Paloalto VM-500

Paloalto VM-500

From
Special Price $4,305.99 Regular Price $4,528.99
compare favorite favorite
See all specs
Paloalto VM-500
Sale
Have questions about this purchase?
Chat with Uvation Assistant
Rewards Banner

Paloalto VM-500

MFG.PART: PAN-VM-500-PERP-BND1-PREM-1YR-R

Earn 4,305 points when you buy me!

Hurry! Other 2 people are watching this product
SKU
VM-500
Special Price $4,305.99 Regular Price $4,528.99
In stock
Free shipping
could be yours in 1 - 5 days
favorite
Hurry! Other 2 people are watching this product

Microsoft Azure ® migration initiatives are rapidly transforming data centers into hybrid clouds, yet the risks of data loss and business disruption jeopardize adoption. The VM-Series on Azure solves these challenges, enabling you to:

-Protect your Azure workloads through unmatched application visibility and precise control.
-Prevent threats from moving laterally between workloads and stop data exfiltration.
-Eliminate security-induced application development bottlenecks with automation and centralized management.

Details

Introduction

Microsoft Azure® migration initiatives are rapidly transforming data centers into hybrid clouds, yet the risks of data loss and business disruption jeopardize adoption. The VM-Series on Azure solves these challenges, enabling you to:

-Protect your Azure workloads through unmatched application visibility and precise control.
-Prevent threats from moving laterally between workloads and stop data exfiltration.
-Eliminate security-induced application development bottlenecks with automation and centralized management.

Palo Alto Networks VM-Series Virtualized Next-Generation Firewalls protect your Azure workloads with next-generation security features that allow you to confidently and quickly migrate your business-critical applications to the cloud. ARM templates and third-party automation tools allow you to embed the VM-Series into your application development lifecycle to prevent data loss and business disruption.

Azure Network Security Groups or VM-Series?

Organizations are migrating their enterprise applications onto Azure for many reasons, including business agility and a desire to reduce data center footprints. Security best practices dictate that your public cloud security posture should be as strong as your data center security approach: understand your threat exposure through application visibility, use policies to reduce your attack surface area, and prevent threats and data exfiltration within allowed traffic.

Native Azure security features perform port-based filtering to control access to the Azure resources deployed. They are unable to use the application identity to control traffic nor can they prevent threats within the content allowed. The VM-Series complements Azure Network Security Groups and Azure Firewall security controls by reducing your attack surface through enabling applications regardless of port, preventing threats, and stopping data exfiltration.

palo-alto-vm
palo-alto-vm
palo-alto-vm

VM-Series on Azure

The VM-Series allows you to embrace a prevention-based approach to protecting your applications and data on Azure. Automation and centralized management features enable you to embed next-generation security in your Azure application workflow so security can keep pace with development.

Complete visibility improves security decisions. Understanding the applications in use on your network, including those that may be encrypted, helps you make informed security policy decisions.

Segmentation and application whitelisting aid data security and compliance.Using application whitelisting to enforce a positive security model reduces your attack surface by allowing specific applications that align to your business needs (e.g., allow SharePoint® documents for all, but limit SharePoint administration access to the IT group). Whitelisting policies also allow you to segment applications that communicate across subnets and between virtual networks (VNets) to stop lateral threat movement and meet compliance requirements.

User-based policies improve security posture. Integration with on-premises user repositories—such as Microsoft Exchange, Active Directory®, and LDAP—lets you grant access to critical applications and data based on user credentials and need. For example, your developer group can have full access to the developer VNet while only IT administrators have RDP/SSH access to the production VNet. When deployed in conjunction with Palo Alto Networks GlobalProtect™ for network security at the endpoint, the VM-Series on Azure can extend your corporate security policies to mobile devices and users regardless of their location.

Applications and data are protected from known and unknown threats. Attacks, like many applications, can use any port, rendering traditional prevention mechanisms ineffective. Enabling Threat Prevention and DNS Security as well as WildFire®, Palo Alto Networks malware prevention service, as segmentation policy elements will protect you against exploits, malware, and previously unknown threats from both inbound and lateral movement perspectives.

Multiple defenses block data exfiltration and unauthorized file transfers. Data exfiltration can be prevented using a combination of application enablement, Threat Prevention, and DNS Security features. File transfers can be controlled by looking inside files, not only at their file extensions, to determine whether transfer actions should be allowed. Command and control, associated data theft, and executable files found in drive-by downloads or secondary payloads can also be blocked. Data filtering features can detect and control the flow of confidential data patterns, such as credit card and Social Security numbers, in addition to custom patterns.

Tech Specs

VM-500

SESSIONS 2,000,000
SECURITY RULES 10,000
DYNAMIC IP ADDRESSES 100,000
Security Zones 200
IPSEC VPN TUNNELS
4,000
SSL VPN TUNNELS
6,000

Model

Azure instance size tested (recommended) DS5_v2
Firewall throughput (App-ID enabled) 2.5 Gbps
Threat Prevention throughput 2.25 Gbps
IPsec VPN throughput 1.25 Gbps
Azure instance size tested (maximum) DS5_v2
Firewall throughput (App-ID enabled) 1.5 Gbps
Threat Prevention throughput 1.25 Gbps
IPsec VPN throughput 1 Gbps
All instance sizes supported VM-500
New sessions per second 20K
Max sessions 2M

System Requirements

Cores supported (min/max) 2/8
Memory (min) 16 GB
Azure Managed Disk capacity (min) 60 GB
Azure VM sizes supported2 (only standard Azure VM sizes supported) DS5_v2
Licensing options BYOL or VM-Series ELA
Models
OS Features

OS Features

What’s New

Our latest release continues the tradition of delivering integrated innovations. New features will help you extend security into branch offices, apply security dynamically to users, and provide better visibility for mobile users connecting to your network.

Integrated SD-WAN, dynamic user policy enforcement, enhanced visibility into mobile user activity

Secure SD-WAN

Natively integrated connectivity and security on a single intuitive interface.

Dynamic User Groups

Automated security actions that adapt to changing business needs.

GlobalProtect Enhancements

Full visibility with comprehensive logging and reports to simplify troubleshooting.

World-Class Security + High-Performance Connectivity

With industry-leading security natively integrated into our SD-WAN solution, you get all the security features from our Next-Generation Firewalls – powered by PAN-OS® 9.1 – together with Zero Touch Provisioning (ZTP) and the SD-WAN functionality from a single vendor.

Consume our secure Prisma™ Access SD-WAN hub as a service, or build the hub and interconnect infrastructure yourself using our Next-Generation Firewalls.

Regardless of the deployment model, this tight integration allows you to manage security and SD-WAN on a single intuitive interface.

Dynamic Security Actions with Automated Enforcements

User access policies based on static directory information are simply not enough in today’s dynamic environment.

Network and security teams are tasked with providing correct access to users. But creating ad hoc rules to provide time-bound access to workers – and then ensuring these rules are removed once the business need is over – is manual, time-consuming and poses a security risk if the rules become over-provisioned.

In addition, the inability to dynamically change a user's access based on information about their behavior results in tedious operations and increased security risks.

With PAN-OS 9.1, you can enable Dynamic User Groups (DUG) and reap these benefits:

Automatically include users as members without manually creating and committing policy or group changes.

Still maintain user-to-data correlation at the device level before the firewall even scans the traffic.

Configure and manage a single security policy to auto-remediate anomalous behavior and malicious activity while maintaining user visibility.

Enhanced Visibility and Troubleshooting for GlobalProtect Deployments

PAN-OS 9.1 provides greater visibility, rapid troubleshooting, and enhanced logging enhancements to help you monitor and rectify connection failures with your GlobalProtect™ deployments.

The logging enhancements are available for any Palo Alto Networks Next-Generation Firewall deployed as a GlobalProtect gateway or portal or in a Prisma Access mobile user deployment.

1. Throughput is measured with App-ID and logging enabled, with 64 KB HTTP/appmix transactions.

2. Disable Server Response Inspection (DSRI) throughput is measured with App-ID, IPS, antivirus, anti-spyware, WildFire, file blocking, and logging enabled, utilizing 64 KB HTTP transactions.

3. Threat Prevention throughput measured with App-ID, IPS, antivirus, anti-spyware, WildFire, and logging enabled, utilizing 64 KB HTTP/appmix transactions.

4. IPsec VPN throughput is measured with 64 KB HTTP transactions and logging enabled.

5. New sessions per second is measured with application override, utilizing 1 byte HTTP transactions.

6. Adding virtual systems to the base quantity requires a separately purchased license.

Works Best Together With

^Top