What is the appropriate rebuttal that positions the value of a NGFW over a legacy firewall?

November 21, 2021 by Admin

A customer with a legacy firewall architecture is focused on port and protocol level security, and has heard that next generation firewalls open all ports by default.

What is the appropriate rebuttal that positions the value of a NGFW over a legacy firewall?

  • Palo Alto Networks does not consider port information, instead relying on App-ID signatures that do not reference ports
  • Default policies block all interzone traffic. Palo Alto Networks empowers you to control applications by default ports or a configurable list of approved ports on a per-policy basis
  • Palo Alto Networks keep ports closed by default, only opening ports after understanding the application request, and then opening only the application-specified ports
  • Palo Alto Networks NGFW protects all applications on all ports while leaving all ports opened by default

Explanation:

Reference:

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClVwCAK

Leave a Reply