Thursday, October 23, 2014

Palo Alto Firewalls: Check Point's Biggest Threat

There seems to be a lot of mis-information about Palo Alto firewalls out there.  I remember about a year ago, I went to a Check Point function, and the engineer that was teaching the class kept on saying negative things about Palo Alto firewalls.  He even went as far as saying that Palo Alto firewalls do not do stateful inspection.  I remember thinking that he had obviously never either read anything about Palo firewall or never installed/managed a Palo firewall.  He must have just heard that somewhere and just repeated it (many times in that class).  That guy lost all credibility with me.

With that said, what methods do Palo Alto firewalls use to secure a company?  Here are the methods I know of:
1. stateful inspection
2. signatures database
3. regular expressions
4. heuristics
5. known protocol decoder
6. unknown protocol decoder

Below is where they line up on Gartner's magic quadrant.  Also, notice the other competitors.


  1. I've heard good things about Palo Alto and their NG firewalls, and I look forward to working with their equipment one day. However, when I was researching firewalls last year for my church, I did not have a good experience with them. I had to contact their main office several times to get some needed information and a re-seller contact, and it took way too long for a reply. And then I was never able to get a quote from the re-seller. Yes, the needs of my church were rather minimal, but still....a small sale now could lead to future sales. Instead, I have a bit of a sour taste concerning Palo Alto, and I'm a Sr. Network Engineer for a large construction company. Hopefully my experience is not the norm.

    1. I've seen a mix of feelings out there. Some love it, some don't. It will be interesting to see how the two companies compete with each other in the security realm for sure.


Your comment will be reviewed for approval. Thank you for submitting your comments.