Palo Alto Networks Extends "Cloud Firewall" To iOS
Category: Tablets, Smartphones
Sophisticated enterprise perimeter protection is now available to managed iOS devices through Palo Alto Networks' GlobalProtect.
- The Untapped Potential of Mobile Apps for Commercial Customers
- What Impact Will Windows 8 Have on the Tablet Market?
- Cloud-based data backup: A buyer's guide - How to choose a third-party provider for development, management of your data backup solution
- Applying Agile Principles to Smarter Product Development
Palo Alto Networks is known for firewalls which protect all TCP ports and look for application context on them. As computing has moved to HTTP and other Internet protocols, enterprises have found it necessary to open up certain ports, like 80 (HTTP) and 443 (SSL), in order to make management practical. In fact just about any application can run on just about any port, so Palo Alto Networks allows administrators to focus on managing users and applications, no matter what port they use.
GlobalProtect, which has been shipping since March, extends their network perimeter to any remote client. Clients can connect through an encrypted tunnel and receive the same protection as devices on the LAN. The network perimeter thus becomes a logical, rather than physical perimeter. The new release of GlobalProtect extends this protection to Macs, iPhones and iPads.
The system has a lot in common with conventional VPNs and firewalls, but allows much more flexible control over application access to IT, and policy is enforced no matter where the client is or how they connect.
Performance can be a problem when the client relies so heavily on one connection to the firewall, so GlobalProtect clients are able to determine if there is a company branch office which is a closer, better performing connection. Any Palo Alto Networks perimeter device at a branch office in the company WAN can service remote client connections. This is sometimes known as "cloud firewalling" or a "cloud of gateways."
Palo Alto Networks firewalls go beyond port management to look for application context on all ports.
Follow Larry Seltzer and BYTE on Twitter, Facebook, LinkedIn, and Google+: