Wednesday 16 November 2016

Palo Alto Vs Cisco Remote Access VPN

Palo Alto VPN Highlights
Disable Direct Access to Local Networks
Static IP Address Allocation
Apply a Gateway Configuration to Users, Groups, and/or Operating Systems
Welcome Page Management
RDP Connection to a Remote Client
Simplified GlobalProtect License Structure
SSL/TLS Service Profiles for GlobalProtect Portals and Gateways
GlobalProtect IPsec Crypto Profiles for GlobalProtect Client Configurations
There is no confusion between an access to the SSL VPN and an access to the management GUI sincethey reside on different interfaces and IP addresses.
Browser-based GUI: No Java, no client. Just a simple browser. It is also manageable through SSL VPN portals.
Every software that is downloaded on the primary firewall can automatically be synced to the secondary device. 
Securely connect off-premise users to a next-generation firewall
Protect all users, everywhere by Inspecting traffic, Enforcing security policies, Protecting users, apps, devices and data from threats, Secure BYOD with integration with 3rd Party MDM/EMM
Supported mobile Application available for all popular Mobile Operating systems

Cisco VPN Highlights, and Drawbacks compared to Palo Alto
Application ACL Support
Automatic Applet Download
Front-Door VRF Support
GUI Enhancements
Netegrity Cookie-Based Single SignOn Support
NTLM Authentication
RADIUS Accounting
TCP Port Forwarding and Thin Client
URL Obfuscation
User-Level Bookmarking
VPN Session Monitoring: For a quick glance, the VPN session monitor is great to see all phase 1 and phase 2 security associations including the TX/RX packet counts.
AnyConnect remote access VPN client images. If these are not uploaded manually on the second device, the other HA unit will not terminate VPN tunnels in case of a HA active-unit swap.
No Application awareness/Visibility
Supported mobile Application available for all popular Mobile Operating systems