During the past decade, we’ve seen the global IT security market flooded with new network security and firewall security appliances. New vendors emerging into the market while existing well-known vendors introduce new smarter and complex firewalls that aim to keep enterprise organizations as safe as possible. Palo Alto Networks is one of the new-generation security vendors who have managed to break into a saturated market and make their stand.
It’s no coincidence that Palo Alto Networks is considered to be a leader and pioneer when it comes to Next Generation Firewall appliances and Gartner seems to agree with this statement based on their Magic Quadrant report in the Next Generation Firewall Segment:
Figure 1. Gartner Magic Quadrant for Enterprise Network Firewalls
Palo Alto Networks Next-Generation Firewalls unique way of processing a packet using the Single Pass Parallel Processing (SP3) engine makes them a clear leader.
Note: Read all our technical articles covering Palo Alto Firewalls by visiting our Palo Alto Firewall Section.
Basically, the SP3 engine utilizes the same stream-based signature format to process the protection features like Anti-Virus, Spyware, Vulnerability Protection and Data Filtering. By doing so the firewall saves valuable processing power, unlike other Unified Threat Management (UTM) appliances which serially process each security feature offered, this often introduces latency to the network traffic.
The advanced security features like App-ID, User-ID, Content-ID along with Security profiles, comprising feature like Antivirus, Anti-Spyware, Vulnerability protection, URL Filtering, DoS Protection and Data Filtering makes Palo Alto the leader. Most importantly its malware analysis solution WildFire offers advanced protection from unknown threats.
Palo Alto Networks offers its firewalls as Hardware Platforms and Virtual Platforms. Its Hardware Platforms comes in different flavors.
Figure 2. The Palo Alto Firewall family
PA-200 and PA-500 Series Firewalls are meant for Small Businesses and come with very limited throughput and do not support Virtual Systems. Virtual Systems, also known as VSYS, is used to create virtual firewall instances in a single-pair of Palo Alto Firewalls, in other words, Virtual Systems can be compared to contexts in Cisco ASA Firewalls or vdom in Fortinet firewalls. The PA-200, PA-500 Series Firewalls offer a very limited number of security policies like security rules, NAT rules, policy based forwarding rules and a few more.
Datasheets on Palo Alto Firewall appliances and Virtual Servers are available at our Palo Alto Datasheets and Guides download area
The table below provides a clear comparison of features and technical specifications of both PA-500 and PA-200 firewall models: