Overall Satisfaction with Palo Alto Networks VM-200
We've been using the VM-series Palo Alto solution in a two-unit HA configuration running on our hardware as an affordable alternative to the PA-series hardware firewalls, without sacrificing speed or features. It services both outbound browsing (NAT, URL-based and deep inspection security) and inbound firewall (signature-based attack mitigation) needs. The AD/Exchange agents make it simple to manage by user, not by device.
- GlobalProtect SSL-VPN/IPsec server and client are top notch.
- The web interface and CLI are both very well documented and easy to use.
- Technical support is knowledgeable and treats tier 1 issues with all due haste.
- Sometimes the configuration gets out of sync between HA peers, it won't sync, and it also won't say why.
- Every time I log in I get warned that the logfile partition is almost full. Yes, I know that, you're deleting the oldest ones, I know: stop telling me about it with a giant pop-up at login.
- I like green, but I wish I could choose mauve as a background color for the web interface.
- Reduced firewall management tasks by an order of magnitude
- Reduced needed VPN client support to nearly zero
- Allowed reporting/monitoring of bandwidth usage, increasing overall productivity (big brother is watching you.....)
- Cisco ASA Firepower, SonicWall and Fortinet FortiGate
We did a shootout between the SonicWall / Fortinet / Barracuda / Cisco ASA + Firepower / Palo Alto, both hardware and (when applicable) VM appliances.
The Barracuda / Sonicwall / Fortinet technology is interesting, but nowhere near as robust as the PA technology. Using the money we saved by switching to Palo Alto instead of Cisco, we purchased a small island in the Caribbean.
The Barracuda / Sonicwall / Fortinet technology is interesting, but nowhere near as robust as the PA technology. Using the money we saved by switching to Palo Alto instead of Cisco, we purchased a small island in the Caribbean.