Upcoming Events

Where the Cloud Touches Down: Simplifying Data Center Infrastructure Management

Thursday, July 25, 2013
10:00 AM PT/1:00 PM ET

In most data centers, DCIM rests on a shaky foundation of manual record keeping and scattered documentation. OpManager replaces data center documentation with a single repository for data, QRCodes for asset tracking, accurate 3D mapping of asset locations, and a configuration management database (CMDB). In this webcast, sponsored by ManageEngine, you will see how a real-world datacenter mapping stored in racktables gets imported into OpManager, which then provides a 3D visualization of where assets actually are. You'll also see how the QR Code generator helps you make the link between real assets and the monitoring world, and how the layered CMDB provides a single point of view for all your configuration data.

Register Now!

A Network Computing Webinar:
SDN First Steps

Thursday, August 8, 2013
11:00 AM PT / 2:00 PM ET

This webinar will help attendees understand the overall concept of SDN and its benefits, describe the different conceptual approaches to SDN, and examine the various technologies, both proprietary and open source, that are emerging. It will also help users decide whether SDN makes sense in their environment, and outline the first steps IT can take for testing SDN technologies.

Register Now!

More Events »

Subscribe to Newsletter

  • Keep up with all of the latest news and analysis on the fast-moving IT industry with Network Computing newsletters.
Sign Up

Palo Alto Networks Virtualizes Firewall, Adds New Hardware

Palo Alto Networks has unleashed a slew of security products, including VM-Series, a next-generation firewall platform for virtualized data centers. The company has also introduced mid-range firewall hardware platform, the PA-3000 Series, and the M-100, a dedicated management appliance, as well as enhanced its Wildfire malware prevention subscription service. All four of these products work with the newly released PAN-OS 5.0, which Palo Alto said has 60 new features, including increased control for managing SSL traffic and enhanced IPv6 support.

Palo Alto is positioning this portfolio of products as a comprehensive approach to addressing network security for virtualized datacenters, including visibility into east-west traffic, tracking virtual machines and keeping pace with automated workflows.

More Insights


More >>

White Papers

More >>


More >>

The VM-Series virtual firewall runs on VMware's ESXi hypervisor and can control traffic to and from virtual machines. The virtual firewall also includes a feature called dynamic objects that lets security policies follow virtual machines even if they change hosts.

The VM-Series comes in three flavors: The VM-100 supports 50,000 sessions, 250 rules and 10 security zones; the VM-200 supports 100,000 sessions, 2,000 rules and 20 security zones; and the VM-300 supports 250,000 sessions, 5,000 rules and 40 security zones. All three versions support IPSec and SSL VPNs. Pricing for the VM-Series starts at $2,700.

Even as the company introduced its first virtual firewall platform, it also updated its physical firewall product line by adding the PA-3000 Series, which includes the PA-3020 and PA-3050. The former delivers 2 Gbps of throughput while the latter delivers 4 Gbps. Pricing for the PA-3000 Series starts at $14,000.

Also on the hardware front, Palo Alto's new M-100 is a dedicated appliance for its Panorama centralized management system. The appliance comes in a 1U form factor, has multiple 1-Gbps Ethernet interfaces and up to 4 Tbytes of RAID1 storage for logs, with 120 Gbytes of SSD system disk.

Finally, Palo Alto enhanced its WildFire cloud-based subscription service. The service will deliver updated malware prevention signatures within an hour to its subscriber customers, according to the company.

Greg Young, Gartner research VP and analyst of network security, says Palo Alto is "rounding off the corners" of what the company already offers. It had to address virtualization as other vendors such as Check Point and Cisco Systems already have these products. "As you get into larger deals, you need these types of options; otherwise it's easier to get excluded," he says.

However, while there's a lot of hype around virtualized firewalls, only a small percentage of firewalls are used in virtualized environments. "Purpose-built appliances are where 95% of firewall sales are today," he says.

Young notes there's already a stand-alone market for services such as Palo Alto's WildFire, including FireEye, or other vendors that include similar services as part of a bigger product offering, such as SourceFire. The challenge, he says, is not just preventing known threats using IPS but anticipating new threats. "All of the firewall vendors are stepping into this area."

John Kindervag, principal analyst at Forrester Research, says the value of Palo Alto's WildFire service is that it spreads the cost and capacity with everyone who subscribes. If one customer is affected by malware or a botnet, that leads to a remedy for all subscribers. "Now you're getting patched against that much more quickly than you might have than if you were waiting for it to happen to you."

He says the combination of next-gen firewall platforms combined with services such as WildFire is a direction security vendors must take. "The lifespan of these stand-alone advanced malware detection products is pretty short because it's fairly trivial for any vendor to build them into their existing gateway-based and file-based solutions."

Related Reading

Network Computing encourages readers to engage in spirited, healthy debate, including taking us to task. However, Network Computing moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. Network Computing further reserves the right to disable the profile of any commenter participating in said activities.

Disqus Tips To upload an avatar photo, first complete your Disqus profile. | Please read our commenting policy.
Vendor Comparisons
Network Computing’s Vendor Comparisons provide extensive details on products and services, including downloadable feature matrices. Our categories include:

Research and Reports

Network Computing: April 2013

TechWeb Careers