Re: [fw-wiz] Palo Alto Networks

I've worked with them before and they're pretty good.
easy setup and maintenance, good integration with Active Directory,
good application detection engine.
Over all it's a good product, but you have to test it in your own
environment to see if it fits.
here are the draw backs that I can remember. all firewalls have some
kind of issues.
here are the issues I see and maybe they have been fixed by now. I
don't know it's been a while.
I remember it didn't have a central management, so having a few of
those boxes may be ok, but when you're looking at 20+ clusters, it
becomes time consuming to manage.
Application detection engine would automatically drop the traffic of
unknown apps into a low priority pool. So if you have home grown apps
which requires alot of bandwidth, you need to make sure you find it
and give it a definition or work with their team to create custom rule
otherwise it will crawl.
I'm sure there's more pros and cons, but that's all I can think of.
Let me know if you have more questions.


On Thu, Oct 8, 2009 at 12:00 PM, Paul Hutchings <paul@xxxxxxxxxxx> wrote:
Getting one of their boxes on eval for a couple of weeks.  Quite a broad and
generic question I know, but does anyone have any experience(s) they wish to

firewall-wizards mailing list

If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked. — White House Cybersecurity
Advisor, Richard Clarke
firewall-wizards mailing list