Overall Satisfaction with Palo Alto Networks Next-Generation Firewalls - PA Series
We utilize Palo Alto Next Generation Firewalls to protect our perimeter network and provide VPN connectivity for site-to-site and endpoint access. The firewall helps to mitigate potential misuse of the internet as well as stopping attacks from shady websites.
- AppID is able to see what the actual internet traffic is. For instance instead of port 443 just being "Internet traffic" we can define access to Facebook-base or all the other facets of facebook.
- UserID allows us to define policies based on group or user access and integrates with our Active Directory. This helps to configure a least access privilege and if we find misuse of the network we can tighten specific users to a stricter policy.
- GlobalProtect VPN connection helps our employee's connect from home remotely. This provides a very secure connection with minimal configuration.
- Wildfire provides very up-to-date information regarding global attack mitigations and stopping techniques.
- Our specific model is a bit slow and outdated and takes up to 10 minutes to commit a configuration change.
- Nested security rules would be helpful instead of a linear approach. But rule creation in general is very simple.
- Documentation gives a very straight forward answer to some items but is very vague in others.
- Support could be a little better. An issue we had a tech was insistent it was the "other guy" and it ended up being the very latest PAN OS upgrade.
- We used to outsource our Firewall and it's management. Not only did we find their SLA's to be lacking, in general, but communication between us was horrible. Many times we could not understand them and that resulted in less than desirable rule creation or troubleshooting.
- Since we no longer have to pay a company for 24/7 management (and SLOW SLA's) we are saving a ton of money each year. Also our fellow employee's are much happier that things can be resolved in a timely manner.
We've used Trustwave's products, Netgear business class, Checkpoint and none of these come to the cost/performance/ease of management/feature set/support of the PA NGFW's. We've found Trustwave's support and response to be near impossible to live with. Netgear is very limited and cheaply made. Checkpoint, while having a large feature set is VERY expensive.