Overall Satisfaction with Palo Alto Networks PA-3000 Series
Palo Alto is used as our primary firewalls. It addresses the problem of outside intrusions and are configured with both basic and advanced firewall features. We are able to protect against application-level threats and it is also used to manage our VPN and MPLS networks. Many features such as dynamic block lists, DLP, web content filtering, advanced threat protection, wildfire, and DDoS protection are available and are in use with our company.
- Protects against common threats such as unauthorized vulnerability scans
- Protects against malware applications and ransomware such as Cryptowall
- Allows very secure VPN connections for external users
- The web content filtering is good, but could be improved
- Wildfire can take a long time to analyze files
- Alerts and logs could contain a little more information or intelligence to help narrow down a threat.
- Dynamic protection against all types of threats
- Excellent ROI by protecting from otherwise devastating attacks
- Easy to use GUI reduces staff time for management and administration
Cisco ASA doesn't even compare to the Palo Alto firewalls. When using a Cisco ASA at another company, we were constantly dealing with malware that got past the firewalls because it didn't provide any layer 7 protection. The PA's provide next level protection against application and user-based threats as well as run of the mill malware, port scans, and DoS attacks.
Using Palo Alto Networks PA-3000 Series
Pros | Cons |
---|---|
Like to use Relatively simple Easy to use Well integrated Consistent Quick to learn Convenient Feel confident using Familiar | None |
- Turning advanced features on or off
- Blocking threats based on criticality
- Maintaining whitelists.
- Initial configuration can take some work
- Maintaining specific ACL's for specific networks
- SSL decryption can take some time to implement correctly