Palo Alto Networks targets VMware shops with virtualized next-gen firewalls
Network World - LAS VEGAS -- Palo Alto Networks Tuesday unveiled the first virtualized version of its next-generation firewall, server-based software intended to run on the VMware platform to allow security managers to set up firewall application-layer controls in virtual machines (VM).
The company's new VM-Series software is intended to overcome the limitation that physical firewall appliances face in virtualized environments in that they don't fit directly between VM-to-VM intra-host traffic flows, says Chris King, director of product marketing.
Palo Alto's entry into virtualization heightens competition in the next-generation firewall market vs. the likes of Sourcefire and Check Point. Next-gen firewalls go beyond traditional port-based firewalls to allow for setting up application-layer controls related to users and machine-to-machine processing.
While Palo Alto this week is entering the virtualized firewall market, it is not abandoning the business of selling physical application-layer firewalls, something it has done since starting up in 2005. The company this week is also introducing an updated physical appliance line called the PA-3000 Series, starting at $14,000. It consists of two next-gen firewalls, the PA-3020 and PA-3050, which respectively deliver 2Gbps and 4Gbps of application-identification throughput.
All of Palo Alto's new products are based on an updated operating system, PAN-OS 5.0. There's also a new M-100 management appliance intended to support all of its firewall line.
But the star of the show -- and a topic of curiosity -- at the company's conference with its customers this week is going to be the virtualized VM-Series versions, which start at $2,700.
The Palo Alto VM-series next-generation firewall for virtualized workloads will require that IT managers pay attention to capacity planning, King says. The virtualized firewall itself is a VM-based security component that will need to be carefully measured in terms of utilization based on factors such as what workloads are permitted to talk to each other.
These virtualized versions come as three basic types, the VM-100 (supporting 50,000 sessions, 250 rules, 10 security zones, 2,500 address objects, and 25 IPsec tunnels and 25 SSL VPN tunnels); the VM-200 (supporting 100,000 sessions, 2,000 rules, 20 security zones, 4,000 address objects, 500 IPsec VPN tunnels, and 200 SSL VPN tunnels) and lastly, the VM-300, (supporting 250,000 sessions, 5,000 rules, 40 security zones, 10,000 address objects, 2,000 IPsec VPN tunnels, and 500 SSL VPN tunnels).
King says that one core concept in managing virtualized application-layer firewalls is that policy should be tied to applications so that if they are migrated to other virtualized servers through use of VMware's vMotion, the policy moves with them. The idea is also to find the right balance of virtualized and physical application-layer firewalls.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Alert Logic for PCI DSS Compliance To achieve PCI DSS compliance, you must identify and remediate all critical vulnerabilities detected during PCI scans. Threat Manager streamlines this process by...
- Cybersecurity Imperatives Reinvent Your Network Security With Palo Alto Networks The Rise of CyberSecurity
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts