- Founded in 2005 by a world-class team with strong security and networking experience
- Innovations: App-ID, User-ID, Content-ID
- Builds next-generation firewalls that identify and control more than 850 applications; makes firewall strategic again
- Global footprint: presence in 50+ countries, 24/7 support
- The gateway at the trust border is the right place to enforce policy control
-Sees all traffi
-Defines trust boundary
PAN-OS Core Firewall Features
Visibility and control of applications, users and content complement core firewall features
Strong networking foundation
Dynamic routing (OSPF, RIPv2)
Tap mode – connect to SPAN port
Virtual wire (“Layer 1”) for true transparent in-line deployment
L2/L3 switching foundation
VPN
Site-to-site IPSec VPN
SSL VPN
QoS traffic shaping
Max/guaranteed and priority
By user, app, interface, zone, IP and scheduled
Zone-based architecture
All interfaces assigned to security zones for policy enforcement
High Availability
Active / passive
Configuration and session synchronization
Path, link, and HA monitoring
Virtual Systems
Establish multiple virtual firewalls in a single device (PA-4000 & PA-2000 Series only)
Simple, flexible management
CLI, Web, Panorama, SNMP, Syslog, XML API
Enterprise Device and Policy Management
Intuitive and flexible management
CLI, Web, Panorama, SNMP, Syslog
Role-based administration enables delegation of tasks to appropriate person
Panorama central management application
Shared policies enable consistent application control policies
Consolidated management, logging, and monitoring of Palo Alto Networks devices
Consistent web interface between Panorama and device UI
Network-wide ACC/monitoring views, log collection, and reporting
All interfaces work on current configuration, avoiding sync issues
Addresses Three Key Business Problems
Identify and Control Applications
Visibility of over 850 applications, regardless of port, protocol, encryption, or evasive tactic
Fine-grained control over applications (allow, deny, limit, scan, shape)
Fixes the firewall
Prevent Threats
Stop a variety of threats – exploits (by vulnerability), viruses, spyware
Stop leaks of confidential data (e.g., credit card #, social security #)
Stream-based engine ensures high performance
Simplify Security Infrastructure
Fix the firewall, rationalize security infrastructure
Reduce complexity in architecture and operations
Palo Alto Networks Next-Gen Firewalls
PA-4060
10 Gbps FW
5 Gbps threat prevention
2,000,000 sessions
4 XFP (10 Gig) I/O
4 SFP (1 Gig) I/O
PA-4050
10 Gbps FW
5 Gbps threat prevention
2,000,000 sessions
16 copper gigabit
8 SFP interfaces
PA-4020
2 Gbps FW
2 Gbps threat prevention
500,000 sessions
16 copper gigabit
8 SFP interfaces
PA-2050
1 Gbps FW
500 Mbps threat prevention
250,000 sessions
16 copper gigabit
4 SFP interfaces
PA-2020
500 Mbps FW
200 Mbps threat prevention
125,000 sessions
12 copper gigabit
2 SFP interfaces
PA-500
250 Mbps FW
100 Mbps threat prevention
50,000 sessions
8 copper gigabit
Single-Pass Parallel Processing (SP3) Architecture
Single Pass
-Operations once per packet
-Traffic classification (app identification)
-User/group mapping
-Content scanning
– threats, URLs, confidential data
One policy
Parallel Processing
-Function-specific parallel processing hardware engines
-Separate data/control planes
Leave a Reply