Why GigaSECURE and Palo Alto Networks Make a Great Pair
Many companies rely on firewalls from Palo Alto Networks® for protection—and rightfully so.
A network’s perimeter needs to be its first and strongest line of defense, and Palo Alto Networks’ next‐generation firewalls are the gold standard in preventing intrusions. They prevent threats, and safely enable applications across a versatile set of high‐performance use cases.
Whether you’ve already deployed Palo Alto Networks firewalls or are just thinking about it, Gigamon’s GigaSECURE® Security Delivery Platform can help you get the most from your investment.
Here are three key benefits you’ll enjoy with the GigaSECURE and Palo Alto Networks joint solution.
#1. Bypass protection
A firewall is naturally suspicious and controlling. It wants to stay inline so all traffic flows through it all the time, and it can block suspicious packets. But sometimes:
- Firewalls need to be taken offline for software upgrades or maintenance
- Firewalls go into fail‐over
GigaSECURE allows you to put multiple Palo Alto Networks firewalls in virtual wire mode, so that they can do what they do best and you still get physical bypass protection. The perimeter is still protected.
#2. Asymmetric routing management
Like most security devices, Palo Alto Networks firewalls require all packets in a session to be inspected by the same device. But in complex, distributed networks the flow of data into the enterprise might take a different path than the flow out. GigaSECURE facilitates having session packets examined properly, easily handling scenarios where:
- A firewall is deployed out‐of‐band
- A firewall is inline with the ingress and egress links passing through the same data center
Are your ingress and egress links geographically spaced and going through different data centers? That might call for a more complex design. The good news is that a solution with Gigamon tools is still much simpler than one without them. Your Gigamon representative can help you design new architectural solutions.
“The GigaSECURE infrastructure gets you access to interesting traffic from across your network. When you deploy your firewalls from Palo Alto Networks, you have a single point to go to for the traffic that you’re interested in. You don’t have to insert devices at multiple points: It’s easier to route the traffic through the central device, and then take it out to the remote office.”
– Phil Griston, director of alliances and business development at Gigamon
#3. Traffic distribution
Are you looking to scale up to multiple Palo Alto Networks firewalls, but are concerned about the added complexity? GigaSECURE’s traffic distribution features can improve the operational efficiency of your networks. “You can load balance or aggregate traffic to best use the ports that you have on your boxes,” says Phil Griston, director of alliances and business development at Gigamon. “If the traffic flow is too big for one box, you can load balance it across multiple firewalls.”
GigaSECURE can also help consolidate sprawling networks. “If you’ve got several links with a small amount of traffic on each,” says Griston, “you can use the GigaSECURE platform to aggregate them together. You feed them through one port on your Palo Alto Networks box and then disaggregate them as they come out. It’s all about efficiency in the devices themselves and in managing them.”
Two great solutions that are better together
These benefits should have your IT teams excited about the Gigamon and Palo Alto Networks joint solution. Network engineers will appreciate the ability to add and remove inline tools without network outages. Security teams gain more control of their own tools because they don’t have to wait for the network team to plan outages in order to change or upgrade firewalls.
How to get started
At a glance: Joint solution benefits
- Enhance controllable network connectivity even in the event of device failure
- Manage asymmetric traffic flows to enhance efficient performance of the organization’s firewall
- Deploy firewalls out‐of‐band with full functionality to test performance and then move inline at the touch of a button
- Aggregate or load balance traffic flows to optimize device performance
- Off‐load SSL decryption from firewalls to maximize performance
- Filter selected traffic to avoid unnecessary processing
- Generate NetFlow/IPFIX from any traffic flow to avoid unnecessary processing.