Академический Документы
Профессиональный Документы
Культура Документы
CISCO FMC
PANORAMA OVERVIEW Leading Questions
CIO, CISO Director of IT or InfoSec Security Managers
Panorama™ network security management reduces network complexity with logical
device groups; simplifies management with easy, global policy control; and reduces Does your vendor meet
As your organization Can your security vendor
network dwell time for threats by highlighting critical information for response priori- your requirements and
xpands, how will you
e cover data center, branch,
allow granular control
tization. Industry-leading automated threat correlation enables detection of advanced address growing security and mobile workforce use
over your NGFW
threats that would otherwise go unnoticed by connecting the dots between indicators management needs? cases?
deployment?
of compromise (IOCs) across your entire network.
How will you ensure full Does your vendor
Panorama also helps you automate threat responses through policy-based actions and Is your security manage-
visibility and security across automatically integrate
API-based integrations with third-party systems that would otherwise need manual ment product prepared for
networks, clouds (incl. your NGFW into their
the move to the cloud?
intervention. SaaS), and endpoints? security architecture?
Panorama offers the same look and feel as any Palo Alto Networks Next-Generation Do you have a platform Does your security
Firewall (NGFW) PAN-OS® management interface, so you’re up and running with that delivers consistent How much time do you management reduce
Panorama in no time. security across all deploy- spend trying to integrate operational complexity,
ment scenarios with unified separate security products? configuration errors, and
management? opex costs?
Look and feel:
Panorama Highlights
• Intuitive, powerful policy control with
PAN-0S a single security rule base.
• Enterprise-class management
c apabilities, hierarchical device groups,
template stacks, and more.
© 2020 Palo Alto Networks, Inc. | Palo Alto Networks Panorama vs. Cisco FMC | Confidential and Proprietary Information: For internal use and authorized partners under NDA with Palo Alto Networks only. 1
PALO ALTO NETWORKS PANORAMA VS. CISCO FMC
• Mutually exclusive to local UI. Switching between local and central wipes all configuration.
• Will probably be replaced with cloud-based CDO, but this has been in development since
2017. Both are mutually exclusive, and the firewall needs to be migrated from the central FMC Cisco Defense Orchestrator Firepower Management Center
Cloud-hosted management Re
qui
management to the local FDM management. (1,000, 2,100 only; 4,100/9,300 planned) res
1. “Technology Insight for Network Security Policy Management,” Gartner, February 21, 2019.
© 2020 Palo Alto Networks, Inc. | Palo Alto Networks Panorama vs. Cisco FMC | Confidential and Proprietary Information: For internal use and authorized partners under NDA with Palo Alto Networks only. 2
PALO ALTO NETWORKS PANORAMA VS. CISCO FMC
HOW TO COMPETE Feature Comparison Matrix
Firepower Management
Panorama Does Commits in Parallel Feature Panorama 9.1 Center 6.5
FMC does commits in a serial fashion, resulting in long commit times. If a single commit
takes 10 minutes (not unusual), then pushing a policy out to 500 firewalls with FMC takes Up to 5K per appliance/ Up to 750 on largest
Max. managed
80+ hours. VM, and 50K+ w/ Panorama appliance, but closer to
firewalls
Interconnect 100 in reality
Panorama Is Easy to Troubleshoot
FTD, ASA+Firepower
Generic error messages like “Commit failed, call Cisco TAC” are not uncommon with (FP part only), NGIPS
Firepower. FMC leverages several different web and database technologies under the hood, Supported firewalls All
Not supported: ASA, Meraki,
each of which are additional points of failure that require their own troubleshooting. Viptela, Duo, Stealthwatch
Panorama Is the Only Central Management for Palo Alto Networks NGFWs
NOC/SOC view (IOC/
FMC is only one of five different ways to manage Firepower devices. Each admin interface Yes, configurable Application Yes, static widgets with
network activity/apps/
has its own capabilities, and many of them are needed on a daily basis. Command Center (included) long load times
patterns)
Logging
Correlation engine Yes No
FMC was designed as an IPS management system, not built to deal with the considerably
larger event volumes generated by firewalls. Customer typically have only one day of log Limited; logs are typically
storage on the box and quickly have to offload events to log collectors or SIEM systems. Logging Yes
offloaded
Database crashes on FMC regularly require TAC intervention, involving custom SQL
commands, to repair one or more databases. Rule usage/audit Natively supported No
Embedded L4 to L7
Yes (Policy Optimizer) No
policy migration
OBJECTIONS
Yes, but only between same
“Panorama is expensive.” High availability Natively supported hardware; failover requires
Cisco gives FMC away for $350, but any potential savings on the capex side are reversed manual interaction
by the higher opex expenses. FMC has many limitations that require labor-intensive
workarounds. Hypervisor support VMware, AWS, Azure, GCP VMware, KVM, AWS, Azure
“Panorama is complex.”
Look, touch, feel, and workflow are unified with PAN-OS. Customers with hybrid environ- ADDITIONAL RESOURCES
ments of ASA, ASA+Firepower, and FTD need to know multiple admin interfaces, such as
ASDM for ASA, FMC or FDM/CDO for FTD, and various command lines (CLIsh, FXOS). Competitive intel (internal only):
There is no feature parity between any of the GUIs. compete.paloaltonetworks.com
Partners:
paloaltonetworks.com/partners/nextwave-partner-portal/help-me-sell/competitive
© 2020 Palo Alto Networks, Inc. | Palo Alto Networks Panorama vs. Cisco FMC | Confidential and Proprietary Information: For internal use and authorized partners under NDA with Palo Alto Networks only. 3