Solid multi-function security solution, but it's not cheap!
June 28, 2017

Solid multi-function security solution, but it's not cheap!

Anonymous | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User

Software Version

PA-3000 Series

Overall Satisfaction with Palo Alto Networks PA-3000 Series

We use the PA-3000 firewalls to secure our perimeter at our data centers. Our entire organization uses these devices to secure all Internet traffic. We use these firewalls for multiple purposes, including anti-virus, threat detection, DMZ, routing, URL filtering, and malware protection, in both layer 3 active/standby mode as well as vwire mode.
  • Performs a lot of security functionality all in one device - this is important because especially in today's world, there are a lot of point products out there and it can be difficult for a small or medium-sized business to manage all of them. Having one product saves time, money, and complexity.
  • High availability performance is very good, failover is seamless, which is important for business continuity.
  • GUI is excellent, which makes it very easy for administrators to manage the firewall and see exactly what is happening.
  • The CLI is a bit confusing, and it's difficult to find what you're looking for. Takes a lot of practice. Definitely not as good as the Cisco CLI.
  • Updating the firmware is often a very dangerous process, especially when jumping minor or major releases. More QA should be done to validate and ensure no issues during upgrades. I'll admit it's gotten better over time, but there is still room for improvement.
  • Overall, even though the device is very expensive (both hardware and licensing), the product does produce a decent ROI, given that one (or HA pair) of devices can do so many things, such as anti-virus, anti-malware, URL filtering, SSL decryption, SSL VPN, routing, etc.
  • There will definitely be sticker shock when you're renewal comes up annually (or after 3 years), so be sure to look very carefully at the recurring costs of this product, with respect to licensing and hardware/software maintenance.
The GUI on the Palo Alto firewalls is excellent, compared to the ASA. Also, the Panorama management GUI is very good. At the time when we were evaluating vendors, Cisco had just acquired Sourcefire, so the ASA just didn't have the features that the Palo Alto did in terms of advanced security features. I'm sure things are different today, so it would be prudent to do a new comparison.
Great for a small to medium sized business, with connectivity requirements at around 1GBPS. Once you go over that, especially when A VPN is involved, resources can become taxed and you might be better off looking at a higher end model. Though note these devices are not cheap, and can be especially expensive with all of the licenses added on.