This is the third and final post on Palo Alto technology. We have already discussed the benefits of Palo Alto solutions as well as the certification opportunities available for network engineers. We also discussed the career opportunities that certifications can bring to both cybersecurity and Cisco networking domains. We’ll now move onto the products and compare the next-generation firewall technology of these two top vendors.
Next-generation firewalls generally have the same capabilities as traditional firewalls but also include advanced threat protection, intrusion prevention, deep packet inspection and application-layer control. Palo Alto and Cisco offer a complete range of next-generation firewall appliances in both virtual and physical versions.
Palo Alto & Cisco Next Generation Firewall Product Suites
Firepower is the brand that represents Cisco’s next-generation firewalls. Cisco Firepower hardware firewall appliances can scale from small business protection (Firepower 1000) to support large campuses, branches, and data centers. (Firepower 2100, Firepower 4100) All the way up to firewall solutions for service providers (Firepower 9300).
Palo Alto also offers the PA Series physical firewalls. These provide protection for a wide variety of business operations, including branch and retail stores networks, medium-sized businesses (PA-200 to PA-400 and PA-800), internet gateways and large service providers (PA-3200), and high-performance data centres (PA-5200 to PA-7000).
Both companies have virtual appliances in their firewall arsenal. Cisco offers virtual versions of both their Firepower next-generation firewall and the traditional ASA firewall. The Firepower firewall offering for public and private clouds — previously known as FTDv or NGFWv — now goes by the name Cisco Secure Firewall Threat Defense Virtual. Palo Alto, on the other hand, offers their next-gen firewall in its VM-Series virtual environments and CN-Series cloud-native apps in containerized Kubernetes environments.
Comparing Cisco Virtual Next-Gen Firewalls and Palo Alto
For this post, we’re going to do a head-to-head comparison of Palo Alto VM-Series and Cisco Secure Firewall Threat Defense Virtual, looking at their features, advantages/disadvantages, and reported performance. These products are virtual implementations for the vendor’s physical firewall solution. Let’s take a look at each virtual firewall individually.
Cisco Secure Firewall Threat Defense Virtual
Cisco’s virtual NGFW integrates their proven ASA firewall technology with next-generation intrusion prevention capabilities.
Integrated intrusion detection and prevention with the Snort IPS detection engines
URL filtering is used to restrict user access to certain website content and to help prevent malware and phishing attacks by malicious websites.
AVC (application visibility and control) service management is based on deep packet inspection (DPI).
Advanced malware protection to prevent viruses, worms, and the like from breaking into your computer.
Cisco’s Security Intelligence Operations, (SIO), provides automated updates of threat ratings and reputation scores through the largest real-time threat intelligence and monitoring network in the world.
Centralized firewall management via the on-premises Cisco Secure Firewall Management Center or the cloud-based Cisco Defense Orchestrator.
The Secure Firewall Threat Defense Virtual protects public, private, hybrid clouds.
Public: Amazon Web Services, Google Cloud (GCP), Microsoft Azure, and Oracle Cloud Infrastructure.
Private: VMware, Microsoft Hyper-V and KVM.
Depending on the hosted environment, the feature