I'm looking to hear about the advantages of Palo Alto over Cisco ASA FirePOWER.
Well, not forget that Firepower technology was developed by Sourcefire, so I tested Sourcefire too, and working as an IPS, is one of the best, but when they tried to put a NGFW into the Sourcefire applinces, the idea was Ok, but was a NGFW with some limitations. Right now, I don´t know if there some performance issues working together firepower technology + cisco technology, but, Cisco as a FW, I don't like it some much, because their user interface is not intuitive and is not easy to manage.
Palo Alto Networks is, for me, the best NGFW actually, is flexible, it offers a lot of competitive advantages, does not have any performance issues, their application control is the best in the industry, the webui is very simple, and another features that I can refer to, but maybe is a long list. The only situtation against PAN is the IPSec configuration, is not so intuitive.
I hope my comments offers you some kind of contribution.
Basically, using Palo Alto along with their Wildfire solution (either
in the cloud or as hardware appliances within your data center) got a 100% hit
rate of 0 day live threats according to the latest NGIPS test performed by NSS
With PA you can also use their Traps solution on your
endpoints to further mitigate malware (Traps will also integrate with
Wildfire is PA way of executing files and code in a
sand boxed environment in order to find out if the file is hostile or not.
Other than that PA in my opinion is more of a highly capable
NGFW rather than a NGIPS (that it’s first and foremost a NGFW which includes
IDS and IPS capabilities along with built-in capability of SSL encryption,
application identification, user identification etc.)
This gives that if you already use a PA as your internet firewall
you have very little to gain to put another IDS/IPS in front of it - better to
first fully utilize the capabilities of current gear before you start to spend
money on other toys.
Also I would recommend you to contact all three vendors that
are on your shortlist and lend boxes to perform PoC with your traffic to better
learn the capabilities of each product but also what’s needed around it to make
it functional (for example Checkpoint demands additional management servers
which are as expensive as their firewalls in order to configure your checkpoint
gear (yes they can be configured from CLI but hardly anyone use that without
Palo Alto Firewalls building User Group's Policy Sets, With PA you can also use their Traps solution on your endpoints to further mitigate malwares (Traps will also integrate with Wildfire). Wildfire is PA way of executing files and code in a sandboxed environment in order to find out if the file is hostile or not. in my opinion, PA FW is more of a highly capable NGFW rather than a NGIPS (that is its first and foremost a NGFW which includes IDS and IPS capabilities along with builtin capability of SSL decrypting, application identification, user identification etc).
Palo Alto is much better that Cisco in many aspects.
We were in touch with Other vendors as well for our Firewall deployment, Although we loved the product from Palo Alto. Budget was an issue for us.
Barracuda NG Firewall was a great alternative for Palo Alto, which can match Palo Alto in every curve with great pricing as well.
I believe you should Barracuda NG Firewall as well.
Sriram A Das
Pretty much Palo Alto sets the benchmark on the following:"Layer 8 application filtering", policies can be defined to pick up and block applications going in and out of the organisation.
Identifying users, this includes using Exchange Activesync to identify mobile devices if you are not deploying a radius wireless solutionWildfire protection, this sandboxes files coming in and out to scan for malware or intrusion
I do not know the $$ differences but these are the items that have set PaloAlto apart from the competition.
In summary, I really love the management GUI from the Palo Alto. Not hard due to the list of more than 20 advantages over the Cisco ASA platform. Though it is slower than the ASDM GUI from Cisco, it offers much more useful capabilities for the daily work. Great!
Cisco asa is better than palo alto
I'm sorry I don't have expertise in Palo Alto Appliances but I do have in Fortinet, Cisco (PIX and ASA), and Cyberoam. So I can't compare Palo Alto Firewall to Cisco ASA. If somebody would like to give me the opportunity to work on Palo Alto Equipment, I'll be greatful to him.
ASA's suffer from what I call 'the bolt on'. It's tragic but true. PaloAlto designed their hardware around their software with flow of process in mind. Cisco just keeps going out, acquiring somebody doing security software in a new and innovative way and then integrating the software into their hardware package. Hence 'Bolt On". The hardware isn't designed around the software, it's a jam sandwich. Thats one reason why PaloAlto is better than ASA. PaloAlto also provides wildfire and many other features like global protect that can keep users protected even when separated from the enterprise. Palo is a win win... I love their product.
Chris Boley | Network Engineer | Cogentrix Energy Power Management, LLC
1. Scalability: linear growth due to Single Pass technology.
This means that the addition of security features/functionality does not have any
influence on the throughput.
2. Accuracy: consequently they deliver top performance
in catch-rate. We´ve seen customer that have caught even during a short POC
very dangerous and focused APT´s
3. Price-Performance: much better than CISCO :-)
4. Integrated Platform: with a closed loop between
Endpoint, Firewall and Cloud Sandbox. Able to immediately respond adequate to
constantly changing threat landscape. Really cool and effective.
5. Central Management: result is that you can manage
virtual and physical appliances with a minimum of resources, very cost effective.
In short, we don’t sell hardware or software we are a
knowledge house, with one exception PANW J
At the time of evaluating Cisco And Palo Alto, the Cisco offering was called SourceFire. We moved from Cisco ASAs to Palo Alto for a lot
1. The Palo Alto solution was managed thru one interface where the Cisco required managing the ASA from one and SourceFire from another.
2. Palo Alto developed their Application Firewall from the ground up and Cisco just attached the SourceFire Application piece.
When coming from a Cisco environment , you can clearly see that the Cisco ASA is almost identical from before.
3. We liked the Palo Alto zone technology along with their logical interface.
4. The Palo Alto gave us more thru-put for the money.
5. The Palo Alto updates and user run queries are way ahead of Cisco. You should download a virtual appliance and take a look.
Could you please get in touch with us through