SlideShare a Scribd company logo
Palo Alto Networks
Product Overview
Karsten Dindorp, Computerlinks
© 2009 Palo Alto Networks. Proprietary and Confidential
Page 2 |
Applications Have Changed – Firewalls Have Not
• The gateway at the trust
border is the right place to
enforce policy control
 Sees all traffic
 Defines trust boundary
Collaboration / Media
SaaS Personal
• But applications have changed
 Ports ≠ Applications
 IP addresses ≠ Users
 Headers ≠ Content
Need to Restore Application Visibility & Control in the Firewall
© 2009 Palo Alto Networks. Proprietary and Confidential
Page 3 |
Stateful Inspection Classification
The Common Foundation of Nearly All Firewalls
• Stateful Inspection classifies traffic by looking at the IP header
- source IP
- source port
- destination IP
- destination port
- protocol
• Internal table creates mapping to well-known protocols/ports
- HTTP = TCP port 80
- SMTP = TCP port 25
- SSL = TCP port 443
- etc, etc, etc…
© 2009 Palo Alto Networks. Proprietary and Confidential.
Page 4 |
Enterprise End Users Do What They Want
• The Application Usage & Risk Report from Palo Alto Networks highlights actual behavior of 960,000
users across 60 organizations:
- HTTP is the universal app protocol – 64% of BW, most HTTP apps not browser-based
- Video is king of the bandwidth hogs – 30x P2P filesharing
- Applications are the major unmanaged threat vector
• Business Risks: Productivity, Compliance, Operational Cost, Business Continuity and Data Loss
© 2009 Palo Alto Networks. Proprietary and Confidential
Page 5 |
Firewall “helpers” Is Not The Answer
• Complex to manage
• Expensive to buy and maintain
• Firewall “helpers” have limited view of traffic
• Ultimately, doesn’t solve the problem
Internet
© 2009 Palo Alto Networks. Proprietary and Confidential
Page 6 |
New Requirements for the Firewall
1. Identify applications regardless of
port, protocol, evasive tactic or SSL
2. Identify users regardless of IP address
3. Scan application content in real-time
(prevent threats and data leaks)
4. Granular visibility and policy control
over application access / functionality
5. Multi-gigabit, in-line deployment with
no performance degradation
The Right Answer: Make the Firewall Do Its Job
© 2009 Palo Alto Networks. Proprietary and Confidential
Page 7 |
Identification Technologies Transforming the Firewall
App-ID
Identify the application
User-ID
Identify the user
Content-ID
Scan the content
© 2009 Palo Alto Networks. Proprietary and Confidential
Page 8 |
Purpose-Built Architectures (PA-4000 Series)
Signature Match HW Engine
• Palo Alto Networks’ uniform
signatures
• Vulnerability exploits (IPS), virus,
spyware, CC#, SSN, and other
signatures
Multi-Core Security Processor
• High density processing for flexible
security functionality
• Hardware-acceleration for
standardized complex functions (SSL,
IPSec, decompression)
Dedicated Control Plane
• Highly available mgmt
• High speed logging and
route updates
10Gbps
Signature
Match
RAM
RAM
RAM
RAM
Dual-core
CPU
RAM
RAM
HDD
10 Gig Network Processor
• Front-end network processing offloads
security processors
• Hardware accelerated QoS, route
lookup, MAC lookup and NAT
CPU
16
. .
SSL IPSec
De-
Compression
CPU
1
CPU
2
10Gbps
Control Plane Data Plane
RAM
RAM
CPU
3
QoS
Route,
ARP,
MAC
lookup
NAT
© 2009 Palo Alto Networks. Proprietary and Confidential
Page 9 |
PAN-OS Core Features
• Strong networking
foundation:
- Dynamic routing (OSPF, RIPv2)
- Site-to-site IPSec VPN
- SSL VPN
- Tap mode – connect to SPAN port
- Virtual wire (“Layer 1”) for true
transparent in-line deployment
- L2/L3 switching foundation
• QoS traffic shaping
- Max, guaranteed and priority
- By user, app, interface, zone, and
more
• High Availability:
- Active / passive
- Configuration and session
synchronization
- Path, link, and HA monitoring
• Virtualization:
- All interfaces (physical or logical)
assigned to security zones
- Establish multiple virtual systems to
fully virtualized the device (PA-4000
& PA-2000 only)
• Intuitive and flexible
management
- CLI, Web, Panorama, SNMP, Syslog
© 2008 Palo Alto Networks. Proprietary and Confidential.
Page 10 |
Flexible Deployment Options
Application Visibility Transparent In-Line Firewall Replacement
• Connect to span port
• Provides application visibility
without inline deployment
• Deploy transparently behind existing
firewall
• Provides application visibility &
control without networking changes
• Replace existing firewall
• Provides application and network-
based visibility and control,
consolidated policy, high
performance
© 2009 Palo Alto Networks. Proprietary and Confidential
Page 11 |
Palo Alto Networks Next-Gen Firewalls
PA-4050
• 10 Gbps FW
• 5 Gbps threat prevention
• 2,000,000 sessions
• 16 copper gigabit
• 8 SFP interfaces
PA-4020
• 2 Gbps FW
• 2 Gbps threat prevention
• 500,000 sessions
• 16 copper gigabit
• 8 SFP interfaces
PA-4060
• 10 Gbps FW
• 5 Gbps threat prevention
• 2,000,000 sessions
• 4 XFP (10 Gig) I/O
• 4 SFP (1 Gig) I/O
PA-2050
• 1 Gbps FW
• 500 Mbps threat prevention
• 250,000 sessions
• 16 copper gigabit
• 4 SFP interfaces
PA-2020
• 500 Mbps FW
• 200 Mbps threat prevention
• 125,000 sessions
• 12 copper gigabit
• 2 SFP interfaces
PA-500
• 250 Mbps FW
• 100 Mbps threat prevention
• 50,000 sessions
• 8 copper gigabit
© 2009 Palo Alto Networks. Proprietary and Confidential
Page 12 |
PAN-OS 3.0 Summary of Features
• Networking
- Quality of Service Enforcement
- SSL VPN
- IPv6 Firewall (Virtual Wire)
- IPsec Multiple Phase 2 SAs
- 802.3ad link aggregation
- PA-2000 virtual systems licenses (+5)
• App-ID
- Custom Web-based App-IDs
- Custom App-ID Risk and Timeouts
- CRL checking within SSL forward proxy
• Threat Prevention & URL Filtering
- Dynamic URL Filtering DB
- Increased signature capacity
- Threat Exception List
- CVE in Threat Profiles
• User Identification
- Citrix/Terminal Server User ID
- Proxy X-Forwarded-For Support
• Visibility and Reporting
- User Activity Report
• Management
- Multi-zone Rules
- Automated Config Backup in Panorama
- Role-based admins in Panorama
- SNMP Enhancements
 Custom community string
 Extended MIB support
- XML-based REST API
- Ability to Duplicate Objects
- Log Export Enhancements
 Support for FTP
 Scheduler
- Custom Admin Login Banner
- Web-based Tech Support Export
- Database indexing
- Configurable management I/O settings
© 2009 Palo Alto Networks. Proprietary and Confidential
Page 13 | © 2007 Palo Alto Networks. Proprietary and Confidential
Page 13 |
Demo

More Related Content

Similar to Palo_Alto_Networks_Cust_June_2009.ppt

PAN PA4000
PAN PA4000PAN PA4000
PAN PA4000
Altaware, Inc.
 
PAN PA2000 series
PAN PA2000 seriesPAN PA2000 series
PAN PA2000 series
Altaware, Inc.
 
PAN PA2000 series
PAN PA2000 seriesPAN PA2000 series
PAN PA2000 series
Altaware, Inc.
 
Vfm palo alto next generation firewall
Vfm palo alto next generation firewallVfm palo alto next generation firewall
Vfm palo alto next generation firewall
vfmindia
 
Vision one-customer
Vision one-customerVision one-customer
Vision one-customer
Marie-Agnès PONS
 
Cisco IWAN – Intelligent Connectivity for Today’s Reality
Cisco IWAN – Intelligent Connectivity for Today’s RealityCisco IWAN – Intelligent Connectivity for Today’s Reality
Cisco IWAN – Intelligent Connectivity for Today’s Reality
Cisco Canada
 
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
Amazon Web Services
 
IXIA VISIBILITY ARCHITECTURE Eliminating Blind spots
IXIA VISIBILITY ARCHITECTURE Eliminating Blind spotsIXIA VISIBILITY ARCHITECTURE Eliminating Blind spots
IXIA VISIBILITY ARCHITECTURE Eliminating Blind spots
Cisco Russia
 
3.2_Securing Microgrids, Substations, and Distributed Autonomous Systems_Lawr...
3.2_Securing Microgrids, Substations, and Distributed Autonomous Systems_Lawr...3.2_Securing Microgrids, Substations, and Distributed Autonomous Systems_Lawr...
3.2_Securing Microgrids, Substations, and Distributed Autonomous Systems_Lawr...
Sandia National Laboratories: Energy & Climate: Renewables
 
Fortinet Service specifications shortlist
Fortinet Service specifications shortlistFortinet Service specifications shortlist
Fortinet Service specifications shortlist
wxi95jb74
 
Palo Alto Networks Soc Ent Okt2009
Palo Alto Networks Soc Ent Okt2009Palo Alto Networks Soc Ent Okt2009
Palo Alto Networks Soc Ent Okt2009
Zernike College
 
Getting the most out of the aruba policy enforcement firewall
Getting the most out of the aruba policy enforcement firewallGetting the most out of the aruba policy enforcement firewall
Getting the most out of the aruba policy enforcement firewall
Aruba, a Hewlett Packard Enterprise company
 
ICC Networking Link Series unified controller solution
ICC Networking Link Series unified controller solutionICC Networking Link Series unified controller solution
ICC Networking Link Series unified controller solution
International Communications Corporation
 
ICC Networking Link Series unified controller solution
ICC Networking Link Series unified controller solutionICC Networking Link Series unified controller solution
ICC Networking Link Series unified controller solution
International Communications Corporation
 
PAN PA500
PAN PA500PAN PA500
PAN PA500
Altaware, Inc.
 
F5 Solutions for Service Providers
F5 Solutions for Service ProvidersF5 Solutions for Service Providers
F5 Solutions for Service Providers
BAKOTECH
 
Unified access with Aruba Mobility Access Switches – Live Demo
Unified access with Aruba Mobility Access Switches – Live DemoUnified access with Aruba Mobility Access Switches – Live Demo
Unified access with Aruba Mobility Access Switches – Live Demo
Aruba, a Hewlett Packard Enterprise company
 
Rina converged network operator - etsi workshop
Rina converged network operator -  etsi workshopRina converged network operator -  etsi workshop
Rina converged network operator - etsi workshop
ARCFIRE ICT
 
Cisco Intelligent Branch - Enabling the Next Generation Branch
Cisco Intelligent Branch - Enabling the Next Generation BranchCisco Intelligent Branch - Enabling the Next Generation Branch
Cisco Intelligent Branch - Enabling the Next Generation Branch
Cisco Canada
 
asdasdsadsadasdasdaddasdasdasdasdweqweqewqe
asdasdsadsadasdasdaddasdasdasdasdweqweqewqeasdasdsadsadasdasdaddasdasdasdasdweqweqewqe
asdasdsadsadasdasdaddasdasdasdasdweqweqewqe
almondzzzz938
 

Similar to Palo_Alto_Networks_Cust_June_2009.ppt (20)

PAN PA4000
PAN PA4000PAN PA4000
PAN PA4000
 
PAN PA2000 series
PAN PA2000 seriesPAN PA2000 series
PAN PA2000 series
 
PAN PA2000 series
PAN PA2000 seriesPAN PA2000 series
PAN PA2000 series
 
Vfm palo alto next generation firewall
Vfm palo alto next generation firewallVfm palo alto next generation firewall
Vfm palo alto next generation firewall
 
Vision one-customer
Vision one-customerVision one-customer
Vision one-customer
 
Cisco IWAN – Intelligent Connectivity for Today’s Reality
Cisco IWAN – Intelligent Connectivity for Today’s RealityCisco IWAN – Intelligent Connectivity for Today’s Reality
Cisco IWAN – Intelligent Connectivity for Today’s Reality
 
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
 
IXIA VISIBILITY ARCHITECTURE Eliminating Blind spots
IXIA VISIBILITY ARCHITECTURE Eliminating Blind spotsIXIA VISIBILITY ARCHITECTURE Eliminating Blind spots
IXIA VISIBILITY ARCHITECTURE Eliminating Blind spots
 
3.2_Securing Microgrids, Substations, and Distributed Autonomous Systems_Lawr...
3.2_Securing Microgrids, Substations, and Distributed Autonomous Systems_Lawr...3.2_Securing Microgrids, Substations, and Distributed Autonomous Systems_Lawr...
3.2_Securing Microgrids, Substations, and Distributed Autonomous Systems_Lawr...
 
Fortinet Service specifications shortlist
Fortinet Service specifications shortlistFortinet Service specifications shortlist
Fortinet Service specifications shortlist
 
Palo Alto Networks Soc Ent Okt2009
Palo Alto Networks Soc Ent Okt2009Palo Alto Networks Soc Ent Okt2009
Palo Alto Networks Soc Ent Okt2009
 
Getting the most out of the aruba policy enforcement firewall
Getting the most out of the aruba policy enforcement firewallGetting the most out of the aruba policy enforcement firewall
Getting the most out of the aruba policy enforcement firewall
 
ICC Networking Link Series unified controller solution
ICC Networking Link Series unified controller solutionICC Networking Link Series unified controller solution
ICC Networking Link Series unified controller solution
 
ICC Networking Link Series unified controller solution
ICC Networking Link Series unified controller solutionICC Networking Link Series unified controller solution
ICC Networking Link Series unified controller solution
 
PAN PA500
PAN PA500PAN PA500
PAN PA500
 
F5 Solutions for Service Providers
F5 Solutions for Service ProvidersF5 Solutions for Service Providers
F5 Solutions for Service Providers
 
Unified access with Aruba Mobility Access Switches – Live Demo
Unified access with Aruba Mobility Access Switches – Live DemoUnified access with Aruba Mobility Access Switches – Live Demo
Unified access with Aruba Mobility Access Switches – Live Demo
 
Rina converged network operator - etsi workshop
Rina converged network operator -  etsi workshopRina converged network operator -  etsi workshop
Rina converged network operator - etsi workshop
 
Cisco Intelligent Branch - Enabling the Next Generation Branch
Cisco Intelligent Branch - Enabling the Next Generation BranchCisco Intelligent Branch - Enabling the Next Generation Branch
Cisco Intelligent Branch - Enabling the Next Generation Branch
 
asdasdsadsadasdasdaddasdasdasdasdweqweqewqe
asdasdsadsadasdasdaddasdasdasdasdweqweqewqeasdasdsadsadasdasdaddasdasdasdasdweqweqewqe
asdasdsadsadasdasdaddasdasdasdasdweqweqewqe
 

Recently uploaded

Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Speck&Tech
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
Zilliz
 
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdfAI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
Techgropse Pvt.Ltd.
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
tolgahangng
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
Mariano Tinti
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
Jason Packer
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
ssuserfac0301
 
Things to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUUThings to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUU
FODUU
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
Ivanti
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
Uni Systems S.M.S.A.
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
danishmna97
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
SitimaJohn
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
akankshawande
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
Tomaz Bratanic
 

Recently uploaded (20)

Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
 
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdfAI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
 
Things to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUUThings to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUU
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
 

Palo_Alto_Networks_Cust_June_2009.ppt

  • 1. Palo Alto Networks Product Overview Karsten Dindorp, Computerlinks
  • 2. © 2009 Palo Alto Networks. Proprietary and Confidential Page 2 | Applications Have Changed – Firewalls Have Not • The gateway at the trust border is the right place to enforce policy control  Sees all traffic  Defines trust boundary Collaboration / Media SaaS Personal • But applications have changed  Ports ≠ Applications  IP addresses ≠ Users  Headers ≠ Content Need to Restore Application Visibility & Control in the Firewall
  • 3. © 2009 Palo Alto Networks. Proprietary and Confidential Page 3 | Stateful Inspection Classification The Common Foundation of Nearly All Firewalls • Stateful Inspection classifies traffic by looking at the IP header - source IP - source port - destination IP - destination port - protocol • Internal table creates mapping to well-known protocols/ports - HTTP = TCP port 80 - SMTP = TCP port 25 - SSL = TCP port 443 - etc, etc, etc…
  • 4. © 2009 Palo Alto Networks. Proprietary and Confidential. Page 4 | Enterprise End Users Do What They Want • The Application Usage & Risk Report from Palo Alto Networks highlights actual behavior of 960,000 users across 60 organizations: - HTTP is the universal app protocol – 64% of BW, most HTTP apps not browser-based - Video is king of the bandwidth hogs – 30x P2P filesharing - Applications are the major unmanaged threat vector • Business Risks: Productivity, Compliance, Operational Cost, Business Continuity and Data Loss
  • 5. © 2009 Palo Alto Networks. Proprietary and Confidential Page 5 | Firewall “helpers” Is Not The Answer • Complex to manage • Expensive to buy and maintain • Firewall “helpers” have limited view of traffic • Ultimately, doesn’t solve the problem Internet
  • 6. © 2009 Palo Alto Networks. Proprietary and Confidential Page 6 | New Requirements for the Firewall 1. Identify applications regardless of port, protocol, evasive tactic or SSL 2. Identify users regardless of IP address 3. Scan application content in real-time (prevent threats and data leaks) 4. Granular visibility and policy control over application access / functionality 5. Multi-gigabit, in-line deployment with no performance degradation The Right Answer: Make the Firewall Do Its Job
  • 7. © 2009 Palo Alto Networks. Proprietary and Confidential Page 7 | Identification Technologies Transforming the Firewall App-ID Identify the application User-ID Identify the user Content-ID Scan the content
  • 8. © 2009 Palo Alto Networks. Proprietary and Confidential Page 8 | Purpose-Built Architectures (PA-4000 Series) Signature Match HW Engine • Palo Alto Networks’ uniform signatures • Vulnerability exploits (IPS), virus, spyware, CC#, SSN, and other signatures Multi-Core Security Processor • High density processing for flexible security functionality • Hardware-acceleration for standardized complex functions (SSL, IPSec, decompression) Dedicated Control Plane • Highly available mgmt • High speed logging and route updates 10Gbps Signature Match RAM RAM RAM RAM Dual-core CPU RAM RAM HDD 10 Gig Network Processor • Front-end network processing offloads security processors • Hardware accelerated QoS, route lookup, MAC lookup and NAT CPU 16 . . SSL IPSec De- Compression CPU 1 CPU 2 10Gbps Control Plane Data Plane RAM RAM CPU 3 QoS Route, ARP, MAC lookup NAT
  • 9. © 2009 Palo Alto Networks. Proprietary and Confidential Page 9 | PAN-OS Core Features • Strong networking foundation: - Dynamic routing (OSPF, RIPv2) - Site-to-site IPSec VPN - SSL VPN - Tap mode – connect to SPAN port - Virtual wire (“Layer 1”) for true transparent in-line deployment - L2/L3 switching foundation • QoS traffic shaping - Max, guaranteed and priority - By user, app, interface, zone, and more • High Availability: - Active / passive - Configuration and session synchronization - Path, link, and HA monitoring • Virtualization: - All interfaces (physical or logical) assigned to security zones - Establish multiple virtual systems to fully virtualized the device (PA-4000 & PA-2000 only) • Intuitive and flexible management - CLI, Web, Panorama, SNMP, Syslog
  • 10. © 2008 Palo Alto Networks. Proprietary and Confidential. Page 10 | Flexible Deployment Options Application Visibility Transparent In-Line Firewall Replacement • Connect to span port • Provides application visibility without inline deployment • Deploy transparently behind existing firewall • Provides application visibility & control without networking changes • Replace existing firewall • Provides application and network- based visibility and control, consolidated policy, high performance
  • 11. © 2009 Palo Alto Networks. Proprietary and Confidential Page 11 | Palo Alto Networks Next-Gen Firewalls PA-4050 • 10 Gbps FW • 5 Gbps threat prevention • 2,000,000 sessions • 16 copper gigabit • 8 SFP interfaces PA-4020 • 2 Gbps FW • 2 Gbps threat prevention • 500,000 sessions • 16 copper gigabit • 8 SFP interfaces PA-4060 • 10 Gbps FW • 5 Gbps threat prevention • 2,000,000 sessions • 4 XFP (10 Gig) I/O • 4 SFP (1 Gig) I/O PA-2050 • 1 Gbps FW • 500 Mbps threat prevention • 250,000 sessions • 16 copper gigabit • 4 SFP interfaces PA-2020 • 500 Mbps FW • 200 Mbps threat prevention • 125,000 sessions • 12 copper gigabit • 2 SFP interfaces PA-500 • 250 Mbps FW • 100 Mbps threat prevention • 50,000 sessions • 8 copper gigabit
  • 12. © 2009 Palo Alto Networks. Proprietary and Confidential Page 12 | PAN-OS 3.0 Summary of Features • Networking - Quality of Service Enforcement - SSL VPN - IPv6 Firewall (Virtual Wire) - IPsec Multiple Phase 2 SAs - 802.3ad link aggregation - PA-2000 virtual systems licenses (+5) • App-ID - Custom Web-based App-IDs - Custom App-ID Risk and Timeouts - CRL checking within SSL forward proxy • Threat Prevention & URL Filtering - Dynamic URL Filtering DB - Increased signature capacity - Threat Exception List - CVE in Threat Profiles • User Identification - Citrix/Terminal Server User ID - Proxy X-Forwarded-For Support • Visibility and Reporting - User Activity Report • Management - Multi-zone Rules - Automated Config Backup in Panorama - Role-based admins in Panorama - SNMP Enhancements  Custom community string  Extended MIB support - XML-based REST API - Ability to Duplicate Objects - Log Export Enhancements  Support for FTP  Scheduler - Custom Admin Login Banner - Web-based Tech Support Export - Database indexing - Configurable management I/O settings
  • 13. © 2009 Palo Alto Networks. Proprietary and Confidential Page 13 | © 2007 Palo Alto Networks. Proprietary and Confidential Page 13 | Demo