Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

From The Labs: Palo Alto's Firewall Appliance: Page 2 of 4

For security groups trying to protect against incursion and restrict unwanted applications, most of today's firewalls essentially lock the front door but leave the window wide open. The exception is application proxies, which essentially re-create applications inside the firewall, guaranteeing that only traffic generated by approved applications is allowed to pass. But proxies have their own problems, not least of which is the difficulty of keeping up with the rush of new apps and protocols. Even minor changes in an application can totally break a proxy's compatibility, cutting off users from the application.

Palo Alto says it solves this dilemma with a signature-based system that allows for matching network traffic against a database of more than 550 applications. The company also provides signatures to detect viruses in network traffic, and it's rapidly developing a comprehensive set of threat signatures to spot exploit attempts and other malicious traffic. Of course, all standard firewall actions can be taken, allowing IT the ability to choose exactly which applications are permitted.


Palo Alto's PA-4050 sports throughput up to 10 Gbps over 24 copper and fiber ports

The PA-4000 can also block viruses and send out alerts about or deny entry to potentially malicious traffic. In addition, using the same signature-matching routines, a partnership deal lets Palo Alto add SurfControl's Web site classification database, so that all network traffic control can be integrated into a single box and management interface.

We were intrigued, so we brought a PA-4050 into our University of Florida Real-World Labs. We set the device for transparent Virtual Wire mode, in which the firewall doesn't route, switch, or modify VLAN tags of packets passing through it, and placed it in between a router and an existing IDS, so that we could reuse our span port. After allowing the 4050 to observe traffic for a while, we dug into the App-Scope Web-based management GUI.

Network traffic graphs were impressive--applications were clearly shown, and we could drill down to charts of source and destination IP addresses and traffic counts by clicking on the colored boxes that represent particular apps. The company has released a management platform for multiple devices, which we were not able to test.

MALWARE SPOTTED