Palo Alto PA Series firewalls deliver tons of features and straightforward management
February 29, 2020

Palo Alto PA Series firewalls deliver tons of features and straightforward management

Paul Luchini | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Review Source

Software Version

PA-5200 Series

Overall Satisfaction with Palo Alto Networks Next-Generation Firewalls - PA Series

We are using two Palo Alto PA-5220 firewalls in a high availability configuration as our data center/HQ head-end firewalls as well as our Global Protect VPN portal and gateway. They are used agency-wide for both data center and user traffic, and have allowed us to combine features from our past firewall, VPN and content/URL filtering solutions into one.
  • It does an excellent job of securing by applications rather than relying on ports.
  • With the separate management and data planes we've never experience performance issues.
  • Content updates (apps, URLs, threats) are seamless and automatic.
  • It is very flexible and powerful on the network configuration side.
  • When web managing, you cannot sort by columns by clicking on a column.
  • Palo Alto does not officially bless specific versions as recommended.
  • The Global Protect client upgrade process does not provide feedback on progress.
  • Logging queries sometimes take a while to complete.
  • It has decreased the number of individual devices we have deployed, saving costs and management required.
  • It has maintained high uptime for our services.
  • When we replaced our 5000 series firewalls with 5200 series firewalls the performance increased so much we were able to move down a model and actually save money over three years by upgrading (when including support costs).
At first we continued using Check Point as our port-based firewall while using Palo Alto for content/URL filtering and threat prevention. However, we soon realized the Palo Alto did everything the Check Point did, plus quite a bit more. Hence, it made sense to consolidate all functions on the Palo Alto instead of splitting them between the two. The Palo Alto was also quite a bit more advanced as far as routing and policy-based routing goes.
We've run into a couple undocumented bugs, but that seems to happen with every brand and technology. Any time we've had to engage Palo Alto support they've always been professional, knowledgeable and prompt. In almost all cases we've been able to resolve our issues without having to escalate our tickets.

Do you think Palo Alto Networks Next-Generation Firewalls - PA Series delivers good value for the price?

Yes

Are you happy with Palo Alto Networks Next-Generation Firewalls - PA Series's feature set?

Yes

Did Palo Alto Networks Next-Generation Firewalls - PA Series live up to sales and marketing promises?

Yes

Did implementation of Palo Alto Networks Next-Generation Firewalls - PA Series go as expected?

Yes

Would you buy Palo Alto Networks Next-Generation Firewalls - PA Series again?

Yes

Palo Alto PA Series firewalls are well suited to be your main firewall/NAT/VPN/content/URL filtering gateway. It simplifies management and design by having all of these features integrated into one device. It also handles our AD and terminal server user identification requirements well, which a lot of other products don't do at all. Finally, it scales up well since you can manage all of your Palo Alto firewalls from a single Panorama server.

Next-Generation Firewalls - PA Series Feature Ratings

Identification Technologies
10
Visualization Tools
8
Content Inspection
10
Policy-based Controls
9
Active Directory and LDAP
9
Firewall Management Console
8
Reporting and Logging
8
VPN
9
High Availability
10
Stateful Inspection
10
Proxy Server
10