Anyone here using these guys for their firewall/filtering?
We're currently looking at all inclusive devices to do our firewall, filtering and spam filtering all in one, smoothwall and palo alto are currently on the list, i need a 3rd recommendation if anyone has one too? but main purpose for this thread was to see if anyone had used palo alto before and if they had anything to say about it?
http://www.paloaltonetworks.com/
we had one on demo a few weeks back. They told us it couldnt do spam filtering which is pretty much useless for us.
We're probably going to go with a fortinet, the FortiOS 5 looks great.
@mrbios i am in the exact same boat as you at the moment, but i have a cisco ASA5510 and websense web filter. Looking at Websense Secure Gateway and keeping Cisco or have another product that does it all. I too have been told about PaloAlto and been told the filtering is a bit basic.
See i heard the opposite, when i asked how good the filtering was i was told "Bloody good" so now I'm not sure >_< hahaOriginally Posted by timbo343
I do have my doubts about them though, I'm just having a look at the fortinet site at the moment, anything i go for will be a UTM sort of device but i want to make sure the last company i add to my list of "bidders" as it were, are going to strong contenders with the other two.
I might go back to the guy who recommended palo alto and see what else he has to say about the filtering....
mrbios (3rd December 2012)
ahhh now that is interesting...because on friday when i was sent a bunch of PDFs from palo alto they sent me last years magic quadrant independent review....how funny that they didn't send me this years!
EDIT: oh i see this is for unified threat management only, in which case, massive thank you for that rabbie!
Be careful when looking at the magic quadrant stuff. Gartner/PA class the PA product set as a Next-Gen Firewall (NGFW), so it gets included in a different magic quadrant report (confusing! but read UTM vs NGFW - A Single Shade of Gray | Anitian Blog). We've got a PA-4020, which is shortly being replaced with 2 x PA-3020 (now they've finally been announced!). Love the feature set, App-ID/User-ID is amazing as is the whole blocking apps based on application profiles rather than ports etc. We did trial and look at several other appliances but nothing came close to the PA.ahhh now that is interesting...because on friday when i was sent a bunch of PDFs from palo alto they sent me last years magic quadrant independent review....how funny that they didn't send me this years!
EDIT: oh i see this is for unified threat management only, in which case, massive thank you for that rabbie!
We don't use the filtering (although we did demo it and it seemed OK, not amazing, but comparable to other firewall companies) as we still use and will continue to use Smoothwall for that. Very happy with our SWG-1200's for filtering
mrbios (4th December 2012)
Palo = awesome App-level firewall that will stop P2P and multimedia hogging your network. Filtering has been OK for us so far but we're quite light users on that front. Spam filtering doesn't bother me, use a cloud service and save your bandwidth (note Microsoft give Forefront Online free with EES)
Smoothwall as far as I understand is a very good content filter but can't do the application level stuff.
In an ideal world you have both but I'd say get a Palo in on demo to analyse your network traffic then depending on what you find you'll know if you need the app-level control.
mrbios (4th December 2012)
We are about to try out Gateprotect after our long and fond relationship with Sonicwall has faded since its marriage with Dell.
The price is comparable to most and the features are comprehensive.
So if you need a third comparator check out the product range.
mrbios (4th December 2012)
I use Watchguard firewalls with most of my clients. Wouldn't cut the mustard in terms to filtering but thats what Smoothwall is for!
mrbios (4th December 2012)
Out of interest how many Users/Computers do you have running behind yours to require two? or are they literally just for redundancy?Be careful when looking at the magic quadrant stuff. Gartner/PA class the PA product set as a Next-Gen Firewall (NGFW), so it gets included in a different magic quadrant report (confusing! but read UTM vs NGFW - A Single Shade of Gray | Anitian Blog). We've got a PA-4020, which is shortly being replaced with 2 x PA-3020 (now they've finally been announced!). Love the feature set, App-ID/User-ID is amazing as is the whole blocking apps based on application profiles rather than ports etc. We did trial and look at several other appliances but nothing came close to the PA.
We don't use the filtering (although we did demo it and it seemed OK, not amazing, but comparable to other firewall companies) as we still use and will continue to use Smoothwall for that. Very happy with our SWG-1200's for filtering
We'll likely be getting 1 x PA-3020 and then sitting either bloxx, smoothwall or lightspeed infront of it for content filtering, been researching for 2 days solid now with little interruptions so I'm getting a good handle on what i want to achieve.
I'm yet to find anyone say a single bad word about the PA firewall except for cost, but having checked out the costs they look reasonable for what it does so we're happy there too. I just need a content filtering solution that's going to cost us less than £4.5k per year ideally but that's looking like it may be a push.
Currently we've got an SWGFL supplied 30mb on a 100mb bearer connection and their shoddy filtering followed by a very long in the tooth ISA2006 firewall which is currently costing us around £16k per year, I've worked out by estimated/preliminary prices that if i had a smoothwall content filter on top of a palo alto firewall setup on a 100mb on 100mb bearer connection i can get that for £16.5k total per year, though like i say, purely preliminary/estimated prices so i'm hoping to try and save a bit of $$$ now.
PA isn't cheap that's for sure!! I have heard it described as the Rolls Royce of the firewall world and I wouldn't disagree. If you can make use of its layer-7 feature set then it's definitely one to look at. We compared Fortinet, Watchguard, Sonicwall, Juniper and Cisco to Palo Alto and while plenty were much cheaper none worked anywhere near as well.
We have 1g on 1g, but the PA-3020s are a redundant pair. Both setup with the same config, but the licensing is setup so that only 1 can be physically firewalling/passing traffic at any time. We have the cold-spare (it's not automated as that costs £££ and requires it to be a hot-spare
If you're doing 100/100 why not look at something like the PA-2020 up to the PA-2050? They're all designed to cope with 100mb - 500mb lines. Only downside with the PA-2000 series is the interface can be a bit slow as the management processor was underspecced in that range unfortunately! But by going for a slightly smaller box you'll probably find you save a fair few k on the box price and licensing.
mrbios (4th December 2012)
ah interesting, the guy at PA i spoke to gave us the spec sheet for the 3020/40 and didn't mention any other devices, do you know how much they cost? We'd been told it'd was in the region of 3k, which we were happy enough to pay.PA isn't cheap that's for sure!! I have heard it described as the Rolls Royce of the firewall world and I wouldn't disagree. If you can make use of its layer-7 feature set then it's definitely one to look at. We compared Fortinet, Watchguard, Sonicwall, Juniper and Cisco to Palo Alto and while plenty were much cheaper none worked anywhere near as well.
We have 1g on 1g, but the PA-3020s are a redundant pair. Both setup with the same config, but the licensing is setup so that only 1 can be physically firewalling/passing traffic at any time. We have the cold-spare (it's not automated as that costs £££ and requires it to be a hot-spare
If you're doing 100/100 why not look at something like the PA-2020 up to the PA-2050? They're all designed to cope with 100mb - 500mb lines. Only downside with the PA-2000 series is the interface can be a bit slow as the management processor was underspecced in that range unfortunately! But by going for a slightly smaller box you'll probably find you save a fair few k on the box price and licensing.
@Soulfish Can the fortinet devices do app control, as their web filtering seemed great when we had a demo?
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks
