Hey all, I work IT security for a SMB in the financial sector and I'm looking into PAN, FortiGate and Check Point for a better NGFW solution than what we currently have, which is Sonicwall. For about 6 years we've been using an NSA 3600 to cover our main company network and then a TZ500 to connect back to the main branch via point to point VPN at a single remote branch. I also have a subscription to their Network Security Manager (NSM) (hosted) mainly for reporting and analytics. The base functionality of our Sonicwalls have been fine, and I like them for the most part. However, things like reporting, analytics, network visibility into traffic and threat events and more, are pretty sub-par. The Security Services technically work, but they work very poorly. Also, NSM doesn't even function properly despite months of working with support to get it working. The end result is that it is not meeting our needs with regards to perimeter network security monitoring and reporting. A while back, we had an IT vulnerability audit and pen test, which resulted in a finding that basically displayed that our Sonicwall's IDS/IPS/Security Services were not adequately reporting on external port scans and intrusion attempts. The auditor did an aggressive scan with nmap (among other things), and I was simply unable to spot the scan and report it back to them. Best I could do was dig through SIEM firewall logs to find the IP address, but there wasn't even any specific details as far as if the traffic was blocked or not (it showed accepted). This leads into another issue where the Sonicwall's Syslog logging doesn't seem to include all of the Security Services events in a way that our SIEM can adequately parse the log data, even with custom parsing. The point is, all our Sonicwall's and their various security service components don't work well enough and I am really hoping to strike gold with Palo Alto (or someone else). Can someone speak to the quality of PAN to report on threats in real-time, with regards to things as simple as excessive port-scans and other intrusion attempts. I do understand that nodes on the WAN get scanned 24/7 which can result in endless alerts and things, but I would assume that there'd be some kind of visibility in the form of pop-ups and categorizations that can tell when/where/how frequently certain malicious activity is hitting our firewall. Additionally, I have been jumping into the PAN products and documentation and I see that the PA-3220 might be a good / similar unit to our current NSA 3600 and the various tools (like deep packet inspection) sound like they probably work a lot better than what I'm used to. The PA-420 or 220 looks like a decent replacement for the TZ500. Is there integrated Wi-Fi with PAN firewall units? Currently we use SonicPoint APs integrated with the firewalls, I'm hoping PAN has something similar. And input or insight will be greatly appreciated!
... View more