Palo Alto Networks - Enterprise Firewall – Application aware, IDS, IDP, QoS traffic shapping, and URL Filtering

stacks_image_5521843C-F5F3-4C8E-99E7-B0C908B83740


Palo Alto Networks

stacks_image_24C61C60-9E63-41AD-88EC-9B93B2D535C8
Palo Alto Networks offers a fresh approach—one that focuses on accurately identifying the actual application, not just the port it uses; one that inspects all traffic, not just a selective sampling; and one that accomplishes it all at line speed.
Starting with a blank sheet of paper, Palo Alto Networks is redefining the firewall with innovative technologies based on business-relevant elements – applications, users, and content – which enables effective risk management on enterprise networks.


Think of traditional stateful firewalls, forget the bolt on on UTM solutions, limited performance and start thinking high performance firewalls with source/dest control, but with the added functionality of user/group control and true application visibility into over 800 applications versus primitive and now useless port control.

App-ID, an application identification technology that classifies traffic irrespective of port, protocol, SSL encryption, or evasive tactics.

Content-ID, a high performance content inspection engine that prevents a wide range of threats, blocks file transfers and controls web surfing.

Purpose-built platform with dedicated processing resources for security, networking, threat prevention and management to provide line-rate, low-latency performance under load.

NEW - QoS Traffic Shaping to set maximum, guaranteed or priority for bandwidth by application (e.g. YouTube, FaceBook at lowest priority, but still allowed).

NEW - SSL VPN to allow users to connect to corporate networks via browsers along with application based control.

If you are faced with dealing with malware, various threats, viruses and tired of “barking dog” IDS approaches, look at this solution.

Tired of paying per user fees for content filtering, look at high performance filtering and no per user fees.

PA-500 Enterprise Firewall
  • PA-500 - 250 Mbps Firewall throughput, 8 x 10/100/100
  • PA-2020 - 500 Mbps firewall throughput, 12 x 10/100/1000 + 2 SFP
  • PA-2050 - 1 Gbps firewall throughput, 16 x 10/100/1000 + 4 SFP
  • PA-4020 - 2 Gbps firewall throughput, 16 x 10/100/1000 + 8 SFP
  • PA-4050 - 10 Gbps firewall throughput, 16 x 10/100/1000 + 8 SFP
  • PA-4060 - 10 Gbps firewall throughput, 4 x 10 Gigabit XFP + 4 Gigabit SFP
PA-500 Enterprise Firewall
The Palo Alto Networks PA-500 is ideally suited for Internet gateway deployments within medium to large branch offices and medium sized enterprises. The PA-500 manages network traffic flows with high performance processing and dedicated memory for networking, security, threat prevention and management. A high speed backplane smoothes the pathway between processors and the separation of data and control plane ensures that management access is always available, irrespective of the traffic load.
stacks_image_BF1404D4-D03F-435A-AD7B-9A3AADB481BB
stacks_image_A6CC4600-DAE9-481E-A54E-E27F2B095DAD
  • 250 Mbps firewall throughput
  • 100 Mbps threat prevention throughput
  • 50 Mbps IPSec VPN throughput
  • 250 IPSec VPN tunnels and tunnel interfaces
  • 7,500 new sessions per second
  • 64,000 max sessions
  • (8) 10/100/1000
  • (1) 10/100/1000 out of band management interface
  • (1) 1 RJ-45 console interface
PA-2000 Series Enterprise Firewall
The Palo Alto Networks PA-2000 Series is comprised of two high performance platforms, the PA-2020 and the PA-2050, both of which are ideally suited for high speed Internet gateway deployments within large branch offices and medium sized enterprises. The PA-2000 Series manages network traffic flows using dedicated processing and memory for networking, security, threat prevention and management. A high speed backplane smoothes the pathway between processors and the separation of data and control plane ensures that management access is always available, irrespective of the traffic load.
PA-2020
stacks_image_A7B5DF6C-CD82-4D0E-844B-71FF1501D24B
  • 500 Mbps firewall throughput
  • 200 Mbps threat prevention throughput
  • 200 Mbps IPSec VPN throughput
  • 1,000 IPSec VPN tunnels and tunnel interfaces
  • 15,000 new sessions per second
  • 125,000 max sessions
  • (12) 10/100/1000 + (2) SFP optical gigabit interfaces
  • (1) 10/100/1000 out of band management interface
  • (1) 1 RJ-45 console interface
PA-2050
stacks_image_EFD9271B-F76F-4EF7-9961-3E051A7B8F39
  • 1 Gbps firewall throughput
  • 500 Mbps threat prevention throughput
  • 300 Mbps IPSec VPN throughput
  • 2,000 IPSec VPN tunnels and tunnel interfaces
  • 15,000 new sessions per second
  • 250,000 max sessions
  • (16) 10/100/1000 + (4) SFP optical gigabit interfaces
  • (1) 10/100/1000 out of band management interface
  • (1) 1 RJ-45 console interface
PA-4000 Series Enterprise Firewall
The Palo Alto Networks PA-4000 Series is comprised of three high performance platforms, the PA-4060, the PA-4050 and the PA-4020, all of which are targeted at high speed Internet gateway deployments within enterprise environments. The PA-4000 Series manages multi-Gbps traffic flows using dedicated processing and memory for networking, security, threat prevention and management. A 10 Gbps backplane smoothes the pathway between processors and the physical separation of data and control plane ensures that management access is always available, irrespective of the traffic load.
 
stacks_image_E1E20A14-38E6-475E-8E47-E845533C96DC
PA-4020
  • 2 Gbps firewall throughput
  • 2 Gbps threat prevention throughput
  • 1 Gbps IPSec VPN throughput
  • 2,000 IPSec VPN tunnels and tunnel interfaces
  • 60,000 new sessions per second
  • 500,000 max sessions
  • (16) 10/100/1000 + (8) SFP optical gigabit interfaces
  • (2) Dedicated high availability interfaces (10/100/1000)
  • (1) Dedicated out of band management interface (10/100/1000)
  • (1) DB9 interface
PA-4050
stacks_image_B498CDED-EA9B-47AA-899C-3F151EA34498
  • 10 Gbps firewall throughput
  • 5 Gbps threat prevention throughput
  • 2 Gbps IPSec VPN throughput
  • 4,000 IPSec VPN tunnels and tunnel interfaces
  • 60,000 new sessions per second
  • 2,000,000 max sessions
  • (16) 10/100/1000 + (8) SFP optical gigabit interfaces
  • (2) Dedicated high availability interfaces (10/100/1000)
  • (1) Dedicated out of band management interface (10/100/1000)
  • (1) DB9 interface
PA-4060
stacks_image_DE431ACB-C299-4CC6-91E4-CBD2E2733682
  • 10 Gbps firewall throughput
  • 5 Gbps threat prevention throughput
  • 2 Gbps IPSec VPN throughput
  • 4,000 IPSec VPN tunnels and tunnel interfaces
  • 60,000 new sessions per second
  • 2,000,000 max sessions
  • (4) 10 Gigabit XFP + (4) Gigabit SFP
  • (2) Dedicated high availability interfaces (10/100/1000)
  • (1) Dedicated out of band management interface (10/100/1000)
  • (1) DB9 interface

Flexible Deployment Topologies (per port!)

Use for application visibility, user and content visibility via mirror port without inline deployment.
Use for firewall replacement along with application visibility and control. Offers consolidation for Firewall, VPN, IPS and URL Filtering.
Use for IPS features along with application visibility and control. Offers consolidation of IPS and URL filtering without replacing firewall.
stacks_image_5331E614-FFCF-45C3-A4AF-9AE9EDFC39F1
stacks_image_B6BDEA25-0AAB-4C4B-94DF-6525BAD7962D
stacks_image_EB183519-E2F6-456C-A4C3-664580845363
Intrusion Prevention (IDP and IDS)

The world of stand-alone IPS products will soon be gone, as IPS functionality becomes integrated as a standard feature of Next-Generation Firewalls. Threats target applications, and enterprises struggle to control modern applications with existing security infrastructure. The current web services based landscape dictates a new set of requirements for comprehensive intrusion prevention, and Palo Alto Networks next-generation firewalls deliver, where IPS products cannot:
  • Control applications (not just ports)
  • Scan allowed traffic for threats
  • Real-world, multi-Gbps performance
  • Current research and support
Palo Alto Networks advantage:
  • Over 900 applications can be controlled by user or group access versus just a few "bad" applications from traditional IDPs.
  • Since Palo Alto Networks is application aware, it can scan the allowed traffic for threats or entirely disallow unapproved applications regardless of payload.
  • Includes 1,000s of signatures for scanning.
  • Best in-house IPS research team discovered 3 Microsoft vulnerabilities in the last 6 months. Some competitors haven't done anything for two years.
  • You get superior port density to cover multiple segments with an easier and more cost effective solution than traditional stand-alone IPS.

Sample screenshot of application control


Pasted Graphic 3

Additional documentation and information

Download platform specs>>
Download PA500 datasheet >>
Download PA2xxx datasheet >>
Download PA4xxx datasheet >>
Download Panorama datasheet >>
Download whitepaper about enabling applications >>
Download whitepaper the future of Intrusion Prevention >>
Download - What's new in PAN-OS3 >>
Download Threat Prevention datasheet >>
Download URL Filtering datasheet >>
Download Content ID datasheet >>
Download User ID datasheet >>
Download App ID datasheet >>
Download Protecting Microsoft SharePoint whitepaper >>
Download Preventing Data Leaks whitepaper >>
stacks_image_00659BE2-E4A7-43EA-96EC-D70FF2BC39AF
For more information, please contact us.