TrustRadius Insights
Users have praised Palo Alto Firewall for its advanced features, such as content filtering and application filtering, which effectively …
Overview
What is Next-Generation Firewalls - PA Series?
Palo Alto next-generation firewalls classify all traffic, including encrypted and internal traffic, based on application, application function, user and content. Users can create security policies to enable only authorized users to run sanctioned applications.
Recent Reviews
Awards
Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards
Popular Features
- Policy-based Controls (21)10.0100%
- Content Inspection (21)9.999%
- Identification Technologies (21)9.999%
- Visualization Tools (21)9.090%
Pricing
N/A
Unavailable
What is Next-Generation Firewalls - PA Series?
Palo Alto next-generation firewalls classify all traffic, including encrypted and internal traffic, based on application, application function, user and content. Users can create security policies to enable only authorized users to run sanctioned applications.
Entry-level set up fee?
- No setup fee
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting/Integration Services
Would you like us to let the vendor know that you want pricing?
47 people also want pricing
Alternatives Pricing
What is Cisco Meraki MX?
Cisco Meraki MX Firewalls is a combined UTM and Software-Defined WAN solution. Meraki is managed via the cloud, and provides core firewall services, including site-to-site VPN, plus network monitoring.
N/A
Unavailable
What is Cisco Firepower 9300 Series?
The Cisco Firepower 9300 series is presented by the vendor as a carrier-grade next-generation firewall (NGFW) ideal for data centers and high-performance settings that require low latency and high throughput. With it, the vendor providdes, users can deliver scalable, consistent security to…
Features
Return to navigation
Product Details
- About
- Tech Details
- FAQs
What is Next-Generation Firewalls - PA Series?
Palo Alto Network’s Next-Generation Firewalls is a firewall option integrated with other Palo Alto security products. NGFWs classify and monitor all traffic, including encrypted and internal traffic, based on application, function, user, and content. Palo Alto emphasizes the Zero Trust policy, through which users can create security policies to enable only authorized users to run sanctioned applications, reducing the surface area of cyber attacks across the organization. Palo Alto’s NGFW provides in-firewall encryption and decryption, as well as data and application segmentation. It integrates with PA’s WildFire malware prevention service and supports easy adoption with an open-source tool for firewall migration. It encompasses on-premises and cloud environments for full-system security. |
Next-Generation Firewalls - PA Series Technical Details
| Operating Systems | Unspecified |
|---|---|
| Mobile Application | No |
Frequently Asked Questions
Palo Alto next-generation firewalls classify all traffic, including encrypted and internal traffic, based on application, application function, user and content. Users can create security policies to enable only authorized users to run sanctioned applications.
Reviewers rate Policy-based Controls and Firewall Management Console and High Availability highest, with a score of 10.
The most common users of Next-Generation Firewalls - PA Series are from Mid-sized Companies (51-1,000 employees).
Comparisons
Compare with
Reviews and Ratings
(163)
Community Insights
TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!
- Business Problems Solved
- Pros
- Cons
Users have praised Palo Alto Firewall for its advanced features, such as content filtering and application filtering, which effectively prevent malicious traffic and unauthorized access. The IDS/IPS and advanced malware protection features have been commended for their deep scanning capabilities and sandboxing functionality. Palo Alto Firewall is chosen by customers with large organizations that prioritize deep security investments. It is commonly used to protect perimeter networks, provide VPN connectivity, and mitigate potential misuse of the internet and attacks from shady websites. Users have successfully achieved network security, URL filtering, application control, and prevention of known and zero-day attacks with Palo Alto NGFW. The firewall serves as a reliable perimeter defense product, providing threat assessment, web proxy, and SSL inspection. It effectively addresses the problem of external intrusions and offers both basic and advanced firewall features, including protection against application-level threats, VPN management, and dynamic block lists. Palo Alto Firewall has proven itself in securing data center resources while providing enhanced security and control. The Next-Generation Firewalls are also used to secure the organization's perimeter by providing application visibility and threat intelligence to mitigate risk. Users have reported that Palo Alto Next-Generation Firewalls and WildFire have played a crucial role in quickly identifying and isolating new security threats like WannaCry.
Intuitive User Interface: Users have consistently found the user interface of Palo Alto Networks Next-Generation Firewalls - PA Series to be intuitive, making it easy to configure the firewall and perform tasks quickly. Several reviewers have mentioned this as a standout feature.
Advanced Security Features: Many users have praised the advanced features of the firewall, such as application filtering, content filtering, and deep packet inspection. These features provide enhanced security and contribute to the effectiveness of the product in protecting against malware and ransomware.
Seamless Integration with Third-Party Tools: Reviewers have appreciated the seamless integration of Palo Alto Networks Next-Generation Firewalls - PA Series with third-party tools and systems. Specifically, they mention ClearPass from HPE Aruba for user authentication and syslog integration. This integration enhances overall functionality and allows for a more streamlined experience when working with multiple tools simultaneously.
Complicated Implementation: Implementing the product into an existing network has proven to be a challenge for many users. Several reviewers have mentioned that they found it complicated and time-consuming to integrate the product with their current network infrastructure.
Difficult Packet Flow Understanding: Beginners have struggled with understanding the packet flow in Palo Alto's product. Some users have expressed frustration at the complexity of the packet flow, finding it difficult to grasp how data is processed within the system.
Expensive Compared to Competitors: The cost of Palo Alto's product is a common concern among users. Many reviewers feel that the price is high compared to other available solutions in the market. Some users believe that similar features can be obtained from competitors at a lower cost.
Attribute Ratings
Reviews
(1-15 of 15)Companies can't remove reviews or game the system. Here's why
August 30, 2021
Palo Alto - Networks Next-Generation Firewalls Review
Palo Alto [Networks Next-Generation Firewalls] is being used as a security product on our perimeter. We have different segments and different entities using Palo Alto in a campus as well as data center environments. It is securing external threats to penetrate inside our organization showing application visibility along with the threat intelligence feature to mitigate risk.
- Application visibility
- Single pass architecture
- GUI clarity
- SDWAN without licensing
- URL filtering is basic; should be included in base license
- PA devices should come with secure defaults
We started our Palo Alto journey by securing our organization's data center resources and it didn't fail us. It matched up to our expectations in terms of security and control, which we are able to achieve with Palo Alto Next-Generation Firewalls. We are using Palo Alto's advanced threat prevention technologies to protect our DC.
- App filtering
- Sandboxing
- Wildfire
- Firewall throughput
- CLI configuration is tough
- Cost is too high.
- TAC support response.
May 29, 2021
Most powerful firewall - Palo Alto
Palo Alto is really the most powerful and advanced feature-loaded firewall. I have been working on this product from 2 years. In this time I've explored the various advanced features like app controls, advanced IPs and content filtering. This firewall is always a favorite for every security consultant. The advanced features makes this firewall more secure and more powerful.
- Anti-spyware.
- Anti virus capabilities.
- Anti malware protection.
- Application based control.
- User identification.
- Advanced security features.
- Palo Alto is really expensive firewall.
- Complicated command line.
May 28, 2021
Palo Alto for Deep Scanning
We are using Palo Alto Firewall because of the advance features they have & we are using content filtering & application filtering features for preventing malicious traffic & unauthorize access. The IDS/IPS & Advance malware protection feature provides a deep scanning feature & also provides sandboxing for advance level deep filtering of packets.
- Application filtering
- Content filtering
- Advance malware protection
- Deep Scanning
- Sandboxing
- Easy to Configure through GUI
- Anti-Spoofing & Anti-Spam
- It's complicated to implement it into existing network
- Packet flow is not easy to understand for the beginners
- Expensive as compare to other available solutions
- Less documentation available
May 12, 2021
Why you should go with Palo Alto
We started using Palo Alto to achieve network security including the URL filtering/ application control. And we were able to achieve the app control with Palo Alto NFGW. We used IPS to prevent the known attacks and also used it's advanced sandboxing to prevent the zero-day attacks.
- Anti-malware
- Sandboxing
- App control
- URL filtering
- User-friendly GUI
- Difficult to configure via CLI.
- Documentation insufficient.
- Migration from other vendor to PA in existing network.
October 14, 2019
Palo Alto NGFW
We use Palo Alto NGFW as our main on-site firewall. There are several units (5000-series) for failover purposes. Firewalls are needed for CIPA compliance and for general Internet Security. We also use the GlobalProtect SSL VPN to provide access to LAN for remote users. We use web-filtering, application filtering (App-ID), etc.
- Web filtering by category is done better than competing solutions (FortiGate, for example). There is a significantly smaller number of false negatives, at least in my experience, on Palo Alto firewalls than on competing solutions.
- Logging. Firewall logs on the Palo Alto are very comprehensive. Firewall stores a lot of information about client connections and log filtering options are incredible.
- Reliable. Palo Alto firewalls we are using were trouble-free so far both software and hardware-wise.
- Very good VPN solution. GlobalProtect VPN works very well - stable and high performance. As it is hard to troubleshoot issues with remote clients, good performance by SSL VPN client is an important point.
- Can be complicated to use. Both the Web interface and the CLI of the Palo Alto firewall are quite sophisticated. It is much harder to perform the configuration of the Palo Alto firewall than a Fortinet one.
- Subscriptions. To properly use the firewall, subscription packages are needed, and licensing can be confusing and/or expensive.
October 09, 2019
Palo Alto NGFWs a success story waiting for you
As with any organization, ours org needed to replace existing infrastructure. At the time we were strictly a Cisco shop top down, but we were open for other bids as well. After a demo, we purchased Palo Alto 5220 based firewalls, with the intent to use it as the central point of authority for all network traffic for our campus. The Palo Alto (PA) firewall is used as the gateway device for all traffic within our organization.
- The PA handles VPN connectivity without missing a beat. We have multiple VPN tunnels in use for redundancy to cloud-based services.
- The PA has great functionality in supporting failover internet connections, again with the ability to have multiple paths out to our cloud-based services.
- The PA is updated on the regular with various security updates, we are not concerned with the firewall's ability to see what packets are really flowing across the network. Being able to see beyond just IP and port requests lets you know things are locked down better than traditional firewalls.
- It is a great overall kit, with URL filtering and other services that fill in the gaps between other solutions without breaking the bank.
- Documentation that is available for solutions from Palo Alto is great. If you find yourself in a situation where something has not been previously documented or implemented, you will have to find out solutions yourself.
- The ability to use the API for push/pull information with the firewall was a major selling point. However, some items a person would expect to be readily available through the API do not exist, so either you have to go without or do extensive amount of work to put together, sort, and clean the data from multiple sources (I am looking at you dhcp logs).
August 07, 2019
Palo Alto Security Gateways are Simply Secure
Our network uses the Palo Alto PA-Series firewall as an internet edge facing security gateway, focusing on traditional firewalling, SSL decryption, URL-filtering, and threat mitigation. There are two departments that use the firewall, which are the Security team and the Network Engineering team. Our main goal is to ensure that access to internal networks is secured and access to external networks is limited to appropriate sites.
- Simple Policy Management
- Easy-to-read Documentation
- On-Board Troubleshooting Tools
- URL-Filtering rules are complex
- Some Cryptic Error Messages
- Undocumented software bugs
March 11, 2019
A huge improvement over traditional layer 2/3 firewalls.
We started implementing Palo Alto a year or two ago to increase our security posture and increase segmentation between our infrastructure services, shared services, and client networks. By utilizing the Palo Next-Generation Firewalls and WildFire we're able to much more quickly identify and isolate new security threats. They played an integral part in keeping WannaCry from becoming a major problem for us.
- Ease of use.
- Fast response to new security threats (WildFire).
- Application aware firewall (App-ID).
- Logging is fantastic and easy to see what's being blocked/allowed basically in real time.
- Durability/reliability is surprisingly good, only issue we've had is a couple issues with faulty power supplies, but all our units have redundant power supplies so it was a non-issue.
- Support is surprisingly good.
- Cost, these firewalls are awesome, but not cheap.
Palo Alto Networks firewalls are replacing legacy port and protocol based firewalls to assist in implementing a security stack that includes layer7 application identification controls, user-based access, threat prevention, as well as zone based segmentation of networks and systems. We are also leveraging Palo Alto Globalprotect for remote-access VPN and testing the new web-based VPN features.
- Palo Alto Networks is a leader in zone-based firewall deployments.
- Palo Alto Networks domain integration makes them a leader in restricting access based on source user/AD group.
- Palo Alto is continuously developing their Application catalog to help restrict traffic on layer 7 apps not just ports/services.
- Palo Alto threat signatures and application signatures are not available to most customers, the black box method makes it hard to determine the root cause of issues in some cases.
- Some updates - especially for new OS releases are buggy and needs to be fully tested before deployment.
October 12, 2018
PANTASTIC
It's used across the organization, for threat prevention and continuity of operation .
- Visibility into traffic
- Risk reduction
- High performance without cutting corners on security
- The endpoint protection price is not competitive
- The Ldap integration and user mapping could be more intuitive
- The client-less VPN can use native RDP client
January 30, 2018
Palo Alto will stop the bad guys for you!
We utilize Palo Alto Next Generation Firewalls to protect our perimeter network and provide VPN connectivity for site-to-site and endpoint access. The firewall helps to mitigate potential misuse of the internet as well as stopping attacks from shady websites.
- AppID is able to see what the actual internet traffic is. For instance instead of port 443 just being "Internet traffic" we can define access to Facebook-base or all the other facets of facebook.
- UserID allows us to define policies based on group or user access and integrates with our Active Directory. This helps to configure a least access privilege and if we find misuse of the network we can tighten specific users to a stricter policy.
- GlobalProtect VPN connection helps our employee's connect from home remotely. This provides a very secure connection with minimal configuration.
- Wildfire provides very up-to-date information regarding global attack mitigations and stopping techniques.
- Our specific model is a bit slow and outdated and takes up to 10 minutes to commit a configuration change.
- Nested security rules would be helpful instead of a linear approach. But rule creation in general is very simple.
- Documentation gives a very straight forward answer to some items but is very vague in others.
- Support could be a little better. An issue we had a tech was insistent it was the "other guy" and it ended up being the very latest PAN OS upgrade.
We needed a solution that would detect threats before they were detected by endpoint software and eliminate the threats of exploits and viruses to our end users, including ransomware attacks.
- Monitoring and detecting unwanted application access by our users, such as streaming and torrent download sites.
- Preventing exploits and malware from hitting our network and infecting all end-user PCs and servers.
- Excellent secure VPN access for our outside staff and partners. The VPN software client is available for PC & Mac as well as mobile client options on Android and Apple stores.
- The products are a bit pricey, but feature filled. Their annual services can really add up quickly.
- The models of devices are somewhat confusing. For instance, we wanted a firewall that had the ability to use Active & Passive fault tolerance, and only the very advanced models (more expensive) do this. It might bring smaller customers in by adding more advanced features to lower-priced models.
October 14, 2016
Firewall and Wildfire? Great!
PA-500 is being used across our entire organization. We currently use it to filter web traffic with geoblocking, implement our VPN, and for general logging of network activity.
- The VPN (GlobalProtect) is easy to use.
- Logging is done well and in an easy to use situation.
- The GeoBlocking is exceptional.
- The web interface to look at real time events is very slow and clunky.
- The searching feature is hard to figure out what parameters you use.
- The GlobalProtect VPN client has a few strange features that have increased support hours. It's easy to work around but caused a few unnecessary tickets.
June 29, 2016
Palo Alto PA-3000 series - a valuable and reliable resource for protecting your network
We are using the Palo Alto Networks PA-3020 to control internet access for the entire organization. The business problems being addressed are:
1. availability of services and information, e.g. protecting against malicious activity that would attempt to destroy or otherwise prevent access to services and information.
2. confidentiality of data and resources
3. integrity of data and resources
1. availability of services and information, e.g. protecting against malicious activity that would attempt to destroy or otherwise prevent access to services and information.
2. confidentiality of data and resources
3. integrity of data and resources
- It manages software updates particularly well as well as the ability to downgrade software versions. This is a strength because of the need to stay current with patches to fix discovered vulnerabilities and also assurance that if an update causes a serious problem, it is relatively easy to roll it back.
- Reliability is good. We have not had any unscheduled downtime from the device since we've put it into production.
- It does a good job identifying threats and potential threats based on vulnerabilities and blocking suspect connections automatically.
- I would like to see some guidance on suggested action to take on an identified threat or potential threat beyond just blocking the access.
- In the Monitor tab/threat, I would like to be able to copy an item in the listing (ip address, url, etc.) directly rather than having to click on the item which automatically puts it into the filter where I can then mark and copy the item. Also, if I want to copy the URL and I click on it, it puts it into the filter as an IP address which I may not necessarily want to copy.