Palo Alto Networks’ next-generation firewalls enable enterprises to see and control applications, users, and content – not just ports, IP addresses, and packets – using three unique identification technologies: App-ID, User-ID, and Content-ID. These identification technologies enable enterprises to create business-relevant security policies – safely enabling organizations to adopt new applications, instead of the traditional “all-or-nothing” approach offered by traditional port-blocking firewalls.

Palo Alto Networks’ next-generation firewalls are based on our Single-Pass Parallel Processing (SP3) Architecture, enabling low latency, multi-Gbps performance –while delivering greater functionality than any other type of security device.

Model families include the PA-4000 Series and the PA-2000 Series, along with the newly released PA-500 and range from 250Mbps to 10Gbps in throughput capacity. Palo Alto Networks next-generation firewalls are built on a strong networking foundation, offer a familiar policy management interface and offer unprecedented features.

Palo Alto Networks Next-Generation Firewalls
Features and Benefits

• Application visibility and control: Accurate identification of the applications traversing the network enables policy-based control over application usage at the firewall, the strategic center of the security infrastructure.
• Visualization tools: Graphical visibility tools, customizable reporting and logging enables administrators to make a more informed decision on how to treat the applications traversing the network.
• Application browser: Helps administrators quickly research what the application is, its’ behavioral characteristics and underlying technology resulting in a more informed decision making process on how to treat the application.
• User-based visibility and control: Seamless integration with Microsoft Active Directory (AD) facilitates application visibility and policy creation based on user and group information in AD, not just IP address.
• Citrix and terminal services visibility: The identity of users sitting behind Citrix or terminal services is now collected and used to enable policy-based visibility and control over applications, users and content.
• Real-time threat prevention: Detects and blocks viruses, spyware, worms and application vulnerabilities; controls web activity; all in real-time, dramatically improving performance and accuracy.
• File and data filtering: Taking full advantage of the in-depth application inspection being performed by App-ID, administrators can implement several different types of policies that reduce the risk associated with unauthorized file and data transfer.
• SP3 architecture: combines single pass software with parallel processing hardware todeliver the multi-Gbps performance necessary to protect today’s high speed networks.
• Legacy firewall support: Support for traditional inbound and outbound port-based firewall rules mixed with application-based rules smoothes the transition to a Palo Alto Networks next generation firewall.
• Networking architecture: Support for dynamic routing, site-to-site IPSec VPN, virtual wire mode and layer 2/layer 3 modes facilitates deployment in nearly any networking environment.
• VPN connectivity: Secure site-to-site connectivity is enabled through standards-based IPSec VPN support and while remote user access is delivered via SSL VPN connectivity.
• Quality of Service (QoS): Deploy traffic shaping policies (guaranteed, maximum and priority) enable positive policy controls over bandwidth intensive, non-work related applications such as streaming media while preserving the performance of business applications.

# # #

^ Top ^