The latest gateway is the company’s fastest. But just as important, it now offers a laptop agent allowing managers to extend access policies to endpoints
The latest high performance firewall from Palo Alto Networks doubles the throughput of the company’s fastest devices, which the company says makes it capable for data centres and Internet gateways.
At the same time, the company has created an agent for laptops lets IT managers extend firewall policies to remote endpoints.
The PA-5060 [pictured], part of the new 2U-sized PA-5000 series, offers firewall throughput of 20 Gigabits per second, threat prevention throughput of 10 Gbps and IPSec VPN throughput of 4 Gbps. All told, it can handle up to 4 million sessions.
It may not look revolutionary, said Chris King, the company’s director of product marketing, but each box runs on a processor with 40 cores.
Palo Alto makes what industry analysts call next-generation firewalls, which comes with application visibility and control administrators can use to set up access policies for over 1,000 applications. URL filtering and threat prevention are subscription extras.
These policies can now be extended beyond the walls of enterprises to endpoints by subscribing to Palo Alto’s GlobalProtect agent. The agent, which can be delivered to users via Microsoft’s Active Directory, SMS or Microsoft System Configuration Manager, forces traffic over an encrypted session for security.
It also lets administrators set different security policies for laptops when used outside a company office. For example, there could be a policy forbidding the use of Skype in the office but allowing it on the road. GlobalProtect also detects the nearest PaloAlto firewall, useful for companies with multiple PA gateways.
GlobalProtect, which can be used on any Palo Alto firewall, is licenced by the number of PA firewalls in the organization. King said it is priced at roughly 20 per cent of the price of the firewall.
Finally, Palo Alto also said that version 4.0 of its PAN-OS operating system is now available with some 50 enhancements. This includes the ability to write custom App-IDs for internally developed applications and the ability to identify botnets.
The PA-5000 series, which starts at US$40,000, can be ordered with a choice of 120 or 240 GB solid state hard drives, AC or DC power, a DC fan tray and a fan filter.
In a recent interview Rene Bonvanie, the company’s vice-president of marketing, said he hopes to boost the Palo Alto’s business here. At the moment it has just over 100 customers, and hopes to have as many as 1,000 three years from now by adding to its local staff of two and doubling the number of channel partners. Telus Corp. is its biggest partner, he said, offering PA firewalls through its integration services.
IDC Analyst Connection – Unified Threat Management: Benefits of an Integrated Approach to Network Security
This IDC Analyst Connection looks at the the benefits of using a UTM platform integrated with network connectivity and how it will save the enterprise money, reduce the number of vendors' products needed to be purchased, improve the communications between devices, offer the opportunity for organizations to deploy more sophisticated capabilities, and vastly improve security.