Palo Alto
Bl8ckr0uter
Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
in Off-Topic
Comments
-
down77 Member Posts: 1,009I have a few clients with some of their gear and they all rave about it. With that being said I have yet to configure/play with any of their gear myself.CCIE Sec: Starting Nov 11
-
L0gicB0mb508 Member Posts: 538I've never touched it, but my co-worker used to admin some of their stuff and he loved it.I bring nothing useful to the table...
-
Bl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□Cool. I will be rolling one out sometime next month.
-
Everyone Member Posts: 1,661The job I'm leaving has had a couple of the big boy Palo Alto firewalls for over a year now I think. Network Engineer is taking his sweet time implementing it. It was supposed to replace both an old ISA 2004 firewall, and a crappy iPrism web proxy. The only thing he's managed to put into production off of it, is the SSL VPN, replacing an old Cisco VPN. He seems to spend more time playing around with pfsense for other little projects. It's a shame, I would have liked to see it in action before I left.
-
Bl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□The job I'm leaving has had a couple of the big boy Palo Alto firewalls for over a year now I think. Network Engineer is taking his sweet time implementing it. It was supposed to replace both an old ISA 2004 firewall, and a crappy iPrism web proxy. The only thing he's managed to put into production off of it, is the SSL VPN, replacing an old Cisco VPN. He seems to spend more time playing around with pfsense for other little projects. It's a shame, I would have liked to see it in action before I left.
Hey don't hate on pfsense man, those are fighting words (current pfsense user, at home anyway).
I have been trying to find more info about them but I haven't been able to turn up much about them at least not admin type stuff. -
Everyone Member Posts: 1,661Bl8ckr0uter wrote: »Hey don't hate on pfsense man, those are fighting words (current pfsense user, at home anyway).
I have been trying to find more info about them but I haven't been able to turn up much about them at least not admin type stuff.
Not hating on pfsense, I think pfsense is great. Just annoyed that the Palo Alto stuff has been sitting around for over a year and hasn't replaced the overloaded ISA and iPrism crap like it was supposed to. -
Bl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□Not hating on pfsense, I think pfsense is great. Just annoyed that the Palo Alto stuff has been sitting around for over a year and hasn't replaced the overloaded ISA and iPrism crap like it was supposed to.
I can understand that. -
Bl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□I am going to bump this again. It is a palo alto 500 firewall, apparently it is their entry level firewall. Anyone work with these?
-
unclerico Member Posts: 237 ■■■■□□□□□□I have a 2050 for my perimeter firewall and a 4050 in my core doing IPS. Hands down the best frigging firewall I've configured/used. It takes some getting used to, but they are bad ass boxes. They did it right and built them from the ground up with them being application layer firewalls. You won't find any bolt-on junk like you see with a lot of other vendors which results in overall throughput and performance taking a crap. I believe they are in their own class in Gartner reviews now as well.Preparing for CCIE Written
-
Bl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□I have a 2050 for my perimeter firewall and a 4050 in my core doing IPS. Hands down the best frigging firewall I've configured/used. It takes some getting used to, but they are bad ass boxes. They did it right and built them from the ground up with them being application layer firewalls. You won't find any bolt-on junk like you see with a lot of other vendors which results in overall throughput and performance taking a crap. I believe they are in their own class in Gartner reviews now as well.
Have you in suggestions for learning the interface? -
Geek1969 Member Posts: 100 ■■□□□□□□□□We have had one in prod for almost a year now at a remote site and will be replacing an ASA 5510 with a high availability pair of PA-500's in the next two weeks. The interface isn't too tough to learn, but it does take some getting used to. Our company sent two of us to a 3-day Palo Alto training class in May. I'll be working on the config this week. As far as learning the interface.....there is an Administrators guide available on their site under "support" if you are a registered user. Google is always useful also. The current guide is version 4 as far as I know.WIP:
ROUTE -
it_consultant Member Posts: 1,903Bl8ckr0uter wrote: »Anybody work with any of there gear?
If you can afford them they are the firewall to get. I have used several and love them, its tough to get people to shell the money for them though. Light years ahead of Cisco, Juniper...maybe only one light year ahead of Checkpoint. -
Bl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□it_consultant wrote: »If you can afford them they are the firewall to get. I have used several and love them, its tough to get people to shell the money for them though. Light years ahead of Cisco, Juniper...maybe only one light year ahead of Checkpoint.
Wow...
I have a palo alto 500 that I need to set up next week. Should be fun, as soon as I get this other issue figured out... -
Ahriakin Member Posts: 1,799 ■■■■■■■■□□it_consultant wrote: »If you can afford them they are the firewall to get. I have used several and love them, its tough to get people to shell the money for them though. Light years ahead of Cisco, Juniper...maybe only one light year ahead of Checkpoint.
They are ahead in some areas, behind in others. For carrier level they are a no-no, they don't have the raw packet pushing capacities needed (and some essential features). But if I was back in Enterprise land I'd definitely consider them, for identity and content/application based firewall they're a clear market leader (In fact I have a 5060 in our lab ready for some testing for non-customer traffic functions).We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place? -
it_consultant Member Posts: 1,903They are ahead in some areas, behind in others. For carrier level they are a no-no, they don't have the raw packet pushing capacities needed (and some essential features). But if I was back in Enterprise land I'd definitely consider them, for identity and content/application based firewall they're a clear market leader (In fact I have a 5060 in our lab ready for some testing for non-customer traffic functions).
In enterprise-land the best thing from my perspective is the reporting. I can give pretty graphs to non-techs which make sense to them and makes me look good. Internal application control exists in other products and layer 7 firewalling also exists with other vendors, ease of use with these things is so very nice. Esp if you have worked on an IBM Proventia system or something. -
Bl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□If the field test is to my bosses liking, we may be moving to these (well a couple of models up) which is really making me feel nervous about a CCNP:Security lol. We will see!
-
Bl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□So I'm just curious but is anyone here Palo Alto certified?
-
Zartanasaurus Member Posts: 2,008 ■■■■■■■■■□Getting a WebEx demo from Palo Alto next week. Really looking forward to that and the Checkpoint demo. Hoping they don't come in too expensive as I'd like one of them or a Juniper FW in our new data center.Currently reading:
IPSec VPN Design 44%
Mastering VMWare vSphere 5 42.8%