Palo Alto
Palo Alto Networks’ Next-Generation Firewalls
Palo Alto Networks’ next-generation firewalls provide network security by enabling enterprises to see and control applications, users, and content – not just ports, IP addresses, and packets – using three unique identification technologies: App-ID, User-ID, and Content-ID. These identification technologies, found in Palo Alto Networks’ enterprise firewalls, enable enterprises to create business-relevant security policies – safely enabling organizations to adopt new applications, instead of the traditional “all-or-nothing” approach offered by traditional port-blocking firewalls used in many security infrastructures.
Palo Alto Networks’ Approach to Network Security
Palo Alto Networks’ next-generation firewalls are based on our Single-Pass Parallel Processing (SP3) Architecture, enabling low latency, multi-Gbps performance –while delivering greater functionality than any other type of security device.
Next-generation firewall model families include Palo Alto Networks’ PA-4000 Series and the PA-2000 Series, along with the newly released PA-500 and range from 250Mbps to 10Gbps in throughput capacity. Palo Alto Networks next-generation firewalls are built on a strong networking foundation, offer a familiar policy management interface and offer unprecedented features for your security infrastructure.
Features and benefits
- Application visibility and control: Accurate identification of the applications traversing the network enables policy-based control over application usage at the firewall, the strategic center of the security infrastructure.
- Visualization tools: Graphical visibility tools, customizable reporting and logging enables administrators to make a more informed decision on how to treat the applications traversing the network.
- Application browser: Helps administrators quickly research what the application is, its’ behavioral characteristics and underlying technology resulting in a more informed decision making process on how to treat the application.
- User-based visibility and control: Seamless integration with enterprise directory services (Active Directory, LDAP, eDirectory) facilitates application visibility and policy creation based on user and group information, not just IP address. In Citrix and terminal services environments, the identity of users sitting behind Citrix or terminal services can be used to enable policy-based visibility and control over applications, users and content. An XML API enables integration with other, 3rd party user repositories.
- Real-time threat prevention: Detects and blocks application vulnerabilities, viruses, spyware, and worms; controls web activity; all in real-time, dramatically improving performance and accuracy.
- File and data filtering: Taking full advantage of the in-depth application inspection being performed by App-ID, administrators can implement several different types of policies that reduce the risk associated with unauthorized file and data transfer.
- Legacy firewall support: Support for traditional inbound and outbound port-based firewall rules mixed with application-based rules smoothes the transition to a Palo Alto Networks next generation firewall.
- Networking architecture: Support for dynamic routing (OSPF, RIP, BGP), virtual wire mode and layer 2/layer 3 modes facilitates deployment in nearly any networking environment.
- Policy-based Forwarding: Forward traffic based on policy defined by application, source zone/interface, source/destination address, source user/group, and service.
- Virtual Systems: Create multiple virtual “firewalls” within a single device as a means of supporting specific departments or customers. Each virtual system can include dedicated administrative accounts, interfaces, networking configuration, security zones, and policies for the associated network traffic.
- VPN connectivity: Secure site-to-site connectivity is enabled through standards-based IPSec VPN support while remote user access is delivered via SSL VPN connectivity.
- Quality of Service (QoS): Deploy traffic shaping policies (guaranteed, maximum and priority) to enable positive policy controls over bandwidth intensive, non-work related applications such as streaming media while preserving the performance of business applications.
- Real-time Bandwidth Monitor: View real-time bandwidth and session consumption for applications and users within a selected QoS class.
- Purpose-built platform: combines single pass software with parallel processing hardware to deliver the multi-Gbps performance necessary to protect today’s high speed networks.
To learn about Palo Alto Networks’ family of next-generation firewalls visit:
- PA-4000 Series Firewall:Next-generation firewall targeted at high speed Internet gateway deployments within enterprise environments
- PA-2000 Series Firewall: Next-generation firewall ideally suited for high speed Internet gateway deployments within large branch offices and medium sized enterprises
- PA-500 Firewall: Next-generation firewall best suited for Internet gateway deployments within medium to large branch offices and medium sized enterprises
- Palo Alto Panorama: A centralized management system that provides global visibility and control over multiple Palo Alto Networks next generation firewalls through an easy to use web-based interface.
