|
||||||||||||||||||||||
|
|
Palo Alto Networks
Next Generation Firewalls
Palo Alto Networks’ family of next-generation firewalls enables more
effective risk management on enterprise networks by employing business-relevant
elements such as applications, users, and content as the basis for policy
control. With its next generation firewalls, Palo Alto Networks addresses key
shortcomings that plague traditional Stateful Inspection-based firewalls--a
reliance on port/protocol to identify the applications and the assumption that
IP address equates to a users identity.
Palo Alto Networks uses App-ID to accurately identify the application, and
maps the application to the user identity while inspecting the traffic for
content policy violations. By focusing on business-relevant elements such as
applications, users and content for policy controls, the security team can
achieve the following business benefits:
§
Manage risk through
policy-based application usage control and threat prevention
§
Enable growth by embracing
new, web-based applications in a controlled and secure manner
§
Facilitate operational
efficiency by controlling application usage based on users and groups, not IP
addresses
With a rich networking foundation and a familiar policy management editor,
the Palo Alto Networks firewalls can be deployed as a complement to, or as
replacement for, an existing firewall implementation.
Key features and benefits:
§
Application visibility and
control: Accurate identification of the applications
traversing the network enables policy-based control over application usage.
§
SSL inspection: Identifies and decrypts applications that use SSL, enabling policy-based
control over the ever increasing amounts of SSL traffic.
§
Visualization tools: Graphical visibility tools, customizable reporting and logging enables
administrators to make a more informed decision on how to treat the applications
traversing the network.
§
Policy-based application
control: The policy-editor takes full advantage of
existing firewall knowledge to streamline creation and deployment of application
usage control policies.
§
Legacy firewall support: Support for traditional inbound and outbound port-based firewall rules
mixed with application-based rules smoothes the transition to a Palo Alto
Networks next generation firewall.
§
Application browser: Helps administrators quickly research what the application is, its’
behavioral characteristics and underlying technology resulting in a more
informed decision making process on how to treat the application.
§
User-based visibility and
control: Seamless integration with Microsoft Active
Directory (AD) facilitates application visibility and policy creation based on
user and group information in AD, not just IP address.
§
Real-time threat prevention: Detects and blocks viruses, spyware, worms and
application vulnerabilities in real-time, dramatically improving performance and
accuracy.
§
High performance: Purpose-built platform with function-specific processing for networking,
security, threat prevention and management delivers the performance required to
protect today’s high speed networks and eliminate security bottlenecks commonly
associated with computationally intensive security applications.
§ Networking architecture: Support for dynamic routing, site-to-site IPSec VPN, virtual wire mode and layer 2/layer 3 modes facilitates deployment in nearly any networking environment.
For more information:
PAN-OS Datasheet
http://www.paloaltonetworks.com/literature/datasheets/PAN_OS_Feature_ds.pdf
App-ID Technology datasheet
http://www.paloaltonetworks.com/literature/datasheets/App_ID_ds.pdf
User-ID Technology datasheet
http://www.paloaltonetworks.com/literature/datasheets/User_ID_ds.pdf
Content-ID Technology datasheet
http://www.paloaltonetworks.com/literature/datasheets/Content_ID_ds.pdf
