I love gmoerschel's approach. I am a large non-profit in a major arena (extremely high profile)...we too have Cisco ASA's as our perimeter GW's. We have had PAN in our midst for a year and one half. We have had some majore learning issues, but our initial policies were based on app (Category) criteria. Out of the shut came gaming...cut it. Second was (sub category) type - which was file-sharing...cut it (we can make one off decisions about each case later). Third went the "technology" group...equating to peer-to-peer. I really did not want to see any of the p2p that had been working long before PAN to continue. The next day after implementing this....wow, HR tickets rose through the roof. I told HR prior...just route then to me directly. With policy "acceptable use" in hand...I took them on one by by one. No one to date, has come up with a viable defense against said policy. Policy enception date was July 1994. Can I take my ASA rule set and convert them? IF I know what it is (back end programs) that is attempting to be converted? I have yet to find ONE Cisco SE who can weight in on this matter. How come Cisco has not acquired this company and made it a part of their security division? Layer 7 for most of us is a hindrance. Where are we to go to? Above the nexxus 7K(Cicso propietary) this is by far the best technology leap i've seen over the last 10 years. Join in and see why PAN can revolutionize your perimeter network. I am not a paid spokesman. Their technology is by far the best thing I've seen since heirachy. Don't believe me? I've been in this industry for over 16 years. I love my Cisco firewalls...they are unhampered. However, when it comes to IDS....even with AIP modules for the ASA, at best it's cludgy. PAN however, looks into the packet much like NetGen does. It gives you insight into what comes and goes, even if it's encrypted. Encrypted did he say? YES. They have the ability to decrypt on the fly. AWESOME!!!! Can I say anymore? One thing that you will note...learning your perimeter takes time...wiht this device (no matter how small or large you go...it will take time to "learn" your environment.
... View more