+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 21
Internet Related/Filtering/Firewall Thread, Palo Alto Networks in Technical; Anyone here using these guys for their firewall/filtering? We're currently looking at all inclusive devices to do our firewall, filtering ...
  1. #1
    mrbios's Avatar
    Join Date
    Jun 2007
    Location
    Stroud, Gloucestershire
    Posts
    2,458
    Thank Post
    349
    Thanked 256 Times in 211 Posts
    Rep Power
    98

    Palo Alto Networks

    Anyone here using these guys for their firewall/filtering?

    We're currently looking at all inclusive devices to do our firewall, filtering and spam filtering all in one, smoothwall and palo alto are currently on the list, i need a 3rd recommendation if anyone has one too? but main purpose for this thread was to see if anyone had used palo alto before and if they had anything to say about it?

    http://www.paloaltonetworks.com/

  2. #2

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,512
    Thank Post
    1,320
    Thanked 469 Times in 306 Posts
    Blog Entries
    6
    Rep Power
    199
    we had one on demo a few weeks back. They told us it couldnt do spam filtering which is pretty much useless for us.

    We're probably going to go with a fortinet, the FortiOS 5 looks great.

  3. #3
    timbo343's Avatar
    Join Date
    Dec 2005
    Location
    Leeds/York area, North Yorkshire
    Posts
    2,992
    Thank Post
    287
    Thanked 283 Times in 197 Posts
    Rep Power
    118
    @mrbios i am in the exact same boat as you at the moment, but i have a cisco ASA5510 and websense web filter. Looking at Websense Secure Gateway and keeping Cisco or have another product that does it all. I too have been told about PaloAlto and been told the filtering is a bit basic.

  4. #4
    mrbios's Avatar
    Join Date
    Jun 2007
    Location
    Stroud, Gloucestershire
    Posts
    2,458
    Thank Post
    349
    Thanked 256 Times in 211 Posts
    Rep Power
    98
    Quote Originally Posted by timbo343 View Post
    @mrbios i am in the exact same boat as you at the moment, but i have a cisco ASA5510 and websense web filter. Looking at Websense Secure Gateway and keeping Cisco or have another product that does it all. I too have been told about PaloAlto and been told the filtering is a bit basic.
    See i heard the opposite, when i asked how good the filtering was i was told "Bloody good" so now I'm not sure >_< haha

    I do have my doubts about them though, I'm just having a look at the fortinet site at the moment, anything i go for will be a UTM sort of device but i want to make sure the last company i add to my list of "bidders" as it were, are going to strong contenders with the other two.

    I might go back to the guy who recommended palo alto and see what else he has to say about the filtering....

  5. #5

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,512
    Thank Post
    1,320
    Thanked 469 Times in 306 Posts
    Blog Entries
    6
    Rep Power
    199

  6. Thanks to RabbieBurns from:

    mrbios (3rd December 2012)

  7. #6
    mrbios's Avatar
    Join Date
    Jun 2007
    Location
    Stroud, Gloucestershire
    Posts
    2,458
    Thank Post
    349
    Thanked 256 Times in 211 Posts
    Rep Power
    98
    ahhh now that is interesting...because on friday when i was sent a bunch of PDFs from palo alto they sent me last years magic quadrant independent review....how funny that they didn't send me this years!

    EDIT: oh i see this is for unified threat management only, in which case, massive thank you for that rabbie!

  8. #7

    john's Avatar
    Join Date
    Sep 2005
    Location
    London
    Posts
    10,517
    Thank Post
    1,494
    Thanked 1,050 Times in 919 Posts
    Rep Power
    302
    @Soulfish is a good man to poke he has a pair of Smoothie appliances complete with a shiny Palo Alto system supplied by @Net-Ctrl and I know he smiles continually

  9. #8

    Join Date
    Jan 2009
    Location
    England
    Posts
    1,482
    Thank Post
    297
    Thanked 304 Times in 263 Posts
    Rep Power
    82
    Quote Originally Posted by mrbios View Post
    ahhh now that is interesting...because on friday when i was sent a bunch of PDFs from palo alto they sent me last years magic quadrant independent review....how funny that they didn't send me this years!

    EDIT: oh i see this is for unified threat management only, in which case, massive thank you for that rabbie!
    Be careful when looking at the magic quadrant stuff. Gartner/PA class the PA product set as a Next-Gen Firewall (NGFW), so it gets included in a different magic quadrant report (confusing! but read UTM vs NGFW - A Single Shade of Gray | Anitian Blog). We've got a PA-4020, which is shortly being replaced with 2 x PA-3020 (now they've finally been announced!). Love the feature set, App-ID/User-ID is amazing as is the whole blocking apps based on application profiles rather than ports etc. We did trial and look at several other appliances but nothing came close to the PA.

    We don't use the filtering (although we did demo it and it seemed OK, not amazing, but comparable to other firewall companies) as we still use and will continue to use Smoothwall for that. Very happy with our SWG-1200's for filtering

  10. Thanks to Soulfish from:

    mrbios (4th December 2012)

  11. #9
    gshaw's Avatar
    Join Date
    Sep 2007
    Location
    Essex
    Posts
    2,650
    Thank Post
    164
    Thanked 217 Times in 200 Posts
    Rep Power
    66
    Palo = awesome App-level firewall that will stop P2P and multimedia hogging your network. Filtering has been OK for us so far but we're quite light users on that front. Spam filtering doesn't bother me, use a cloud service and save your bandwidth (note Microsoft give Forefront Online free with EES)

    Smoothwall as far as I understand is a very good content filter but can't do the application level stuff.

    In an ideal world you have both but I'd say get a Palo in on demo to analyse your network traffic then depending on what you find you'll know if you need the app-level control.

  12. Thanks to gshaw from:

    mrbios (4th December 2012)

  13. #10

    m25man's Avatar
    Join Date
    Oct 2005
    Location
    Romford, Essex
    Posts
    1,624
    Thank Post
    49
    Thanked 451 Times in 334 Posts
    Rep Power
    137
    We are about to try out Gateprotect after our long and fond relationship with Sonicwall has faded since its marriage with Dell.
    The price is comparable to most and the features are comprehensive.
    So if you need a third comparator check out the product range.

  14. Thanks to m25man from:

    mrbios (4th December 2012)

  15. #11

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,801
    Thank Post
    272
    Thanked 1,135 Times in 1,031 Posts
    Rep Power
    349
    I use Watchguard firewalls with most of my clients. Wouldn't cut the mustard in terms to filtering but thats what Smoothwall is for!

  16. Thanks to glennda from:

    mrbios (4th December 2012)

  17. #12
    mrbios's Avatar
    Join Date
    Jun 2007
    Location
    Stroud, Gloucestershire
    Posts
    2,458
    Thank Post
    349
    Thanked 256 Times in 211 Posts
    Rep Power
    98
    Quote Originally Posted by Soulfish View Post
    Be careful when looking at the magic quadrant stuff. Gartner/PA class the PA product set as a Next-Gen Firewall (NGFW), so it gets included in a different magic quadrant report (confusing! but read UTM vs NGFW - A Single Shade of Gray | Anitian Blog). We've got a PA-4020, which is shortly being replaced with 2 x PA-3020 (now they've finally been announced!). Love the feature set, App-ID/User-ID is amazing as is the whole blocking apps based on application profiles rather than ports etc. We did trial and look at several other appliances but nothing came close to the PA.

    We don't use the filtering (although we did demo it and it seemed OK, not amazing, but comparable to other firewall companies) as we still use and will continue to use Smoothwall for that. Very happy with our SWG-1200's for filtering
    Out of interest how many Users/Computers do you have running behind yours to require two? or are they literally just for redundancy?

    We'll likely be getting 1 x PA-3020 and then sitting either bloxx, smoothwall or lightspeed infront of it for content filtering, been researching for 2 days solid now with little interruptions so I'm getting a good handle on what i want to achieve.

    I'm yet to find anyone say a single bad word about the PA firewall except for cost, but having checked out the costs they look reasonable for what it does so we're happy there too. I just need a content filtering solution that's going to cost us less than 4.5k per year ideally but that's looking like it may be a push.

    Currently we've got an SWGFL supplied 30mb on a 100mb bearer connection and their shoddy filtering followed by a very long in the tooth ISA2006 firewall which is currently costing us around 16k per year, I've worked out by estimated/preliminary prices that if i had a smoothwall content filter on top of a palo alto firewall setup on a 100mb on 100mb bearer connection i can get that for 16.5k total per year, though like i say, purely preliminary/estimated prices so i'm hoping to try and save a bit of $$$ now.

  18. #13

    Join Date
    Jan 2009
    Location
    England
    Posts
    1,482
    Thank Post
    297
    Thanked 304 Times in 263 Posts
    Rep Power
    82
    Quote Originally Posted by mrbios View Post
    Out of interest how many Users/Computers do you have running behind yours to require two? or are they literally just for redundancy?

    We'll likely be getting 1 x PA-3020 and then sitting either bloxx, smoothwall or lightspeed infront of it for content filtering, been researching for 2 days solid now with little interruptions so I'm getting a good handle on what i want to achieve.

    I'm yet to find anyone say a single bad word about the PA firewall except for cost, but having checked out the costs they look reasonable for what it does so we're happy there too. I just need a content filtering solution that's going to cost us less than 4.5k per year ideally but that's looking like it may be a push.

    Currently we've got an SWGFL supplied 30mb on a 100mb bearer connection and their shoddy filtering followed by a very long in the tooth ISA2006 firewall which is currently costing us around 16k per year, I've worked out by estimated/preliminary prices that if i had a smoothwall content filter on top of a palo alto firewall setup on a 100mb on 100mb bearer connection i can get that for 16.5k total per year, though like i say, purely preliminary/estimated prices so i'm hoping to try and save a bit of $$$ now.
    PA isn't cheap that's for sure!! I have heard it described as the Rolls Royce of the firewall world and I wouldn't disagree. If you can make use of its layer-7 feature set then it's definitely one to look at. We compared Fortinet, Watchguard, Sonicwall, Juniper and Cisco to Palo Alto and while plenty were much cheaper none worked anywhere near as well.

    We have 1g on 1g, but the PA-3020s are a redundant pair. Both setup with the same config, but the licensing is setup so that only 1 can be physically firewalling/passing traffic at any time. We have the cold-spare (it's not automated as that costs and requires it to be a hot-spare ) as we got a very good deal, and gives us peace of mind!

    If you're doing 100/100 why not look at something like the PA-2020 up to the PA-2050? They're all designed to cope with 100mb - 500mb lines. Only downside with the PA-2000 series is the interface can be a bit slow as the management processor was underspecced in that range unfortunately! But by going for a slightly smaller box you'll probably find you save a fair few k on the box price and licensing.

  19. Thanks to Soulfish from:

    mrbios (4th December 2012)

  20. #14
    mrbios's Avatar
    Join Date
    Jun 2007
    Location
    Stroud, Gloucestershire
    Posts
    2,458
    Thank Post
    349
    Thanked 256 Times in 211 Posts
    Rep Power
    98
    Quote Originally Posted by Soulfish View Post
    PA isn't cheap that's for sure!! I have heard it described as the Rolls Royce of the firewall world and I wouldn't disagree. If you can make use of its layer-7 feature set then it's definitely one to look at. We compared Fortinet, Watchguard, Sonicwall, Juniper and Cisco to Palo Alto and while plenty were much cheaper none worked anywhere near as well.

    We have 1g on 1g, but the PA-3020s are a redundant pair. Both setup with the same config, but the licensing is setup so that only 1 can be physically firewalling/passing traffic at any time. We have the cold-spare (it's not automated as that costs and requires it to be a hot-spare ) as we got a very good deal, and gives us peace of mind!

    If you're doing 100/100 why not look at something like the PA-2020 up to the PA-2050? They're all designed to cope with 100mb - 500mb lines. Only downside with the PA-2000 series is the interface can be a bit slow as the management processor was underspecced in that range unfortunately! But by going for a slightly smaller box you'll probably find you save a fair few k on the box price and licensing.
    ah interesting, the guy at PA i spoke to gave us the spec sheet for the 3020/40 and didn't mention any other devices, do you know how much they cost? We'd been told it'd was in the region of 3k, which we were happy enough to pay.

  21. #15

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,512
    Thank Post
    1,320
    Thanked 469 Times in 306 Posts
    Blog Entries
    6
    Rep Power
    199
    @Soulfish Can the fortinet devices do app control, as their web filtering seemed great when we had a demo?

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Palo Alto
    By Oaktech in forum Internet Related/Filtering/Firewall
    Replies: 7
    Last Post: 10th August 2012, 10:05 AM
  2. Palo Alto 500, anyone using it?
    By ful56_uk in forum Internet Related/Filtering/Firewall
    Replies: 0
    Last Post: 29th February 2012, 06:44 PM
  3. Palo Alto Firewall
    By MrJon in forum Internet Related/Filtering/Firewall
    Replies: 3
    Last Post: 25th October 2010, 08:45 PM
  4. Network Printing
    By ninjabeaver in forum Windows
    Replies: 26
    Last Post: 22nd August 2005, 08:28 PM
  5. School networks and aid to Africa. A comparison.
    By Dos_Box in forum General Chat
    Replies: 14
    Last Post: 5th July 2005, 11:36 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •