Let me state up front, that I am a partner of Palo Alto Networks as well as Check Point and Juniper. Over the years we have had a lot of success with all three manufacturers. Palo Alto Networks has built a network security device that is technically different from everything else on the market. If you clear away the marketing BS, there is no denying it. My technical explanation follows in the next paragraph. Whether you think what Palo Alto Networks does is important enough to make the switch, that's up to you.
The purpose of a firewall is to enable you to create a Positive Enforcement Model (default deny) control between two networks that have different trust levels. Traditional stateful inspection firewalls were able to this when they first appeared in the mid 1990s. They can no longer do it because of the way modern applications are written using techniques such as port sharing, port hopping, tunneling, and encryption.
To the best of my knowledge, Palo Alto Networks is the only firewall on the market that allows you to do implement a Positive Enforcement Model. Furthermore, Gartner just came out with their Firewall Magic Quadrant in late December 2011 and said the same thing.
Palo Alto's IPS functionality matches up very well with the best stand-alone IPS's in the industry according to NSS Labs, a well respected security product evaluation shop in the UK. What is interesting is that the PAN IPS functionality needs less tuning because it knows the application and applies only the relevant signatures.
WRT to UI, CLI, logging, and other "standard" firewall features, PAN is satisfactory.
Finally, Palo Alto continues to innovate with support for remote and mobile users and for analyzing files for malware in a separate (cloud-based) process that does not impact stream processing.