Professional Documents
Culture Documents
Gerardo Gonzlez
Restores the firewall as the core of the enterprise network security infrastructure
-
Page 2 |
Ports Applications
IP Addresses Users
Packets Content
Internet
Red
Empresarial
Page 4 |
Page 5 |
Unknown files
uploaded
Malware signature
automatically
generated/delivered
Puerto
Trafico
Firewall
IPS
Applications
Politica de decision
Politica de decision
De puerto
De control de aplicacion
Implicaciones
Implicaciones
La decision del acceso a la red se realiza con
base a la identidad de la aplicacion
Permitir el uso de aplicaciones de forma segura
Page 8 |
Trafico
Aplicacion
Firewall
IPS
Applicaciones
Politica de decision
de control de
aplicacion
Aplicacion de
busqueda de
amenazas
User/group mapping
Content scanning
threats, URLs,
confidential data
One policy
Parallel Processing
Function-specific parallel
processing hardware
engines
Separate data/control
planes
Network
segmentation
Based on
application and
user, not port/IP
Simple, flexible
network security
Integration into all
DC designs
Highly available,
high performance
Prevent threats
Distributed Enterprise
Perimeter
Data Center
Consistent network
security
everywhere
HQ/branch
offices/remote and
mobile users
Logical perimeter
Policy follows
applications and
users, not physical
location
Centrally managed
Prevent Threats
Page 12 |
Transparent In-Line
Firewall Replacement
Introducing WildFire
Identifies unknown malware by direct
identified malware
-
Page 13 |
80%
60%
40%
20%
0%
Day 0
Day 1
Day 2
Day 3
Day 4
Day 5
Day 6
Day 7
7,000
6,000
5,000
4,000
3,000
2,000
1,000
0
1
11 13 15 17 19 21 23 25 27 29 31 33 35
Hours
Introducing GlobalProtect
Users never go off-network regardless of location
All firewalls work together to provide cloud of network
security
How it works:
-
Page 17 |
PA-5060
PA-5050
PA-5020
20 Gbps FW
10 Gbps threat prevention
4,000,000 sessions
4 SFP+ (10 Gig), 8 SFP (1 Gig),
12 copper gigabit
10 Gbps FW
5 Gbps threat prevention
2,000,000 sessions
4 SFP+ (10 Gig), 8 SFP (1 Gig),
12 copper gigabit
5 Gbps FW
2 Gbps threat prevention
1,000,000 sessions
8 SFP, 12 copper gigabit
PA-3050
PA-3020
PA-500
PA-200
100 Mbps FW
50 Mbps Threat
Prevention
64,000 sessions
4 copper gigabit
4 Gbps FW
2 Gbps Threat Prevention
500,000 sessions
8 SFP, 12 copper gigabit
Page 18 |
2 Gbps FW
1 Gbps Threat Prevention
250,000 sessions
8 SFP, 12 copper gigabit
250 Mbps FW
100 Mbps Threat Prevention
64,000 sessions
8 copper gigabit
Zone-based architecture
-
PA-5020
Active/active, active/passive
Configuration and session
synchronization
PA-3050
Virtual Systems
-
Simple, flexible
management
-
Page 19 |
PA-5050
High Availability
VPN
-
PA-3020
PA-500
PA-200
VLAN
VLAN
Firewall (App-ID)
Threat Prevention
VPN
2 Core
500 Mbps
200 Mbps
100 Mbps
8,000
4 Core
1 Gbps
600 Mbps
250 Mbps
8,000
8 Core
1 Gbps
1 Gbps
400 Mbps
8,000
Specifications
Sessions
Rules
Security Zones
Address Objects
IPSec VPN
Tunnels
VM-100
50,000
250
10
2,500
25
25
VM-200
100,000
2,000
20
4,000
500
200
VM-300
250,000
5,000
40
10,000
2,000
500
Model
Specifications
1 RU form factor
16 GB memory
Quadrant
-
NetworkWorld Test
-
NSS Tests
-