- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Firewalls have evolved over the last 20 years from stateless packet-based processing to stateful firewalls which were still based on ports and protocols. Then came the next evolution of Next Generation Firewall (NGFW), a term coined by Palo Alto Networks. NGFWs are what's known as "application aware."
Some legacy firewall vendors layered NGFW functionalities on top of their legacy architecture, but the additions simply took more resources and dropped the performance of the firewall. Others tried to overcome this by using ASICs (application-specific integrated circuits) that merely do raw-packet processing, claiming to be the “fastest firewall in the industry."
These vendors make claims of superior performance compared with their competitors on the basis of Transmission Control Protocol User Datagram Protocol throughputs (TCP/UDP), raw packet latencies, and similar—without mentioning it excludes any security processing. The network security industry is also still is lagging behind on appropriately representing the performance of firewalls, and customers are often misled to choose a vendor based on flawed claims published in their datasheets.
(Related: Watch our Security Speakeasy video series on Debunking the Firewall Datasheet)
Palo Alto Networks has taken a different approach to firewalls from its inception. We have architected our product differently from the legacy vendors by fundamentally changing how we process the data with Single Pass Architecture.
In real-world deployments—unlike networking gears like switches and routers—firewalls are required to perform inspection and processing of various applications. It has been our long-standing position that we don’t believe raw L3/L4 throughputs without threat inspection turned on are correct parameters to measure performance of NGFWs. This is why we have always guided performance of our firewalls with Threat Prevention enabled.
The recently launched PA-400 series ML-Powered NGFWs are purpose-built for small office locations, both distributed enterprise branch uses as well as for SMB customers. We worked with Miercom—a Network and Security testing company that performs and publishes independent analysis, research and reviews—for an independent assessment of our PA-400 series performance in real-world deployments versus Fortinet’s similarly priced Fortigate platforms. The Miercom report shows the impact of using realistic deployment scenarios in evaluating performance of firewalls.
The Miercom report proves that along with significant savings, customers do not have to choose between security and performance with PA-400 series NGFWs.
In addition to the Miercom report, in the 2019 NSS NGFW report—the last independent assessment published by NSS before they ceased operations—Palo Alto Networks firewalls achieved the highest security efficacy results compared with all the vendors participating in the test.
We are excited to share these findings because they validate that Palo Alto Networks not only provides the industry’s most comprehensive security platform, but also a consistent performance for our firewalls at a lowest total cost possible.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Subject | Likes |
---|---|
2 Likes | |
1 Like | |
1 Like | |
1 Like | |
1 Like |