Analysis of The Competition With Palo Alto Network-20151105

Palo Alto Competitive Analysis
2015/11/03
1 www.hillstonenet.com.cn www.hillstonenet.com.cn
Palo Alto Product Overview
Firewall Platforms
 Datacenter/ISP
 Enterprise
PA-5060
PA-7050
PA-4060 PA-5050
PA-3060
PA-4050
PA-3050 PA-5020
PA-2050 PA-4020
PA-3020
PA-2020
PA-500
PA-200
20G 120G
2 www.hillstonenet.com.cn
Hillstone Product Overview X7180
80G E6360 Datacenter/ISP Firewall
Enterprise 3
E6160
T5860
E5960 UP to 360Gbps
40G
Enterprise
E5760
E5660
T5060
20G
Enterprise E5260
Enterprise Firewall T3860
E3960
T2860
10G E3660
E2800
T1860
SMB E1700
E2300
1100
W E1600
3 3
www.hillstonenet.com.cn
Hillstone vs. Palo Alto-SWOT Analysis
4
 Strength  Weakness
• With a wealth of product quality
• Products with high rate • Products in overseas markets in
of quantity and price qualification, service, sales slightly
• First proposed the "intelligent" concept, weak
and launch of the intelligent next • In the overseas market brand
generation firewall products. awareness is a bit low
• With rich technology and solutions in
the field of data center
• Has advanced product architecture, has
a lower energy consumption, in the
same product performance and less
space occupation
 Threat
 Opportunity • Competitors in the market in the next
generation firewall has the leading
• Intelligent security concept has been product visibility
widely recognized in the industry • Competitors launched new products,
• The data center into a high-speed increasing competition in the market
development stage overlap
Comparative Overview
Palo Alto Hillstone
Product type
Product specifications
Functions
Price
Product specifications compare

 Palo Alto: NGFW as core product ; does not have product in adjacent security.
 Hillstone : have a richer product type , like data center firewall which throughput can reach 360G and IPS
product ; the product has better scalability.
Functions compare
 Palo Alto : have more outstanding characteristic , especially in the application security protection and
visual management.
 Hillstone : have abundant function , especially have the advantage of VPN/NAT and other functions.
Price compare
 Palo Alto :The products are expensive
 Hillstone : Products with high rate of quantity and price
Product Specifications Compare-Enterprise
Palo Alto
 Products are not scalable in the interface, so can overlap each other through the
specifications of the products to cover the requirements of different interface.
 The module does not support products.
 Product throughput refers to the application layer processing performance, closer to
user‘s actual use.
Hillstone
 The product line is comprehensive, covering the main demand for grade.
 The product has good scalability at the interface, meet user demand for different
application scenarios.
 The high-end product support module.
 Product performance, outstanding new concurrency.
T Series vs. PAN Hardware Specs
PA-
PA-3060 PA-4050 PA-4060 T2860 PA-5040 T3860 T5060 PA-7050 T5860
5060
72x10/1
2SFP+,8 1MGT
１ MGT 00/1000 １ MGT
GE+8SFP 12GE+8S 1HA 12GE+
16GE+8 4XFP+4S 1HA + 1HA
Fix Interface +1MGT+ FP+4SFP ２ GE 8SFP+4
SFP FP ２ GE 48xSFP ２ GE
2HA + 4SFP SFP+
4SFP + 4SFP
24xSFP+
No
Slot No No 2 slots No 2 slots No 4 slots No 4 slots
Firewall 20/100G
4Gbps 10Gbps 10Gbps 10Gbps 10Gbps 10Gbps 25Gbps 20Gbps 40Gbps
Throughput bps
VPN 500Mbp 4/24Gbp

2Gbps 2Gbps 4Gbps 4Gbps 20Gbps 4Gbps 14Gbps 28Gbps
Throughput s s
Concurrent 2,000,00 2,000, 3,000,00 2,000,00 4,000,00 4,000,0 5,000,0 6,000,00

500,000 4M/24M
Connections 0 000 0 0 0 00 00 0
New
120,00 120K/
Connections 50,000 60,000 60,000 100,000 120,000 100,000 200,000 250,000
0 720K
Persecond
Max Policy 5,000 20,000 20,000 40,000 20,000 40,000 40,000 40,000 N/A 40,000
Product Specifications Compare-Datacenter
Palo Alto
 Do not have rich product line in datacenter , only 1 platform;
 outstanding application performance ; The PA-7050 delivers 120 Gbps of App-ID firewall
performance, 100 Gbps of DSRI threat prevention and 60 Gbps of non-DSRI threat
prevention;
 Do not good at Concurrent Connections and VPN Throughput;
 non-redundant control module
 High energy consumption;
Hillstone
 Fairly rich product line in datacenter;
 Outstanding network performance , good at VPN Throughput , Concurrent Connections
and New Connections per second.
 From the system level to component level of redundancy , have higher reliability ;
 Low energy consumption;
Product Hardware Specifications
PA-7050 X7180
Dimensions 10U 5U
72x10/100/1000 +
Interface 4 Combo
48xSFP + 24xSFP+
Slots 7 10
Firewall Throughput 120Gbps 360Gbps
VPN Throughput 24Gbps 72Gbps
IPS Throughput 100Gbps N/A
Concurrent Connections 24,000,000 120M
New Connections Per

72W 240W
second
IPSEC Tunnels 48,000 20,000
Max Policy 80,000 60,000
Virtual Firewall 25/225 1,000
SSL VPN Users 120,000 128/10,000
Product Specifications Compare – module
card
IOM- IOM- IOM-

PA-7050 IOM- SSM- QSM-
16SFP- 4XFP- 2MM-
NPC 2SM-BE 100 100
100 100 BE
Dimensions 1U 1U 1U 1U 1U 1U 1U
12x10/100/100
Interface 0 + 8xSFP + 16SFP 4XFP 2*Bypass 2*Bypass - -
4xSFP+
Throughput 20Gbps 20Gbps 40Gbps - - 20Gbps 20Gbps
Concurrent
400W 1000W 2000W - - 3000W 1000W
Connections
New
Connections 12W - - - - 40W 30W
Per second
Features Compare
Palo Alto
 Support 1500+ kinds of application identification , especially support for encryption etc.
 Focus on application threat prevention .
 BYOD support as well.
 IPv6 functions support as well.
Hillstone
 Support 1500+ kinds of application identification , support the identification base cloud.
 NAT and VPN functions support as well.
 Function embodies the safety concept of intelligence
 Function embodies the safety concept of intelligence
Functions Compare-Detail
Hillstone Hillstone
Function item Function description Palo Alto （ StoneOS5.5R1
（ StoneOS5.5R1
（ OS6.0 ） for Datacenter
）
product ）
Interface Modes L2, L3,
√ √ √
Tap, Virtual Wire
Modes OSPF, RIP, BGP, Static √ √ √
ISP route X √ √
Routing Policy-based forwarding √ √ √

Point-to-Point Protocol over Ethernet
√ √
(PPPoE) Supported Supported Supported
Jumbo frames Supported, 9210 bytes
√ X X
Supported
Modes Active/Active Active/Passive √ √ √
Configuration and session synchronization √ √ √
HA Interface and IP tracking √ √ √
Link and path failure monitoring √ √ √
Management and Visibility Tools X √ √
Hillstone Hillstone
（ StoneOS5.5R1
）
product ）
NAT Modes 1:1 NAT, n:n NAT, m:n NAT √ √ √
NAT/PAT Extended NAT (Over 65535 ports/ip) X √ √
NAT 444 X √ √
VLANs √ √ √
Virtual Wire √ √ √
IGMP √ √ √
Address Assignment DHCP server/DHCP relay √ √ √
Modes L2, L3, Tap, Virtual Wire √ √ √
IPv6 APP identify √ √ √

SSL Decryption and SSL Decryption and SSL
√ X X
Decryption
Active Directory, LDAP, eDirectory √ √ √
Citrix and Microsoft Terminal Services, XML
Auth √ X X
API (User-ID)
Radius X √ √
Hillstone Hillstone
（ StoneOS5.5R1
）
product ）
Policy-based control over applications,
√ √ √
users and content
WebAuth √ √ √
Fragmented packet protection √ √ √

FIREWALL
Reconnaissance scan protection √ √ √
Denial of Service (DoS)/Distributed Denial
√ √ √
of Services (DDoS)protection
Decryption: SSL (inbound and outbound),
√ √ √
SSH
Key Exchange: Manual key, IKE v1 √ √ √
Encryption: 3DES, AES (128-bit, 192-bit,
√ √ √
256-bit)
PnP VPN X √ √
IPSEC VPN (SITE-TO-
SITE)/SSLVPN
GRE X √ √
L2tp over Ipsec X √ √
Authentication: SHA1, MD5 √ √ √
Hillstone Hillstone
（ StoneOS5.5R1
）
product ）
Control unauthorized data transfer (data
√ √ X
patterns and file types)
DATA FILTERING
Drive-by download protection √ √ X
Integrated web interface, CLI or central
√ √ √
management (Panorama)
Syslog and SNMPv2 √ √ √
MANAGEMENT, XML-based REST API √ √ √

REPORTING, VISIBILITY
Graphical summary of applications, URL
TOOLS √ √ X
categories, threats and
View, filter, export traffic, threat, URL, and
√ √ √
data filtering logs
Fully customizable reporting √ √ X
Transport: IPSec with SSL fall-back √ √ √
Host-Security Check X √ √
NETCONNECT SSL VPN Authentication: LDAP, SecurID, or local DB √ √ √

(REMOTE ACCESS)
Authentication: USB-KEY X √ √
Client OS: Macintosh, Windows XP,
Windows Vista (32 and 64 bit),Windows 7 √ √ √
15 (32 and 64 bit) www.hillstonenet.com.cn
Hillstone Hillstone
（ StoneOS5.5R1
）
product ）
Application, operating system vulnerability
√ √ √
exploit protection
Stream-based protection against viruses
THREAT PREVENTION
(including those embeddedin HTML,
(SUBSCRIPTION √ √ X
Javascript, PDF and compressed), spyware,
REQUIRED)
worms
Behavioral botnet detection √ √ √
Policy-based traffic shaping by application,
user, source, destination,interface, IPSec √ √ √
VPN tunnel and more
Policy-based traffic policing X √ √
8 traffic classes with guaranteed, maximum
√ √ √
and priority bandwidth parameters
QUALITY OF SERVICE
(QOS) Real-time bandwidth monitor √ √ √
Per policy diffserv marking √ √ √
Two level QoS X √ √
APP Based Session limit √ √ √

Bidirectional control over the unauthorized
√ √ （ part types ） X
transfer of more than 60 file types P
File and Data Filtering Bidirectional control over the transfer of
16 Social Security Numbers, Credit Card √ X X
www.hillstonenet.com.cn
Hillstone Hillstone
（ StoneOS5.5R1
）
product ）
76-category, 20M URL on-box database √ √ √
Dynamic URL filtering (1M URL cache on
√ X X
device)
URL FILTERING Custom block pages and URL categories √ √ √

(SUBSCRIPTION
On-box customizable URL filtering database
REQUIRED) √ √ √
P
Customizable categories, allow, block lists
√ √ √
and block pages P
Safe search (Google, Bing, Yahoo) √ X X
Sand box-based detection of unknown
malware hidden in PS, PDF, all Office file √ X X
WildFire Modern types, Java and Android APK P
Malware Protection Automated signature generation and
√ X X
(Subscription Required) delivery for discovered malware P
Inline control of malware infection and
√ X X
command/control traffic
Web crawler defense, abnormal traffic
Abnormal Behavior
analysis , DDOS based on application layer X √ X
Detection
defense etc.
Advanced malware engine, detect the
Advanced Threat
malware based on the behavior not X √ X
Detection
signature.
Thank You!

Analysis of The Competition With Palo Alto Network-20151105

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Analysis of The Competition With Palo Alto Network-20151105

Uploaded by

Copyright:

Available Formats

Palo Alto Competitive Analysis

Product specifications compare

VPN 500Mbp 4/24Gbp

Concurrent 2,000,00 2,000, 3,000,00 2,000,00 4,000,00 4,000,0 5,000,0 6,000,00

Firewall Throughput 120Gbps 360Gbps

VPN Throughput 24Gbps 72Gbps

IPS Throughput 100Gbps N/A

Concurrent Connections 24,000,000 120M

New Connections Per

Max Policy 80,000 60,000

Virtual Firewall 25/225 1,000

SSL VPN Users 120,000 128/10,000

IOM- IOM- IOM-

Throughput 20Gbps 20Gbps 40Gbps - - 20Gbps 20Gbps

Routing Policy-based forwarding √ √ √

Configuration and session synchronization √ √ √

HA Interface and IP tracking √ √ √

Link and path failure monitoring √ √ √

Management and Visibility Tools X √ √

NAT/PAT Extended NAT (Over 65535 ports/ip) X √ √

Address Assignment DHCP server/DHCP relay √ √ √

Modes L2, L3, Tap, Virtual Wire √ √ √

IPv6 APP identify √ √ √

Fragmented packet protection √ √ √

L2tp over Ipsec X √ √

Authentication: SHA1, MD5 √ √ √

MANAGEMENT, XML-based REST API √ √ √

Transport: IPSec with SSL fall-back √ √ √

NETCONNECT SSL VPN Authentication: LDAP, SecurID, or local DB √ √ √

Per policy diffserv marking √ √ √

Two level QoS X √ √

APP Based Session limit √ √ √

URL FILTERING Custom block pages and URL categories √ √ √

You might also like