Product review: Palo Alto Networks PA-4050


This article can also be found in the Premium Editorial Download "Information Security magazine: Reviews of six top Web application firewalls."

Download it now to read this article plus other related content.


The PA-4050's key component, the App-ID, uses three classification engines working in concert to accurately identify the applications traversing the network, irrespective of the ports used. This enables enterprises to address security evasion tactics such as the use of nonstandard ports, dynamically changing ports and protocols, emulating other applications, and tunneling to bypass existing firewalls.

The application decoder engine identifies the protocol structure and the overall traffic pattern to flag anomalies. The signature engine identifies the exact application based on more than 450 definitions, which are updated periodically (updates have to be downloaded manually through the administration portal. We received two updates during our one-month review).

The SSL decryption engine offers visibility into encapsulated traffic without disclosing any of the data contents.

The application command center provides a very detailed multilayer graphical representation of the application activity at any given time, such as a real-time list of Top 10 applications in use, Top 10 high-risk applications, etc. These lists can be clicked on to

    Requires Free Membership to View

obtain more information about each application, IP addresses, access times and even UserIDs if AD integration is configured.


The customizable dashboard displays general device information, such as the software version, the operational status of each interface, resource utilization, and up to 10 of the most recent entries in the threat, configuration, and system logs. Real-time on-box logging, in addition to the graphs, can be filtered on 17 different fields, including source/destination, user/group, application and usage. In addition to tracking user and traffic activities, the log viewer provides visibility into administrative changes to the firewall based on admin ID, timeframe, result and changes made. Except for the traffic log, all logs are saved locally by default. Traffic logs can be sent remotely to a syslog server or as email notifications. About 25 "top 50" predefined reports provide a good summary of all the major activities, threats, and traffic patterns. At this time, the reports cannot be exported to PDF, XML or any other format.

PA 4050 also supports high-availability configuration, and organizations with multiple Palo Alto devices can use Panorama, the central management system to manage all devices from a single interface.

Palo Alto's application-centric approach to traffic classification brings policy-based application control back to the network security team. The ability to trace network traffic to individual users rather than a subnet or an IP address might be of interest to many organizations as well. The add-on threat prevention components and real-time graphical reports make PA 4050 a coveted security solution for organizations requiring high firewall throughput, while consolidating security devices.

Testing methodology: PA 4050 was evaluated in a typical test lab environment open to the Internet. A variety of well-known and custom P2P and IM applications were used to send and receive traffic through the firewall along with attacks, suspicious URLs and worm downloads.

This was first published in March 2008

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: