What is still missing or needs to be improved in PA Next Generation Firewalls ?

Reply
L4 Transporter

Re: What is still missing or needs to be improved in PA Next Generation Firewalls ?

gfowler Also it appears that another fast open source log management project, ELSA (Enterprise Search and Log Archive), has support for PA as well.

L4 Transporter

Re: What is still missing or needs to be improved in PA Next Generation Firewalls ?

egearhart wrote:

darren.g  Java and Javascript are two different things, just want to point that out. Although trusting a browser client's Javascript interpreter to verify firewall policy is a rather cray idea, I agree.

Java/Javascript - they're both prone to security holes (albeit of different types), and I wouldn't trust any device which offloads processing to either option for security.

L6 Presenter

Re: What is still missing or needs to be improved in PA Next Generation Firewalls ?

On the other hand this is already happening today since you use a webbrowser to configure the security rules in the PA.

The same malware that could screw up clientbased compile could at the same time hide rules from being seen in your browser - rules that opens a hole through your firewall for the malware to act upon.

L4 Transporter

Re: What is still missing or needs to be improved in PA Next Generation Firewalls ?

- Ability to deploy and update User-ID Agent from the Firewall UI/Panorama. This would make life much easier in large environments

- Abilty to run scheduled commands (cron ?), such as a system reboot directly on the Firewall

- Ability to run local backups on the FW and export via ftp/tftp/scp/smb (this is an old one...)

- Improve FW UI in a way  to allow creation of Rule Sections. Now the rulebase is quickly becoming very confusing. Look at the Migration Tool, that's how It's done (Thanks Albert :-)

- Ability to analyze MS Office files and pdf's in Wildfire

- Integrated WAN acceleration Technology would be a killer :-)

L3 Networker

Re: What is still missing or needs to be improved in PA Next Generation Firewalls ?

I agree 100% with this one:

- Improve FW UI in a way  to allow creation of Rule Sections. Now the rulebase is quickly becoming very confusing. Look at the Migration Tool, that's how It's done (Thanks Albert :-)

Highlighted
L6 Presenter

Re: What is still missing or needs to be improved in PA Next Generation Firewalls ?

Would be nice if some official from PA could summarize this thread and comment on each and every suggestion what is in the pipe, what will be in the pipe and what will be discarded due to hardware/political limitations.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!