Let's talk. 877-589-9554
Home Page > Network Infrastructure
Palo Alto Networks
If you are not familiar with Palo Alto Networks’ amazing new firewall technology, hold onto your seats, because it is thrilling stuff. Let us show you in a Webinar or in-person demo how it will increase network security, visibility and control while decreasing costs.
"Palo Alto Networks is highly disruptive within the firewall market because the product has been designed as a next-generation firewall and has competitors being forced to change road maps and sell defensively. Palo Alto Networks is assessed as a visionary vendor mostly due to its next-generation firewall design, redirection of the market along the next-generation firewall path, and market disruption forcing leaders to react." - Gartner Report 2010
Palo Alto Performance
Palo Alto technology enables unprecedented visibility and control of all applications and content on your network – by users, not IP address – at up to 10 Gbps with no performance degradation. Based on patent-pending App-ID™ technology, Palo Alto’s next-generation firewalls accurately identify applications – regardless of port, protocol, evasive tactic or SSL encryption – and scan content to stop threats and prevent data leakage. As a result, the firewall is once again able to function as a strategic point of network control, enabling enterprises to embrace the Web 2.0 world, while maintaining complete visibility and control, and significantly reducing total cost of ownership through device consolidation.
Palo Alto is unique. Palo Alto is . .
The results is the perfect mix of raw throughput, transaction processing and network security that today’s high performance networks require.
Palo Alto’s Secret
Palo Alto’s “Single Pass” software is designed to accomplish two key functions. First, it performs operations once per packet. As a packet is processed, networking functions, policy lookup, application identification and decoding, and signature matching for any and all threats and content are all performed only one time. This substantially reduces processing overhead. Second, stream-based content scanning uses uniform signature matching to detect and block threats. Instead of using separate engines and signature sets (requiring multi-pass scanning) and file proxies (requiring file download prior to scanning), Palo Alto’s single pass stream-based software scans content once, which avoids latency and enables high throughput with all security functions active. It also offers one fully integrated system for enterprise network security.
Detailed Features
Palo Alto firewalls include the following features:
The Shortcomings of Other Firewalls
The firewall is the most strategic network security infrastructure component. It sees all traffic, and as a result is in the most effective location to enforce security policy. Traditional firewalls rely on port and protocol to classify traffic, allowing savvy applications and users to bypass them with ease; hopping ports, using SSL, sneaking across port 80, or using non-standard ports. The resulting loss of visibility and control places administrators at a disadvantage and exposes enterprises to network downtime, compliance violations, increased operational expenses, and possible data loss. This legacy approach to restoring visibility and control requires that “firewall helpers” behind the firewall or in a combined through sheet-metal integration. Neither of these approaches addresses lack of visibility and control, cumbersome management, or multiple-latency inducing scanning processes. Restoring visibility and control requires a new, fresh, from-the-ground-up approach. That is where Palo Alto comes in.
Palo Alto Networks solves the performance problems of legacy firewall technology with a unique Single Pass Parallel Processing (SP3) Architecture that enables high-throughput, low-latency network security, while incorporating unprecedented features and technology.
Issues Specific to K-12 School Networks
The Problem: Students are using a new class of Internet application that is capable of circumventing existing security mechanisms such as firewalls, URL filtering and proxy servers. As a result, K-12 IT departments are placed in a difficult position. State and Federal regulations, school board policies, community standards, and common sense dictate that schools filter applications and Internet traffic that can make its way to students’ eyes and ears. But this new class of applications which includes proxies and anonymizers that facilitate evading detection are readily available and students are incredibly adept at using them in K-12 environments. The conventional approach to solving this problem includes deploying a URL database in conjunction with a traditional network firewall, but this approach simply can’t keep pace with these nimble, network-savvy applications.
The Solution: Palo Alto’s next-generation App-IDTM, a patent-pending traffic classification technology, uses four different techniques to identify and classify applications. App-ID inspects all of the traffic passing through the firewall, using one or more of these techniques – including application protocol detection and decryption, application decoding, application signatures, and heuristic analysis – to quickly identify the specific application associated with each packet stream. This in turn permits Customers to regain visibility and control of all application traffic going to the Internet, including browsers going to websites or encrypted proxies, students using tunneling applications, or a variety of anonymizers – well beyond the performance of any other available network security technology.
To obtain more information, participate in a Webinar or request a live demo on your network, please contact us at 877-589-9554 (Option 1) or sales@trumpetnetworks.com.
"Palo Alto Networks is highly disruptive within the firewall market because the product has been designed as a next-generation firewall and has competitors being forced to change road maps and sell defensively. Palo Alto Networks is assessed as a visionary vendor mostly due to its next-generation firewall design, redirection of the market along the next-generation firewall path, and market disruption forcing leaders to react." - Gartner Report 2010
Palo Alto Performance
Palo Alto technology enables unprecedented visibility and control of all applications and content on your network – by users, not IP address – at up to 10 Gbps with no performance degradation. Based on patent-pending App-ID™ technology, Palo Alto’s next-generation firewalls accurately identify applications – regardless of port, protocol, evasive tactic or SSL encryption – and scan content to stop threats and prevent data leakage. As a result, the firewall is once again able to function as a strategic point of network control, enabling enterprises to embrace the Web 2.0 world, while maintaining complete visibility and control, and significantly reducing total cost of ownership through device consolidation.
Palo Alto is unique. Palo Alto is . .
- The only firewall to classify traffic based on the accurate identification of the application, regardless of port, protocol, or evasive tactic
- The only firewall to identify, control and inspect SSL encrypted traffic and applications.
- The only firewall that provides policy-based QoS traffic shaping by application and user, enabling organizations to control performance of business and personal applications on the network.
- The only firewall with real-time content scanning to protect against viruses, spyware, data leakage and application vulnerabilities based on a stream-based threat prevention engine.
- The only firewall that can scan content for social security and credit card numbers, to help prevent leakage of sensitive data and support PCI compliance.
- The only firewall to provide graphical visualization of network applications with detailed user, group and network-level data categorized by sessions, bytes, ports, threats and time.
- The only firewall with line-rate, low-latency performance for all services, even under load.
The results is the perfect mix of raw throughput, transaction processing and network security that today’s high performance networks require.
Palo Alto’s Secret
Palo Alto’s “Single Pass” software is designed to accomplish two key functions. First, it performs operations once per packet. As a packet is processed, networking functions, policy lookup, application identification and decoding, and signature matching for any and all threats and content are all performed only one time. This substantially reduces processing overhead. Second, stream-based content scanning uses uniform signature matching to detect and block threats. Instead of using separate engines and signature sets (requiring multi-pass scanning) and file proxies (requiring file download prior to scanning), Palo Alto’s single pass stream-based software scans content once, which avoids latency and enables high throughput with all security functions active. It also offers one fully integrated system for enterprise network security.
Detailed Features
Palo Alto firewalls include the following features:
- Application Visibility and Control: Accurate identification of the applications traversing the network enables policy-based control over application usage at the firewall, the strategic center of the security infrastructure.
- Visualization Tools: Graphical visibility tools, customizable reporting and logging enables administrators to make a more informed decision on how to treat the applications traversing the network.
- Application Browser: Helps administrators quickly research what the application is, its’ behavioral characteristics and underlying technology resulting in a more informed decision making process on how to treat the application.
- User-Based Visibility and Control: Seamless integration with enterprise directory services (Active Directory, LDAP, eDirectory) facilitates application visibility and policy creation based on user and group information, not just IP address. In Citrix and terminal services environments, the identity of users sitting behind Citrix or terminal services can be used to enable policy-based visibility and control over applications, users and content. An XML API enables integration with other, 3rd party user repositories.
- Real-time Threat Prevention: Detects and blocks application vulnerabilities, viruses, spyware, and worms; controls web activity; all in real-time, dramatically improving performance and accuracy.
- File and Data Filtering: Taking full advantage of the in-depth application inspection being performed by App-ID, administrators can implement several different types of policies that reduce the risk associated with unauthorized file and data transfer.
- Legacy firewall support: Support for traditional inbound and outbound port-based firewall rules mixed with application-based rules smoothes the transition to a Palo Alto Networks next generation firewall.
- Networking architecture: Support for dynamic routing (OSPF, RIP, BGP), virtual wire mode and layer 2/layer 3 modes facilitates deployment in nearly any networking environment.
- Policy-Based Forwarding: Forward traffic based on policy defined by application, source zone/interface, source/destination address, source user/group, and service.
- Virtual Systems: Create multiple virtual “firewalls” within a single device as a means of supporting specific departments or customers. Each virtual system can include dedicated administrative accounts, interfaces, networking configuration, security zones, and policies for the associated network traffic.
- VPN Connectivity: Secure site-to-site connectivity is enabled through standards-based IPSec VPN support while remote user access is delivered via SSL VPN connectivity.
- Quality of Service (QoS): Deploy traffic shaping policies (guaranteed, maximum and priority) to enable positive policy controls over bandwidth intensive, non-work related applications such as streaming media while preserving the performance of business applications.
- Real-Time Bandwidth Monitor: View real-time bandwidth and session consumption for applications and users within a selected QoS class.
- Purpose-Built platform: combines single pass software with parallel processing hardware to deliver the multi-Gbps performance necessary to protect today’s high speed networks.
The Shortcomings of Other Firewalls
The firewall is the most strategic network security infrastructure component. It sees all traffic, and as a result is in the most effective location to enforce security policy. Traditional firewalls rely on port and protocol to classify traffic, allowing savvy applications and users to bypass them with ease; hopping ports, using SSL, sneaking across port 80, or using non-standard ports. The resulting loss of visibility and control places administrators at a disadvantage and exposes enterprises to network downtime, compliance violations, increased operational expenses, and possible data loss. This legacy approach to restoring visibility and control requires that “firewall helpers” behind the firewall or in a combined through sheet-metal integration. Neither of these approaches addresses lack of visibility and control, cumbersome management, or multiple-latency inducing scanning processes. Restoring visibility and control requires a new, fresh, from-the-ground-up approach. That is where Palo Alto comes in.
Palo Alto Networks solves the performance problems of legacy firewall technology with a unique Single Pass Parallel Processing (SP3) Architecture that enables high-throughput, low-latency network security, while incorporating unprecedented features and technology.
Issues Specific to K-12 School Networks
The Problem: Students are using a new class of Internet application that is capable of circumventing existing security mechanisms such as firewalls, URL filtering and proxy servers. As a result, K-12 IT departments are placed in a difficult position. State and Federal regulations, school board policies, community standards, and common sense dictate that schools filter applications and Internet traffic that can make its way to students’ eyes and ears. But this new class of applications which includes proxies and anonymizers that facilitate evading detection are readily available and students are incredibly adept at using them in K-12 environments. The conventional approach to solving this problem includes deploying a URL database in conjunction with a traditional network firewall, but this approach simply can’t keep pace with these nimble, network-savvy applications.
The Solution: Palo Alto’s next-generation App-IDTM, a patent-pending traffic classification technology, uses four different techniques to identify and classify applications. App-ID inspects all of the traffic passing through the firewall, using one or more of these techniques – including application protocol detection and decryption, application decoding, application signatures, and heuristic analysis – to quickly identify the specific application associated with each packet stream. This in turn permits Customers to regain visibility and control of all application traffic going to the Internet, including browsers going to websites or encrypted proxies, students using tunneling applications, or a variety of anonymizers – well beyond the performance of any other available network security technology.
To obtain more information, participate in a Webinar or request a live demo on your network, please contact us at 877-589-9554 (Option 1) or sales@trumpetnetworks.com.
Have a question?