Palo Alto adds VPN gateway, traffic shaping to firewalls

Palo Alto Networks is adding an SSL VPN gateway and traffic shaping to its firewalls, offering businesses another opportunity to reduce the number of devices they buy and maintain.

While Palo Alto's previous software for its appliances supported site-to-site IPSec VPNs, it had no capacity to establish remote-access connections to individual users. PAN 3.0 software uploads SSL VPN agents to remote machines so they can establish VPNs with the appliances.

In combination with the software's existing features, customers can set policies that restrict remote users to accessing defined lists of applications. Previously, businesses that used Palo Alto's PA family of security appliances had to use a separate SSL VPN gateway if they wanted to provide SSL remote access.

The software release adds quality of service to the appliances by defining the bandwidth dedicated to certain applications and enforcing queuing policies. So a critical application could be guaranteed a certain minimum bandwidth and a place in a priority queue. Similarly traffic could be limited depending on who the user is or what his job function is.

By performing some of the functions of QoS devices, it gives customers an alternative to deploying separate QoS devices.
Palo Alto gear already supported a host of features including virus scanning, intrusion prevention and URL filtering, but the company says it's not trying to be a unified threat management (UTM) device. While the device performs many of the functions of UTMs, the company says its offering provides application visibility that UTMs don't and uses that ability to perform its other functions differently than mainstream UTMs.

PAN 3.0 software is available now and is an upgrade included with service contracts.