Manage, secure, and optimize the performance
and availability of business services.

Ask questions, order a demo. Schedule an onsite evaluation or proof-of-concept

 

Palo Alto Networks

Palo Alto takes advantage of the user and user-group information inside Active Directory and maps it to IP addresses on the network. The firewall can identify all traffic by the user and the user group instead of just the IP address. (Note: Palo Alto Networks products require no changes to the Active Directory server or to the end-user PCs.)

The PA-4000 Series Application Command Center provides a real-time display of application traffic flowing across the network by user or group name. Your organization can use the ACC’s rules-based editor to create, review and deploy more targeted usage policies.

Palo Alto gear can distinguish particular applications within Web traffic and filter them. For example, PA-4000 appliances can distinguish between Yahoo Mail and corporate e-mail, allowing both but blocking attachments from the Yahoo Mail.

Greg Young, a research vice president with Gartner, notes that traditional firewall vendors lash together their firewalls and intrusion-prevention systems (IPS) in single devices to offer features similar to those in PA-4000s. He says these products aren’t truly integrated, however. Rather, the firewalls and IPSs within these devices pass traffic back and forth and perform their separate functions.

Network World , 06/21/2007

Palo Alto devices can proxy SSL traffic, terminating and decrypting sessions to inspect and filter content. Traditional firewalls and IPSs don’t decrypt SSL and have no way of screening the content.

With Palo Alto firewalls, your administrators can configure what SSL traffic gets decrypted and what traffic passes through. For instance, a business might want to inspect SSL traffic bound for a known competitor, but not inspect SSL traffic to a savings and loan where an employee probably is checking on a bank statement.

Palo Alto Networks’ next-generation firewall technologies bring applications, users and content under policy control using three patented core technologies:

  • App-ID: an application identification technology that classifies traffic based on the application regardless of port, protocol, SSL encryption or evasive tactics.

  • User-ID: a technology that integrates with Microsoft Active Directory to enable visibility and control of application by users and groups of users – not just by IP addresses.

  • Content-ID: a high performance content inspection engine that prevents a wide range of threats, blocks file transfers, data leakage and controls web surfing. More...

Effect of Next-gen Firewall on Network Performance...
Palo Alto and the Next-generation Firewall...

Request more Palo Alto Networks information or product demo...
Request a Palo Alto Networks Product Evaluation...

About VistaOne
Contact VistaOne
Legal & Privacy

 Exinda UPM
F5 Networks
Impulse Point
Palo Alto Networks
Procera PacketLogic
Riverbed Steelhead
Riverbed Cascade
SuperLumin
Vineyard Networks 		Professional Services
  Two-Hour Tune Up
  Best Practices Audit  
  Product Configuration

Training
  Training Schedule
 Evaluations
    Riverbed
    Procera Networks
    Palo Alto Networks
    Exinda
FacebookTwitterLinkedInYou TubeVistaOne Blog  

© 2009- 2012 VistaOne Corporation