Palo Alto will stop the bad guys for you!
January 30, 2018

Palo Alto will stop the bad guys for you!

Christopher St.Amand | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Review Source

Software Version

PA-500 Series

Overall Satisfaction with Palo Alto Networks Next-Generation Firewalls - PA Series

We utilize Palo Alto Next Generation Firewalls to protect our perimeter network and provide VPN connectivity for site-to-site and endpoint access. The firewall helps to mitigate potential misuse of the internet as well as stopping attacks from shady websites.
  • AppID is able to see what the actual internet traffic is. For instance instead of port 443 just being "Internet traffic" we can define access to Facebook-base or all the other facets of facebook.
  • UserID allows us to define policies based on group or user access and integrates with our Active Directory. This helps to configure a least access privilege and if we find misuse of the network we can tighten specific users to a stricter policy.
  • GlobalProtect VPN connection helps our employee's connect from home remotely. This provides a very secure connection with minimal configuration.
  • Wildfire provides very up-to-date information regarding global attack mitigations and stopping techniques.
  • Our specific model is a bit slow and outdated and takes up to 10 minutes to commit a configuration change.
  • Nested security rules would be helpful instead of a linear approach. But rule creation in general is very simple.
  • Documentation gives a very straight forward answer to some items but is very vague in others.
  • Support could be a little better. An issue we had a tech was insistent it was the "other guy" and it ended up being the very latest PAN OS upgrade.
  • We used to outsource our Firewall and it's management. Not only did we find their SLA's to be lacking, in general, but communication between us was horrible. Many times we could not understand them and that resulted in less than desirable rule creation or troubleshooting.
  • Since we no longer have to pay a company for 24/7 management (and SLOW SLA's) we are saving a ton of money each year. Also our fellow employee's are much happier that things can be resolved in a timely manner.
We've used Trustwave's products, Netgear business class, Checkpoint and none of these come to the cost/performance/ease of management/feature set/support of the PA NGFW's. We've found Trustwave's support and response to be near impossible to live with. Netgear is very limited and cheaply made. Checkpoint, while having a large feature set is VERY expensive.
These are easy to configure devices where a super technical security engineer is not necessarily needed to manage the device. From a small corporate office with the PA-220 to a very large office PA-5x series, management is very similar across the whole line of products. Security rules, objects and other building blocks are easy to find. The interface is easily navigable. There are some quirks in regards to the interface but nothing horrible, especially since v7 update. Utilizing UserID is beneficial in a corporate environment that uses LDAP/Active Directory to in order to create policies according to users/groups. AppID helps to reduce attack surfaces. Wildfire and the other antivirus/malware features are automatically updated to provide a very up to date protection package.