Palo Alto Networks Next-Generation Firewall — It is a next-generation firewall that combines traditional traffic filtering methods with application control, incident detection and prevention, and network activity monitoring.
The solution is available in the following versions:
Cloud – cloud solution from Palo Alto Networks to protect AWS and Azure cloud environments
PA-Series – hardware devices for local deployment
VM-Series – virtual firewalls for deployment in virtual and cloud environments
CN-Series – a firewall for Kubernetes environments. Supports integration into CI/CD processes and provides control of traffic between containers
Functional features
Port-independent application identification and control (App-ID)
Access control based on accounts and groups instead of IP addresses (User-ID)
Traffic content analysis to prevent data leakage and block unwanted content (Content-ID)
Recognition and control of IoT devices without binding to IP addresses (Device-ID)
Selective decryption of SSL traffic
Network segmentation by zones
Additional services:
Strata Cloud Manager – cloud platform for management NGFW and Prisma Access from Palo Alto Networks through a single web interface. Provides AIOps, Autonomous Digital Experience Management (ADEM) and Strata Logging Service functionality
Strata Logging Service – cloud-based centralized log storage that supports Palo Alto Networks services such as NGFW, Cortex XDR, Prisma Access, IoT Security and Traps management service
IoT Security – dynamic detection, classification and inventory of IoT devices with recommendations for developing protection policies
SD-WAN – software-defined wide area network, a technology that allows you to use various Internet and private services to unite geographically distributed departments into a single network. In combination with NGFW, the module provides integrated network security capabilities, complementing the functionality of SD-WAN. In addition, it is used for centralized configuration management Panorama
AutoFocus – Palo Alto Networks Threat Intelligence portal, integrated with NGFW, helps visualize network traffic logs and identify potentially vulnerable components
DNS Security – a service that provides detection of malicious domains, DNS tunneling, and other types of DNS attacks. The service also offers sinkholing capabilities by redirecting responses directed at malicious domains to a standard Palo Alto Networks sinkhole IP address to detect compromised endpoints
Advanced DNS Security – expands possibilities DNS Security, providing access to the service Advanced DNS Security Cloud, which allows cloud resources to be used to proactively detect new and unknown threats. This allows the NGFW to identify and classify stolen resources and those with vulnerable configurations, effectively blocking malicious activity
Threat Prevention – protects the network against threats, malware, etc. In addition to traditional IPS/IDS tools, it provides the ability to detect and block threats on all ports
Advanced Threat Prevention – in addition to the functional Threat Prevention, provides access to a cloud-based malware detection service that uses deep learning models to protect the company's network from new and unknown threats
Advanced URL Filtering – a web page access control service that allows you to limit the sites on which users can enter their corporate credentials, as well as configure the blocking of potentially malicious or phishing pages
WildFire – cloud sandbox for static and dynamic file analysis, detecting previously unknown malware
Advanced Wildfire – uses static and dynamic file analysis, Intelligent Run-time Memory Analysis technology, deep learning models, behavioral analytics, and over 25 patented techniques to detect malware
Virtual Systems — separate logical instances of firewalls within a single physical or virtual device Palo Alto Networks NGFWVirtual systems allow you to replace multiple firewalls with one (or a pair for fault tolerance), providing independent management and traffic isolation for each virtual system.
Enterprise Data Loss Prevention (DLP) – protection against unauthorized access, abuse and exchange of confidential information
GlobalProtect – VPN service for remote network access. Provides functionality for checking the security status of devices before connecting, managing device settings, the GlobalProtect mobile application, using IPv6 connections and GlobalProtect Clientless VPN
SaaS Security Inline – working together with Strata Logging Service, it provides detection of SaaS applications used in the company's network, monitoring their usage, and automatic application of configured security and access policies
Advantages:
- Parallel Processing hardware – distributed architecture (for PA-Series), which separates traffic processing (Data Plane) and firewall management (Control Plane). This approach allows maintaining stable system operation by ensuring that overloading of one component will not affect the other
- Panorama provides centralized management of firewalls Palo Alto Networks and can be deployed in both physical and virtual environments
- Supports clustering for increased throughput and active/active and active/passive configurations for fault tolerance
- Deployment NGFW in local, virtual, cloud, hybrid and containerized environments
- Ability to configure user authentication using SAML, Kerberos, TACACS+, RADIUS, and LDAP, as well as using multi-factor authentication
- Intelligent Traffic Offload (ITO) for VM-Series, thanks to integration with NVIDIA BlueField-2 DPU, it allows to increase throughput by redirecting packets that do not require detailed analysis to the hardware accelerator for processing
- GlobalProtect VPN for secure remote access of employees to the company network
- Ability to set up a Site-to-Site VPN connection
- Providing recommendations for improving policy settings (Policy Optimizer)
Palo Alto Networks Next-Generation Firewall provides protection for corporate networks through traffic analysis, application, user, content and device identification functionality, as well as mechanisms for detecting and blocking malware and unauthorized access. The solution also provides capabilities for network segmentation and secure remote access to resources, and support for various deployment types in addition to various cloud services allows you to adapt the solution to the needs of companies.
Briefly about Palo Alto Networks Next-Generation Firewall can be viewed in a video presentation on our YouTube channel. Watch it here:
View the dashboard Palo Alto Networks Next-Generation Firewall you can in this video:
Entrust the security of your business to professionals! Get a free consultation from experts Seeton:
Get a consultation
Always in touch to ensure the continuity of your business!
Learn more and get consultation from Seeton Cyber Security Group!
PARTNER: