Palo Alto Networks a NGFW leader with little to no competition today
March 06, 2019

Palo Alto Networks a NGFW leader with little to no competition today

Anonymous | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User

Software Version

PA-7000 Series

Overall Satisfaction with Palo Alto Networks Next-Generation Firewalls - PA Series

Palo Alto Networks firewalls are replacing legacy port and protocol based firewalls to assist in implementing a security stack that includes layer7 application identification controls, user-based access, threat prevention, as well as zone based segmentation of networks and systems. We are also leveraging Palo Alto Globalprotect for remote-access VPN and testing the new web-based VPN features.


  • Palo Alto Networks is a leader in zone-based firewall deployments.
  • Palo Alto Networks domain integration makes them a leader in restricting access based on source user/AD group.
  • Palo Alto is continuously developing their Application catalog to help restrict traffic on layer 7 apps not just ports/services.


  • Palo Alto threat signatures and application signatures are not available to most customers, the black box method makes it hard to determine the root cause of issues in some cases.
  • Some updates - especially for new OS releases are buggy and needs to be fully tested before deployment.
  • Positive ROI - combining firewall technology with threat prevention/detection removing the need (in many cases) of a separate IPS/IDS
  • Positive ROI - combining multiple firewalls into one where appropriate leveraging zone based firewalling
  • Negative ROI - none discovered yet
Palo Alto beats all other current UTM/NGFW at this point in time. Palo Alto has a complete vision and is less buggy/requires less management overhead than other NGFW/UTMs on the market. They are currently developing a lot of products and I can see in the next 5 years, other vendors may catch up and possibly overtake Palo Alto networks.
Palo Alto firewalls are great for 99% of any deployment. Their cost is sometimes prohibitive making other technologies better suited for those concerned about cost - but the cost is worth the technology and this should not be a driver to chose Palo Alto Networks. Their web VPN cannot replace other implementations (Cisco, F5, etc.) but is getting better with each release.


More Reviews of Palo Alto Networks Next-Generation Firewalls - PA Series