Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Palo Alto Networks unveils virtualised next-gen firewalls for VMWare platforms

Palo Alto's entry into virtualisation heightens competition in the next-generation firewall market vs. the likes of Sourcefire and Check Point

Article comments

Palo Alto Networks unveiled the first virtualised version of its next-generation firewall on Tuesday, a server-based software intended to run on the VMware platform to allow security managers to set up firewall application-layer controls in virtual machines (VM).

The company's new VM-Series software is intended to overcome the limitation that physical firewall appliances face in virtualised environments in that they don't fit directly between VM-to-VM intra-host traffic flows, says Chris King, director of product marketing.

Palo Alto's entry into virtualisation heightens competition in the next-generation firewall market vs. the likes of Sourcefire and Check Point. Next-gen firewalls go beyond traditional port-based firewalls to allow for setting up application-layer controls related to users and machine-to-machine processing.

While Palo Alto this week is entering the virtualised firewall market, it is not abandoning the business of selling physical application-layer firewalls, something it has done since starting up in 2005. The company this week is also introducing an updated physical appliance line called the PA-3000 Series, starting at $14,000. It consists of two next-gen firewalls, the PA-3020 and PA-3050, which respectively deliver 2Gbps and 4Gbps of application-identification throughput.

All of Palo Alto's new products are based on an updated operating system, PAN-OS 5.0. There's also a new M-100 management appliance intended to support all of its firewall line.

But the star of the show - and a topic of curiosity - at the company's conference with its customers this week is going to be the virtualised VM-Series versions, which start at $2,700.

The Palo Alto VM-series next-generation firewall for virtualised workloads will require that IT managers pay attention to capacity planning, King says. The virtualised firewall itself is a VM-based security component that will need to be carefully measured in terms of utilisation based on factors such as what workloads are permitted to talk to each other.

These virtualised versions come as three basic typ2es, the VM-100 (supporting 50,000 sessions, 250 rules, 10 security zones, 2,500 address objects, and 25 IPsec tunnels and 25 SSL VPN tunnels); the VM-200 (supporting 100,000 sessions, 2,000 rules, 20 security zones, 4,000 address objects, 500 IPsec VPN tunnels, and 200 SSL VPN tunnels) and lastly, the VM-300, (supporting 250,000 sessions, 5,000 rules, 40 security zones, 10,000 address objects, 2,000 IPsec VPN tunnels, and 500 SSL VPN tunnels).

King says that one core concept in managing virtualised application-layer firewalls is that policy should be tied to applications so that if they are migrated to other virtualised servers through use of VMware's vMotion, the policy moves with them. The idea is also to find the right balance of virtualised and physical application-layer firewalls.

King noted that Palo Alto is not using specific VMware-based security APIs in its virtualised application-layer firewalls but there will be a number of management software vendors, including CA and BMC, whose orchestration tools can be used in Palo Alto virtualised environments.

Palo Alto's entry into virtualisation has competitors' attention. Oliver Friedrichs, senior vice president in Sourcefire's cloud technology group, expressed confidence that his company will hold its own through its virtualised IPS firewall, an endpoint product that tackles mobile security and a big-data analytics platform for investigating malware-based attacks.

In addition to the new application-aware firewalls from Palo Alto, the company this week is also launching a cloud-based malware-detection component as a subscription service that is intended to notify a company if a problem is detected, though it will not remediate the problem.



Share:

More from Techworld

More relevant IT news

Comments



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *