FAQs: Palo Alto Networks

What PAN firewall do I need?

Choosing the right Palo Alto Networks firewall

There is no one size fits all, but it comes down to some basic questions and then a dab of professional expertise:

  • How fast is your ISP circuit(s)?
  • How many users do you have?
  • How many interfaces and what types do you need?
  • Do you have a lot of localized traffic between multiple LAN interfaces?
  • What are you using now and how is that working?
  • What other special requirements do you have?

Do I need to buy additional PAN subscriptions?

Optional PAN firewall subscriptions

No, you don't have to, but you probably ought to.

All the PAN firewalls come with an impressive array of baseline features including:

  • The ability to track users and not just IP addresses
  • The ability to detail actual applications and not just ports/services
  • Extensive logging without additional external software
  • Basic SSL VPN capability
  • Site to site VPN capability
  • Routing capabilities

However, this is the most important and single integrated cyber security solution that you're probably buying, so you ought to seriously consider:

  • Threat subscription (the firewall is supposed to detect and block threats, right?)
  • URL subscription (replace your dated and expensive URL filtering solutions)
  • GlobalProtect to protect and connect your mobile users
  • WildFire for rapid protection against new and evolving threats

How do I get PAN support?

Getting PAN Support Contracts

Add a PAN maintenance support contract for product updates (firmware) and technical support directly from the PAN support team. These are available in one year or multi-year offerings.

How do I get PAN firewall training?

PAN Firewall Training

We sell PAN authorized training classes that are available at PAN authorized training centers or virtually. There are a decent amount of classes and skill levels available.

We can also offer remote one on one customized training to quickstart your skills and match your specific needs.

Can I buy a PAN firewall and get it configured and then shipped to me?

Custom Firewall Configurations

Yes, you bet. We can take most existing firewall configurations and port them onto a new firewall that we ship to you so you can plug it in. Cool beans.

What does the PAN WildFire subscription do?

PAN WildFire Benefits

Several things:

  • It provides faster updates to the latest threats, you can even have it check every minute.
  • It can virtually inspect in the cloud or on-premise for attached (uploaded or downloaded) files to analyze the characteristics to determine if a previously unseen file is benign, malicious or malware.
  • You can manually submit a file for analysis.
  • It provides a detailed analysis of what the file did in different operating system environments.
  • It doesn't rely on signatures, but in-depth analysis and then all the WildFire customers can get rapid protection too.

What does the PAN Threat subscription do?

Explain PAN Threat Subscription

This is the first one you want… It's multiple features in one license:

  • IPS capabilities
  • Various vulnerability protections
  • Signature based malware, anti-virus, trojan, key-logger etc. protection

What does the PAN URL subscription do?

Explain PAN URL Subscription

It can replace your URL filtering solutions you may already have. It can help manage your user activity. However, it offers additional protection from various cyber threats like:

  • Hacking sites
  • Phishing sites
  • Command & control sites
  • Proxies and anonymizers
  • Questionable sites
  • Better granularity within domains

What does the PAN GP (Global Protect) subscription do?

Explain PAN GP Subscription

Three things it offers beyond the base capabilities:

  • Mobile device (iOS and Android support)
  • Device HIP inspection
  • Clientless support

Is the PAN GP subscription required for remote users?

Optional PAN GP Subscription

Call us for details, but, if all you have is Windows and Mac users, perhaps not, but…

  • If however you want to inspect those Windows and Mac users? Yes, get GP
  • Do you want clientless capabilities? Yes, get GP
  • Do you also want to support mobile devices/operating systems? Yes, get GP

Can I get SSL VPN on the PAN firewall?

SSL VPN on a PAN Firewall

Yes, that's called GP (GlobalProtect).

How can I best protect against malware with a PAN firewall?

PAN Malware Protection

You need to implement best practices:

  • You can only protect against that which you can inspect…
  • You should use the additional subscriptions.
  • You have to correctly implement and configure the subscriptions.
  • You need to seriously consider enabling decryption.
  • You should segment as much as you can or what makes sense.
  • You should implement additional zone and interface protections.

NOTE: Call us and have us review, we've seen a lot of nightmares with inadequately configured firewalls from all brands.

Can the PAN firewall protect me from all cyber security threats?

No Silver Bullet

No.

It cannot protect against bad oversight, ill informed users, poor implementations and cyber ignorance.

However with our help it is the single most important and all encompassing weapon in your cyber protection arsenal.

… and we might add that protection makes so much more sense than relying on detection.

We also think that a strong defense includes the use of PAN TRAPS for endpoints.

Can the PAN firewall protect me from lateral network threats?

Lateral Internal Protection

Yes, with proper network placement, good use of physical/virtual firewalls, a nice mix of layer 3, virtual wire and tap deployments. Too many people place these just at the edge, you can do so much more with it.

Can the PAN firewall protect my cloud based AWS and Azure services and servers?

PAN for AWS and Azure

Yes.

There are virtual firewalls and we strongly suggest you call us. Placement, knowledge and validation are so much more important with cloud based solutions.

Can I run and deploy a PAN firewall in the cloud?

Virtual PAN Firewall

Yes, see above and call us.

Can I get a PAN firewall audit?

PAN Firewall Audit

In terms of regular PAN firewall audits, we have yet to encounter a case where we didn't fundamentally improve the security posture of a PAN firewall.

Can I get customized PAN firewall services?

Custom Professional Services

Yes, we have the skills, we have the people and we have the passion.

Can I get customized PAN firewall training?

Personalized PAN Firewall Training

Yes and we have raving fans that have learned a whole lot more in a much less time and at less cost.

Are there PAN Best Practices?

Best Practices for PAN Firewall

Yes, we provide a link to some PAN best practices.

However, it can be overwhelming at first, our basic strategy is to take where you currently are and then improve that security posture quickly and over time.

© 2023 Altaware, Inc. | All rights reserved.

949-468-0020

CYBER SECURITY skills in ORANGE COUNTY, CA
Remote cyber security skills/services within the USA