Reviews (1-2 of 2)
December 06, 2018
Score 9 out of 10
PAN has been a fantastic boon to our users by doing full inline threat protection, Easy VPN configuration, including a uniform interface that scales from small devices to large devices.
- Easy deployment.
- Backups, snapshotting, etc. make returning to pre-change state a snap.
- Threat management, data leak protection, etc. can be done in-line with ease.
- I feel like there is not enough of a support community, similar to checkpoint.
- VPN client is not as user-friendly as Anyconnect.
- No root access to device.
Read this authenticated review
PAN does a great job at classifying traffic, and rate-limiting said traffic at line rate. (Very similar to Bluecoat/Packetteer's Packet Shaper) This also alleviates the need for a second device to do bandwidth control. I believe that it's a great user-based, and security-focused device, and one of the few that can produce a positive enforcement model (Deny first).
Score 10 out of 10
We've been using the VM-series Palo Alto solution in a two-unit HA configuration running on our hardware as an affordable alternative to the PA-series hardware firewalls, without sacrificing speed or features. It services both outbound browsing (NAT, URL-based and deep inspection security) and inbound firewall (signature-based attack mitigation) needs. The AD/Exchange agents make it simple to manage by user, not by device.
- GlobalProtect SSL-VPN/IPsec server and client are top notch.
- The web interface and CLI are both very well documented and easy to use.
- Technical support is knowledgeable and treats tier 1 issues with all due haste.
- Sometimes the configuration gets out of sync between HA peers, it won't sync, and it also won't say why.
- Every time I log in I get warned that the logfile partition is almost full. Yes, I know that, you're deleting the oldest ones, I know: stop telling me about it with a giant pop-up at login.
- I like green, but I wish I could choose mauve as a background color for the web interface.
Read Bear Golightly's full review
There's almost certainly a Palo Alto product to fit your organization's needs, although a PA VM-200 might be overkill for a small branch office. However, given the modest pricing of the VM-series, the central management capabilities of Panorama, and the site-to-site VPN capabilities of the Palo Alto platform, I can imagine recommending small PA VM-series appliances in place of small PA hardware appliances for branch sites that already have virtualization, especially if you have a number of branch offices - the cost reduction from centralized management would more than pay for the "premium" solution vs a typical branch router device.
Virtualized Next-Generation Firewalls - VM Series Scorecard Summary
About Virtualized Next-Generation Firewalls - VM Series
|The VM-Series is a virtualized form factor of Palo Alto next-generation firewall that can be deployed in a range of private and public cloud computing environments based on technologies from VMware®, Amazon® Web Services, Microsoft®, Citrix®, and KVM. The VM-Series natively analyzes all traffic in a single pass to determine the application identity, the content within, and the user identity. These core elements can then be used as integral components of your security policy, improving security efficacy through a positive control model and reducing incident response time through visibility into applications across all ports.|
Virtualized Next-Generation Firewalls - VM Series Technical Details