Skip to main content
TrustRadius
Palo Alto Networks Next-Generation Firewalls - PA Series

Palo Alto Networks Next-Generation Firewalls - PA Series

Overview

What is Palo Alto Networks Next-Generation Firewalls - PA Series?

Palo Alto next-generation firewalls classify all traffic, including encrypted and internal traffic, based on application, application function, user and content. Users can create security policies to enable only authorized users to run sanctioned applications.

Read more

Learn from top reviewers

Return to navigation

Pricing

View all pricing
N/A
Unavailable

What is Palo Alto Networks Next-Generation Firewalls - PA Series?

Palo Alto next-generation firewalls classify all traffic, including encrypted and internal traffic, based on application, application function, user and content. Users can create security policies to enable only authorized users to run sanctioned applications.

Entry-level set up fee?

  • No setup fee

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services

Would you like us to let the vendor know that you want pricing?

53 people also want pricing

Alternatives Pricing

What is Cisco Meraki MX?

Cisco Meraki MX Firewalls is a combined UTM and Software-Defined WAN solution. Meraki is managed via the cloud, and provides core firewall services, including site-to-site VPN, plus network monitoring.

N/A
Unavailable
What is Cisco Firepower 9300 Series?

The Cisco Firepower 9300 series is presented by the vendor as a carrier-grade next-generation firewall (NGFW) ideal for data centers and high-performance settings that require low latency and high throughput. With it, the vendor providdes, users can deliver scalable, consistent security to…

Return to navigation

Features

Firewall

A firewall is a filter that stands between a computer or computer network and the Internet. Each firewall can be programmed to keep specific traffic in or out

9.4
Avg 8.4
Return to navigation

Product Details

What is Palo Alto Networks Next-Generation Firewalls - PA Series?

Palo Alto Network’s Next-Generation Firewalls is a firewall option integrated with other Palo Alto security products. NGFWs classify and monitor all traffic, including encrypted and internal traffic, based on application, function, user, and content. Palo Alto emphasizes the Zero Trust policy, through which users can create security policies to enable only authorized users to run sanctioned applications, reducing the surface area of cyber attacks across the organization.


Palo Alto’s NGFW provides in-firewall encryption and decryption, as well as data and application segmentation. It integrates with PA’s WildFire malware prevention service and supports easy adoption with an open-source tool for firewall migration. It encompasses on-premises and cloud environments for full-system security.

Palo Alto Networks Next-Generation Firewalls - PA Series Competitors

Palo Alto Networks Next-Generation Firewalls - PA Series Technical Details

Operating SystemsUnspecified
Mobile ApplicationNo

Frequently Asked Questions

Palo Alto next-generation firewalls classify all traffic, including encrypted and internal traffic, based on application, application function, user and content. Users can create security policies to enable only authorized users to run sanctioned applications.

CheckPoint are common alternatives for Palo Alto Networks Next-Generation Firewalls - PA Series.

Reviewers rate Policy-based Controls and Firewall Management Console and High Availability highest, with a score of 10.

The most common users of Palo Alto Networks Next-Generation Firewalls - PA Series are from Mid-sized Companies (51-1,000 employees).
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

(172)

Reviews

(1-25 of 26)

Palo Alto Networks Next-Generation Firewalls Review

Rating: 9 out of 10
March 30, 2022
KG
Vetted Review
Verified User
Palo Alto Networks Next-Generation Firewalls - PA Series
3 years of experience
Palo Alto NGFW helps to protect web and network traffic which up to layer 7. There are many new threats and malware and Palo Alto NGFW is able to prevent and identity any potential threats. Palo Alto NGFW comes with WildFire which able to perform file analysis to detect any zero-day threats which can be very efficient to protect the organization.
  • WildFire file analysis.
  • Threat prevention.
  • DNS security.
Cons
  • Fasten policy deployment.
  • Provide more threat details.
  • Visibility over file analysis details.
Palo Alto NGFW can be managed by Palo Alto Panorama which provides centralized management. This has greatly simplified the administration and daily operation tasks. Most of the configurations are available in Panorama which can be deployed to the managed devices. Somehow the policy deployment is not instantly and required to perform a commit before the configurations are applied to the firewall.

Powerful and Easy Firewall - For Enterprise Companies

Rating: 9 out of 10
April 30, 2022
DC
Vetted Review
Verified User
Palo Alto Networks Next-Generation Firewalls - PA Series
3 years of experience
Company wants to create a secured on-premise Datacenter. To do that we implemented 2 PA VM500 in Active-Passive mode and configured them with Layer7 policies and Micro-segmentation. In this way we monitor in\out traffics and also lateral movements between datacenter services
  • Easy web management interface
  • Search is powerfull and easly
  • Many L7 Applications recognize for policies
Cons
  • SD-WAN feature is quite difficult
  • Dedicated logging server missing
  • Entry PA Appliance has slowly web interface
  • Commit configuration is slower than other competitors
Palo Alto is recommended in Enterprise environments because is a standard de facto Top of rack Firewall In Datacenter is important to have visibility of all traffic and configure the right and simple policies to manage IT. Palo Alto OS is stable and easy to learn. If you need to put multiple Appliances in remote sites maybe you'll have an issue with the price: it's not cheap.

Palo Alto for Deep Scanning

Rating: 10 out of 10
May 28, 2021
VS
Vetted Review
Verified User
Palo Alto Networks Next-Generation Firewalls - PA Series
2 years of experience
We are using Palo Alto Firewall because of the advance features they have & we are using content filtering & application filtering features for preventing malicious traffic & unauthorize access. The IDS/IPS & Advance malware protection feature provides a deep scanning feature & also provides sandboxing for advance level deep filtering of packets.
  • Application filtering
  • Content filtering
  • Advance malware protection
  • Deep Scanning
  • Sandboxing
  • Easy to Configure through GUI
  • Anti-Spoofing & Anti-Spam
Cons
  • It's complicated to implement it into existing network
  • Packet flow is not easy to understand for the beginners
  • Expensive as compare to other available solutions
  • Less documentation available
Palo Alto firewall only affords by Large level infrastructure having a budget for Security Prospect. I will recommend it for the Card information industry & Confidential data solutions. Because it provides a bucket of security features that are not easily vulnerable.

Palo Alto Networks Next-Generation Firewalls - features of a ML based firewall that you need to know!

Rating: 10 out of 10
August 04, 2021
DS
Vetted Review
Verified User
Palo Alto Networks Next-Generation Firewalls - PA Series
6 years of experience
We have deployed Palo Alto Networks Next-Generation Firewalls - PA Series in our Head office in High availability mode. This Palo Alto Networks Next-Generation Firewalls - PA Series is deployed on the internet gateway/perimeter to filter only good traffic and around 300 users and 30-35 servers are connected behind this firewall. Also, this firewall is responsible to prevent intruders, do gateway level Antivirus inspection, Malware filtering, URL filtering, anti-spyware, and file filtering for users to upload or download. We have also procured DNS security and Wildfire Sandbox along with the firewall.
  • Palo Alto Networks Next-Generation Firewalls - PA Series gives predictive performance, as per our sizing and requirements
  • It is integrated very well with internal features it is providing, like, Wildfire Sandbox integrated with gateway AV and URL filtering engine
  • Seamlessly integrates with 3rd party tools and systems, like integration with ClearPass from HPE Aruba for user auth, syslog integration, etc
  • Enhanced security features like EDL, Credential theft prevention, DNS Security, ML based firewall, which we cannot find in another solutions
Cons
  • Palo Alto Networks Next-Generation Firewalls - PA Series provides platform for network security but lacks features for additional features like built-in MFA, cloud based management, etc
  • In file filtering and AV module, there could be a few optional features of white listing a specific file by its name or hash value or some other detail.
  • Compared to other vendors, this is costly, but again, feature-rich and hence cannot be with other firewalls.
Palo Alto Networks Next-Generation Firewalls - PA Series is adopted by companies in every industry. Palo Alto is best suited as a perimeter or gateway level firewall for protection against modern threats, advanced attackers, and also for users to access the Internet safely. The reason being, this is purely an application-layer firewall, and performance is based on bandwidth and sessions classified on the application layer rather than just Layer 3/Layer 4 inspections. It has security features that you can add on as subscriptions and the best part is each feature is integrated with one another internally as well.

Palo Alto Networks Next-Generation Firewalls - PA Series Review

Rating: 10 out of 10
June 12, 2021
CD
Vetted Review
Verified User
Palo Alto Networks Next-Generation Firewalls - PA Series
2 years of experience
Palo Alto Networks Next-Generation Firewalls - PA Series is one of the best firewall it fulfills all the security parameters. In simple word if I say it's a powerful device against any type of bad actors, attacks, phishing, malware attacks. I [have] used it for [the] past 2 years and [I] still don't see any other firewalls who stand against Palo Alto.
  • Application Level filtering is the best feature which is known as AppID.
  • Content filtering also the best function which is known as ContentID.
  • Data Encryption is very strong.
  • Sandboxing also very good function.
Cons
  • Heavy budget small level company can't afford.
  • Only pro level security engineer can handle or work on it.
  • To remember CLI based command is very difficult.
If your organization is [a] really big company, you have [a] very good budget, and your client data is very critical, like credit card information then Palo Alto Networks Next-Generation Firewalls - PA Series is the best option to secure your data. Sandboxing and data leak prevention feature of Palo Alto easily catch any breaches inside your infra and block bad actors to access your data.

Why you should go with Palo Alto

Rating: 10 out of 10
May 12, 2021
CS
Vetted Review
Verified User
Palo Alto Networks Next-Generation Firewalls - PA Series
5 years of experience
We started using Palo Alto to achieve network security including the URL filtering/ application control. And we were able to achieve the app control with Palo Alto NFGW. We used IPS to prevent the known attacks and also used it's advanced sandboxing to prevent the zero-day attacks.
  • Anti-malware
  • Sandboxing
  • App control
  • URL filtering
  • User-friendly GUI
Cons
  • Difficult to configure via CLI.
  • Documentation insufficient.
  • Migration from other vendor to PA in existing network.
Palo Alto is best suited for the largest enterprises where budget is not a constraint. Palo Alto can provide the best technologies to prevent known and unknown attacks. It can also provide sandboxing. App control feature is so powerful in Palo Alto and can be leveraged in organizations.

Most powerful firewall - Palo Alto

Rating: 9 out of 10
May 29, 2021
rV
Vetted Review
Verified User
Palo Alto Networks Next-Generation Firewalls - PA Series
2 years of experience
Palo Alto is really the most powerful and advanced feature-loaded firewall. I have been working on this product from 2 years. In this time I've explored the various advanced features like app controls, advanced IPs and content filtering. This firewall is always a favorite for every security consultant. The advanced features makes this firewall more secure and more powerful.
  • Anti-spyware.
  • Anti virus capabilities.
  • Anti malware protection.
  • Application based control.
  • User identification.
  • Advanced security features.
Cons
  • Palo Alto is really expensive firewall.
  • Complicated command line.
Some organizations can't afford this firewall because this is very expensive but you will get the all latest security features. Mostly preferred for those businesses who deal with personal credit card information and you want to scan every packet. Sandbox and advanced malware protection scan your every packet deeply and with the help of app controls and content filtering, url filtering you can put more restrictions on your users.

Best NGFW product I have ever worked with

Rating: 9 out of 10
December 28, 2020
SK
Vetted Review
Verified User
Palo Alto Networks Next-Generation Firewalls - PA Series
7 years of experience
Palo Alto Networks Next-Generation Firewalls - PA Series is really a very good product in the category of NGFW firewalls--they have all the advance features that can help you tighten your perimeter gateway security layer. Their hold on and understanding about security threats and their deep understanding about the application helps us deal with a dynamically changing threat landscape. We are using Palo Alto Networks Next-Generation Firewalls - PA Series as a network firewall as well as a first layer of defense to deal with external threats. Configuration and administration of all the advance features is very easy and can be done via GUI, wo there's no need to remember so many CLI commands. Very easy and robust up-gradation process.
  • Firewall performance during threat analysis
  • Wildfire support to protect from zero-day threats
  • Huge database of applications and behavior knowledge
  • Virtual wire inline deployment mode
Cons
  • In the field of GP VPN
  • Cloud segment
  • Third-party integration support
Palo Alto Networks Next-Generation Firewalls - PA Series are best suited for threat hunting, web filtering, app detection, and user identification via the same box at gateway level, without impacting the performance of the firewall.

They are bit costlier firewalls, so they would not be suited for SOHO environments.

Palo Alto PA Series Review

Rating: 10 out of 10
January 13, 2020
AM
Vetted Review
Verified User
Palo Alto Networks Next-Generation Firewalls - PA Series
3 years of experience
Palo Alto Networks Next-Generation Firewalls is used as our routing, security, and network core at the resort. All traffic that flows from one network to another must go through our Palo Alto. When I came aboard at Pearl River Resort and Casino the Palo Alto was already the core router and firewall. I was a little hesitant about this design. However, after using the system and seeing the performance and benefits of the Palo Alto I am very impressed with the security it can provide and still meet our needed levels of performance.
  • Security Enforcement and Review - The Palo Alto firewall provides all the advanced features you would expect from a modern firewall. Zones based rules, Layer 4 and down rules, and application firewall rules.
  • User Definition - The Palo Alto firewall has direct AD integration. This allows rules to be based not just on source an destination information, but also on which security group in the AD that user belong. For example you can limit access to out of band networks to only the users that need it.
  • Line Rate Traffic Analysis - When doing my home work I found that Palo Alto firewalls provide high speed analysis to traffic with additional processors to allow line speed results.
Cons
  • No cloud analytics - I believe industry as a whole is moving to a management suite powered by ML. Palo has a great product, but currently there is no ML backed platform.
  • SD WAN - Palo has just announced the addition of SDWAN in its upcoming 9.1 release. I feel they are a bit late to the game compared to others like Fortinet.
  • Web based interface can still seem slow at time when compared to more modern HTML 5 interfaces.
Palo Alto is well suited when you need to provide multiple layers of visibility and security between areas. The tools available in the Palo Alto allow to you quickly see which traffic is being allowed, denied, and why. This helps greatly improve mean time to resolution when there are issues. An area that is not so useful is on a tight budget. Palo Alto firewall is not cheap and you will need to purchase two to have a redundant core.

Palo Alto: Next generation firewalls to secure your Public Cloud

Rating: 10 out of 10
March 21, 2019
IR
Vetted Review
Verified User
Palo Alto Networks Next-Generation Firewalls - PA Series
4 years of experience
Palo Alto NGFW is top of the line next gen firewalls with application layer visibility. We use Palo Alto firewalls heavily in our network for fulfilling our security needs. It addresses all the firewall functionalities, routing, and protection of not only our physical infrastructure but also our public cloud.
  • It provides application layer visibility and deep packet inspection capabilities.
  • Only VM based firewalls to provide security on the public cloud.
  • It supports advanced features like threat protections, URL filtering, and wildfire.
  • Supports advanced routing OSPF/BGP/RIP.
Cons
  • Palo Alto is still new on VM and protection of the public cloud. Features like high availability and encryption/decryption can also be introduced just like in the physical firewall.
  • Throughput capacities over IPSEC VPN can be improved on lower model firewalls including PA-220 , PA-3000 series.
  • Interaction with multi-factor applications like duo can enhance access security.
Palo Alto is fully capable of securing the public cloud. Palo Alto VM series can fully integrate with any public cloud including AWS/Google Cloud and Azure. It can also be integrated with existing physical firewalls to support the hybrid cloud model. Advance features like traps, URL filtering, and AI features adds intelligence to the firewall. Palo Alto is suitable for companies who have a presence in both the public and private cloud.

Palo Alto Networks Next- Generation Firewall makes a solid product

Rating: 10 out of 10
April 29, 2022
Vetted Review
Verified User
Palo Alto Networks Next-Generation Firewalls - PA Series
14 years of experience
We utilize 5260's at both our Datacenters running in HA Pair mode for redundancy and 3220's running in HA Pair mode at each remote office. All production network traffic is routed via our datacenter firewalls due to our VDI infrastructure, and web traffic uses the local office Palo Alto Networks Next- Generations Firewalls - PA Series for egress. All policies are managed via device groups on Panorama.
  • Palo Alto Networks Next-Generation Firewalls - PA Series are excellent at utilizing URL filtering to provide us very granular access to individuals or Active directory groups as needed.
  • The Palo Alto Networks Next-Generation Firewalls - PA Series adds multiple defense layers to include, Anti Spyware, Anti-Malware, File blocking, URL filtering, and we also incorporate the.
  • Wildfile malware protection subscription.
  • SSL Inspection was very manageable by creating decryption policies by URL category.
Cons
  • The Global Protect VPN setup could be a little more intuitive.
  • Creating IPSec VPN tunnels can be a little challenging. Would be nice if they grouped and forced entries in all the necessary places as a guide.
Palo Alto Networks Next-Generation Firewalls - PA Series makes the perfect sized Firewall for every Organization, including the use of Virtual firewalls for tiny remote offices. They are relatively easy to configure out of the box and provide very granular configuration settings for all scenarios. They can perform DHCP as well as multi-factor authentication. Having previously used Cisco ASA and Checkpoint, Palo Alto Networks Next-Generation Firewalls - PA Series are much easier to configure and maintain.

Palo is about as good as it gets.

Rating: 9 out of 10
December 08, 2018
MH
Vetted Review
Verified User
Palo Alto Networks Next-Generation Firewalls - PA Series
4 years of experience
We have PA firewalls throughout the City, sizing and capabilities based on the needs of the department.
  • Having two engines:
  • Routing Engine—The Routing Engine provides three main functions:
  • Creates the packet forwarding switch fabric for the Services Router, providing route lookup, filtering, and switching on incoming data packets, then directing outbound packets to the appropriate interface for transmission to the network.
  • Maintains the routing tables used by the router and controls the routing protocols that run on the router.
  • Provides control and monitoring functions for the router, including controlling power and monitoring system status.
  • Packet Forwarding Engine—Processes packets; applies filters, routing policies, and other features; and forwards packets to the next hop along the route to their final destination.
  • The search functions of the appliances and the OS is pretty good. Better than most firewalls.
  • Engaging support was quicker, which can really make or break your day\week when it comes to an outage.
Cons
  • Building an OSPF tunnel with another vendor is proving difficult. Support cant seem to fix it even in their sandbox environment.
  • The Firewall is extremely granular, sometimes searching can prove tedious and frustrating if you're new to the OS.
Palo Alto ranks as one of the best nex-gen firewalls. Their OS, real-time analytics and their wildfire product is pretty top-notch. They are even branching out in the AV side, just don't have the GUIs integrated well, so it more sites to go to. Instead, one global GUI would be nice.

Great Enterprise Level Networks Next-Generation Firewalls

Rating: 9 out of 10
November 21, 2018
AL
Vetted Review
Verified User
Palo Alto Networks Next-Generation Firewalls - PA Series
1 year of experience
We use Palo Alto Networks Next-Generation Firewalls as our primary firewall and our VPN solution for the company. It is very easy to set up and the firewall itself proves to be very effective in managing traffic. They are an industry leader for Enterprise NGFW appliances with numerous security features to protect companies and their networks.
  • Very good security features including hardware-level antivirus and intrusion prevention.
  • Customizable firewall rules and NAT policies that will match any network's needs.
  • Great management interface.
  • Different size of appliances for different purposes/environments.
Cons
  • We have seen that occasionally the reporting feature can be buggy and that certain options might be missing from the menu in the report section. This seems to be a known bug and we have been working with PAN support to apply a hotfix patch to address the issue.
Great product and great company to do business with. We are a long time customer and are currently using many of their security products. We find that they focus heavily on ease of use and making deployment as simple as possible which is always a plus for my organization.

Palo Alto Networks Next Generation.

Rating: 10 out of 10
March 16, 2019
CB
Vetted Review
Verified User
Palo Alto Networks Next-Generation Firewalls - PA Series
2 years of experience
The PA is used for the entire company. It has been used as a stand-alone for the one building as well as site to site VPN with a second building and mandatory VPN access for remote employees.
  • The URL filtering is awesome.
  • Wildfire is an amazing feature.
  • Traffic reporting is very useful.
  • Expandability is easy, you can easily add additional services.
Cons
  • Configure ability is not as simple for someone who isn’t an expert.
  • Support goes overseas and while they have been very helpful, there are often issues communicating.
Any small to large business that wants high availability. The redundancy of the PAs is well worth the extra cost.

Palo Alto - Networks Next-Generation Firewalls Review

Rating: 10 out of 10
August 30, 2021
Vetted Review
Verified User
Palo Alto Networks Next-Generation Firewalls - PA Series
5 years of experience
Palo Alto [Networks Next-Generation Firewalls] is being used as a security product on our perimeter. We have different segments and different entities using Palo Alto in a campus as well as data center environments. It is securing external threats to penetrate inside our organization showing application visibility along with the threat intelligence feature to mitigate risk.
  • Application visibility
  • Single pass architecture
  • GUI clarity
Cons
  • SDWAN without licensing
  • URL filtering is basic; should be included in base license
  • PA devices should come with secure defaults
Single Pass Architecture is the best among all the security products I have worked upon. Features clarity and working solutions [that] are easy to find and deploy. However, this device being on the expensive side makes it difficult to implement for small offices, which is, in my opinion, very difficult to penetrate the market. Sometimes, people do see money/budget. :)

Not Beginner-friendly, but Powerful and Comprehensive

Rating: 9 out of 10
October 17, 2017
JO
Vetted Review
Verified User
Palo Alto Networks Next-Generation Firewalls - PA Series
5 years of experience
We used our Palo Alto firewalls to analyze and filter all traffic coming into and leaving our network, including the DMZ.
  • Web Filtering - Analysis is fast and comprehensive, with all the options one should expect from a professional Web filter. Admins can set options to audit, warn, click-through, password-protect, or block sites based on numerous criteria. Changing site categories is easy and Palo Alto do a good job of being pretty up-to-date on their site catalog.
  • Packet Identification - This is an area where Palo Alto excels. Want to allow your users to use Facebook, but block IM and/or file transfers? Easy. Have an inbound file that says it's a jpeg but is really an Excel spreadsheet? Busted.
  • WildFire - I hated it at first, but it's come a long way. Unknown files can be sent to WildFire for them to sandbox and analyze. The result is fairly fast return times and a process that contributes to the improvement of your firewall's function.
Cons
  • Updates - They happen often and are quick to install, but new definitions with a threat level of critical should be blocked by default, not set to audit-only.
  • SSL Proxy - This works great if you have very little traffic on your PA. If you turn this on, expect to cut the firewall's performance in half. Even then, no SSL Proxy is perfect, so some sites just won't work.
If you don't have the money to have a good VAR set it up or don't have the desire/expertise in-house to properly configure Palo Alto, then take a pass and use something like a Cisco ASA or Sophos XG. Also, expect to spend a lot of time fine-tuning it. Also, since there are so many ways of doing the same thing, it's important for your team to be disciplined about how and where they use rules. However, Palo Alto firewalls are well worth the effort. After they're properly set up, you'll have a very good, comprehensive view of your traffic with excellent reporting and alerting ability.

Palo Alto NGFWs a success story waiting for you

Rating: 9 out of 10
October 09, 2019
Vetted Review
Verified User
Palo Alto Networks Next-Generation Firewalls - PA Series
1 year of experience
As with any organization, ours org needed to replace existing infrastructure. At the time we were strictly a Cisco shop top down, but we were open for other bids as well. After a demo, we purchased Palo Alto 5220 based firewalls, with the intent to use it as the central point of authority for all network traffic for our campus. The Palo Alto (PA) firewall is used as the gateway device for all traffic within our organization.
  • The PA handles VPN connectivity without missing a beat. We have multiple VPN tunnels in use for redundancy to cloud-based services.
  • The PA has great functionality in supporting failover internet connections, again with the ability to have multiple paths out to our cloud-based services.
  • The PA is updated on the regular with various security updates, we are not concerned with the firewall's ability to see what packets are really flowing across the network. Being able to see beyond just IP and port requests lets you know things are locked down better than traditional firewalls.
  • It is a great overall kit, with URL filtering and other services that fill in the gaps between other solutions without breaking the bank.
Cons
  • Documentation that is available for solutions from Palo Alto is great. If you find yourself in a situation where something has not been previously documented or implemented, you will have to find out solutions yourself.
  • The ability to use the API for push/pull information with the firewall was a major selling point. However, some items a person would expect to be readily available through the API do not exist, so either you have to go without or do extensive amount of work to put together, sort, and clean the data from multiple sources (I am looking at you dhcp logs).
The Palo Alto device is well suited for a direct replacement for any traditional or other firewall. There is little room for error on this device, it will do exactly what you have it configured for. Between security zones, security policies, nat policies, policy based forwarding, and everything in between, you have to keep your head on straight when making big or small changes.

The Palo Alto does have one overall issue our users report more than anything. The Palo Alto is a strict NAT device, so unless you have the ability to 1 to 1 map IP addresses for your users who need something beside strict NAT limitations, the Palo Alto will cause you grief.

Palo Alto NGFW

Rating: 10 out of 10
October 14, 2019
Vetted Review
Verified User
Palo Alto Networks Next-Generation Firewalls - PA Series
3 years of experience
We use Palo Alto NGFW as our main on-site firewall. There are several units (5000-series) for failover purposes. Firewalls are needed for CIPA compliance and for general Internet Security. We also use the GlobalProtect SSL VPN to provide access to LAN for remote users. We use web-filtering, application filtering (App-ID), etc.
  • Web filtering by category is done better than competing solutions (FortiGate, for example). There is a significantly smaller number of false negatives, at least in my experience, on Palo Alto firewalls than on competing solutions.
  • Logging. Firewall logs on the Palo Alto are very comprehensive. Firewall stores a lot of information about client connections and log filtering options are incredible.
  • Reliable. Palo Alto firewalls we are using were trouble-free so far both software and hardware-wise.
  • Very good VPN solution. GlobalProtect VPN works very well - stable and high performance. As it is hard to troubleshoot issues with remote clients, good performance by SSL VPN client is an important point.
Cons
  • Expensive. Palo Alto offerings are usually more expensive than products of competing companies (Cisco ASA, FortiGate, SonicWall, etc.).
  • Can be complicated to use. Both the Web interface and the CLI of the Palo Alto firewall are quite sophisticated. It is much harder to perform the configuration of the Palo Alto firewall than a Fortinet one.
  • Subscriptions. To properly use the firewall, subscription packages are needed, and licensing can be confusing and/or expensive.
Palo Alto is generally a very good device. For organizations looking for more basic UTM device, capabilities of the Palo Alto can be an overkill. There is also a learning curve with the PanOS. FortiGate is a good alternative for organizations with simpler requirements, in my opinion (deployed both Palo Altos and FortiGates). For an organization with significant demands for filtering of network connectivity (k-12 education, finance, etc.) Palo Alto should the first choice due to robust logging, great capabilities to block traffic by application or category, etc.

Palo Alto Security Gateways are Simply Secure

Rating: 10 out of 10
August 07, 2019
Vetted Review
Verified User
Palo Alto Networks Next-Generation Firewalls - PA Series
2 years of experience
Our network uses the Palo Alto PA-Series firewall as an internet edge facing security gateway, focusing on traditional firewalling, SSL decryption, URL-filtering, and threat mitigation. There are two departments that use the firewall, which are the Security team and the Network Engineering team. Our main goal is to ensure that access to internal networks is secured and access to external networks is limited to appropriate sites.
  • Simple Policy Management
  • Easy-to-read Documentation
  • On-Board Troubleshooting Tools
Cons
  • URL-Filtering rules are complex
  • Some Cryptic Error Messages
  • Undocumented software bugs
The Palo Alto PA-Series firewall is well suited to a standards based network environment. Any network that utilizes standards-based protocols in lieu of proprietary (e.g. Cisco EIGRP) would do well to utilize a Palo Alto firewall, especially if that network were concerned about central management of security. A scenario that would be less appropriate for a Palo Alto firewall is one that isn't well versed in different security technologies.

TOP GUNS of Next-Generation Firewalls

Rating: 9 out of 10
October 14, 2019
Vetted Review
Verified User
Palo Alto Networks Next-Generation Firewalls - PA Series
10 years of experience
Our NextGen Firewalls are being used to protect north and south traffics and also monitor the east and west traffics as well.
  • Easy policies deployment
  • Great at zero day protection
  • Very intuitive admin console
  • Great for HA environments and real-time protections
Cons
  • Price
  • License
If you are looking for the best NextGen firewall, PA Series firewall is a great products.

A huge improvement over traditional layer 2/3 firewalls.

Rating: 10 out of 10
March 11, 2019
Vetted Review
Verified User
Palo Alto Networks Next-Generation Firewalls - PA Series
3 years of experience
We started implementing Palo Alto a year or two ago to increase our security posture and increase segmentation between our infrastructure services, shared services, and client networks. By utilizing the Palo Next-Generation Firewalls and WildFire we're able to much more quickly identify and isolate new security threats. They played an integral part in keeping WannaCry from becoming a major problem for us.
  • Ease of use.
  • Fast response to new security threats (WildFire).
  • Application aware firewall (App-ID).
  • Logging is fantastic and easy to see what's being blocked/allowed basically in real time.
  • Durability/reliability is surprisingly good, only issue we've had is a couple issues with faulty power supplies, but all our units have redundant power supplies so it was a non-issue.
  • Support is surprisingly good.
Cons
  • Cost, these firewalls are awesome, but not cheap.
If you have the money there really isn't anything better on the market. The Palo Alto [solutions] have a web UI that is easy enough to use that most people are comfortable using them within a day or two. Whereas our Cisco ASAs, ACI, Routers and firewall service modules can take a while for people to get the hang of and feel comfortable using them. About the only place that I can think of where I wouldn't use Palo Alto would be small branch office where budgets are generally much tighter.

PAN: It costs a lot, but it's worth it!

Rating: 9 out of 10
March 09, 2019
Vetted Review
Verified User
Palo Alto Networks Next-Generation Firewalls - PA Series
3 years of experience
Palo Alto (PAN) is used by a division of ours who did not have a full-time network person. We found the product easy and intuitive to work with, which is why our team truly enjoys using the PAN products. The wildfire product addressed and dealt with threats in real time, without a major performance hit like Cisco Sourcefire embedded modules within the 55xx-x series.
  • Easy to learn and use the web-based console. Learn the platform and be able to manage any Palo Alto device.
  • No separate management for control/data plane like the checkpoint.
  • VPN is VERY easy to set up, even double/twice NAT VPN, and can use VTI for route-based VPN setups.
Cons
  • Units are far more expensive than competitors. It's worth it, but the price point can scare potential clients off.
Palo Alto firewalls are really great in the following scenarios: firewall functionality at the core and edge, plus, threat, Malware/Virus/DDOS management is embedded into the system. The speed is amazing, even with deep packet inspection. The devices are not rugged and are not well suited for industrial environments. The cost of products is higher than other vendors, but you are also getting a lot more than just a stateful firewall/packet filter.

Palo Alto Networks a NGFW leader with little to no competition today

Rating: 8 out of 10
March 06, 2019
Vetted Review
Verified User
Palo Alto Networks Next-Generation Firewalls - PA Series
7 years of experience
Palo Alto Networks firewalls are replacing legacy port and protocol based firewalls to assist in implementing a security stack that includes layer7 application identification controls, user-based access, threat prevention, as well as zone based segmentation of networks and systems. We are also leveraging Palo Alto Globalprotect for remote-access VPN and testing the new web-based VPN features.
  • Palo Alto Networks is a leader in zone-based firewall deployments.
  • Palo Alto Networks domain integration makes them a leader in restricting access based on source user/AD group.
  • Palo Alto is continuously developing their Application catalog to help restrict traffic on layer 7 apps not just ports/services.
Cons
  • Palo Alto threat signatures and application signatures are not available to most customers, the black box method makes it hard to determine the root cause of issues in some cases.
  • Some updates - especially for new OS releases are buggy and needs to be fully tested before deployment.
Palo Alto firewalls are great for 99% of any deployment. Their cost is sometimes prohibitive making other technologies better suited for those concerned about cost - but the cost is worth the technology and this should not be a driver to chose Palo Alto Networks. Their web VPN cannot replace other implementations (Cisco, F5, etc.) but is getting better with each release.

Solid multi-function security solution, but it's not cheap!

Rating: 8 out of 10
June 28, 2017
Vetted Review
Verified User
Palo Alto Networks Next-Generation Firewalls - PA Series
5 years of experience
We use the PA-3000 firewalls to secure our perimeter at our data centers. Our entire organization uses these devices to secure all Internet traffic. We use these firewalls for multiple purposes, including anti-virus, threat detection, DMZ, routing, URL filtering, and malware protection, in both layer 3 active/standby mode as well as vwire mode.
  • Performs a lot of security functionality all in one device - this is important because especially in today's world, there are a lot of point products out there and it can be difficult for a small or medium-sized business to manage all of them. Having one product saves time, money, and complexity.
  • High availability performance is very good, failover is seamless, which is important for business continuity.
  • GUI is excellent, which makes it very easy for administrators to manage the firewall and see exactly what is happening.
Cons
  • The CLI is a bit confusing, and it's difficult to find what you're looking for. Takes a lot of practice. Definitely not as good as the Cisco CLI.
  • Updating the firmware is often a very dangerous process, especially when jumping minor or major releases. More QA should be done to validate and ensure no issues during upgrades. I'll admit it's gotten better over time, but there is still room for improvement.
Great for a small to medium sized business, with connectivity requirements at around 1GBPS. Once you go over that, especially when A VPN is involved, resources can become taxed and you might be better off looking at a higher end model. Though note these devices are not cheap, and can be especially expensive with all of the licenses added on.

The Next Generation is Here - I'm not talking about Millenials!

Rating: 10 out of 10
August 31, 2017
Vetted Review
Verified User
Palo Alto Networks Next-Generation Firewalls - PA Series
1 year of experience
PA's NGFW is being used to secure our internal network, servers and a wide variety of devices from external and in conjunction with the implemented software, internal threats. It is being used across the entire organization including the provision of protective services to several remote areas via VPN & VSAT. It has been implemented to help the company recover from a dearth of support previously provided (or not) by an outside vendor.
  • It seamlessly performs simultaneous scanning at all levels of the packet, looking for irregularities and/or evidence potential threat activity. This is a most helpful tool, in that it looks to prevent known and/or suspicious packets from entering uninspected into the environment.
  • Additionally, it provides blocking services for known hostile URLs, which helps cut down dramatically on the potential for phishing and other types of intrusions.
  • Finally, PA's NGFW and associated software takes identified suspicious items and "sandboxes" them - sends them for examination /evaluation. The feedback & other support we get from PAN and its local partner is just far above expectation.
Cons
  • The only thing I can suggest is a little more information on available dashboards and how to use them. It could be that I haven't looked in the right place, but at my level, I don't often have the time go surfing through sites to find things. Perhaps a CIO/CSO dashboard with immediate access to other dashboards and high level information.
I don't have enough experience yet to comment on its applicability in other environments, but I can confidently say that it appears to be a real godsend for any company truly concerned about the integrity of their perimeter and their internal assets! In the strongest way, I wholeheartedly recommend you research Palo Alto Networks - go to their site, ask your colleagues, take a test drive! You won't be disappointed.
Return to navigation