Getting from Here to There – Executing a Next-Generation Firewall Strategy

As organizations make their preparations to switch from a stateful inspection firewall to a Palo Alto Networks next-generation firewall, we find that some customers are at different stages of understanding on what it does and how best to deploy it. After learning about what the next-generation firewall can do, the next step is understanding how to leverage its controls to address their current business requirements. It can be a breath of fresh air, because being able to write a policy on a per-application basis with the next-generation firewall (rather than a per-port basis such as on a stateful inspection firewall) greatly reduces the number of rules needed to deal with the conditions for protecting enterprise traffic. It’s an opportunity to scrub away years of accumulated, neglected and sometimes even unused policies found in existing systems, and get back to building a design that’s manageable.

The process for how customers implement a sweeping change to their policy environment can take many different roads. We have many customers who prefer to do the work themselves, using their insights and resources to redesign their policies to suit their needs moving forward. Some customers work with our professional services teams and channel partners to analyze and migrate their existing environment using tools. A third approach is to use 3rd party products for firewall policy management, both to help rationalize and understand what exists and to help ongoing management of rules across multiple systems within their network security environment.

The switch from one firewall to another is a topic that’s often brought up by our customers, and we’ll write more about the first and second approaches in future blog entries. For organizations interested in how to use 3rd party tools for managing firewalls, Palo Alto Networks is teaming up with AlgoSec and Dimension Data for a webinar on July 17th, 2012 at 11:00 AM Eastern Daylight Time. Sign up for this webinar to learn more about the next-generation firewall and approaches for deploying it in conjunction with the products and services from our partners.

Look forward to seeing you at the webinar. Sign up today.