Sophisticated enterprise perimeter protection is now available to managed iOS devices through Palo Alto Networks' GlobalProtect.
Palo Alto Networks is known for firewalls which protect all TCP ports and look for application context on them. As computing has moved to HTTP and other Internet protocols, enterprises have found it necessary to open up certain ports, like 80 (HTTP) and 443 (SSL), in order to make management practical. In fact just about any application can run on just about any port, so Palo Alto Networks allows administrators to focus on managing users and applications, no matter what port they use.
GlobalProtect, which has been shipping since March, extends their network perimeter to any remote client. Clients can connect through an encrypted tunnel and receive the same protection as devices on the LAN. The network perimeter thus becomes a logical, rather than physical perimeter. The new release of GlobalProtect extends this protection to Macs, iPhones and iPads.
The system has a lot in common with conventional VPNs and firewalls, but allows much more flexible control over application access to IT, and policy is enforced no matter where the client is or how they connect.
Performance can be a problem when the client relies so heavily on one connection to the firewall, so GlobalProtect clients are able to determine if there is a company branch office which is a closer, better performing connection. Any Palo Alto Networks perimeter device at a branch office in the company WAN can service remote client connections. This is sometimes known as "cloud firewalling" or a "cloud of gateways."
Palo Alto Networks firewalls go beyond port management to look for application context on all ports.