Access to the internet is a vital component for doing business today. Users depend on being able to access the internet in order to use applications, collaborate with colleagues, and to conduct research. However, the internet can also be the conduit for both inappropriate and malicious activity. Today, applications, exploits and malware are easily able to slip through the existing traditional firewall, as well as web security gateways, proxies and IPS security devices. Even controlling legitimate applications is problematic, due to the growing use of evasive technologies and techniques including port hopping, encryption and proxies.

The challenge is to find a way to say "yes" to the applications that your business needs while systematically managing risks.



The Palo Alto Networks® next-generation firewall allows you to provide safe access to internet resources through an innovative approach that identifies and manages traffic. By using the core App-ID™, User-ID™ and Content-ID™ identification technologies, you can establish visibility and control over your traffic using the same business-oriented criteria that you use to define acceptable use. Instead of basing policy on port numbers and IP addresses, take control of your traffic by building security policies based on who can use particular applications while scanning for undesirable or inappropriate content. Understand what’s on your network by examining all traffic on all ports. The Palo Alto Networks next-generation firewall allows you to say "yes" to the applications that your organization needs without introducing unnecessary risks.


Establishing Safe Application Enablement

Safe application enablement is a systematic approach for managing applications on your network while removing risky and undesirable elements. It starts with having the visibility to see the applications in use on your network and knowledge of the risks that they could pose. Next, the use of policies that govern the applications – tied to the identity of the specific user, not just the IP address – provides precise control over user traffic. Finally, the use of the next-generation firewall’s content inspection technologies deliver protection against malware, vulnerabilities, undesirable web content, dangerous file types and much more. In addition, through the WildFire® threat intelligence service, the next-generation firewall can protect against highly customized, targeted modern malware.


Restoring Control Back to the Firewall

All internet traffic passes through the firewall, but unfortunately, many firewalls simply let too much traffic through. Your firewall may be in the right location to enforce network security, but it has to be much more intelligent in understanding and managing traffic in order to be effective.

The Palo Alto Networks next-generation firewall restores control by providing a clear understanding of applications, users, and content. With the knowledge of who is using the network, what they are using, and where the traffic is going, your security teams can establish the appropriate application enablement policies for Internet access.


Extend control to users in all locations

The Palo Alto Networks next-generation firewall provides control over user browsing and protection from threats wherever the user may go through GlobalProtect™ network security for endpoints. By using GlobalProtect, users stay connected to the next-generation firewall for policy enforcement regardless of whether they are on the local network, the wireless network, or outside of the office. All of the application control, threat prevention and URL filtering rules are in effect, providing consistent security at all times. GlobalProtect is available for Windows®, Mac® OS X®, iOS and Android™ platforms, providing coverage for laptops, smartphones and tablets.