Palo Alto Networks Product Overview Karsten Dindorp, Computerlinks.

Slides:



Advertisements
Similar presentations
Next Generation FWs Against Modern Malware and Threads Hakan Unsal – Technical Security Consultant Tunc Cokkeser – Regional Sales Manager.
Advertisements

Palo Alto Networks Jay Flanyak Channel Business Manager
Palo Alto Networks Overview
Business Solutions Network Security Solutions Gateway Security
Palo Alto Networks Product Overview
Stonesoft Roadmap WHAT FEATURES WILL COME IN
New Solutions to New Threats. The Threats, They Are A Changing Page 2 | © 2008 Palo Alto Networks. Proprietary and Confidential.
Next Generation Network Security Carlos Heller System Engineering.
Migrating from Juniper to Palo Alto Networks
Multi-Layer Switching Layers 1, 2, and 3. Cisco Hierarchical Model Access Layer –Workgroup –Access layer aggregation and L3/L4 services Distribution Layer.
Palo Alto Networks Threat Prevention. Palo Alto Networks at a Glance Corporate Highlights Founded in 2005; First Customer Shipment in 2007 Safely Enabling.
About Palo Alto Networks
Highly Available Central Services An Intelligent Router Approach Thomas Finnern Thorsten Witt DESY/IT.
Introduction to ISA 2004 Dana Epp Microsoft Security MVP.
Blue Coat Systems Securing and accelerating the Remote office Matt Bennett.
Palo Alto Networks Solution Overview May 2010 Denis Pechnov Sales, EMEA.
© 2007 Palo Alto Networks. Proprietary and Confidential Page 1 | Next Generation Firewalls Nir Zuk Founder and CTO.
Palo Alto Networks Customer Presentation
MIGRATION FROM SCREENOS TO JUNOS based firewall
Network Security1 – Chapter 3 – Device Security (B) Security of major devices: How to protect the device against attacks aimed at compromising the device.
Barracuda Networks Steve Scheidegger Commercial Account Manager
Next-Generation Firewall Palo Alto Networks. Page 2 | Applications Have Changed, firewalls have not The gateway at the trust border is the right place.
Palo Alto Networks security solution - protection against new cyber-criminal threats focused on client-side vulnerabilities Mariusz Stawowski, Ph.D., CISSP.
Sepehr Firewalls Sepehr Sadra Tehran Co. Ltd. Ali Shayan December 2008.
© 2007 Palo Alto Networks. Proprietary and Confidential Page 1 | Palo Alto Networks – next page in firewalling It’s time to fix the firewall! Tiit Sokolov.
FortiGateAntivirusFirewallOverview. 2 Fortinet Technologies Network Security Network security can be viewed from three perspectives: t controlling access.
Barracuda Load Balancer Server Availability and Scalability.
ShareTech 2015 Next-Gen UTM.
Cooperative Education – Networking Spring 2010 Network Team Saigon Institute of Technology.
What Did You Do At School Today Junior?
Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.
Network Admin Course Plan Accede Institute Of Science & Technology.
NEXT GENERATION FIREWALLS Why NGFWs are Next-Generation FWs?
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Module 4: Designing Routing and Switching Requirements.
© 2014 VMware Inc. All rights reserved. Palo Alto Networks VM-Series for VMware vCloud ® Air TM Next-Generation Security for Hybrid Clouds Palo Alto Networks.
Module 4: Configuring ISA Server as a Firewall. Overview Using ISA Server as a Firewall Examining Perimeter Networks and Templates Configuring System.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Smart Switches FS526T / FS750T / GS748T / GS724T
AWS Cloud Firewall Review Architecture Decision Group October 6, 2015 – HUIT-Holyoke-CR 561.
© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.
Net Optics Confidential and Proprietary 1 Bypass Switches Intelligent Access and Monitoring Architecture Solutions.
High Performance Web Accelerator WEB INSIGHT AG Product Introduction March – 2007 MONITORAPP Co.,Ltd.
Firewall Policies. Module Objectives By the end of this module participants will be able to: Identify the components used in a firewall policy Create.
Chapter 3 - VLANs. VLANs Logical grouping of devices or users Configuration done at switch via software Not standardized – proprietary software from vendor.
Security fundamentals Topic 10 Securing the network perimeter.
About Palo Alto Networks
APPLICATION PERFORMANCE MANAGEMENT The Next Generation.
Chapter 4: Implementing Firewall Technologies
Lesson 2a © 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—2-1 Firewall Technologies and the Cisco Security Appliance.
PART1: NETWORK COMPONENTS AND TRANSMISSION MEDIUM Wired and Wireless network management 1.
NSA 240 Overview For End Users. 2 New Challenges To Solve  Threats Are Increasing  Web 2.0 & SaaS  Impacts to servers, users & networks  Threats go.
Palo Alto Networks SLO WUG NG Silvester Drobnič, CHS d.o.o.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
Network Security Solution. 2 Security Gateway Switch Network Security Products  Multi-Homing  VPN/Firewall  SPI Firewall  Anti-Virus  Anti-Spam 
Firewall requirements to secure IPv6 networks – finished playing! LANCom seminar, Maribor Ides Vanneuville, Palo Alto Networks – Next-Generation firewall.
Web Content Security Unlock the Power of the Web
Palo Alto Networks Certified Network Security Engineer
Barracuda Firewall The Next-Generation Firewall for Everyone
Web Content Security Unlock the Power of the Web
PCNSE7 Palo Alto Networks Certified Network Security Engineer
Working at a Small-to-Medium Business or ISP – Chapter 8
Barracuda Firewall The Next-Generation Firewall for Everyone
The sign of success.
Securing the Network Perimeter with ISA 2004
PCNSE7 Palo Alto Networks Certified Network Security Engineer
Basic Policy Overview Palo Alto.
Firewalls at UNM 11/8/2018 Chad VanPelt Sean Taylor.
Introduction to Network Security
AT&T Firewall Battlecard
Presentation transcript:

Palo Alto Networks Product Overview Karsten Dindorp, Computerlinks

© 2009 Palo Alto Networks. Proprietary and Confidential Page 2 | Applications Have Changed – Firewalls Have Not The gateway at the trust border is the right place to enforce policy control  Sees all traffic  Defines trust boundary Collaboration / Media SaaS Personal But applications have changed  Ports ≠ Applications  IP addresses ≠ Users  Headers ≠ Content Need to Restore Application Visibility & Control in the Firewall

© 2009 Palo Alto Networks. Proprietary and Confidential Page 3 | Stateful Inspection Classification The Common Foundation of Nearly All Firewalls Stateful Inspection classifies traffic by looking at the IP header - source IP - source port - destination IP - destination port - protocol Internal table creates mapping to well-known protocols/ports - HTTP = TCP port 80 - SMTP = TCP port 25 - SSL = TCP port etc, etc, etc…

© 2009 Palo Alto Networks. Proprietary and Confidential. Page 4 | Enterprise End Users Do What They Want The Application Usage & Risk Report from Palo Alto Networks highlights actual behavior of 960,000 users across 60 organizations: - HTTP is the universal app protocol – 64% of BW, most HTTP apps not browser-based - Video is king of the bandwidth hogs – 30x P2P filesharing - Applications are the major unmanaged threat vector Business Risks: Productivity, Compliance, Operational Cost, Business Continuity and Data Loss

© 2009 Palo Alto Networks. Proprietary and Confidential Page 5 | Firewall “helpers” Is Not The Answer Complex to manage Expensive to buy and maintain Firewall “helpers” have limited view of traffic Ultimately, doesn’t solve the problem Internet

© 2009 Palo Alto Networks. Proprietary and Confidential Page 6 | New Requirements for the Firewall 1. Identify applications regardless of port, protocol, evasive tactic or SSL 2. Identify users regardless of IP address 3. Scan application content in real-time (prevent threats and data leaks) 4. Granular visibility and policy control over application access / functionality 5. Multi-gigabit, in-line deployment with no performance degradation The Right Answer: Make the Firewall Do Its Job

© 2009 Palo Alto Networks. Proprietary and Confidential Page 7 | Identification Technologies Transforming the Firewall App-ID Identify the application User-ID Identify the user Content-ID Scan the content

© 2009 Palo Alto Networks. Proprietary and Confidential Page 8 | Purpose-Built Architectures (PA-4000 Series) Signature Match HW Engine Palo Alto Networks’ uniform signatures Vulnerability exploits (IPS), virus, spyware, CC#, SSN, and other signatures Multi-Core Security Processor High density processing for flexible security functionality Hardware-acceleration for standardized complex functions (SSL, IPSec, decompression) Dedicated Control Plane Highly available mgmt High speed logging and route updates 10Gbps Signature Match RAM Dual-core CPU RAM HDD 10 Gig Network Processor Front-end network processing offloads security processors Hardware accelerated QoS, route lookup, MAC lookup and NAT CPU 16. SSLIPSec De- Compression CPU 1 CPU 2 10Gbps Control Plane Data Plane RAM CPU 3 QoS Route, ARP, MAC lookup NAT

© 2009 Palo Alto Networks. Proprietary and Confidential Page 9 | PAN-OS Core Features Strong networking foundation: - Dynamic routing (OSPF, RIPv2) - Site-to-site IPSec VPN - SSL VPN - Tap mode – connect to SPAN port - Virtual wire (“Layer 1”) for true transparent in-line deployment - L2/L3 switching foundation QoS traffic shaping - Max, guaranteed and priority - By user, app, interface, zone, and more High Availability: - Active / passive - Configuration and session synchronization - Path, link, and HA monitoring Virtualization: - All interfaces (physical or logical) assigned to security zones - Establish multiple virtual systems to fully virtualized the device (PA-4000 & PA-2000 only) Intuitive and flexible management - CLI, Web, Panorama, SNMP, Syslog

© 2008 Palo Alto Networks. Proprietary and Confidential. Page 10 | Flexible Deployment Options Application Visibility Transparent In-Line Firewall Replacement Connect to span port Provides application visibility without inline deployment Deploy transparently behind existing firewall Provides application visibility & control without networking changes Replace existing firewall Provides application and network- based visibility and control, consolidated policy, high performance

© 2009 Palo Alto Networks. Proprietary and Confidential Page 11 | Palo Alto Networks Next-Gen Firewalls PA Gbps FW 5 Gbps threat prevention 2,000,000 sessions 16 copper gigabit 8 SFP interfaces PA Gbps FW 2 Gbps threat prevention 500,000 sessions 16 copper gigabit 8 SFP interfaces PA Gbps FW 5 Gbps threat prevention 2,000,000 sessions 4 XFP (10 Gig) I/O 4 SFP (1 Gig) I/O PA Gbps FW 500 Mbps threat prevention 250,000 sessions 16 copper gigabit 4 SFP interfaces PA Mbps FW 200 Mbps threat prevention 125,000 sessions 12 copper gigabit 2 SFP interfaces PA Mbps FW 100 Mbps threat prevention 50,000 sessions 8 copper gigabit

© 2009 Palo Alto Networks. Proprietary and Confidential Page 12 | PAN-OS 3.0 Summary of Features Networking - Quality of Service Enforcement - SSL VPN - IPv6 Firewall (Virtual Wire) - IPsec Multiple Phase 2 SAs ad link aggregation - PA-2000 virtual systems licenses (+5) App-ID - Custom Web-based App-IDs - Custom App-ID Risk and Timeouts - CRL checking within SSL forward proxy Threat Prevention & URL Filtering - Dynamic URL Filtering DB - Increased signature capacity - Threat Exception List - CVE in Threat Profiles User Identification - Citrix/Terminal Server User ID - Proxy X-Forwarded-For Support Visibility and Reporting - User Activity Report Management - Multi-zone Rules - Automated Config Backup in Panorama - Role-based admins in Panorama - SNMP Enhancements  Custom community string  Extended MIB support - XML-based REST API - Ability to Duplicate Objects - Log Export Enhancements  Support for FTP  Scheduler - Custom Admin Login Banner - Web-based Tech Support Export - Database indexing - Configurable management I/O settings

© 2009 Palo Alto Networks. Proprietary and Confidential Page 13 | © 2007 Palo Alto Networks. Proprietary and Confidential Page 13 | Demo

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.