee's connect from home remotely. This provides a very secure connection with minimal configuration.
  • Wildfire provides very up-to-date information regarding global attack mitigations and stopping techniques.
  • Our specific model is a bit slow and outdated and takes up to 10 minutes to commit a configuration change.
  • Nested security rules would be helpful instead of a linear approach. But rule creation in general is very simple.
  • Documentation gives a very straight forward answer to some items but is very vague in others.
  • Support could be a little better. An issue we had a tech was insistent it was the "other guy" and it ended up being the very latest PAN OS upgrade.
These are easy to configure devices where a super technical security engineer is not necessarily needed to manage the device. From a small corporate office with the PA-220 to a very large office PA-5x series, management is very similar across the whole line of products. Security rules, objects and other building blocks are easy to find. The interface is easily navigable. There are some quirks in regards to the interface but nothing horrible, especially since v7 update. Utilizing UserID is beneficial in a corporate environment that uses LDAP/Active Directory to in order to create policies according to users/groups. AppID helps to reduce attack surfaces. Wildfire and the other antivirus/malware features are automatically updated to provide a very up to date protection package.
Read Christopher St.Amand's full review
John Orleans, CISSP profile photo
Score 9 out of 10
Vetted Review
Verified User
Review Source
We used our Palo Alto firewalls to analyze and filter all traffic coming into and leaving our network, including the DMZ.
  • Web Filtering - Analysis is fast and comprehensive, with all the options one should expect from a professional Web filter. Admins can set options to audit, warn, click-through, password-protect, or block sites based on numerous criteria. Changing site categories is easy and Palo Alto do a good job of being pretty up-to-date on their site catalog.
  • Packet Identification - This is an area where Palo Alto excels. Want to allow your users to use Facebook, but block IM and/or file transfers? Easy. Have an inbound file that says it's a jpeg but is really an Excel spreadsheet? Busted.
  • WildFire - I hated it at first, but it's come a long way. Unknown files can be sent to WildFire for them to sandbox and analyze. The result is fairly fast return times and a process that contributes to the improvement of your firewall's function.
  • Updates - They happen often and are quick to install, but new definitions with a threat level of critical should be blocked by default, not set to audit-only.
  • SSL Proxy - This works great if you have very little traffic on your PA. If you turn this on, expect to cut the firewall's performance in half. Even then, no SSL Proxy is perfect, so some sites just won't work.
If you don't have the money to have a good VAR set it up or don't have the desire/expertise in-house to properly configure Palo Alto, then take a pass and use something like a Cisco ASA or Sophos XG. Also, expect to spend a lot of time fine-tuning it. Also, since there are so many ways of doing the same thing, it's important for your team to be disciplined about how and where they use rules. However, Palo Alto firewalls are well worth the effort. After they're properly set up, you'll have a very good, comprehensive view of your traffic with excellent reporting and alerting ability.
Read John Orleans, CISSP's full review
Jennifer Greulich, GSED, GSEC profile photo
March 17, 2017

Palo Alto Review

Score 10 out of 10
Vetted Review
Verified User
Review Source
Palo Alto is used as our primary firewalls. It addresses the problem of outside intrusions and are configured with both basic and advanced firewall features. We are able to protect against application-level threats and it is also used to manage our VPN and MPLS networks. Many features such as dynamic block lists, DLP, web content filtering, advanced threat protection, wildfire, and DDoS protection are available and are in use with our company.
  • Protects against common threats such as unauthorized vulnerability scans
  • Protects against malware applications and ransomware such as Cryptowall
  • Allows very secure VPN connections for external users
  • The web content filtering is good, but could be improved
  • Wildfire can take a long time to analyze files
  • Alerts and logs could contain a little more information or intelligence to help narrow down a threat.
Palo Alto is great for mid to large size businesses with 200 users or more. They provide amazing protection that is extremely customizable. Almost nothing gets a chance to get into the network for our endpoint protection to pick up. For smaller businesses, Palo Alto would be overkill. It can be complicated to configure and manage and might be too robust for small, simple networks.
Read Jennifer Greulich, GSED, GSEC's full review
Gary Halbedel profile photo
Score 10 out of 10
Vetted Review
Verified User
Review Source
We are using the Palo Alto Networks PA-3020 to control internet access for the entire organization. The business problems being addressed are:
1. availability of services and information, e.g. protecting against malicious activity that would attempt to destroy or otherwise prevent access to services and information.
2. confidentiality of data and resources
3. integrity of data and resources
  • It manages software updates particularly well as well as the ability to downgrade software versions. This is a strength because of the need to stay current with patches to fix discovered vulnerabilities and also assurance that if an update causes a serious problem, it is relatively easy to roll it back.
  • Reliability is good. We have not had any unscheduled downtime from the device since we've put it into production.
  • It does a good job identifying threats and potential threats based on vulnerabilities and blocking suspect connections automatically.
  • I would like to see some guidance on suggested action to take on an identified threat or potential threat beyond just blocking the access.
  • In the Monitor tab/threat, I would like to be able to copy an item in the listing (ip address, url, etc.) directly rather than having to click on the item which automatically puts it into the filter where I can then mark and copy the item. Also, if I want to copy the URL and I click on it, it puts it into the filter as an IP address which I may not necessarily want to copy.
The PA-3000 Series is well suited as a single point of control for internet access. The PA-3000 series also provides support for internal network segmentation. I can't speak from experience for other scenarios but I have a colleague at another organization who uses multiple Palo Alto firewalls in their deployment and is very happy with them.
Read Gary Halbedel's full review
No photo available
Score 8 out of 10
Vetted Review
Verified User
Review Source
We use the PA-3000 firewalls to secure our perimeter at our data centers. Our entire organization uses these devices to secure all Internet traffic. We use these firewalls for multiple purposes, including anti-virus, threat detection, DMZ, routing, URL filtering, and malware protection, in both layer 3 active/standby mode as well as vwire mode.
  • Performs a lot of security functionality all in one device - this is important because especially in today's world, there are a lot of point products out there and it can be difficult for a small or medium-sized business to manage all of them. Having one product saves time, money, and complexity.
  • High availability performance is very good, failover is seamless, which is important for business continuity.
  • GUI is excellent, which makes it very easy for administrators to manage the firewall and see exactly what is happening.
  • The CLI is a bit confusing, and it's difficult to find what you're looking for. Takes a lot of practice. Definitely not as good as the Cisco CLI.
  • Updating the firmware is often a very dangerous process, especially when jumping minor or major releases. More QA should be done to validate and ensure no issues during upgrades. I'll admit it's gotten better over time, but there is still room for improvement.
Great for a small to medium sized business, with connectivity requirements at around 1GBPS. Once you go over that, especially when A VPN is involved, resources can become taxed and you might be better off looking at a higher end model. Though note these devices are not cheap, and can be especially expensive with all of the licenses added on.
Read this authenticated review
No photo available
Score 10 out of 10
Vetted Review
Verified User
Review Source
PA's NGFW is being used to secure our internal network, servers and a wide variety of devices from external and in conjunction with the implemented software, internal threats. It is being used across the entire organization including the provision of protective services to several remote areas via VPN & VSAT. It has been implemented to help the company recover from a dearth of support previously provided (or not) by an outside vendor.
  • It seamlessly performs simultaneous scanning at all levels of the packet, looking for irregularities and/or evidence potential threat activity. This is a most helpful tool, in that it looks to prevent known and/or suspicious packets from entering uninspected into the environment.
  • Additionally, it provides blocking services for known hostile URLs, which helps cut down dramatically on the potential for phishing and other types of intrusions.
  • Finally, PA's NGFW and associated software takes identified suspicious items and "sandboxes" them - sends them for examination /evaluation. The feedback & other support we get from PAN and its local partner is just far above expectation.
  • The only thing I can suggest is a little more information on available dashboards and how to use them. It could be that I haven't looked in the right place, but at my level, I don't often have the time go surfing through sites to find things. Perhaps a CIO/CSO dashboard with immediate access to other dashboards and high level information.
I don't have enough experience yet to comment on its applicability in other environments, but I can confidently say that it appears to be a real godsend for any company truly concerned about the integrity of their perimeter and their internal assets! In the strongest way, I wholeheartedly recommend you research Palo Alto Networks - go to their site, ask your colleagues, take a test drive! You won't be disappointed.
Read this authenticated review
No photo available
Score 9 out of 10
Vetted Review
Verified User
Review Source
We needed a solution that would detect threats before they were detected by endpoint software and eliminate the threats of exploits and viruses to our end users, including ransomware attacks.
  • Monitoring and detecting unwanted application access by our users, such as streaming and torrent download sites.
  • Preventing exploits and malware from hitting our network and infecting all end-user PCs and servers.
  • Excellent secure VPN access for our outside staff and partners. The VPN software client is available for PC & Mac as well as mobile client options on Android and Apple stores.
  • The products are a bit pricey, but feature filled. Their annual services can really add up quickly.
  • The models of devices are somewhat confusing. For instance, we wanted a firewall that had the ability to use Active & Passive fault tolerance, and only the very advanced models (more expensive) do this. It might bring smaller customers in by adding more advanced features to lower-priced models.
The firewalls we purchased are excellent. They are very fast as well. This is really important as we want to collect as much data as possible without the end user being impacted by the performance. We are using a 100Mbps fiber connection to the Internet, so we want to get all the speed we can push through these devices. Having the fault tolerance option in the lower-end models would be a nice feature to add.
Read this authenticated review
No photo available
Score 7 out of 10
Vetted Review
Verified User
Review Source
PA-500 is being used across our entire organization. We currently use it to filter web traffic with geoblocking, implement our VPN, and for general logging of network activity.
  • The VPN (GlobalProtect) is easy to use.
  • Logging is done well and in an easy to use situation.
  • The GeoBlocking is exceptional.
  • The web interface to look at real time events is very slow and clunky.
  • The searching feature is hard to figure out what parameters you use.
  • The GlobalProtect VPN client has a few strange features that have increased support hours. It's easy to work around but caused a few unnecessary tickets.
Palo Alto is an excellent product when you are running small to medium networks and are not trying to do real-time analysis of the traffic. I think a large network or an especially active network (for instance hosting web servers) would require something more robust. If you need something to protect your network, it's a great place to start.
Read this authenticated review

Feature Scorecard Summary

Identification Technologies (6)
8.3
Visualization Tools (6)
8.2
Content Inspection (6)
8.3
Policy-based Controls (6)
8.8
Active Directory and LDAP (5)
8.6
Firewall Management Console (6)
8.2
Reporting and Logging (6)
8.7
VPN (6)
8.8
High Availability (6)
9.0
Stateful Inspection (6)
9.0
Proxy Server (4)
8.0

About Next-Generation Firewalls - PA Series

Palo Alto Network’s Next-Generation Firewalls is a firewall option integrated with other Palo Alto security products. NGFWs classify and monitor all traffic, including encrypted and internal traffic, based on application, function, user, and content. Palo Alto emphasizes the Zero Trust policy, through which users can create security policies to enable only authorized users to run sanctioned applications, reducing the surface area of cyber attacks across the organization.


Palo Alto’s NGFW provides in-firewall encryption and decryption, as well as data and application segmentation. It integrates with PA’s WildFire malware prevention service and supports easy adoption with an open-source tool for firewall migration. It encompasses on-premises and cloud environments for full-system security.

Categories:  Firewall

Next-Generation Firewalls - PA Series Competitors

Cisco, Checkpoint, Barracuda

Next-Generation Firewalls - PA Series Technical Details

Operating Systems: Unspecified
Mobile Application:No