Palo Alto Networks (PA-3020)

• L2, L3, Tap, Virtual wire (transparent mode)

Routing

• OSPFv2/v3, BGP with graceful restart, RIP, static routing
• Policy-based forwarding
• Point-to-Point Protocol over Ethernet (PPPoE)
• Multicast: PIM-SM, PIM-SSM, IGMP v1, v2, and v3

IPV6

• Features: L2, L3, Tap, Virtual Wire (transparent mode)
• Services: App-ID, User-ID, Content-ID, WildFire and SSL Decryption

IPSEC VPN

• Key Exchange: Manual key, IKE v1 (Pre-shared key, certificate-based authentication)
• Encryption: 3DES, AES (128-bit, 192-bit, 256-bit)
• Authentication: MD5, SHA-1, SHA-256, SHA-384, SHA-512

• 802.1q VLAN tags per device/per interface: 4,094/4,094
• Aggregate interfaces (802.3ad), LACP

Network Address Translation (NAT):

• NAT modes (IPv4): Static IP, dynamic IP, dynamic IP and port (port address translation)
• NAT64
• Additional NAT features: Dynamic IP reservation, dynamic IP and port oversubscription

High-Availability

• Modes: Active/Active, Active/Passive
• Failure detection: Path monitoring, Interface monitoring

• Policy-based control over applications, users and content
• Fragmented packet protection
• Reconnaissance scan protection
• Denial of Service (DoS)/Distributed Denial of Services (DDoS) protection
• Decryption: SSL (inbound and outbound), SSH

Wildfire

• Identify and analyze targeted and unknown files for more than 100 malicious behaviors
• Generate and automatically deliver protection for newly discovered malware via signature updates
• Signature update delivery in less than 1 hour, integrated logging/reporting; access to WildFire API for programmatic submission of up to 100 samples per day and up to 1,000 report queries by file hash per day (Subscription Required)

File and Data Filtering

• File transfer: Bi-directional control over more than 60 unique file types
• Data transfer: Bi-directional control over unauthorized transfer of CC# and SSN
• Drive-by download protection

User Integration (User-ID)

• Microsoft Active Directory, Novell eDirectory, Sun One and other LDAP-based directories
• Microsoft Windows Server 2003/2008/2008r2, Microsoft Exchange Server 2003/2007/2010
• Microsoft Terminal Services, Citrix XenApp
• XML API to facilitate integration with non-standard user repositories

IPSEC VPN (Site-To-Site)

• Key Exchange: Manual key, IKE v1
• Encryption: 3DES, AES (128-bit, 192-bit, 256-bit)
• Authentication: MD5, SHA-1, SHA-256, SHA-384, SHA-512
• Dynamic VPN tunnel creation (GlobalProtect)

• Application, operating system vulnerability exploit protection
• Stream-based protection against viruses (including those embedded in HTML, Javascript, PDF and compressed), spyware, worms

URL Filtering (Subscription Required)

• Pre-defined and custom URL categories
• Device cache for most recently accessed URLs
• URL category as part of match criteria for security policies
• Browse time information

Quality of Service (QOS)

• Policy-based traffic shaping by application, user, source, destination, interface, IPSec VPN tunnel and more
• 8 traffic classes with guaranteed, maximum and priority bandwidth parameters
• Real-time bandwidth monitor
• Per policy diffserv marking
• Physical interfaces supported for QoS: 6

SSL VPN/Remote Access (GlobalProtect)

• GlobalProtect Gateway
• GlobalProtect Portal
• Transport: IPSec with SSL fall-back
• Authentication: LDAP, SecurID, or local DB
• Client OS: Mac OS X 10.6, 10.7 (32/64 bit), 10.8 (32/64 bit), Windows XP, Windows Vista (32/64 bit), Windows 7 (32/64 bit)
• Third party client support: Apple iOS, Android 4.0 and greater, VPNC IPSec for Linux

Management, Reporting, Visibility Tools

• Integrated web interface, CLI or central management (Panorama)
• Multi-language user interface
• Syslog, Netflow v9 and SNMP v2/v3
• XML-based REST API
• Graphical summary of applications, URL categories, threats and data (ACC)
• View, filter and export traffic, threat, WildFire, URL, and data filtering logs
• Fully customizable reporting