Palo is about as good as it gets.
December 08, 2018

Palo is about as good as it gets.

Michael Haberkern | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User

Software Version

PA-5000 Series

Overall Satisfaction with Palo Alto Networks Next-Generation Firewalls - PA Series

We have PA firewalls throughout the City, sizing and capabilities based on the needs of the department.
  • Having two engines:
  • Routing Engine—The Routing Engine provides three main functions:
  • Creates the packet forwarding switch fabric for the Services Router, providing route lookup, filtering, and switching on incoming data packets, then directing outbound packets to the appropriate interface for transmission to the network.
  • Maintains the routing tables used by the router and controls the routing protocols that run on the router.
  • Provides control and monitoring functions for the router, including controlling power and monitoring system status.
  • Packet Forwarding Engine—Processes packets; applies filters, routing policies, and other features; and forwards packets to the next hop along the route to their final destination.
  • The search functions of the appliances and the OS is pretty good. Better than most firewalls.
  • Engaging support was quicker, which can really make or break your day\week when it comes to an outage.
  • Building an OSPF tunnel with another vendor is proving difficult. Support cant seem to fix it even in their sandbox environment.
  • The Firewall is extremely granular, sometimes searching can prove tedious and frustrating if you're new to the OS.
  • Great up-time and reliability. May cost a little more but is worth it.
  • Between our PA firewalls and our Juniper switching infrastructure, we are pulling almost .9999 of up-time.
  • There are always problems with vendors working VPN tunnels and protocols together and we have a known issue with OSPF with one of our PA's and another vendor and PA cant seem to figure it out. We're planning on replacing the old legacy box soon to alleviate this dilemma.
PA is a no-contest winner to these. Have not got to mess with the Checkpoints too much, but also hear good things too. Will need to try them out to see who the winner is between them and PA.
Palo Alto ranks as one of the best nex-gen firewalls. Their OS, real-time analytics and their wildfire product is pretty top-notch. They are even branching out in the AV side, just don't have the GUIs integrated well, so it more sites to go to. Instead, one global GUI would be nice.