- Nokia's new N97 vs. the iPhone
- 10 Microsoft research projects
- Hard to get justice in MySpace case
- Smartphone smackdown: Storm vs. iPhone
- Apple removes antivirus support page
We spent two weeks putting the Palo Alto Networks PA-4020 through a series of tests designed to measure its capabilities. During our testing, the PA-4020 was connected to the Internet and was able to download virus, threat and URL filtering updates. We also updated the software on the PA-4020 once during the test, from 2.0.1 to 2.0.3. We did encounter problems during the update, and had to have Palo Alto's technical support team apply fixes to our configuration to make it compatible with the new software version.
We started by installing the PA-4020 as a tap on an existing connection used to serve about 1,000 DSL users. During the initial installation, we looked at the management interface for the PA-4020 and evaluated the policy definition and visibility tools available in the PA-4020. Because the PA-4020 supports layer 2, layer 3 and tap mode, we were able to evaluate the capabilities of the system without interfering with existing traffic.
Once we were confident that we understood the operation, we installed the PA-4020 in-line as a layer 2 firewall with the same DSL connection, applying threat protections and some application blocking. We also waited for the phone to ring, possibly indicating that the PA-4020 was improperly blocking traffic. We did catch a few complaints and false positives at this point.
At the same time, we put the PA-4020 in-line with our live antispam/antivirus gateway to see how well it would catch viruses "in the wild". We let it run for a week, and then compared the logs of the PA-4020 to the logs of the antivirus scanner on the e-mail gateway to see which viruses the PA-4020 had caught, and which it had missed.
Next, we moved the PA-4020 to a more controlled environment, our own wireless network, and began to explore each of its capabilities in depth, including application identification, specific virus testing, SSL man-in-the-middle decryption, network address translation, firewall policy definition, URL filtering and intrusion-prevention/detection system (IDS/IPS) signatures. We ran numerous small tests to determine how well the PA-4020 performed each of these tasks. This part of the test also contributed to our evaluation of the policy definition tools and visibility tools in the PA-4020.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comments (2)
Familiar?By Anonymous on August 15, 2008, 9:15 pmNot really....in april 07 they announced application visibility using a combination of IDP (an IPS) and ScreenOS (a stateful FW) - only available in the ISG 1000...
Reply | Read entire comment
Looks familiarBy Anonymous on August 12, 2008, 6:26 pmDidn't Juniper announce application visibility on its screen-O.S. firewalls over a year ago?
Reply | Read entire comment
View all comments