• • PA-4000 Series Firewall
  • PA-2000 Series Firewall
  • Management Tools
  • Technology
  • How To Buy
• • Press Releases
  • In The News
  • People Are Talking
  • Events
• • About Us
  • Management Team
  • Board of Directors
  • Investors
  • Careers
  • Contact Us

application research center

The Palo Alto Networks next generation firewall classifies traffic based on the accurate identification of the application, irrespective of port, protocol, SSL encryption or evasive tactic employed.

Next Generation Firewall

Palo Alto Networks’ family of next-generation firewalls enables more effective risk management on enterprise networks by employing business-relevant elements such as applications, users, and content as the basis for policy control. With its next generation firewalls, Palo Alto Networks addresses key shortcomings that plague traditional Stateful Inspection-based firewalls--a reliance on port/protocol to identify the applications and the assumption that IP address equates to a users identity.

 

Palo Alto Networks uses App-ID to accurately identify the application, and maps the application to the user identity while inspecting the traffic for content policy violations.   By focusing on business-relevant elements such as applications, users and content for policy controls, the security team can achieve the following business benefits:

• Manage risk through policy-based application usage control and threat prevention
• Enable growth by embracing new, web-based applications in a controlled and secure manner
• Facilitate operational efficiency by controlling application usage based on users and groups, not IP addresses

With a rich networking foundation and a familiar policy management editor, the Palo Alto Networks firewalls can be deployed as a complement to, or as replacement for, an existing firewall implementation.

 

Key features and benefits:

• Application visibility and control: Accurate identification of the applications traversing the network enables policy-based control over application usage.
• SSL inspection: Identifies and decrypts applications that use SSL, enabling policy-based control over the ever increasing amounts of SSL traffic.
• Visualization tools: Graphical visibility tools, customizable reporting and logging enables administrators to make a more informed decision on how to treat the applications traversing the network.
• Policy-based application control: The policy-editor takes full advantage of existing firewall knowledge to streamline creation and deployment of application usage control policies.
• Legacy firewall support: Support for traditional inbound and outbound port-based firewall rules mixed with application-based rules smoothes the transition to a Palo Alto Networks next generation firewall.
• Application browser: Helps administrators quickly research what the application is, its’ behavioral characteristics and underlying technology resulting in a more informed decision making process on how to treat the application.
• User-based visibility and control: Seamless integration with Microsoft Active Directory (AD) facilitates application visibility and policy creation based on user and group information in AD, not just IP address.
• Real-time threat prevention: Detects and blocks viruses, spyware, worms and application vulnerabilities in real-time, dramatically improving performance and accuracy.
• High performance: Purpose-built platform with function-specific processing for networking, security, threat prevention and management delivers the performance required to protect today’s high speed networks and eliminate security bottlenecks commonly associated with computationally intensive security applications.
• Networking architecture: Support for dynamic routing, site-to-site IPSec VPN, virtual wire mode and layer 2/layer 3 modes facilitates deployment in nearly any networking environment.
  

Copyright ©2007 Palo Alto Networks. All rights Reserved.  |  Privacy  |  Site Map   |  Contact Us  |  Terms of Use