Presentation is loading. Please wait.

Presentation is loading. Please wait.

Palo Alto Networks Product Overview Karsten Dindorp, Computerlinks.

Published byGervais Morgan Modified over 9 years ago

Similar presentations

Presentation on theme: "Palo Alto Networks Product Overview Karsten Dindorp, Computerlinks."— Presentation transcript:

1 Palo Alto Networks Product Overview Karsten Dindorp, Computerlinks

2 © 2009 Palo Alto Networks. Proprietary and Confidential Page 2 | Applications Have Changed – Firewalls Have Not The gateway at the trust border is the right place to enforce policy control  Sees all traffic  Defines trust boundary Collaboration / Media SaaS Personal But applications have changed  Ports ≠ Applications  IP addresses ≠ Users  Headers ≠ Content Need to Restore Application Visibility & Control in the Firewall

3 © 2009 Palo Alto Networks. Proprietary and Confidential Page 3 | Stateful Inspection Classification The Common Foundation of Nearly All Firewalls Stateful Inspection classifies traffic by looking at the IP header - source IP - source port - destination IP - destination port - protocol Internal table creates mapping to well-known protocols/ports - HTTP = TCP port 80 - SMTP = TCP port 25 - SSL = TCP port 443 - etc, etc, etc…

4 © 2009 Palo Alto Networks. Proprietary and Confidential. Page 4 | Enterprise End Users Do What They Want The Application Usage & Risk Report from Palo Alto Networks highlights actual behavior of 960,000 users across 60 organizations: - HTTP is the universal app protocol – 64% of BW, most HTTP apps not browser-based - Video is king of the bandwidth hogs – 30x P2P filesharing - Applications are the major unmanaged threat vector Business Risks: Productivity, Compliance, Operational Cost, Business Continuity and Data Loss

5 © 2009 Palo Alto Networks. Proprietary and Confidential Page 5 | Firewall “helpers” Is Not The Answer Complex to manage Expensive to buy and maintain Firewall “helpers” have limited view of traffic Ultimately, doesn’t solve the problem Internet

6 © 2009 Palo Alto Networks. Proprietary and Confidential Page 6 | New Requirements for the Firewall 1. Identify applications regardless of port, protocol, evasive tactic or SSL 2. Identify users regardless of IP address 3. Scan application content in real-time (prevent threats and data leaks) 4. Granular visibility and policy control over application access / functionality 5. Multi-gigabit, in-line deployment with no performance degradation The Right Answer: Make the Firewall Do Its Job

7 © 2009 Palo Alto Networks. Proprietary and Confidential Page 7 | Identification Technologies Transforming the Firewall App-ID Identify the application User-ID Identify the user Content-ID Scan the content

8 © 2009 Palo Alto Networks. Proprietary and Confidential Page 8 | Purpose-Built Architectures (PA-4000 Series) Signature Match HW Engine Palo Alto Networks’ uniform signatures Vulnerability exploits (IPS), virus, spyware, CC#, SSN, and other signatures Multi-Core Security Processor High density processing for flexible security functionality Hardware-acceleration for standardized complex functions (SSL, IPSec, decompression) Dedicated Control Plane Highly available mgmt High speed logging and route updates 10Gbps Signature Match RAM Dual-core CPU RAM HDD 10 Gig Network Processor Front-end network processing offloads security processors Hardware accelerated QoS, route lookup, MAC lookup and NAT CPU 16. SSLIPSec De- Compression CPU 1 CPU 2 10Gbps Control Plane Data Plane RAM CPU 3 QoS Route, ARP, MAC lookup NAT

9 © 2009 Palo Alto Networks. Proprietary and Confidential Page 9 | PAN-OS Core Features Strong networking foundation: - Dynamic routing (OSPF, RIPv2) - Site-to-site IPSec VPN - SSL VPN - Tap mode – connect to SPAN port - Virtual wire (“Layer 1”) for true transparent in-line deployment - L2/L3 switching foundation QoS traffic shaping - Max, guaranteed and priority - By user, app, interface, zone, and more High Availability: - Active / passive - Configuration and session synchronization - Path, link, and HA monitoring Virtualization: - All interfaces (physical or logical) assigned to security zones - Establish multiple virtual systems to fully virtualized the device (PA-4000 & PA-2000 only) Intuitive and flexible management - CLI, Web, Panorama, SNMP, Syslog

10 © 2008 Palo Alto Networks. Proprietary and Confidential. Page 10 | Flexible Deployment Options Application Visibility Transparent In-Line Firewall Replacement Connect to span port Provides application visibility without inline deployment Deploy transparently behind existing firewall Provides application visibility & control without networking changes Replace existing firewall Provides application and network- based visibility and control, consolidated policy, high performance

11 © 2009 Palo Alto Networks. Proprietary and Confidential Page 11 | Palo Alto Networks Next-Gen Firewalls PA-4050 10 Gbps FW 5 Gbps threat prevention 2,000,000 sessions 16 copper gigabit 8 SFP interfaces PA-4020 2 Gbps FW 2 Gbps threat prevention 500,000 sessions 16 copper gigabit 8 SFP interfaces PA-4060 10 Gbps FW 5 Gbps threat prevention 2,000,000 sessions 4 XFP (10 Gig) I/O 4 SFP (1 Gig) I/O PA-2050 1 Gbps FW 500 Mbps threat prevention 250,000 sessions 16 copper gigabit 4 SFP interfaces PA-2020 500 Mbps FW 200 Mbps threat prevention 125,000 sessions 12 copper gigabit 2 SFP interfaces PA-500 250 Mbps FW 100 Mbps threat prevention 50,000 sessions 8 copper gigabit

12 © 2009 Palo Alto Networks. Proprietary and Confidential Page 12 | PAN-OS 3.0 Summary of Features Networking - Quality of Service Enforcement - SSL VPN - IPv6 Firewall (Virtual Wire) - IPsec Multiple Phase 2 SAs - 802.3ad link aggregation - PA-2000 virtual systems licenses (+5) App-ID - Custom Web-based App-IDs - Custom App-ID Risk and Timeouts - CRL checking within SSL forward proxy Threat Prevention & URL Filtering - Dynamic URL Filtering DB - Increased signature capacity - Threat Exception List - CVE in Threat Profiles User Identification - Citrix/Terminal Server User ID - Proxy X-Forwarded-For Support Visibility and Reporting - User Activity Report Management - Multi-zone Rules - Automated Config Backup in Panorama - Role-based admins in Panorama - SNMP Enhancements  Custom community string  Extended MIB support - XML-based REST API - Ability to Duplicate Objects - Log Export Enhancements  Support for FTP  Scheduler - Custom Admin Login Banner - Web-based Tech Support Export - Database indexing - Configurable management I/O settings

13 © 2009 Palo Alto Networks. Proprietary and Confidential Page 13 | © 2007 Palo Alto Networks. Proprietary and Confidential Page 13 | Demo

Download ppt "Palo Alto Networks Product Overview Karsten Dindorp, Computerlinks."

Similar presentations

Next Generation FWs Against Modern Malware and Threads Hakan Unsal – Technical Security Consultant Tunc Cokkeser – Regional Sales Manager.

Next Generation FWs Against Modern Malware and Threads Hakan Unsal – Technical Security Consultant Tunc Cokkeser – Regional Sales Manager.
Palo Alto Networks Jay Flanyak Channel Business Manager

Palo Alto Networks Jay Flanyak Channel Business Manager
Palo Alto Networks Overview

Palo Alto Networks Overview
Business Solutions Network Security Solutions Gateway Security

Business Solutions Network Security Solutions Gateway Security
Palo Alto Networks Product Overview

Palo Alto Networks Product Overview
Stonesoft Roadmap WHAT FEATURES WILL COME IN 2013-2014.

Stonesoft Roadmap WHAT FEATURES WILL COME IN
New Solutions to New Threats. The Threats, They Are A Changing Page 2 | © 2008 Palo Alto Networks. Proprietary and Confidential.

New Solutions to New Threats. The Threats, They Are A Changing Page 2 | © 2008 Palo Alto Networks. Proprietary and Confidential.
Next Generation Network Security Carlos Heller System Engineering.

Next Generation Network Security Carlos Heller System Engineering.
Migrating from Juniper to Palo Alto Networks

Migrating from Juniper to Palo Alto Networks
Multi-Layer Switching Layers 1, 2, and 3. Cisco Hierarchical Model Access Layer –Workgroup –Access layer aggregation and L3/L4 services Distribution Layer.

Multi-Layer Switching Layers 1, 2, and 3. Cisco Hierarchical Model Access Layer –Workgroup –Access layer aggregation and L3/L4 services Distribution Layer.
Palo Alto Networks Threat Prevention. Palo Alto Networks at a Glance Corporate Highlights Founded in 2005; First Customer Shipment in 2007 Safely Enabling.

Palo Alto Networks Threat Prevention. Palo Alto Networks at a Glance Corporate Highlights Founded in 2005; First Customer Shipment in 2007 Safely Enabling.
About Palo Alto Networks

About Palo Alto Networks
Highly Available Central Services An Intelligent Router Approach Thomas Finnern Thorsten Witt DESY/IT.

Highly Available Central Services An Intelligent Router Approach Thomas Finnern Thorsten Witt DESY/IT.
Introduction to ISA 2004 Dana Epp Microsoft Security MVP.

Introduction to ISA 2004 Dana Epp Microsoft Security MVP.
Blue Coat Systems Securing and accelerating the Remote office Matt Bennett.

Blue Coat Systems Securing and accelerating the Remote office Matt Bennett.
Palo Alto Networks Solution Overview May 2010 Denis Pechnov Sales, EMEA.

Palo Alto Networks Solution Overview May 2010 Denis Pechnov Sales, EMEA.
© 2007 Palo Alto Networks. Proprietary and Confidential Page 1 | Next Generation Firewalls Nir Zuk Founder and CTO.

© 2007 Palo Alto Networks. Proprietary and Confidential Page 1 | Next Generation Firewalls Nir Zuk Founder and CTO.
Palo Alto Networks Customer Presentation

Palo Alto Networks Customer Presentation
MIGRATION FROM SCREENOS TO JUNOS based firewall

MIGRATION FROM SCREENOS TO JUNOS based firewall
Network Security1 – Chapter 3 – Device Security (B) Security of major devices: How to protect the device against attacks aimed at compromising the device.

Network Security1 – Chapter 3 – Device Security (B) Security of major devices: How to protect the device against attacks aimed at compromising the device.

Similar presentations

Ads by Google