The technology all runs on the company’s newly upgraded operating system, PAN-OS 4.1. The new PA-200 series firewall provides at the branch office the same application-, user- and content-based security that the PA-5000 series does at headquarters, says Chris King, director of product marketing for Palo Alto Networks.
At the head office of a company, the best practice firewall, such as the 5000 series, is deployed because the company has the budget, the operational expertise and the demand for the high-end equipment, King says. At the branch office, budgets are smaller and deploying firewalls there typically involves a trade-off between functionality and price. "What the PA-200 does is it really takes all of the functions that we do on our next-generation firewall on the bigger boxes and delivers them in a branch office form factor. You get to see every application that’s on the network, you set policy by user, user group and application," he says.
There are differences in capacity, though, he added. The PA-200 delivers data throughput of up to 100 M bps compared to the 5000 series and its 20-Gbps capacity. The PA-200 is cheaper, too, starting at $2,000 versus the 5000 series' starting price of $40,000. Palo Alto Networks says the next-generation firewalls protect network devices whether on the corporate network or beyond it, and digs deeper into network traffic to spot suspicious activity better than first-generation firewalls can.
Gartner defines a next-generation firewall as one designed to search for botnets infiltrating a network through applications rather than ports, as first-generation firewalls do. "More communications are going through fewer ports [such as HTTP and HTTPS] and via fewer protocols, meaning port/protocol-based policy has become less relevant and less effective," Gartner stated in a research report.