Palo Alto Networks a NGFW leader with little to no competition today
March 06, 2019

Palo Alto Networks a NGFW leader with little to no competition today

Anonymous | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User

Software Version

PA-7000 Series

Overall Satisfaction with Palo Alto Networks Next-Generation Firewalls - PA Series

Palo Alto Networks firewalls are replacing legacy port and protocol based firewalls to assist in implementing a security stack that includes layer7 application identification controls, user-based access, threat prevention, as well as zone based segmentation of networks and systems. We are also leveraging Palo Alto Globalprotect for remote-access VPN and testing the new web-based VPN features.

Pros

  • Palo Alto Networks is a leader in zone-based firewall deployments.
  • Palo Alto Networks domain integration makes them a leader in restricting access based on source user/AD group.
  • Palo Alto is continuously developing their Application catalog to help restrict traffic on layer 7 apps not just ports/services.

Cons

  • Palo Alto threat signatures and application signatures are not available to most customers, the black box method makes it hard to determine the root cause of issues in some cases.
  • Some updates - especially for new OS releases are buggy and needs to be fully tested before deployment.
  • Positive ROI - combining firewall technology with threat prevention/detection removing the need (in many cases) of a separate IPS/IDS
  • Positive ROI - combining multiple firewalls into one where appropriate leveraging zone based firewalling
  • Negative ROI - none discovered yet
Palo Alto beats all other current UTM/NGFW at this point in time. Palo Alto has a complete vision and is less buggy/requires less management overhead than other NGFW/UTMs on the market. They are currently developing a lot of products and I can see in the next 5 years, other vendors may catch up and possibly overtake Palo Alto networks.
Palo Alto firewalls are great for 99% of any deployment. Their cost is sometimes prohibitive making other technologies better suited for those concerned about cost - but the cost is worth the technology and this should not be a driver to chose Palo Alto Networks. Their web VPN cannot replace other implementations (Cisco, F5, etc.) but is getting better with each release.

Comments

More Reviews of Palo Alto Networks Next-Generation Firewalls - PA Series