3 out of 5.0, Reviewed Oct 18, 2016
Using the NG features of the firewalls is relatively easy. AV,Anti Spyware, URL filtering, File Blocking, it all just works with very little setup. DLP is a bit immature as it produces many false positives on PCI data. Version 7.0 - 7.1 was full of bugs. I found 4 in the first 4 months of turn up. 7.1.3 is stable for us. PAN support recommends not moving to code that isn't at least in its third minor release. Doesn't instill much confidence in their development team. There are also hidden gotchas in the Panorama product that make it difficult to onboard a full existing firewall config onto that product. Support when we implemented was fairly easy to get on the phone (5-20 mins). This week I waited on hold for 2 hours 12 minutes. After 45 mins it was more about if they would pick up. I think I got caught in a shift change and the automated system just kept me in oblivion. Long wait times (30mins+) seem to be the norm now. The, "we'll call you back without losing your place in queue" feature doesn't appear to work.
Don't run any new release of code.
All the NG features. Ability to match on domain name, URL, etc.
Support & PANOS releases.
It was going to be not relying on their customers so heavily for product testing. Now I think they need to concentrate on support response.
Wait for at least for the 7.1 release.
Typically on hold for 30mins and as high as 2 hours
5 out of 5.0, Reviewed Oct 18, 2016
Simply the best at what they do.
Buy Palo, replace Cisco!
Nothing, great product and experience.
No issues, service, when needed was awesome.
5 out of 5.0, Reviewed Sep 20, 2016
Excellent customer service.
Layer 7 visibility.
I would not do anything different
excellent support, even got followup calls after the issue was resolved.
5 out of 5.0, Reviewed Sep 19, 2016
Palo Alto has been extremely responsive to changes/features/bugs, we left a well -known vendor because we became a number and nothing else.
WildFire is a tough sell to executive management, talk to Palo Alto to get customer references that can speak to specific examples of where WildFire has done a spectacular job of saving end users. I have Wildfire deployed in front of critical life and limb systems, and WildFire has potentially saved lives.
Other than the obvious security benefits, the visibility and reporting that we gained by using Palo Alto was tremendous, and very eye-opening.
Palo Alto is not necessarily cheap. The counter to that is that we are actually outsourcing a fair amount of security work to experts (Palo Alto) and am paying for that expertise and ability.
Palo Alto should bundle WildFire in with the security offering, or even give a free year. It would make it much easier for technical staff to sell it to management if there were already documented on-site success stories.
Deploying a Palo Alto successfully with full L7 capabilities requires going across operational boundaries. We were slow to fully extend what was seen as a traditional piece of network gear into other areas of the organization, and could have potentially increased the adoption rate earlier, of both PA as well as WildFire in particular.
Palo Alto is the benchmark that I'm using as an architect to compare others to.
Top notch support, very friendly, and willing to work well beyond the end of their shift for major issues.
5 out of 5.0, Reviewed Sep 19, 2016
I have been working on firewalls since 1999 and the PAN firewall is by far the most powerful product I have used. Don't forget they also have an endpoint client "Traps" that take your desktop security to the next generation.
Do a POC and let them show what that old Layer 3 firewall is missing. Make sure to use all of the features especially decryption as that is where all of the bad stuff lives!
Support is quick to respond and very knowledgeable. None of this "upgrade your code and call us back business." The hardware is very fast and the configuration is easy to understand especially if you are coming from another zone based firewall.
Commit times on small firewalls such as the 200 or 500 series.
Nothing at this time
Extremely powerful box! Decryption Anti Spyware Anti Virus Malware Client VPN Cloud updates
Support is always quick and very knowledgable which is hard to find in the Tech world.
We cut over with very little notice/issues from the end user.
5 out of 5.0, Reviewed Aug 17, 2016
Excellent security product. We had a attempted hack for SCADA network and was blocked. The advisory came out a few weeks later and we shown the event was blocked to senior management and board members.
Drop old Cisco ASA fast.
Best security product of it class
License cost and have to replace the entire appliance if you did not plan for expansion
Less software maintenance cost
No. Excellent product investment. We are expanding the Palo Alto deployment in the agency
Best of its class for inbound web traffic and outbound traffic management
Timely and competent support team
Move old policies to new policies may be a bit challenging Hard to test in production environment
5 out of 5.0, Reviewed Jul 28, 2016
Fast html5 interface, good customer support.
We have a good support engineer, which is very responsive to your questions.
Got a bigger box with more interfaces, so we have create different dmz zones.
Not sure how it intergrate with Cisco ACI.
5 out of 5.0, Reviewed Jul 28, 2016
The Palo Alto platform is incredibly easy to use and was very fast to deploy. With all the features enabled, we now have a unified pane of glass into the who, what and where of all traffic flows into and out of the network. When comparing other platforms, the Palo Alto interface feels like a Mac OSX as compare to others. For a cross-trained team of admins and SoC staff, having this simple to use system makes sharing and collaborating very easy.
Consider the big picture Palo Alto offers and the total value of NGFW (next-generation firewall).
It is a higher price solution on the surface, but once in place, you know you are getting a valuable system.
Ensure validation steps were involved after the swap to ensure no unknown exposure was introduced.
4 out of 5.0, Reviewed Jul 28, 2016
Product has worked well at securing our network. Could use better documentation and visibility of known bugs.
5 out of 5.0, Reviewed Jul 14, 2016
Very easy to deploy and very flexible features. We configured three globally diverse sites in our clients for performance based dynamic selection of the VPN destination. Users are amazed at how much better their user experience is after their switch to GlobalProtect from our previous vendor. They enjoy the always-on/automatic connection and never have to worry about manually logging into VPN. They are just always ON the network.
Leave the latest client version for your test environment and deploy the older major revision unless you need a specific feature.
Usability for the clients is amazing. They absolutely love it. Administratively it is very easy to setup and maintain as well.
Again, just the ability to change the client's Portal server within a VPN profile vs having to push a registry change or something.
Allow for modification of the GlobalProtect Portal the client connects to so you can easily shift users from one portal to another to retire a system or migrate a user profile from a test box to production.
Nothing different probably.
Very capable solution with many options we have and have not yet deployed.
Never had a better vendor support team than what PANW provides. Always has been top notch.