Educause Security Discussion mailing list archives

Re: Palo Alto

From: Brian Helman <bhelman () SALEMSTATE EDU>
Date: Wed, 26 Oct 2011 16:20:35 +0000

We are running 4.0.5.  It is very stable.  I agree with the previous comments about 4.x though .. I wouldn't use a 
release prior to 4.0.5.

I have been using PA for over 3 years now.  My experience is .. stay away from major releases until they are 2-3 
updates in.  I think this is an excellent firewall and wouldn't hesitate to recommend it, but the process they use to 
vet their code really needs to be reconsidered!

-Brian Helman


From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of David 
Scott
Sent: Wednesday, October 26, 2011 11:44 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Palo Alto

We've had a PA 2050 for about a year running in stand-alone. We're on the 4.x code and I've had no problems with 
stability. I currently have a bug we're working through with logging some specific traffic. However, the support guys 
at PA have been top notch with this, and any time I've needed them.

I do know that a 4.0.6 release this week was recalled because of issues affecting some customers' NAT rules.

David Scott
Freed-Hardeman Univeristy
On Wed, Oct 26, 2011 at 10:29 AM, JR Ramirez <jrramirez30 () gmail com<mailto:jrramirez30 () gmail com>> wrote:
At my former employer we implemented PA-4060 in stand-alone mode after problems attempting to enable active-active on 
the 4.x code.  I highly suggest staying with the 3.1.x code.

We have had issues with the box rebooting itself since we implemented it early this year.  We like the web content 
filtering functionality, however we were not pleased with the initial instability.  Before I left the plan was to 
replace the Checkpoint implementation with PA to enable next generation firewall capabilities and address Web 2.0 
visibility.

So to answer your question, I still like PA but make sure your are running a stable version of code.

On Tue, Oct 25, 2011 at 3:22 PM, Kellogg, Brian D. <bkellogg () sbu edu<mailto:bkellogg () sbu edu>> wrote:
Looking for real world experiences on the stability and support services of the Palo Alto Firewalls if anyone is 
willing to share.


Thanks,
Brian

Current thread:

Firewall Comparison King, Ronald A. (Oct 25)
- Re: Firewall Comparison Julian Y Koh (Oct 25)
  - Re: Firewall Comparison Burton, Abigail F (Oct 25)
- Palo Alto Kellogg, Brian D. (Oct 25)
  - Re: Palo Alto Brian Helman (Oct 25)
  - Re: Palo Alto Dave Koontz (Oct 26)
  - Re: Palo Alto JR Ramirez (Oct 26)
    - Re: Palo Alto David Scott (Oct 26)
    - Re: Palo Alto Brian Helman (Oct 26)
    - Re: Palo Alto Darnell Walker (Oct 26)
    - Re: Palo Alto JR Ramirez (Oct 26)
    - Re: Palo Alto Michael Horne (Oct 26)
  - Re: Palo Alto Judie Ayoola (Oct 26)
    - Re: Palo Alto Darnell Walker (Oct 27)
- Re: Firewall Comparison JR Ramirez (Oct 26)