I've mainly worked with the VM-Series, and a few features have been really effective for threat prevention in our networks, like McAfee training, Accountant ID, and apps ID. These features integrate well with our existing environments and tools, such as Panorama. 

 The VM-Series scalability is fast and easy to implement, improving our security posture as our Azure network grows. The only minor issue we've faced is with the apps ID configuration, which requires specific matching for application filtering. Tools like Loopback help us identify open or denied flows between two firewalls and manage the servers effectively. The Palo Alto system easily identifies rules and objects within roles, making maintenance straightforward.

No other major concerns, just the specific issue with Apps ID configuration. Otherwise, overall stability, VPN, IPSec, VRF, and flow management with the VM-Series have been very stable and reliable.

I have been using Palo Alto Networks VM-Series for 2 years.

I've had a positive experience with Palo Alto's support. They usually respond within a few hours, which is satisfactory

Positive

In my experience, Palo Alto and Fortinet offer similar quality and high-level security compared to other vendors like Cisco and Forcepoint. They stand out in terms of reliability and security features. Other vendors may not match their level of performance and security.

It is easy to maintain because we have various tools to manage and monitor the system. 

The pricing for Palo Alto is quite high compared to FortiGate, which is more affordable. I don't have the exact figures as my manager handles that, but from my research, Palo Alto's licensing costs are significantly higher.

I would rate Palo Alto Networks VM-Series as an eight overall. My recommendation for others considering this tool would be to ensure they have the budget for it, as it can be expensive compared to alternatives like FortiGate. Also, they should be prepared to understand and document their application metrics thoroughly to implement the firewall correctly. 

I use the solution in my company to block threats, detect vulnerabilities, and protect the organization's internal network.

The most valuable feature of the solution stems from the fact that its UI is good since it offers options. In terms of being compliant with the firewall security standards, the product falls in the first or second place. The product can also be considered as NGFW. In general, the product is user-friendly.

The reporting part of the product is an area of concern where improvements are required. Compared to Palo Alto Networks VM-Series's reports, FortiGate NGFW provides users with reports that are easy to understand.

I have been using Palo Alto Networks VM-Series for three to four years.

The product's stability is good. Considering the cloud availability, I can say that the product is 99.99 percent stable. The firewall functions properly on the cloud, and there has been no downtime in the last couple of years. Unless the cloud services from Microsoft Azure go down, the firewall works properly.

My company has 1,000 users of the product, but not all of them are connected to the product all the time since my company has three different fire products running in the cloud. I would say there are around 600 Palo Alto Networks VM-Series users.

The technical support for the solution is very good.

The product's deployment phase is not complex. The tool is easy to deploy.

The solution is deployed on the cloud.

There is a need to make payments toward a yearly subscription-based model in which you need to add modules that you want to use in your company.

I can't elaborate on how the product was deployed in our company's existing infrastructure since the product was not deployed by our company, as the vendor handled it. The product can be deployed on the cloud platform you want to use. If you are using Azure's cloud services, then we select VM-Series, take care of the configurations, and upload the required details to get the product.

In terms of the product's ability to improve our company's network security posture, I see that the tool keeps our systems protected since all the network traffic is routed through the tool. The tool provides protection against any malicious traffic that attempts to get into the company network as such networks get blocked and quarantined by the firewall. Been blocked on the firewall network. Malicious components in the network don't enter our company's internal network, so the users are protecting the systems attached to the internal traffic.

My company has not integrated the product with any third-party software.

Speaking about the benefits of dynamic scalability, I would say that my company has not used the product's scalability features. I don't think there is anything wrong with the tool's scalability functionalities.

The tool is good for enterprise-level organizations because it has many options for users in its office. The product also comes with a lot of add-ons. If you can leverage the benefits of everything the product offers, then it can be useful. It is easy if you want to integrate the tool or connect it with other applications or third-party software, and you can do cloud monitoring and SIEM. The tool also works with XDR products. In general, the tool has its pros and is good software.

I have not encountered any issues with policy management in the product.

The product helps find vulnerabilities in the system, especially opened ports and unwanted ports that are open. If there are any issues, you can explore your system further with Nmap and with the help of a given IP address.

I rate the tool an eight out of ten.

We primarily use the solution for cloud firewalling, SASE, ZTNA, and CASB compared to the hardware-based NGFW or cloud firewalls.

The product is easy to use and deploy, and it enhances the overall security posture while deploying the application in the cloud. The most effective features of the solution for threat prevention are Layer 7 inspection, SSL decryption, IPS, and the web filtering profile. You can use the solution to easily protect your data from cyber criminals, including insider or outside-based attacks.

The solution is easy to deploy, easy to manage, and easy to create policies. An organization's overall security posture can be improved by deploying Palo Alto Networks VM-Series firewall.

The DLP functionality or data classification can be improved in the solution's basic firewalling.

I have been using Palo Alto Networks VM-Series for two to three years.

Palo Alto Networks VM-Series is a stable solution.

I rate the solution a nine out of ten for stability.

Compared to Checkpoint Maestro Firewall, the solution's scalability is not up to the mark. We'll need to upgrade the firewall for any tech refresh, throughput requirement, or hardware-based incremental. We have more than 100 customers for Palo Alto Networks VM-Series.

The solution’s technical support is great.

The solution’s initial setup is straightforward.

The solution's deployment time depends on the business application or business requirement. Based on that, the solution is easy to deploy and use.

Based on the customer budget, they can choose from 12-month, 36-month, or 60-month licensing models. The solution is quite expensive compared to Fortinet, Check Point, or Cisco. Customers can go for the solution's premium version, which I wouldn't say is expensive because it secures important data.

We cannot say that we have achieved 100% security by deploying the solution, but we have added one more security layer to protect us from security threats or attackers. For deployment, we have more than 400 engineers handling our SOC, including the MSS part, the security of business center implementation, and manageability.

Deploying the solution does not provide a 100% data safeguard, but it adds another security layer. The solution provides single-pass parallel processing (SP3) architecture, which is more effective than other firewall vendors. From the hardware and architecture perspective, the solution is good compared to Check Point or Fortinet firewalls.

Overall, I rate the solution an eight out of ten.

I use Palo Alto Networks VM-Series for testing purposes of VMs.

The main advantage of Palo Alto Networks VM-Series stems from the fact that you can access it with the help of cloud services.

With Palo Alto Networks VM-Series, it is hard for me to manage its network configuration part. Regarding Palo Alto Networks VM-Series, I am figuring out whether to use interzone or intrazone networks for the VMs in our company's environment, which is very confusing. The aforementioned aspects of the solution can be considered for improvement.

In the future, whenever I try to onboard Palo Alto Networks VM-Series, it should allow for easy configuration, especially in terms of network connectivity. I want an easier setup and configuration in the product's future releases.

I have been using Palo Alto Networks VM-Series for around a year. My company has a partnership with Palo Alto Networks.

The technical support of Palo Alto Networks does reply to the cases or issues I file with the support team. The support is equally good for all the products that fall under Palo Alto Networks. I rate the technical support a nine out of ten.

Positive

I rate the implementation process a six or seven on a scale of one to ten, where one is difficult and ten is easy.

During the implementation process of the product, I faced some issues related to the networking part and connectivity of VMs. I faced issues with how an end user could connect the VMs to a firewall or connect a firewall to VMs, but the same process was easy for me on a physical device firewall.

I am more comfortable with the physical device firewall. I am actually trying to figure out things since I am not very familiar with the VM side of Palo Alto.

I would recommend Palo Alto Networks VM-Series since it is a cheaper product compared to the other tools available in the market. Apart from Palo Alto Networks VM-Series, I usually recommend Palo Alto Networks Cortex XSOAR and Palo Alto Networks Prisma Cloud.

I rate the overall product an eight out of ten.

The tool's cloud version makes application migration easy. 

Palo Alto Networks VM-Series needs to improve its order process. 

I have been working with the solution for two years. 

I rate the solution's stability a nine out of ten. 

I rate the product's scalability a nine out of ten. 

Palo Alto Networks VM-Series' deployment is not difficult. 

The solution is expensive. I rate its pricing a three out of ten. 

Palo Alto Networks VM-Series is an enterprise product because it is costly. I rate it an eight out of ten. 

We use Palo Alto Networks VM-Series primarily for security purposes. It helps us with URL filtering, domain blocking, threat analysis, and detecting vulnerabilities.

We can monitor the traffic manually and detect threats. Additionally, we can block different IP addresses and URLs.

There could be dynamic DNS features similar to Fortinet in the product.

We have been using Palo Alto Networks VM-Series for six years.

I rate the product's stability a nine out of ten.

I rate the product's stability a seven out of ten. It could be better. We have four users for it at the moment. We plan to increase the number of devices.

We receive technical support from a local partner rather than directly from the vendor. The support team requires more training.

Positive

We have used Cisco Adaptive Security Appliance (ASA) before. Compared to Palo Alto, Cisco devices are not feasible regarding hardware. They are very slow and complicated to find the granular level of results. Sometimes, even a technical expert is unable to fetch a proper report.

I rate the initial setup process an eight out of ten. It takes eight hours to complete and requires one security engineer to execute the process. The deployment involves setting up security policies. The on-premise installation is simple. However, VM installation is complicated in terms of the network interface.

It is an expensive product. I rate the pricing an eight out of ten. We purchased a three-year license for it.

I rate Palo Alto Networks VM-Series an eight out of ten.

We use the product to mitigate vulnerabilities for the applications running on particular VMs.

The product's most valuable feature is pricing.

Compared to Azure Firewall, the product could be better in terms of performance.

We have been using Palo Alto Networks VM-Series for three years.

The product is stable.

It is an easy-to-scale product and suitable for enterprises.

Palo Alto's support is good. Whenever I raise a ticket, they immediately look into it and make a Zoom call.

Positive

I have used Cisco's Next-Generation Firewall before. It works better than Palo Alto.

Palo Alto's installation process is easy because we use Panorama tool to manage it. We can communicate and implement traffic policies, filtering, and other specific options with its help.

It requires two to three engineers and takes two days to complete the deployment. For maintenance, it requires a team of two engineers.

It's good to work with Palo Alto Networks VM-Series. I recommend it to others and rate it an eight out of ten.

Ours is an enterprise environment and some of the services are hosted in our private data centers and some of the servers are hosted on Azure. We have the IPSec tunnels from the firewalls to our own data centers and from the firewall to the cloud as well. It depends on the type of application being hosted.

We are using Panorama for centralized management of all our firewalls around the world, as well as for centralized management of security policies and network settings. We have not completely migrated to the cloud. We are in transit.

Palo Alto has many features for troubleshooting real-time scenarios. The troubleshooting, compared to other firewalls has been optimized in a way that saves a lot of time.

I like the UI. Most things are accessible from the user interface and it is quite user-friendly. With respect to both VM-based firewalls and physical firewalls, it's easy to create updates.

They have a centralized Palo Alto Customer Support Portal and if we require any licenses, such as a next-generation firewall license, we can easily download and integrate them with this solution. We can also schedule periodic updates. That is quite user-friendly.

In terms of functionality, we are using IPSec tunneling and Palo Alto's WildFire feature. We use the security policies, Panorama, and Prisma Cloud as well.

We use Panorama to manage our security policy model across on-prem and public cloud environments. It plays a key role with respect to centralized management, for physical enterprise firewalls and cloud-based firewalls. It gives you centralized control over all the infrastructure. Unified policies can be pushed from that centralized place with templates.

When you deploy VM-Series Firewalls, they are quite flexible. You just have to select the instances, storage, security policies, and firewall rules. Within minutes, you can deploy the firewalls.

We are also able to adjust firewall sizing on the fly, which is important. Initially, we decided on a firewall based on the throughput assumptions. But in peak hours or during a peak month for traffic, we need to scale the firewalls. That should be automatically done. AWS and Azure provide very good features and, by using them, within a second it automatically scales, based on the incoming traffic.

Palo Alto has launched different products, such as physical firewalls as well as cloud and VM-based firewalls. Recently, they introduced their Prisma Cloud solution. Compared to the previous technologies, like Panorama, which is used for centralized firewall management, or even individual firewalls, it's a bit challenging to integrate the traditional firewall policies into Prisma Cloud. And the Prisma Cloud interface isn't very user-friendly. 

Our organization has been using Palo Alto Networks VM-Series for more than five years, and I have worked on this solution for two years.

The solution is certainly stable. I have worked with many vendors' firewalls and Palo Alto's are definitely stable.

Obviously, it is scalable as long as you have the licenses and support with Palo Alto. You can implement the firewalls in high-availability mode or use the cloud functionality as well. For scalability, Palo Alto is optimized.

We have 30-plus sites around the world with more than 4,000 users.

Palo Alto has very good support. When you have a valid license, they can replace a device with a new one. They have the CSP portal and you can log in and see all the firewalls listed. You can raise TAC cases with a priority of low, medium, or high, and, based on the priority, they will send an email to you. They have live support as well. In case of an issue, you can call them directly and they will provide the required support.

Positive

Earlier, we were using many vendors' firewalls, per their suitability for our clients. Apart from Palo Alto, we were using Cisco ASA, Check Point, and Juniper. The network grew over the years and each site had its own set of firewalls. The issue was that we had to standardize things across the network. There was also a gradual change in the technology and features available. Our security team thought we needed a better implementation, for optimization and troubleshooting, and something that was friendly for daily operations.

We have both private cloud and hybrid. Some of the services are on the cloud and some are on-prem in our data center. Setting up Palo Alto firewalls is quite easy compared to other vendors.

Migrating our old infrastructure to Palo Alto took four to six months. 

We did some pilot project testing with Palo Alto. If, for example, we want to migrate from XYZ vendor to Palo Alto, the very first thing we had to do was capture all the existing security and NAC policies and all the NGFW functionality. Palo Alto has specific features. For example, you can capture the logs in an inline environment, such as what traffic is going to the network, what security policies are there, et cetera. We deployed the Palo Alto firewalls in that way to only capture the traffic. We then analyzed the traffic, and we worked with Palo Alto TAC to understand the security policies and the exact throughput to determine the hardware we were going to use. We monitored all of that for a few months and then we started the migration from other vendors to Palo Alto.

We had 10 engineers involved in the deployment, but each on-site location had its own team as well. Three were senior network architects and the other seven were staff network engineers.

If you want to keep up to date in the network, it requires quite a bit of patching. It has many features, like Unified Threat Management and antivirus that can be auto-updated by scheduling an update for them. But the major patching has to be done manually. In our organization, we do it quarterly.

It is worth the cost.

Palo Alto Networks VM-Series is notably cheaper than other firewall vendors, except Fortigate. Fortigate is number one in terms of pricing.

Our security team tested various firewalls and it came down to FortiGate and Palo Alto and they found Palo Alto was quite suitable for the network.

Everything is moving to the cloud and we need a solution that can support all the multi-vendor platforms and the new technologies as well. That is quite important for any enterprise organization or service provider nowadays. If we talk about moving existing loads from our own data centers or enterprise sites to the cloud, we need a solution that can take care of everything, such as security compliance, and that is easy to use. Palo Alto is good in those terms.

With the introduction of Prisma Cloud, Palo Alto is encouraging clients to migrate their infrastructure, such as VPN and security solutions to Prisma Cloud. It has been highly optimized compared to Panorama. Palo Alto is promoting it and asking their clients to use Prisma Cloud to improve their security infrastructure.

I would advise, when you deploy a new site, to manage it from the centralized Panorama solution. With Panorama, you have a local login, so even if the internet is down you have access to the firewall management.

We had a situation, when performing patching, where the firewall lost the remote connection via the internet and it had not been onboarded to Panorama. That mean we lost connectivity and we had to involve the onsite technicians. To avoid that scenario, all firewalls should be centrally managed by Panorama.

And for troubleshooting, each firewall should have syslog profiles activated.