Comments on: Striking a Balance Between Control and Protection http://www.paloaltonetworks.com/researchcenter/2009/05/striking-a-balance-between-control-and-protection/ The Palo Alto Networks Research Center Blog Mon, 04 Apr 2011 14:46:14 +0000 hourly 1 http://wordpress.org/?v=3.0.1 By: Firewall 2.0 » The Case for Application Enablement http://www.paloaltonetworks.com/researchcenter/2009/05/striking-a-balance-between-control-and-protection/comment-page-1/#comment-455 Firewall 2.0 » The Case for Application Enablement Fri, 10 Jul 2009 20:36:19 +0000 http://blog.paloaltonetworks.com/?p=224#comment-455 [...] As we have said before, the days of blocking applications that might not be “approved” are gone. These applications are here to stay. The applications themselves are not risks, but make no mistake, they can introduce risks and as such, need to be secured right along side Oracle, SAP, SharePoint and other business applications. [...] [...] As we have said before, the days of blocking applications that might not be “approved” are gone. These applications are here to stay. The applications themselves are not risks, but make no mistake, they can introduce risks and as such, need to be secured right along side Oracle, SAP, SharePoint and other business applications. [...]

]]> By: mkeil http://www.paloaltonetworks.com/researchcenter/2009/05/striking-a-balance-between-control-and-protection/comment-page-1/#comment-454 mkeil Wed, 17 Jun 2009 00:22:28 +0000 http://blog.paloaltonetworks.com/?p=224#comment-454 <a href="#comment-1896" rel="nofollow">@Bryan</a> we monitor the state of the sessions so we know which is which and only when that state changes do we re-apply the policy. @Bryan
we monitor the state of the sessions so we know which is which and only when that state changes do we re-apply the policy.

]]> By: Bryan http://www.paloaltonetworks.com/researchcenter/2009/05/striking-a-balance-between-control-and-protection/comment-page-1/#comment-453 Bryan Tue, 16 Jun 2009 03:26:35 +0000 http://blog.paloaltonetworks.com/?p=224#comment-453 Hi, Matt I have one question about Application identification in Palo Alto networks products that is there any risk of leaking packet due to app identification? For example, the first packet has been identified as App X and along with others information this traffic matched policy 1# with allow action. So the 1st packet passed through the firewall. Then the second packet comes in firewall and being identified as App Y and it supposed may match policy 2# with deny action. So looks the 1st packet leaked to wrong destination which might be dropped at first time. Is it right? Thanks for your any feedback! -Bryan Hi, Matt
I have one question about Application identification in Palo Alto networks products that is there any risk of leaking packet due to app identification? For example, the first packet has been identified as App X and along with others information this traffic matched policy 1# with allow action. So the 1st packet passed through the firewall. Then the second packet comes in firewall and being identified as App Y and it supposed may match policy 2# with deny action. So looks the 1st packet leaked to wrong destination which might be dropped at first time. Is it right? Thanks for your any feedback!

-Bryan

]]> By: JaneRadriges http://www.paloaltonetworks.com/researchcenter/2009/05/striking-a-balance-between-control-and-protection/comment-page-1/#comment-452 JaneRadriges Sat, 13 Jun 2009 17:59:48 +0000 http://blog.paloaltonetworks.com/?p=224#comment-452 Great post! I'll subscribe right now wth my feedreader software! Great post! I’ll subscribe right now wth my feedreader software!

]]>