Rock-solid perimeter security with unmatched application visibility
What do you like best about the product?
Palo Alto’s App-ID and Threat Prevention engines give us granular control over traffic we never had with our previous stateful firewall. We can write policies around business apps instead of IP/port combos, then verify exactly what was allowed/blocked in the detailed logs. WildFire zero-day analysis has already caught two pieces of unknown malware in the last quarter, and the cloud signatures hit our gateways within minutes. Centralized management in Panorama is another highlight one commit pushes our rules to three sites, so audit time dropped from hours to minutes.
What do you dislike about the product?
Licensing is pricey and can be confusing (Threat Prevention, WildFire, DNS Security, etc.). The web UI occasionally lags when committing large rule-set changes, and the learning curve for first-time admins is steep expect to spend time in the docs or take the EDU-210 course. Support is generally solid, but faster response requires the higher-tier contract.
What problems is the product solving and how is that benefiting you?
Before we moved to Palo Alto, we juggled a traditional port-based firewall, a separate IPS, and far too many manual rules. That setup left gaps: users could tunnel apps over random ports, malware sometimes slipped past signature updates, and every audit felt like a scavenger hunt through spreadsheets.
The PA NGFWs solved three big headaches at once:
1. App-based policy instead of IP/port juggling. With App-ID we now write 15 clean rules around business apps rather than dozens of port rules. Audits take minutes, not hours.
2. Built-in threat and zero-day protection. WildFire and DNS Security catch phishing callbacks and unknown executables before they land on endpoints. Since go-live we’ve seen a \~70 % drop in malware tickets and zero ransomware scares.
3. Unified visibility and management. Panorama pushes configs to HQ and branches in one commit, and the detailed logs make troubleshooting a two-minute task instead of a war-room event.
Bottom line: fewer security incidents, cleaner audits, and a lot more time for the team to focus on strategic projects instead of constant rule-tweaking.
The PA NGFWs solved three big headaches at once:
1. App-based policy instead of IP/port juggling. With App-ID we now write 15 clean rules around business apps rather than dozens of port rules. Audits take minutes, not hours.
2. Built-in threat and zero-day protection. WildFire and DNS Security catch phishing callbacks and unknown executables before they land on endpoints. Since go-live we’ve seen a \~70 % drop in malware tickets and zero ransomware scares.
3. Unified visibility and management. Panorama pushes configs to HQ and branches in one commit, and the detailed logs make troubleshooting a two-minute task instead of a war-room event.
Bottom line: fewer security incidents, cleaner audits, and a lot more time for the team to focus on strategic projects instead of constant rule-tweaking.
There are no comments to display