TrustRadius Insights
Users have praised Palo Alto Firewall for its advanced features, such as content filtering and application filtering, which effectively …
Overview
What is Next-Generation Firewalls - PA Series?
Palo Alto next-generation firewalls classify all traffic, including encrypted and internal traffic, based on application, application function, user and content. Users can create security policies to enable only authorized users to run sanctioned applications.
Recent Reviews
Awards
Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards
Popular Features
- Policy-based Controls (21)10.0100%
- Content Inspection (21)9.999%
- Identification Technologies (21)9.999%
- Visualization Tools (21)9.090%
Pricing
N/A
Unavailable
What is Next-Generation Firewalls - PA Series?
Palo Alto next-generation firewalls classify all traffic, including encrypted and internal traffic, based on application, application function, user and content. Users can create security policies to enable only authorized users to run sanctioned applications.
Entry-level set up fee?
- No setup fee
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting/Integration Services
Would you like us to let the vendor know that you want pricing?
47 people also want pricing
Alternatives Pricing
What is Cisco Meraki MX?
Cisco Meraki MX Firewalls is a combined UTM and Software-Defined WAN solution. Meraki is managed via the cloud, and provides core firewall services, including site-to-site VPN, plus network monitoring.
N/A
Unavailable
What is Cisco Firepower 9300 Series?
The Cisco Firepower 9300 series is presented by the vendor as a carrier-grade next-generation firewall (NGFW) ideal for data centers and high-performance settings that require low latency and high throughput. With it, the vendor providdes, users can deliver scalable, consistent security to…
Features
Return to navigation
Product Details
- About
- Tech Details
- FAQs
What is Next-Generation Firewalls - PA Series?
Palo Alto Network’s Next-Generation Firewalls is a firewall option integrated with other Palo Alto security products. NGFWs classify and monitor all traffic, including encrypted and internal traffic, based on application, function, user, and content. Palo Alto emphasizes the Zero Trust policy, through which users can create security policies to enable only authorized users to run sanctioned applications, reducing the surface area of cyber attacks across the organization. Palo Alto’s NGFW provides in-firewall encryption and decryption, as well as data and application segmentation. It integrates with PA’s WildFire malware prevention service and supports easy adoption with an open-source tool for firewall migration. It encompasses on-premises and cloud environments for full-system security. |
Next-Generation Firewalls - PA Series Technical Details
| Operating Systems | Unspecified |
|---|---|
| Mobile Application | No |
Frequently Asked Questions
Palo Alto next-generation firewalls classify all traffic, including encrypted and internal traffic, based on application, application function, user and content. Users can create security policies to enable only authorized users to run sanctioned applications.
Reviewers rate Policy-based Controls and Firewall Management Console and High Availability highest, with a score of 10.
The most common users of Next-Generation Firewalls - PA Series are from Enterprises (1,001+ employees).
Comparisons
Compare with
Reviews and Ratings
(163)
Community Insights
TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!
- Business Problems Solved
- Pros
- Cons
Users have praised Palo Alto Firewall for its advanced features, such as content filtering and application filtering, which effectively prevent malicious traffic and unauthorized access. The IDS/IPS and advanced malware protection features have been commended for their deep scanning capabilities and sandboxing functionality. Palo Alto Firewall is chosen by customers with large organizations that prioritize deep security investments. It is commonly used to protect perimeter networks, provide VPN connectivity, and mitigate potential misuse of the internet and attacks from shady websites. Users have successfully achieved network security, URL filtering, application control, and prevention of known and zero-day attacks with Palo Alto NGFW. The firewall serves as a reliable perimeter defense product, providing threat assessment, web proxy, and SSL inspection. It effectively addresses the problem of external intrusions and offers both basic and advanced firewall features, including protection against application-level threats, VPN management, and dynamic block lists. Palo Alto Firewall has proven itself in securing data center resources while providing enhanced security and control. The Next-Generation Firewalls are also used to secure the organization's perimeter by providing application visibility and threat intelligence to mitigate risk. Users have reported that Palo Alto Next-Generation Firewalls and WildFire have played a crucial role in quickly identifying and isolating new security threats like WannaCry.
Intuitive User Interface: Users have consistently found the user interface of Palo Alto Networks Next-Generation Firewalls - PA Series to be intuitive, making it easy to configure the firewall and perform tasks quickly. Several reviewers have mentioned this as a standout feature.
Advanced Security Features: Many users have praised the advanced features of the firewall, such as application filtering, content filtering, and deep packet inspection. These features provide enhanced security and contribute to the effectiveness of the product in protecting against malware and ransomware.
Seamless Integration with Third-Party Tools: Reviewers have appreciated the seamless integration of Palo Alto Networks Next-Generation Firewalls - PA Series with third-party tools and systems. Specifically, they mention ClearPass from HPE Aruba for user authentication and syslog integration. This integration enhances overall functionality and allows for a more streamlined experience when working with multiple tools simultaneously.
Complicated Implementation: Implementing the product into an existing network has proven to be a challenge for many users. Several reviewers have mentioned that they found it complicated and time-consuming to integrate the product with their current network infrastructure.
Difficult Packet Flow Understanding: Beginners have struggled with understanding the packet flow in Palo Alto's product. Some users have expressed frustration at the complexity of the packet flow, finding it difficult to grasp how data is processed within the system.
Expensive Compared to Competitors: The cost of Palo Alto's product is a common concern among users. Many reviewers feel that the price is high compared to other available solutions in the market. Some users believe that similar features can be obtained from competitors at a lower cost.
Attribute Ratings
Reviews
(1-25 of 37)Companies can't remove reviews or game the system. Here's why
April 30, 2022
Powerful and Easy Firewall - For Enterprise Companies
- Easy web management interface
- Search is powerfull and easly
- Many L7 Applications recognize for policies
- SD-WAN feature is quite difficult
- Dedicated logging server missing
- Entry PA Appliance has slowly web interface
- Commit configuration is slower than other competitors
- Palo Alto Networks Next-Generation Firewalls - PA Series are excellent at utilizing URL filtering to provide us very granular access to individuals or Active directory groups as needed.
- The Palo Alto Networks Next-Generation Firewalls - PA Series adds multiple defense layers to include, Anti Spyware, Anti-Malware, File blocking, URL filtering, and we also incorporate the.
- Wildfile malware protection subscription.
- SSL Inspection was very manageable by creating decryption policies by URL category.
- The Global Protect VPN setup could be a little more intuitive.
- Creating IPSec VPN tunnels can be a little challenging. Would be nice if they grouped and forced entries in all the necessary places as a guide.
March 30, 2022
Palo Alto Networks Next-Generation Firewalls Review
Score 9 out of 10
Vetted Review
Verified User
- WildFire file analysis.
- Threat prevention.
- DNS security.
- Fasten policy deployment.
- Provide more threat details.
- Visibility over file analysis details.
August 30, 2021
Palo Alto - Networks Next-Generation Firewalls Review
- Application visibility
- Single pass architecture
- GUI clarity
- SDWAN without licensing
- URL filtering is basic; should be included in base license
- PA devices should come with secure defaults
August 04, 2021
Palo Alto Networks Next-Generation Firewalls - features of a ML based firewall that you need to know!
Score 10 out of 10
Vetted Review
Verified User
- Palo Alto Networks Next-Generation Firewalls - PA Series gives predictive performance, as per our sizing and requirements
- It is integrated very well with internal features it is providing, like, Wildfire Sandbox integrated with gateway AV and URL filtering engine
- Seamlessly integrates with 3rd party tools and systems, like integration with ClearPass from HPE Aruba for user auth, syslog integration, etc
- Enhanced security features like EDL, Credential theft prevention, DNS Security, ML based firewall, which we cannot find in another solutions
- Palo Alto Networks Next-Generation Firewalls - PA Series provides platform for network security but lacks features for additional features like built-in MFA, cloud based management, etc
- In file filtering and AV module, there could be a few optional features of white listing a specific file by its name or hash value or some other detail.
- Compared to other vendors, this is costly, but again, feature-rich and hence cannot be with other firewalls.
- App filtering
- Sandboxing
- Wildfire
- Firewall throughput
- CLI configuration is tough
- Cost is too high.
- TAC support response.
- Application Level filtering is the best feature which is known as AppID.
- Content filtering also the best function which is known as ContentID.
- Data Encryption is very strong.
- Sandboxing also very good function.
- Heavy budget small level company can't afford.
- Only pro level security engineer can handle or work on it.
- To remember CLI based command is very difficult.
May 29, 2021
Most powerful firewall - Palo Alto
- Anti-spyware.
- Anti virus capabilities.
- Anti malware protection.
- Application based control.
- User identification.
- Advanced security features.
- Palo Alto is really expensive firewall.
- Complicated command line.
May 28, 2021
Palo Alto for Deep Scanning
- Application filtering
- Content filtering
- Advance malware protection
- Deep Scanning
- Sandboxing
- Easy to Configure through GUI
- Anti-Spoofing & Anti-Spam
- It's complicated to implement it into existing network
- Packet flow is not easy to understand for the beginners
- Expensive as compare to other available solutions
- Less documentation available
- Application control.
- Content filtering.
- Advanced IPS.
- Advanced routing.
- Deep packet inspection.
- Malware protection.
- Sand boxing.
- Hard to configure through CLI.
- Very expensive.
May 12, 2021
Why you should go with Palo Alto
- Anti-malware
- Sandboxing
- App control
- URL filtering
- User-friendly GUI
- Difficult to configure via CLI.
- Documentation insufficient.
- Migration from other vendor to PA in existing network.
December 28, 2020
Best NGFW product I have ever worked with
Score 9 out of 10
Vetted Review
Verified User
- Firewall performance during threat analysis
- Wildfire support to protect from zero-day threats
- Huge database of applications and behavior knowledge
- Virtual wire inline deployment mode
- In the field of GP VPN
- Cloud segment
- Third-party integration support
February 29, 2020
Palo Alto PA Series firewalls deliver tons of features and straightforward management
- It does an excellent job of securing by applications rather than relying on ports.
- With the separate management and data planes we've never experience performance issues.
- Content updates (apps, URLs, threats) are seamless and automatic.
- It is very flexible and powerful on the network configuration side.
- When web managing, you cannot sort by columns by clicking on a column.
- Palo Alto does not officially bless specific versions as recommended.
- The Global Protect client upgrade process does not provide feedback on progress.
- Logging queries sometimes take a while to complete.
January 13, 2020
Palo Alto PA Series Review
- Security Enforcement and Review - The Palo Alto firewall provides all the advanced features you would expect from a modern firewall. Zones based rules, Layer 4 and down rules, and application firewall rules.
- User Definition - The Palo Alto firewall has direct AD integration. This allows rules to be based not just on source an destination information, but also on which security group in the AD that user belong. For example you can limit access to out of band networks to only the users that need it.
- Line Rate Traffic Analysis - When doing my home work I found that Palo Alto firewalls provide high speed analysis to traffic with additional processors to allow line speed results.
- No cloud analytics - I believe industry as a whole is moving to a management suite powered by ML. Palo has a great product, but currently there is no ML backed platform.
- SD WAN - Palo has just announced the addition of SDWAN in its upcoming 9.1 release. I feel they are a bit late to the game compared to others like Fortinet.
- Web based interface can still seem slow at time when compared to more modern HTML 5 interfaces.
December 06, 2019
Palo Alto - Security in a box
- Inline rule threat assessment
- Good information dataplane and graphics
- GlobalProtect VPN needs a user launchable option from pre-logon. This has been a challenge for government customers for years. Their competitor Cisco AnyConnect has SBL.
- Quality of upgrades/updates has been getting worse throughout the years. As of recent things they supposedly fixed have been making it back into the newer updates causing more headache for administrators to roll back. Especially if the update addresses a CVE.
- Some of the lower end units do not perform to the spec on paper - 220/800.
October 14, 2019
Palo Alto NGFW
- Web filtering by category is done better than competing solutions (FortiGate, for example). There is a significantly smaller number of false negatives, at least in my experience, on Palo Alto firewalls than on competing solutions.
- Logging. Firewall logs on the Palo Alto are very comprehensive. Firewall stores a lot of information about client connections and log filtering options are incredible.
- Reliable. Palo Alto firewalls we are using were trouble-free so far both software and hardware-wise.
- Very good VPN solution. GlobalProtect VPN works very well - stable and high performance. As it is hard to troubleshoot issues with remote clients, good performance by SSL VPN client is an important point.
- Can be complicated to use. Both the Web interface and the CLI of the Palo Alto firewall are quite sophisticated. It is much harder to perform the configuration of the Palo Alto firewall than a Fortinet one.
- Subscriptions. To properly use the firewall, subscription packages are needed, and licensing can be confusing and/or expensive.
October 14, 2019
TOP GUNS of Next-Generation Firewalls
- Easy policies deployment
- Great at zero day protection
- Very intuitive admin console
- Great for HA environments and real-time protections
- Price
- License
October 09, 2019
Palo Alto NGFWs a success story waiting for you
- The PA handles VPN connectivity without missing a beat. We have multiple VPN tunnels in use for redundancy to cloud-based services.
- The PA has great functionality in supporting failover internet connections, again with the ability to have multiple paths out to our cloud-based services.
- The PA is updated on the regular with various security updates, we are not concerned with the firewall's ability to see what packets are really flowing across the network. Being able to see beyond just IP and port requests lets you know things are locked down better than traditional firewalls.
- It is a great overall kit, with URL filtering and other services that fill in the gaps between other solutions without breaking the bank.
- Documentation that is available for solutions from Palo Alto is great. If you find yourself in a situation where something has not been previously documented or implemented, you will have to find out solutions yourself.
- The ability to use the API for push/pull information with the firewall was a major selling point. However, some items a person would expect to be readily available through the API do not exist, so either you have to go without or do extensive amount of work to put together, sort, and clean the data from multiple sources (I am looking at you dhcp logs).
October 09, 2019
Palo Alto Networks Next-Generation Firewalls
- Security performance
- Implementation
- Managment
- Cloud features
- Value
- Support
August 07, 2019
Palo Alto Security Gateways are Simply Secure
- Simple Policy Management
- Easy-to-read Documentation
- On-Board Troubleshooting Tools
- URL-Filtering rules are complex
- Some Cryptic Error Messages
- Undocumented software bugs
July 04, 2019
Implimentation is easy with unique SP3 Architecture.
Score 7 out of 10
Vetted Review
Verified User
- Deployment is easy and its function is understandable.
- Due to its advanced SP3 architecture it runs data plain and management plain separately.
- Technical support is good and fast
- The product is already perfect
- It provides application layer visibility and deep packet inspection capabilities.
- Only VM based firewalls to provide security on the public cloud.
- It supports advanced features like threat protections, URL filtering, and wildfire.
- Supports advanced routing OSPF/BGP/RIP.
- Palo Alto is still new on VM and protection of the public cloud. Features like high availability and encryption/decryption can also be introduced just like in the physical firewall.
- Throughput capacities over IPSEC VPN can be improved on lower model firewalls including PA-220 , PA-3000 series.
- Interaction with multi-factor applications like duo can enhance access security.
March 16, 2019
Palo Alto Networks Next Generation.
- The URL filtering is awesome.
- Wildfire is an amazing feature.
- Traffic reporting is very useful.
- Expandability is easy, you can easily add additional services.
- Configure ability is not as simple for someone who isn’t an expert.
- Support goes overseas and while they have been very helpful, there are often issues communicating.
March 11, 2019
A huge improvement over traditional layer 2/3 firewalls.
- Ease of use.
- Fast response to new security threats (WildFire).
- Application aware firewall (App-ID).
- Logging is fantastic and easy to see what's being blocked/allowed basically in real time.
- Durability/reliability is surprisingly good, only issue we've had is a couple issues with faulty power supplies, but all our units have redundant power supplies so it was a non-issue.
- Support is surprisingly good.
- Cost, these firewalls are awesome, but not cheap.
March 09, 2019
PAN: It costs a lot, but it's worth it!
- Easy to learn and use the web-based console. Learn the platform and be able to manage any Palo Alto device.
- No separate management for control/data plane like the checkpoint.
- VPN is VERY easy to set up, even double/twice NAT VPN, and can use VTI for route-based VPN setups.
- Units are far more expensive than competitors. It's worth it, but the price point can scare potential clients off.