Palo Alto Networks VM-Series Firewalls: "Virtually" the Greatest
June 13, 2017

Palo Alto Networks VM-Series Firewalls: "Virtually" the Greatest

Bear Golightly | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User

Software Version

VM-200 Series

Overall Satisfaction with Palo Alto Networks VM-200

We've been using the VM-series Palo Alto solution in a two-unit HA configuration running on our hardware as an affordable alternative to the PA-series hardware firewalls, without sacrificing speed or features. It services both outbound browsing (NAT, URL-based and deep inspection security) and inbound firewall (signature-based attack mitigation) needs. The AD/Exchange agents make it simple to manage by user, not by device.
  • GlobalProtect SSL-VPN/IPsec server and client are top notch.
  • The web interface and CLI are both very well documented and easy to use.
  • Technical support is knowledgeable and treats tier 1 issues with all due haste.
  • Sometimes the configuration gets out of sync between HA peers, it won't sync, and it also won't say why.
  • Every time I log in I get warned that the logfile partition is almost full. Yes, I know that, you're deleting the oldest ones, I know: stop telling me about it with a giant pop-up at login.
  • I like green, but I wish I could choose mauve as a background color for the web interface.
  • Reduced firewall management tasks by an order of magnitude
  • Reduced needed VPN client support to nearly zero
  • Allowed reporting/monitoring of bandwidth usage, increasing overall productivity (big brother is watching you.....)
We did a shootout between the SonicWall / Fortinet / Barracuda / Cisco ASA + Firepower / Palo Alto, both hardware and (when applicable) VM appliances.

The Barracuda / Sonicwall / Fortinet technology is interesting, but nowhere near as robust as the PA technology. Using the money we saved by switching to Palo Alto instead of Cisco, we purchased a small island in the Caribbean.
There's almost certainly a Palo Alto product to fit your organization's needs, although a PA VM-200 might be overkill for a small branch office. However, given the modest pricing of the VM-series, the central management capabilities of Panorama, and the site-to-site VPN capabilities of the Palo Alto platform, I can imagine recommending small PA VM-series appliances in place of small PA hardware appliances for branch sites that already have virtualization, especially if you have a number of branch offices - the cost reduction from centralized management would more than pay for the "premium" solution vs a typical branch router device.