image
Features and Benefits
  • Application visibility and control: Accurate identification of the applications traversing the network enables policy-based control over application usage at the firewall, the strategic center of the security infrastructure.
  • Visualization tools: Graphical visibility tools, customizable reporting and logging enables administrators to make a more informed decision on how to treat the applications traversing the network.
  • Application browser: Helps administrators quickly research what the application is, its’ behavioral characteristics and underlying technology resulting in a more informed decision making process on how to treat the application.
  • User-based visibility and control: Seamless integration with enterprise directory services (Active Directory, LDAP, eDirectory) facilitates application visibility and policy creation based on user and group information, not just IP address. In Citrix and terminal services environments, the identity of users sitting behind Citrix or terminal services can be used to enable policy-based visibility and control over applications, users and content. An XML API enables integration with other, 3rd party user repositories.
  • Real-time threat prevention: Detects and blocks application vulnerabilities, viruses, spyware, and worms; controls web activity; all in real-time, dramatically improving performance and accuracy.
  • File and data filtering: Taking full advantage of the in-depth application inspection being performed by App-ID, administrators can implement several different types of policies that reduce the risk associated with unauthorized file and data transfer.
  • Legacy firewall support: Support for traditional inbound and outbound port-based firewall rules mixed with application-based rules smoothes the transition to a Palo Alto Networks next generation firewall.
  • Networking architecture: Support for dynamic routing (OSPF, RIP, BGP), virtual wire mode and layer 2/layer 3 modes facilitates deployment in nearly any networking environment.
  • Policy-based Forwarding: Forward traffic based on policy defined by application, source zone/interface, source/destination address, source user/group, and service.
  • Virtual Systems: Create multiple virtual “firewalls” within a single device as a means of supporting specific departments or customers. Each virtual system can include dedicated administrative accounts, interfaces, networking configuration, security zones, and policies for the associated network traffic.
  • VPN connectivity: Secure site-to-site connectivity is enabled through standards-based IPSec VPN support while remote user access is delivered via SSL VPN connectivity.
  • Quality of Service (QoS): Deploy traffic shaping policies (guaranteed, maximum and priority) to enable positive policy controls over bandwidth intensive, non-work related applications such as streaming media while preserving the performance of business applications.
  • Real-time Bandwidth Monitor: View real-time bandwidth and session consumption for applications and users within a selected QoS class.
  • Purpose-built platform: combines single pass software with parallel processing hardware to deliver the multi-Gbps performance necessary to protect today’s high speed networks.