Author Topic: Palo Alto Next generation Firewalls  (Read 9517 times)

deanb

  • Full Member
  • ***
  • Posts: 128
  • Karma: +0/-0
    • View Profile
Palo Alto Next generation Firewalls
« on: January 09, 2011, 09:52:51 am »
Hi everyone

has anyone any experiences with Palo Alto Next generation Firewalls to share? It's not just rule/port based machine (L3) like any other firewall. What about choosing over SSG series or SRX?

http://www.paloaltonetworks.com/products/pa500.html



c3lin3

  • Jr. Member
  • **
  • Posts: 51
  • Karma: +0/-0
    • View Profile
Re: Palo Alto Next generation Firewalls
« Reply #1 on: January 11, 2011, 10:54:24 am »
We plan to evaluate these devices. At least they have great marketing :-D

I love the presentations of Nir Zuk - especially when he compares the Checkpoints, Ciscos, and Whatevers out there with a straight ethernet cable.

Currently I cannot find some features in their portfolio (not verified):
- VPN Manager in der Central Management
- Special kind of VPNs: Auto Connect VPNs/Group VPN (Juniper), DMVPN, GETVPN (Cisco)
- and a lot more ...

For me their product looks more like an add-on than a replacement of a traditional firewall/router.

As soon as I have configured one of these devices I will update this post.

kcullimo

  • Jr. Member
  • **
  • Posts: 91
  • Karma: +0/-0
    • View Profile
Re: Palo Alto Next generation Firewalls
« Reply #2 on: January 11, 2011, 09:06:57 pm »
Pointing out a device's lack of add-on functionality and deeming it best classified as an add-on device would appear to make for a challenging eval process. I've not encountered situations where purchasing decisions are made based upon extensive add-on functionality, but some customers (typically, ones with generous budgets) are happy with
1. performance
2. classifying packets based upon transport-layer payload, potentially leading to more granular forwarding decisions

c3lin3

  • Jr. Member
  • **
  • Posts: 51
  • Karma: +0/-0
    • View Profile
Re: Palo Alto Next generation Firewalls
« Reply #3 on: January 12, 2011, 01:16:25 am »
You call it extensive add-on functionality - I call it essentials for a security device  :evil:

deanb

  • Full Member
  • ***
  • Posts: 128
  • Karma: +0/-0
    • View Profile
Re: Palo Alto Next generation Firewalls
« Reply #4 on: January 12, 2011, 04:56:46 am »
How much costs this devices (price range)?

c3lin3

  • Jr. Member
  • **
  • Posts: 51
  • Karma: +0/-0
    • View Profile
Re: Palo Alto Next generation Firewalls
« Reply #5 on: January 12, 2011, 08:16:03 am »
Starting at Palo Alto Networks PA-500 $ 3,735.00
Ending at Palo Alto Networks PA-4060 $ 66,400.00

The PA-500 is doing things in software which all other models do in hardware.

The model after the PA-500 is the PA-2020 ($ 9,960.0)

All prices are without any discount.

kcullimo

  • Jr. Member
  • **
  • Posts: 91
  • Karma: +0/-0
    • View Profile
Re: Palo Alto Next generation Firewalls
« Reply #6 on: January 12, 2011, 10:01:14 am »
My use of "exstensive add-on functionality" wasn't referring to the list of features you outlined. Traditional routers & firewalls didn't terminate virtual connections at all, so I'd hesitate to equate them with modern "security devices." It still seems to be the case that you'd only spend that much money if you cared about the L5-7 filtering functionality, which didn't fall under the purview of ANY traditional router/firewall offering.