| Comprehensive visibility and granular control for thousands of applications; ability to create custom applications; ability to manage unknown traffic based on policy |
✓ |
| User identification and control: VPNs, WLAN controllers, captive portal, proxies, Active Directory, eDirectory, Exchange, Terminal Services, Syslog Parsing, XML API |
✓ |
| Granular TLS/SSL decryption and verification (inbound and outbound); including support for TLS 1.3 and HTTP/2 protocols |
✓ |
| Network functions: dynamic routing (RIP, OSPF, BGP, multiprotocol BGP), DHCP, DNS, NAT, route redistribution, ECMP, LLDP, tunnel content checking |
✓ |
| QoS: policy-based traffic shaping (priority, guaranteed, maximum) per application, per user, per tunnel, based on DSCP classification |
✓ |
| Virtual systems: logical, separately managed firewall instances within a single physical firewall, with traffic from each virtual system kept separate |
✓ |
| Zone-based network segmentation and zone protection; DoS protection against flooding with new sessions |
✓ |
| Threat Prevention (Subscription required) |
|
| Inline malware protection automatically enforced with daily updated, malware-based signatures |
✓ |
| Vulnerability-based protection against network- and application-level exploits and evasion techniques, including port scans, buffer overflows, packet fragmentation, and obfuscation tactics |
✓ |
| Prevent command-and-control (C2) activity that exfiltrates data or introduces secondary malware malware code; identify infected hosts through DNS sinkholing |
✓ |
| URL Filtering (Subscription required) |
|
| Automatic defense against web-based attacks - by automatically blocking links contained in phishing emails, phishing URLs, HTTP-based C2, and exploit kit-infested websites |
✓ |
| Ability to stop phishing for credentials |
✓ |
| Custom URL categories, alerts and notification pages |
✓ |
| IoT Security (Subscription required) |
|
| Accurate identification and classification of all devices on a network, including previously unknown devices |
✓ |
| Device security through ML-assisted anomaly detection, vulnerability assessment, risk-based policy recommendations, and enforcement with Device ID policy (Device-based policy enforcement not available on VM-50, VM-50 Lite, or CN-Series devices) |
✓ |
| No additional infrastructure required for activation on next-generation firewalls |
✓ |
| WildFire-Malwareprotection (Subscription required) |
|
| Detection of zero-day malware and exploits with multi-layered, complementary analysis techniques |
✓ |
| Automatic defense against most threats to networks, endpoints and clouds within seconds |
✓ |
| Community-based data to help protect, with over 30,000 participants |
✓ |
| AutoFocus Threat Intelligence (Subscription required) |
|
| Contextualization and classification of attacks, including malware family, attacker, and campaign, to accelerate assessment and response actions |
✓ |
| Comprehensive, globally correlated threat intelligence from WildFire |
✓ |
| Third-party threat intelligence for automated defenses |
✓ |
| Advanced DNS Security (Subscription required) |
|
| Automatically blocks tens of millions of malicious domains through real-time analysis and continuously updated threat data from around the world |
✓ |
| Machine learning-assisted analytics to quickly detect C2 activity or theft of data using DNS tunneling |
✓ |
| Automated dynamic processes to identify and rapidly isolate infected devices according to guidelines |
✓ |
| File and data filtering |
|
| Bi-directional control mechanisms to detect unauthorized transfer of certain file types, social security and credit card numbers, and data matching user-defined patterns |
✓ |
| Network security for endpoints through GlobalProtect (Subscription required) |
|
| Remote access VPN (SSL, IPsec, clientless); mobile threat prevention and policy enforcement based on apps, users, content, devices, and device state |
✓ |
| Data security for end devices of mobile users through application-specific configured VPN connections |
✓ |
| Panorama for network security management (Subscription required to manage multiple firewalls) |
|
| Intuitive policy control with applications, users, threats, advanced malware defenses, URLs, file types, and data patterns in a single policy |
✓ |
| Useful visibility into traffic and threats with Application Command Center (ACC); fully customizable reports |
✓ |
| Aggregated logging and event correlation |
✓ |
| Consistent, scalable management of up to 30,000 firewalls in hardware or from VM-Series, role-based access control, logical and hierarchical device groups, and templates |
✓ |
| GUI, CLI, XML-based REST-API |
✓ |