Palo Alto NGFW
October 14, 2019
Palo Alto NGFW
Score 10 out of 10
Vetted Review
Verified User
Software Version
PA-5000 Series
Overall Satisfaction with Palo Alto Networks Next-Generation Firewalls - PA Series
We use Palo Alto NGFW as our main on-site firewall. There are several units (5000-series) for failover purposes. Firewalls are needed for CIPA compliance and for general Internet Security. We also use the GlobalProtect SSL VPN to provide access to LAN for remote users. We use web-filtering, application filtering (App-ID), etc.
- Web filtering by category is done better than competing solutions (FortiGate, for example). There is a significantly smaller number of false negatives, at least in my experience, on Palo Alto firewalls than on competing solutions.
- Logging. Firewall logs on the Palo Alto are very comprehensive. Firewall stores a lot of information about client connections and log filtering options are incredible.
- Reliable. Palo Alto firewalls we are using were trouble-free so far both software and hardware-wise.
- Very good VPN solution. GlobalProtect VPN works very well - stable and high performance. As it is hard to troubleshoot issues with remote clients, good performance by SSL VPN client is an important point.
- Can be complicated to use. Both the Web interface and the CLI of the Palo Alto firewall are quite sophisticated. It is much harder to perform the configuration of the Palo Alto firewall than a Fortinet one.
- Subscriptions. To properly use the firewall, subscription packages are needed, and licensing can be confusing and/or expensive.
- Palo Alto firewalls dramatically improved web filtering capabilities due to the effective category-based filtering. There is less of a need to block web sites manually, reducing administrative workload.
- Blocking Applications (App-ID) allowed our organization to have more control over the network and generally proved effective even against applications usually able to avoid firewall filtering (torrent clients, remote access software).
- Logging capabilities of the firewalls were effectively used for cyber security investigations and compliance. Robust filtering options saved many work hours of investigation.
The main competitor I can compare Palo Alto to is the FortiGate series of devices by Fortinet. FortiGates are capable UMTs and also less expensive than Palo Altos. That being said, category filtering on FortiGates is less effective, and they are not as feature-rich as Palo Altos. My suggestion would be to use FortiGate for simpler deployments and Palo Altos for more demanding ones.
Do you think Palo Alto Networks Next-Generation Firewalls - PA Series delivers good value for the price?
Yes
Are you happy with Palo Alto Networks Next-Generation Firewalls - PA Series's feature set?
Yes
Did Palo Alto Networks Next-Generation Firewalls - PA Series live up to sales and marketing promises?
Yes
Did implementation of Palo Alto Networks Next-Generation Firewalls - PA Series go as expected?
Yes
Would you buy Palo Alto Networks Next-Generation Firewalls - PA Series again?
Yes