Palo Alto PA-3000 series - a valuable and reliable resource for protecting your network
Updated June 29, 2016

Palo Alto PA-3000 series - a valuable and reliable resource for protecting your network

Gary Halbedel | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User

Software Version

PA-3000 Series

Overall Satisfaction with Next-Generation Firewalls - PA Series

We are using the Palo Alto Networks PA-3020 to control internet access for the entire organization. The business problems being addressed are:
1. availability of services and information, e.g. protecting against malicious activity that would attempt to destroy or otherwise prevent access to services and information.
2. confidentiality of data and resources
3. integrity of data and resources
  • It manages software updates particularly well as well as the ability to downgrade software versions. This is a strength because of the need to stay current with patches to fix discovered vulnerabilities and also assurance that if an update causes a serious problem, it is relatively easy to roll it back.
  • Reliability is good. We have not had any unscheduled downtime from the device since we've put it into production.
  • It does a good job identifying threats and potential threats based on vulnerabilities and blocking suspect connections automatically.
  • I would like to see some guidance on suggested action to take on an identified threat or potential threat beyond just blocking the access.
  • In the Monitor tab/threat, I would like to be able to copy an item in the listing (ip address, url, etc.) directly rather than having to click on the item which automatically puts it into the filter where I can then mark and copy the item. Also, if I want to copy the URL and I click on it, it puts it into the filter as an IP address which I may not necessarily want to copy.
  • I don't know how to put a dollar amount on ROI for this product nor can I say for sure what we may have been protected against had we not had the Palo Alto in place, but we have not had a ransomware attack or other security event since the device has been in place. I know from experience that responding to an event and remediating from an event can be costly in terms of lost user productivity and IT staff man-hours spent.
  • As an IT staff member chiefly responsible for security, I spend less time looking for and blocking potential breaches or attempts since the Palo-Alto automatically detects and blocks many of those automatically without my intervention.
I have used the Cisco ASA 5520 but it is a traditional packet filtering firewall. We chose the Palo Alto because it is a next-gen application aware device which the Cisco is not. I also evaluated the Cisco next-gen device but I felt they were late to the game and Palo Alto was the pioneer in this area.
We evaluated the SonicWall which looked comparable to the Palo Alto but the Palo Alto turned out to be an easier purchase for us for various reasons.
The PA-3000 Series is well suited as a single point of control for internet access. The PA-3000 series also provides support for internal network segmentation. I can't speak from experience for other scenarios but I have a colleague at another organization who uses multiple Palo Alto firewalls in their deployment and is very happy with them.