Policy control represents the actions that our next-generation security platform takes to enable applications, for appropriate use and performance, and to prevent threats in your environment. Precise policy control is possible based on our unique, single-pass architecture, coupled with advanced visibility into applications, users and content.

Control is managed via a flexible user interface, where granular policies can be defined intuitively based on applications, users, and other available context. Policies can also be managed via API, allowing our security platform to integrate with other systems that help you to run the business.

Enforcement Options for Precise Control

A variety of enforcement options can be applied to session traffic that matches any combination of classification (e.g., applications, users or groups, individual application functions). Beyond simple allow and deny policies, other options include: threat scanning (A/V, IPS), decrypt and inspect, selectively allow individual application functions (including file transfer by file type), and allow per schedule.

Required posture for endpoint devices (including mobile) can be enforced through host information profiles for GlobalProtect™-enabled clients. In addition to security and appropriate-use controls, traffic shaping through QoS is also available, enabling you to prioritize applications in your environment.

Consistent Policies for Changing Environments

Enforcement options can be applied in any combination. They can also be precisely applied to session traffic based on a variety of criteria (applications, URL category, user groups, etc.). But what happens when your environment changes?

Our next-generation firewalls enable a configured set of policies to continue to secure your environment in the face of: new websites (URL categorization), new applications (dynamic filters), on-demand endpoints such as VMs (dynamic address groups), and changes to user group memberships (group mapping). This ability to enable and secure a changing environment is unique to Palo Alto Networks.

Managing Policy Control

Manage your application enablement and security with a single rule-base for threat prevention, URL filtering, sandboxing, file blocking, and data filtering. This crucial simplification along with dynamic security updates reduces workload on administrators while improving your overall security posture.

You can simply apply any rule in your rule base to the appropriate set of security profiles to the defining policy. There is no need to switch UIs or keep track of multiple complicated policy sets.