Next-Generation Firewalls - PA Series

Next-Generation Firewalls - PA Series

Customer Verified
Top Rated
About TrustRadius Scoring
Score 9.3 out of 100
Top Rated
Palo Alto Networks Next-Generation Firewalls - PA Series

Overview

Recent Reviews

Palo Alto for Deep Scanning

10
May 28, 2021
We are using Palo Alto Firewall because of the advance features they have & we are using content filtering & application filtering …

Palo Alto PA Series Review

10
January 13, 2020
Palo Alto Networks Next-Generation Firewalls is used as our routing, security, and network core at the resort. All traffic that flows from …

Palo Alto - Security in a box

10
December 06, 2019
Palo Alto serves as our perimeter defense product, from threat assessment on the internal network, to ingressing connectivity from the …

Reviewer Sentiment

N/A
Positive ()
N/A
Negative ()
Learn how we calculate reviewer sentiment

Awards

TrustRadius Award Top Rated 2022
TrustRadius Award Top Rated 2020

Popular Features

View all 11 features

Policy-based Controls (21)

10.0
100%

Content Inspection (21)

9.9
99%

Identification Technologies (21)

9.9
99%

Visualization Tools (21)

9.2
92%

Reviewer Pros & Cons

View all pros & cons

Video Reviews

Leaving a video review helps other professionals like you evaluate products. Be the first one in your network to record a review of Next-Generation Firewalls - PA Series, and make your voice heard!

Pricing

View all pricing
N/A
Unavailable

What is Next-Generation Firewalls - PA Series?

Palo Alto next-generation firewalls classify all traffic, including encrypted and internal traffic, based on application, application function, user and content. Users can create security policies to enable only authorized users to run sanctioned applications.

Entry-level set up fee?

  • No setup fee

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting / Integration Services

Would you like us to let the vendor know that you want pricing?

10 people want pricing too

Alternatives Pricing

What is pfSense?

pfSense is a firewall and load management product available through the open source pfSense Community Edition, as well as a the licensed edition, pfSense Plus (formerly known as pfSense Enterprise). The solution provides combined firewall, VPN, and router functionality, and can be deployed through…

What is SonicWall TZ?

SonicWall TZ is a NGFW for small to mid-sized companies. It is a Unified Threat Management solution, with additional native decryption and deep-packet inspection capabilities.

Features Scorecard

Firewall

9.7
97%

Product Details

What is Next-Generation Firewalls - PA Series?

Palo Alto Network’s Next-Generation Firewalls is a firewall option integrated with other Palo Alto security products. NGFWs classify and monitor all traffic, including encrypted and internal traffic, based on application, function, user, and content. Palo Alto emphasizes the Zero Trust policy, through which users can create security policies to enable only authorized users to run sanctioned applications, reducing the surface area of cyber attacks across the organization.


Palo Alto’s NGFW provides in-firewall encryption and decryption, as well as data and application segmentation. It integrates with PA’s WildFire malware prevention service and supports easy adoption with an open-source tool for firewall migration. It encompasses on-premises and cloud environments for full-system security.

Next-Generation Firewalls - PA Series Competitors

  • Cisco
  • Checkpoint
  • Barracuda

Next-Generation Firewalls - PA Series Technical Details

Operating SystemsUnspecified
Mobile ApplicationNo

Comparisons

View all alternatives

Frequently Asked Questions

What is Next-Generation Firewalls - PA Series?

Palo Alto next-generation firewalls classify all traffic, including encrypted and internal traffic, based on application, application function, user and content. Users can create security policies to enable only authorized users to run sanctioned applications.

What is Next-Generation Firewalls - PA Series's best feature?

Reviewers rate Policy-based Controls and High Availability and Stateful Inspection highest, with a score of 10.

Who uses Next-Generation Firewalls - PA Series?

The most common users of Next-Generation Firewalls - PA Series are from Mid-sized Companies (51-1,000 employees) and the Information Technology & Services industry.

Reviews and Ratings

 (144)

Ratings

Reviews

(1-25 of 37)
Companies can't remove reviews or game the system. Here's why
Diego Carmignani | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Review Source
  • Easy web management interface
  • Search is powerfull and easly
  • Many L7 Applications recognize for policies
  • SD-WAN feature is quite difficult
  • Dedicated logging server missing
  • Entry PA Appliance has slowly web interface
  • Commit configuration is slower than other competitors
Score 10 out of 10
Vetted Review
Verified User
Review Source
  • Palo Alto Networks Next-Generation Firewalls - PA Series are excellent at utilizing URL filtering to provide us very granular access to individuals or Active directory groups as needed.
  • The Palo Alto Networks Next-Generation Firewalls - PA Series adds multiple defense layers to include, Anti Spyware, Anti-Malware, File blocking, URL filtering, and we also incorporate the.
  • Wildfile malware protection subscription.
  • SSL Inspection was very manageable by creating decryption policies by URL category.
  • The Global Protect VPN setup could be a little more intuitive.
  • Creating IPSec VPN tunnels can be a little challenging. Would be nice if they grouped and forced entries in all the necessary places as a guide.
Score 10 out of 10
Vetted Review
Verified User
Review Source
  • Palo Alto Networks Next-Generation Firewalls - PA Series gives predictive performance, as per our sizing and requirements
  • It is integrated very well with internal features it is providing, like, Wildfire Sandbox integrated with gateway AV and URL filtering engine
  • Seamlessly integrates with 3rd party tools and systems, like integration with ClearPass from HPE Aruba for user auth, syslog integration, etc
  • Enhanced security features like EDL, Credential theft prevention, DNS Security, ML based firewall, which we cannot find in another solutions
  • Palo Alto Networks Next-Generation Firewalls - PA Series provides platform for network security but lacks features for additional features like built-in MFA, cloud based management, etc
  • In file filtering and AV module, there could be a few optional features of white listing a specific file by its name or hash value or some other detail.
  • Compared to other vendors, this is costly, but again, feature-rich and hence cannot be with other firewalls.
Chirag Deol | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Review Source
  • Application Level filtering is the best feature which is known as AppID.
  • Content filtering also the best function which is known as ContentID.
  • Data Encryption is very strong.
  • Sandboxing also very good function.
  • Heavy budget small level company can't afford.
  • Only pro level security engineer can handle or work on it.
  • To remember CLI based command is very difficult.
Vinit Sharma | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Review Source
  • Application filtering
  • Content filtering
  • Advance malware protection
  • Deep Scanning
  • Sandboxing
  • Easy to Configure through GUI
  • Anti-Spoofing & Anti-Spam
  • It's complicated to implement it into existing network
  • Packet flow is not easy to understand for the beginners
  • Expensive as compare to other available solutions
  • Less documentation available
Score 9 out of 10
Vetted Review
Verified User
Review Source
  • It does an excellent job of securing by applications rather than relying on ports.
  • With the separate management and data planes we've never experience performance issues.
  • Content updates (apps, URLs, threats) are seamless and automatic.
  • It is very flexible and powerful on the network configuration side.
  • When web managing, you cannot sort by columns by clicking on a column.
  • Palo Alto does not officially bless specific versions as recommended.
  • The Global Protect client upgrade process does not provide feedback on progress.
  • Logging queries sometimes take a while to complete.
Adam Morrison | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Review Source
  • Security Enforcement and Review - The Palo Alto firewall provides all the advanced features you would expect from a modern firewall. Zones based rules, Layer 4 and down rules, and application firewall rules.
  • User Definition - The Palo Alto firewall has direct AD integration. This allows rules to be based not just on source an destination information, but also on which security group in the AD that user belong. For example you can limit access to out of band networks to only the users that need it.
  • Line Rate Traffic Analysis - When doing my home work I found that Palo Alto firewalls provide high speed analysis to traffic with additional processors to allow line speed results.
  • No cloud analytics - I believe industry as a whole is moving to a management suite powered by ML. Palo has a great product, but currently there is no ML backed platform.
  • SD WAN - Palo has just announced the addition of SDWAN in its upcoming 9.1 release. I feel they are a bit late to the game compared to others like Fortinet.
  • Web based interface can still seem slow at time when compared to more modern HTML 5 interfaces.
Score 10 out of 10
Vetted Review
Verified User
Review Source
  • Inline rule threat assessment
  • Good information dataplane and graphics
  • GlobalProtect VPN needs a user launchable option from pre-logon. This has been a challenge for government customers for years. Their competitor Cisco AnyConnect has SBL.
  • Quality of upgrades/updates has been getting worse throughout the years. As of recent things they supposedly fixed have been making it back into the newer updates causing more headache for administrators to roll back. Especially if the update addresses a CVE.
  • Some of the lower end units do not perform to the spec on paper - 220/800.
October 14, 2019

Palo Alto NGFW

Score 10 out of 10
Vetted Review
Verified User
Review Source
  • Web filtering by category is done better than competing solutions (FortiGate, for example). There is a significantly smaller number of false negatives, at least in my experience, on Palo Alto firewalls than on competing solutions.
  • Logging. Firewall logs on the Palo Alto are very comprehensive. Firewall stores a lot of information about client connections and log filtering options are incredible.
  • Reliable. Palo Alto firewalls we are using were trouble-free so far both software and hardware-wise.
  • Very good VPN solution. GlobalProtect VPN works very well - stable and high performance. As it is hard to troubleshoot issues with remote clients, good performance by SSL VPN client is an important point.
  • Expensive. Palo Alto offerings are usually more expensive than products of competing companies (Cisco ASA, FortiGate, SonicWall, etc.).
  • Can be complicated to use. Both the Web interface and the CLI of the Palo Alto firewall are quite sophisticated. It is much harder to perform the configuration of the Palo Alto firewall than a Fortinet one.
  • Subscriptions. To properly use the firewall, subscription packages are needed, and licensing can be confusing and/or expensive.
Score 9 out of 10
Vetted Review
Verified User
Review Source
  • The PA handles VPN connectivity without missing a beat. We have multiple VPN tunnels in use for redundancy to cloud-based services.
  • The PA has great functionality in supporting failover internet connections, again with the ability to have multiple paths out to our cloud-based services.
  • The PA is updated on the regular with various security updates, we are not concerned with the firewall's ability to see what packets are really flowing across the network. Being able to see beyond just IP and port requests lets you know things are locked down better than traditional firewalls.
  • It is a great overall kit, with URL filtering and other services that fill in the gaps between other solutions without breaking the bank.
  • Documentation that is available for solutions from Palo Alto is great. If you find yourself in a situation where something has not been previously documented or implemented, you will have to find out solutions yourself.
  • The ability to use the API for push/pull information with the firewall was a major selling point. However, some items a person would expect to be readily available through the API do not exist, so either you have to go without or do extensive amount of work to put together, sort, and clean the data from multiple sources (I am looking at you dhcp logs).
Irteza Rana | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Review Source
  • It provides application layer visibility and deep packet inspection capabilities.
  • Only VM based firewalls to provide security on the public cloud.
  • It supports advanced features like threat protections, URL filtering, and wildfire.
  • Supports advanced routing OSPF/BGP/RIP.
  • Palo Alto is still new on VM and protection of the public cloud. Features like high availability and encryption/decryption can also be introduced just like in the physical firewall.
  • Throughput capacities over IPSEC VPN can be improved on lower model firewalls including PA-220 , PA-3000 series.
  • Interaction with multi-factor applications like duo can enhance access security.
Cory Brester | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Review Source
  • The URL filtering is awesome.
  • Wildfire is an amazing feature.
  • Traffic reporting is very useful.
  • Expandability is easy, you can easily add additional services.
  • Configure ability is not as simple for someone who isn’t an expert.
  • Support goes overseas and while they have been very helpful, there are often issues communicating.
Score 10 out of 10
Vetted Review
Verified User
Review Source
  • Ease of use.
  • Fast response to new security threats (WildFire).
  • Application aware firewall (App-ID).
  • Logging is fantastic and easy to see what's being blocked/allowed basically in real time.
  • Durability/reliability is surprisingly good, only issue we've had is a couple issues with faulty power supplies, but all our units have redundant power supplies so it was a non-issue.
  • Support is surprisingly good.
  • Cost, these firewalls are awesome, but not cheap.
Score 9 out of 10
Vetted Review
Verified User
Review Source
  • Easy to learn and use the web-based console. Learn the platform and be able to manage any Palo Alto device.
  • No separate management for control/data plane like the checkpoint.
  • VPN is VERY easy to set up, even double/twice NAT VPN, and can use VTI for route-based VPN setups.
  • Units are far more expensive than competitors. It's worth it, but the price point can scare potential clients off.