Migration Tool - Palo Alto Networks
Transcription
Migration Tool - Palo Alto Networks
PA L O A LT O N E T W O R K S : M i g r a t i o n To o l D a t a s h e e t Migration Tool Automate and simplify the task of migrating firewall configurations from Cisco, Check Point, Fortinet, McAfee and Juniper to a Palo Alto Networks next-generation firewall configuration. •Analyze existing security policies •Migrate existing firewall configurations to Palo Alto Networks Next-Generation Firewall •Validate objects, addresses and rule sets to ensure a smooth transition Benefits of using the Palo Alto Networks Migration Tool: •Automated process for migrating your old security policies •Validated Palo Alto Networks Configurations •Optimized security policies for maximum performance •Advanced protection from the evolving threat landscape with application- and user-based security policies “Being able to migrate seamlessly from the old system to the new one had been a key concern for us, but in the event, it was very easy, with no disruption to students or staff. Now, the console gives us total network visibility at any given time.” — Voyage Io Administrative Officer Macao Polytechnic Institute Palo Alto Networks® offers a disruptive next-generation security platform built from the ground up to specifically address the rapidly evolving threat landscape. The unique platform combines the power of a next-generation firewall (NGFW) with advanced subscriptions for Threat Prevention, URL Filtering, GlobalProtect™ and WildFire™. Having an integrated solution helps, not only to address every step of the kill chain, but also to increase prevention rates. OVERVIEW Fundamental shifts in application usage, user behavior, and network infrastructure have resulted in an evolved threat landscape that has exposed weaknesses in traditional port-based firewall protection. Palo Alto Networks has developed an innovative approach to securing networks that identifies all traffic based on applications using an application-traffic signature called App-ID™. This replaces conventional approaches that control traffic based on port. PA L O A LT O N E T W O R K S : M i g r a t i o n To o l D a t a s h e e t Migrating from a third-party firewall to a Palo Alto Networks next-generation firewall can be accelerated by leveraging the Palo Alto Networks Migration Tool. This software tool will transfer ver uto Au d Co e rt Ana PALO ALTO NETWORKS MIGRATION TOOL The Palo Alto Networks Migration Tool enables you to analyze your existing environment, convert existing security policies to Palo Alto Networks next-generation firewalls, and assist with the transition from proof-of-concept to production. Primary functions of the Palo Alto Networks Migration Tool: 1. 2. 3. 4. 5. 6. 7. Third-party Migration Adoption of App-ID Optimization Consolidation Centralized Management with Panorama™ Auto-zoning Customized Response Pages With a combination of tools, expertise and best practices, Palo Alto Networks will help analyze your existing environment, migrate policies and firewall settings to the next-generation firewall, and assist in all phases of the transition. e nv The migration to a Palo Alto Networks next-generation firewall is a critical step toward the prevention and detection of cyberattacks. Today’s advanced threats require moving away from port-based firewall policies, which are no longer adequate to protect against a modern threat landscape, into an architecture that reduces your attack surface by safely enabling only those applications that are critical to your business, and eliminating applications that introduce risk. • Cisco ASA/PIX/FWSM • Check Point •Fortinet • McAfee Sidewinder • Juniper SRX/NETSCREEN it Simply put, the traffic-classification limitations of port-based firewalls make them unable to protect today’s networks and leaves businesses at the mercy of dealing with security breaches after they occur. App-ID provides visibility and control over both work-related and non-work-related applications that can otherwise evade detection by masquerading as legitimate traffic. With App-ID, you will gain a level of prevention that was previously unavailable. Easily migrate from existing port-based firewalls to Palo Alto Networks next-generation firewalls with the assistance of the Migration Tool. Third-party migrations are available from the following firewall vendors: yz • Hopping ports • Using SSL and SSH • Sneaking across port 80 • Using non-standard ports THIRD-PARTY MIGRATION C Traffic classification is at the heart of any firewall because your classifications form the basis of your security policies. Traditional firewalls filter traffic by port and protocol. Initially, this was an acceptable mechanism for securing the perimeter, but port-based security firewalls are no longer sufficient. Continuing to use a port-based firewall may allow applications to bypass ports undetected by: l Palo Alto Networks Migration Tool helps to automate and accelerate your migration. The Palo Alto Networks Migration Tool enables you to analyze your existing environment, convert existing security policies to Palo Alto Networks next-generation firewalls, and assist with the transition from proof-of-concept to production. the various firewall rules, addresses and service objects to a PAN-OS® XML config file that can be imported into a Palo Alto Networks firewall. ADOPTION OF APP-ID This migration will enable you to get the most value from your next-generation firewall, while reducing your attack surface, and regaining visibility and control over your organization through the use of App-ID. OPTIMIZATION Keep your next-generation firewalls operating at peak performance with Palo Alto Networks Optimization Services. Our experienced consultants will apply product expertise and knowledge of best practices to evaluate and optimize your next-generation firewall system including: • Architecture Review • System Health Check • Configuration Audit • Optional Product Tuning and Configuration Change Implementation PAGE 2 PA L O A LT O N E T W O R K S : M i g r a t i o n To o l D a t a s h e e t CONSOLIDATION Consolidating your legacy firewalls to Palo Alto Networks virtual systems enables you to customize administration, networking and security policies for the network traffic that is associated with specific departments or customers. In a standard virtual system interface configuration, each virtual system uses a dedicated interface to the Internet, requiring the use of multiple IP addresses. A shared gateway allows you to create a common virtual interface for the virtual systems that correspond to a single physical interface. This is helpful in environments where the ISP provides only a single IP address. All of the virtual systems communicate with the outside world through the physical interface using a single IP address. CENTRALIZED MANAGEMENT WITH PANORAMA Panorama enables you to centrally manage the process of configuring devices, deploying security policies, performing forensic analysis, and generating reports across your entire network of Palo Alto Networks next-generation firewalls. Available as either a virtual appliance or a dedicated management platform, Panorama and the individual devicemanagement interfaces share the same Web-based look and feel, ensuring workflow consistency while minimizing any learning curve or delay in executing the task at hand. AUTO-ZONING The AutoZone Assign feature will automatically adapt security policies from vendors that currently do not use zones and zones-based rules. The mapping of zones depends on the routes and the zone interface IP address. The mappings will adjust when you set or change the Interfaces and Zones settings. CUSTOMIZED RESPONSE PAGES In PAN-OS, administrators can load a customized page for various response pages to notify end users of the policy violation. WHY MIGRATE TO PALO ALTO NETWORKS MTC – Management & Training Corp, Centerville, Utah The high cost of maintaining its network, combined with the need to keep pace with the changing threat landscape, led MTC to re-examine its network design. “We had issues at times with unreliable VPN connectivity, and also with consistent Active Directory user mappings for web filtering,” says Brian Goodwin, Network Security Administrator, MTC. “The Palo Alto Networks solution has been a solid fit for our company, and has increased our company services uptime with regards to VPN connectivity and web filtering.” 4401 Great America Parkway Santa Clara, CA 95054 Main:+1.408.753.4000 Sales: +1.866.320.4788 Support:+1.866.898.9087 www.paloaltonetworks.com Additional network issues arose from the evolution of threats. “In the past, viruses could take you down, but now botnet, spyware, and malware type stuff are main concerns,” says Goodwin. “Our incumbent system lacked the visibility to meet these new risks.” CAME Group, Treviso, Italy Management at CAME recognized that its decentralized network was impacting business performance. “They authorized our team to centralize network management, increase security, collect and report network information better, and to standardize application access and security policies across all locations worldwide,” says Massimiliano Tesser, Group CIO, CAME Group. The next-generation security platform from Palo Alto Networks natively brings together all key network-security functions, including a next-generation firewall, URL filtering, IDS/IPS, and advanced threat protection. These functions are purposely built into the platform from the ground up, and natively share important information across the respective disciplines, to ensure better security than legacy firewalls, UTMs, or point threat-detection products. At throughput speeds of up to 120 Gbps, Palo Alto Networks can safely enable the use of all applications, maintain complete visibility and control, and protect businesses from the most basic to sophisticated cyberattacks — both known and unknown. CONSULTING SERVICES Firewall-policy migration can be a challenging task, and is most effectively accomplished with professional services assistance from Palo Alto Networks and a network of solution partners, who can guide you though the migration process using a combination of automated tools and best practices. Palo Alto Networks Consulting Services are available to ensure a smooth transition and enable you to get the maximum value from your next-generation firewall from Palo Alto Networks. Take advantage of the Palo Alto Networks Firewall Migration Services to get your next-generation firewall project off to a great start. Copyright ©2015, Palo Alto Networks, Inc. All rights reserved. Palo Alto Networks, the Palo Alto Networks Logo, PAN-OS, App-ID and Panorama are trademarks of Palo Alto Networks, Inc. All specifications are subject to change without notice. Palo Alto Networks assumes no responsibility for any inaccuracies in this document or for any obligation to update information in this document. Palo Alto Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. PAN_DS_MT_033115