OK so I will put my hands up. We published an item about the Palo Alto PA 2050 a few months back, and - well let’s just say that it was a ’bit’ over the top. Just a touch... over enthusiastic. Like a rabbit on Rohypnol more like.
It’s just that every now and then you come across a ’game changer’ - something that seems to right so many previous wrongs, that you can’t help but enthuse about it.
After a few cold showers - now we’re back to re-post, and we’re going to try our best not to ’over-juice’ it.
What it basically boils down to is that these firewalls are the very first of a new generation of behavior & content ’aware’ firewall devices. Some might call them ’Full Layer Firewall Devices’ others less technically inclined would say that these firewalls don’t just base their security policies on where something in coming from, and where it’s going to - but importantly - exactly what that ’something’ is, and whether it’s behaviour is ’suspicious’ or not. Whatever you want to call them - they do represent a significant up shift in capability when compared to your average run of the mill firewall device.
This advanced capability is made even more impressive - thanks to the PA 2050s capability of being able to ’virtually’ segment sections of the firewall device off. So out of the 16 gigabit ports on the device, you can slice and dice a number of firewalls that to all intense purposes are separate firewall devices. The benefits of this feature (known as ’Virtual Systems’) to anyone running multi tier hosting facilities, and needing to conform to standards such as PCI - are glaringly obvious. Where you might have needed three pairs of firewalls, across your three tiers - now you might just need a single pair of PA 2050s.
This not only saves a heap of cash, space, and power - but also reduces the administration footprint - and of course the ’compliancy footprint’.
One of the first tasks we gave our PA 2050 - was to become, what would effectively be, a ’network condom’ for a mini-cloud style hosting environment. The PA 2050 can operate in three different operating ’modes’. ’Transparent’, &