Palo Alto - Security in a box
Overall Satisfaction with Palo Alto Networks Next-Generation Firewalls - PA Series
Palo Alto serves as our perimeter defense product, from threat assessment on the internal network, to ingressing connectivity from the internet. Provides inline web proxy and ssl inspection without the need of other machines/hardware. A few problems it solves are: 1) perimeter defenses, 2) sanity and 3) DFARs.
Pros
- Inline rule threat assessment
- Good information dataplane and graphics
Cons
- GlobalProtect VPN needs a user launchable option from pre-logon. This has been a challenge for government customers for years. Their competitor Cisco AnyConnect has SBL.
- Quality of upgrades/updates has been getting worse throughout the years. As of recent things they supposedly fixed have been making it back into the newer updates causing more headache for administrators to roll back. Especially if the update addresses a CVE.
- Some of the lower end units do not perform to the spec on paper - 220/800.
- Ease of setup and security is a net gain for the cost of a security appliance in a box.
I've been using NGFW since 2014. When it really was the main player in the new term "Next Gen Firewall". I'm sure the bar is pretty matched across the board with Fireeye and other niche players and even Juniper/Cisco etc. Eventually there will be equilibrium. I chose Palo Alto because I am comfortable with them, I know the product fairly well from my time using them at Raytheon/(Websense/Forcepoint). I would certainly choose them over a Sophos UTM or Forcepoint Firewalls at the moment. I say this with extreme caution, if PA cannot get their update quality resolved in the future, I may be forced to look at other products that may spend more time QA'ing their updates.
A prime example is in the upgrade/iupdate stream, there are newer versions out that are not stable or recommended by support, but yet there is no indication from the "Update Software" if that release is GA, ED, or Beta/Alpha. There needs to be more visual communication to [system administrators] whether a release is GA or no from within the update options in the firewall.
A prime example is in the upgrade/iupdate stream, there are newer versions out that are not stable or recommended by support, but yet there is no indication from the "Update Software" if that release is GA, ED, or Beta/Alpha. There needs to be more visual communication to [system administrators] whether a release is GA or no from within the update options in the firewall.
Do you think Palo Alto Networks Next-Generation Firewalls - PA Series delivers good value for the price?
Yes
Are you happy with Palo Alto Networks Next-Generation Firewalls - PA Series's feature set?
Yes
Did Palo Alto Networks Next-Generation Firewalls - PA Series live up to sales and marketing promises?
Yes
Did implementation of Palo Alto Networks Next-Generation Firewalls - PA Series go as expected?
Yes
Would you buy Palo Alto Networks Next-Generation Firewalls - PA Series again?
Yes
Comments
Please log in to join the conversation