TrustRadius Insights
Users have praised Palo Alto Firewall for its advanced features, such as content filtering and application filtering, which effectively …
Overview
What is Next-Generation Firewalls - PA Series?
Palo Alto next-generation firewalls classify all traffic, including encrypted and internal traffic, based on application, application function, user and content. Users can create security policies to enable only authorized users to run sanctioned applications.
Recent Reviews
Awards
Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards
Popular Features
- Policy-based Controls (21)10.0100%
- Content Inspection (21)9.999%
- Identification Technologies (21)9.999%
- Visualization Tools (21)9.090%
Pricing
N/A
Unavailable
What is Next-Generation Firewalls - PA Series?
Palo Alto next-generation firewalls classify all traffic, including encrypted and internal traffic, based on application, application function, user and content. Users can create security policies to enable only authorized users to run sanctioned applications.
Entry-level set up fee?
- No setup fee
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting/Integration Services
Would you like us to let the vendor know that you want pricing?
47 people also want pricing
Alternatives Pricing
What is Cisco Meraki MX?
Cisco Meraki MX Firewalls is a combined UTM and Software-Defined WAN solution. Meraki is managed via the cloud, and provides core firewall services, including site-to-site VPN, plus network monitoring.
N/A
Unavailable
What is Cisco Firepower 9300 Series?
The Cisco Firepower 9300 series is presented by the vendor as a carrier-grade next-generation firewall (NGFW) ideal for data centers and high-performance settings that require low latency and high throughput. With it, the vendor providdes, users can deliver scalable, consistent security to…
Features
Return to navigation
Product Details
- About
- Tech Details
- FAQs
What is Next-Generation Firewalls - PA Series?
Palo Alto Network’s Next-Generation Firewalls is a firewall option integrated with other Palo Alto security products. NGFWs classify and monitor all traffic, including encrypted and internal traffic, based on application, function, user, and content. Palo Alto emphasizes the Zero Trust policy, through which users can create security policies to enable only authorized users to run sanctioned applications, reducing the surface area of cyber attacks across the organization. Palo Alto’s NGFW provides in-firewall encryption and decryption, as well as data and application segmentation. It integrates with PA’s WildFire malware prevention service and supports easy adoption with an open-source tool for firewall migration. It encompasses on-premises and cloud environments for full-system security. |
Next-Generation Firewalls - PA Series Technical Details
| Operating Systems | Unspecified |
|---|---|
| Mobile Application | No |
Frequently Asked Questions
Palo Alto next-generation firewalls classify all traffic, including encrypted and internal traffic, based on application, application function, user and content. Users can create security policies to enable only authorized users to run sanctioned applications.
Reviewers rate Policy-based Controls and Firewall Management Console and High Availability highest, with a score of 10.
The most common users of Next-Generation Firewalls - PA Series are from Mid-sized Companies (51-1,000 employees).
Comparisons
Compare with
Reviews and Ratings
(163)
Community Insights
TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!
- Business Problems Solved
- Pros
- Cons
Users have praised Palo Alto Firewall for its advanced features, such as content filtering and application filtering, which effectively prevent malicious traffic and unauthorized access. The IDS/IPS and advanced malware protection features have been commended for their deep scanning capabilities and sandboxing functionality. Palo Alto Firewall is chosen by customers with large organizations that prioritize deep security investments. It is commonly used to protect perimeter networks, provide VPN connectivity, and mitigate potential misuse of the internet and attacks from shady websites. Users have successfully achieved network security, URL filtering, application control, and prevention of known and zero-day attacks with Palo Alto NGFW. The firewall serves as a reliable perimeter defense product, providing threat assessment, web proxy, and SSL inspection. It effectively addresses the problem of external intrusions and offers both basic and advanced firewall features, including protection against application-level threats, VPN management, and dynamic block lists. Palo Alto Firewall has proven itself in securing data center resources while providing enhanced security and control. The Next-Generation Firewalls are also used to secure the organization's perimeter by providing application visibility and threat intelligence to mitigate risk. Users have reported that Palo Alto Next-Generation Firewalls and WildFire have played a crucial role in quickly identifying and isolating new security threats like WannaCry.
Intuitive User Interface: Users have consistently found the user interface of Palo Alto Networks Next-Generation Firewalls - PA Series to be intuitive, making it easy to configure the firewall and perform tasks quickly. Several reviewers have mentioned this as a standout feature.
Advanced Security Features: Many users have praised the advanced features of the firewall, such as application filtering, content filtering, and deep packet inspection. These features provide enhanced security and contribute to the effectiveness of the product in protecting against malware and ransomware.
Seamless Integration with Third-Party Tools: Reviewers have appreciated the seamless integration of Palo Alto Networks Next-Generation Firewalls - PA Series with third-party tools and systems. Specifically, they mention ClearPass from HPE Aruba for user authentication and syslog integration. This integration enhances overall functionality and allows for a more streamlined experience when working with multiple tools simultaneously.
Complicated Implementation: Implementing the product into an existing network has proven to be a challenge for many users. Several reviewers have mentioned that they found it complicated and time-consuming to integrate the product with their current network infrastructure.
Difficult Packet Flow Understanding: Beginners have struggled with understanding the packet flow in Palo Alto's product. Some users have expressed frustration at the complexity of the packet flow, finding it difficult to grasp how data is processed within the system.
Expensive Compared to Competitors: The cost of Palo Alto's product is a common concern among users. Many reviewers feel that the price is high compared to other available solutions in the market. Some users believe that similar features can be obtained from competitors at a lower cost.
Attribute Ratings
Reviews
(1-20 of 20)Companies can't remove reviews or game the system. Here's why
We utilize 5260's at both our Datacenters running in HA Pair mode for redundancy and 3220's running in HA Pair mode at each remote office. All production network traffic is routed via our datacenter firewalls due to our VDI infrastructure, and web traffic uses the local office Palo Alto Networks Next- Generations Firewalls - PA Series for egress. All policies are managed via device groups on Panorama.
- Palo Alto Networks Next-Generation Firewalls - PA Series are excellent at utilizing URL filtering to provide us very granular access to individuals or Active directory groups as needed.
- The Palo Alto Networks Next-Generation Firewalls - PA Series adds multiple defense layers to include, Anti Spyware, Anti-Malware, File blocking, URL filtering, and we also incorporate the.
- Wildfile malware protection subscription.
- SSL Inspection was very manageable by creating decryption policies by URL category.
- The Global Protect VPN setup could be a little more intuitive.
- Creating IPSec VPN tunnels can be a little challenging. Would be nice if they grouped and forced entries in all the necessary places as a guide.
March 30, 2022
Palo Alto Networks Next-Generation Firewalls Review
Score 9 out of 10
Vetted Review
Verified User
Palo Alto NGFW helps to protect web and network traffic which up to layer 7. There are many new threats and malware and Palo Alto NGFW is able to prevent and identity any potential threats. Palo Alto NGFW comes with WildFire which able to perform file analysis to detect any zero-day threats which can be very efficient to protect the organization.
- WildFire file analysis.
- Threat prevention.
- DNS security.
- Fasten policy deployment.
- Provide more threat details.
- Visibility over file analysis details.
August 04, 2021
Palo Alto Networks Next-Generation Firewalls - features of a ML based firewall that you need to know!
Score 10 out of 10
Vetted Review
Verified User
We have deployed Palo Alto Networks Next-Generation Firewalls - PA Series in our Head office in High availability mode. This Palo Alto Networks Next-Generation Firewalls - PA Series is deployed on the internet gateway/perimeter to filter only good traffic and around 300 users and 30-35 servers are connected behind this firewall. Also, this firewall is responsible to prevent intruders, do gateway level Antivirus inspection, Malware filtering, URL filtering, anti-spyware, and file filtering for users to upload or download. We have also procured DNS security and Wildfire Sandbox along with the firewall.
- Palo Alto Networks Next-Generation Firewalls - PA Series gives predictive performance, as per our sizing and requirements
- It is integrated very well with internal features it is providing, like, Wildfire Sandbox integrated with gateway AV and URL filtering engine
- Seamlessly integrates with 3rd party tools and systems, like integration with ClearPass from HPE Aruba for user auth, syslog integration, etc
- Enhanced security features like EDL, Credential theft prevention, DNS Security, ML based firewall, which we cannot find in another solutions
- Palo Alto Networks Next-Generation Firewalls - PA Series provides platform for network security but lacks features for additional features like built-in MFA, cloud based management, etc
- In file filtering and AV module, there could be a few optional features of white listing a specific file by its name or hash value or some other detail.
- Compared to other vendors, this is costly, but again, feature-rich and hence cannot be with other firewalls.
We started our Palo Alto journey by securing our organization's data center resources and it didn't fail us. It matched up to our expectations in terms of security and control, which we are able to achieve with Palo Alto Next-Generation Firewalls. We are using Palo Alto's advanced threat prevention technologies to protect our DC.
- App filtering
- Sandboxing
- Wildfire
- Firewall throughput
- CLI configuration is tough
- Cost is too high.
- TAC support response.
Palo Alto Networks Next-Generation Firewalls - PA Series is one of the best firewall it fulfills all the security parameters. In simple word if I say it's a powerful device against any type of bad actors, attacks, phishing, malware attacks. I [have] used it for [the] past 2 years and [I] still don't see any other firewalls who stand against Palo Alto.
- Application Level filtering is the best feature which is known as AppID.
- Content filtering also the best function which is known as ContentID.
- Data Encryption is very strong.
- Sandboxing also very good function.
- Heavy budget small level company can't afford.
- Only pro level security engineer can handle or work on it.
- To remember CLI based command is very difficult.
May 29, 2021
Most powerful firewall - Palo Alto
Palo Alto is really the most powerful and advanced feature-loaded firewall. I have been working on this product from 2 years. In this time I've explored the various advanced features like app controls, advanced IPs and content filtering. This firewall is always a favorite for every security consultant. The advanced features makes this firewall more secure and more powerful.
- Anti-spyware.
- Anti virus capabilities.
- Anti malware protection.
- Application based control.
- User identification.
- Advanced security features.
- Palo Alto is really expensive firewall.
- Complicated command line.
May 28, 2021
Palo Alto for Deep Scanning
We are using Palo Alto Firewall because of the advance features they have & we are using content filtering & application filtering features for preventing malicious traffic & unauthorize access. The IDS/IPS & Advance malware protection feature provides a deep scanning feature & also provides sandboxing for advance level deep filtering of packets.
- Application filtering
- Content filtering
- Advance malware protection
- Deep Scanning
- Sandboxing
- Easy to Configure through GUI
- Anti-Spoofing & Anti-Spam
- It's complicated to implement it into existing network
- Packet flow is not easy to understand for the beginners
- Expensive as compare to other available solutions
- Less documentation available
Palo Alto Networks Next- Generation Firewall is one of the best-loaded security weapons against any type of security threats. This is one of the best and top of every other companies firewall. If you have a large organization that wants to spend lots of money on deep security then this firewall is best for you. I am working and reading about this firewall for the last two years. I don't think this is weak from any security features.
- Application control.
- Content filtering.
- Advanced IPS.
- Advanced routing.
- Deep packet inspection.
- Malware protection.
- Sand boxing.
- Hard to configure through CLI.
- Very expensive.
May 12, 2021
Why you should go with Palo Alto
We started using Palo Alto to achieve network security including the URL filtering/ application control. And we were able to achieve the app control with Palo Alto NFGW. We used IPS to prevent the known attacks and also used it's advanced sandboxing to prevent the zero-day attacks.
- Anti-malware
- Sandboxing
- App control
- URL filtering
- User-friendly GUI
- Difficult to configure via CLI.
- Documentation insufficient.
- Migration from other vendor to PA in existing network.
December 28, 2020
Best NGFW product I have ever worked with
Score 9 out of 10
Vetted Review
Verified User
Palo
Alto Networks Next-Generation Firewalls - PA Series is really a very good product in the category of NGFW firewalls--they have all the advance features that can help you tighten your perimeter gateway security layer. Their hold on and understanding about security threats and their deep understanding about the application helps us deal with a dynamically changing threat landscape. We are using Palo Alto Networks Next-Generation Firewalls - PA Series as a network firewall as well as a first layer of defense to deal with external threats. Configuration and administration of all the advance features is very easy and can be done via GUI, wo there's no need to remember so many CLI commands.
Very easy and robust up-gradation process.
- Firewall performance during threat analysis
- Wildfire support to protect from zero-day threats
- Huge database of applications and behavior knowledge
- Virtual wire inline deployment mode
- In the field of GP VPN
- Cloud segment
- Third-party integration support
October 14, 2019
TOP GUNS of Next-Generation Firewalls
Our NextGen Firewalls are being used to protect north and south traffics and also monitor the east and west traffics as well.
- Easy policies deployment
- Great at zero day protection
- Very intuitive admin console
- Great for HA environments and real-time protections
- Price
- License
October 09, 2019
Palo Alto Networks Next-Generation Firewalls
The Palo Alto Networks Next-Generation Firewalls - PA Series firewalls are being used to protect the internal assets to our organization as well as being sold to other customers to help provide them threat protection. The customer use case varies greatly and this product allows all of our customers to be provided a level of protection to fit their needs. The GUI driven interface has allow our support staff to develop their skill set rapidly with this product.
- Security performance
- Implementation
- Managment
- Cloud features
- Value
- Support
Palo Alto NGFW is top of the line next gen firewalls with application layer visibility. We use Palo Alto firewalls heavily in our network for fulfilling our security needs. It addresses all the firewall functionalities, routing, and protection of not only our physical infrastructure but also our public cloud.
- It provides application layer visibility and deep packet inspection capabilities.
- Only VM based firewalls to provide security on the public cloud.
- It supports advanced features like threat protections, URL filtering, and wildfire.
- Supports advanced routing OSPF/BGP/RIP.
- Palo Alto is still new on VM and protection of the public cloud. Features like high availability and encryption/decryption can also be introduced just like in the physical firewall.
- Throughput capacities over IPSEC VPN can be improved on lower model firewalls including PA-220 , PA-3000 series.
- Interaction with multi-factor applications like duo can enhance access security.
March 09, 2019
PAN: It costs a lot, but it's worth it!
Palo Alto (PAN) is used by a division of ours who did not have a full-time network person. We found the product easy and intuitive to work with, which is why our team truly enjoys using the PAN products. The wildfire product addressed and dealt with threats in real time, without a major performance hit like Cisco Sourcefire embedded modules within the 55xx-x series.
- Easy to learn and use the web-based console. Learn the platform and be able to manage any Palo Alto device.
- No separate management for control/data plane like the checkpoint.
- VPN is VERY easy to set up, even double/twice NAT VPN, and can use VTI for route-based VPN setups.
- Units are far more expensive than competitors. It's worth it, but the price point can scare potential clients off.
October 12, 2018
PANTASTIC
It's used across the organization, for threat prevention and continuity of operation .
- Visibility into traffic
- Risk reduction
- High performance without cutting corners on security
- The endpoint protection price is not competitive
- The Ldap integration and user mapping could be more intuitive
- The client-less VPN can use native RDP client
January 30, 2018
Palo Alto will stop the bad guys for you!
We utilize Palo Alto Next Generation Firewalls to protect our perimeter network and provide VPN connectivity for site-to-site and endpoint access. The firewall helps to mitigate potential misuse of the internet as well as stopping attacks from shady websites.
- AppID is able to see what the actual internet traffic is. For instance instead of port 443 just being "Internet traffic" we can define access to Facebook-base or all the other facets of facebook.
- UserID allows us to define policies based on group or user access and integrates with our Active Directory. This helps to configure a least access privilege and if we find misuse of the network we can tighten specific users to a stricter policy.
- GlobalProtect VPN connection helps our employee's connect from home remotely. This provides a very secure connection with minimal configuration.
- Wildfire provides very up-to-date information regarding global attack mitigations and stopping techniques.
- Our specific model is a bit slow and outdated and takes up to 10 minutes to commit a configuration change.
- Nested security rules would be helpful instead of a linear approach. But rule creation in general is very simple.
- Documentation gives a very straight forward answer to some items but is very vague in others.
- Support could be a little better. An issue we had a tech was insistent it was the "other guy" and it ended up being the very latest PAN OS upgrade.
PA's NGFW is being used to secure our internal network, servers and a wide variety of devices from external and in conjunction with the implemented software, internal threats. It is being used across the entire organization including the provision of protective services to several remote areas via VPN & VSAT. It has been implemented to help the company recover from a dearth of support previously provided (or not) by an outside vendor.
- It seamlessly performs simultaneous scanning at all levels of the packet, looking for irregularities and/or evidence potential threat activity. This is a most helpful tool, in that it looks to prevent known and/or suspicious packets from entering uninspected into the environment.
- Additionally, it provides blocking services for known hostile URLs, which helps cut down dramatically on the potential for phishing and other types of intrusions.
- Finally, PA's NGFW and associated software takes identified suspicious items and "sandboxes" them - sends them for examination /evaluation. The feedback & other support we get from PAN and its local partner is just far above expectation.
- The only thing I can suggest is a little more information on available dashboards and how to use them. It could be that I haven't looked in the right place, but at my level, I don't often have the time go surfing through sites to find things. Perhaps a CIO/CSO dashboard with immediate access to other dashboards and high level information.
We use the PA-3000 firewalls to secure our perimeter at our data centers. Our entire organization uses these devices to secure all Internet traffic. We use these firewalls for multiple purposes, including anti-virus, threat detection, DMZ, routing, URL filtering, and malware protection, in both layer 3 active/standby mode as well as vwire mode.
- Performs a lot of security functionality all in one device - this is important because especially in today's world, there are a lot of point products out there and it can be difficult for a small or medium-sized business to manage all of them. Having one product saves time, money, and complexity.
- High availability performance is very good, failover is seamless, which is important for business continuity.
- GUI is excellent, which makes it very easy for administrators to manage the firewall and see exactly what is happening.
- The CLI is a bit confusing, and it's difficult to find what you're looking for. Takes a lot of practice. Definitely not as good as the Cisco CLI.
- Updating the firmware is often a very dangerous process, especially when jumping minor or major releases. More QA should be done to validate and ensure no issues during upgrades. I'll admit it's gotten better over time, but there is still room for improvement.
March 17, 2017
Palo Alto Review
Palo Alto is used as our primary firewalls. It addresses the problem of outside intrusions and are configured with both basic and advanced firewall features. We are able to protect against application-level threats and it is also used to manage our VPN and MPLS networks. Many features such as dynamic block lists, DLP, web content filtering, advanced threat protection, wildfire, and DDoS protection are available and are in use with our company.
- Protects against common threats such as unauthorized vulnerability scans
- Protects against malware applications and ransomware such as Cryptowall
- Allows very secure VPN connections for external users
- The web content filtering is good, but could be improved
- Wildfire can take a long time to analyze files
- Alerts and logs could contain a little more information or intelligence to help narrow down a threat.
We needed a solution that would detect threats before they were detected by endpoint software and eliminate the threats of exploits and viruses to our end users, including ransomware attacks.
- Monitoring and detecting unwanted application access by our users, such as streaming and torrent download sites.
- Preventing exploits and malware from hitting our network and infecting all end-user PCs and servers.
- Excellent secure VPN access for our outside staff and partners. The VPN software client is available for PC & Mac as well as mobile client options on Android and Apple stores.
- The products are a bit pricey, but feature filled. Their annual services can really add up quickly.
- The models of devices are somewhat confusing. For instance, we wanted a firewall that had the ability to use Active & Passive fault tolerance, and only the very advanced models (more expensive) do this. It might bring smaller customers in by adding more advanced features to lower-priced models.