If you were talking to someone whose organization is considering Palo Alto Networks DNS Security, what would you say?
How would you rate it and why? Any other tips or advice?
My advice to those wanting to implement Palo Alto Next-generation Firewalls, VM-Series, K2, or any other firewall from Palo Alto, I would recommend them to enable DNS Security. I rate Palo Alto Networks DNS Security a nine out of ten.
We are customers and end-users. I'm not sure which version of the solution we're using. I'm currently during training with new virtual firewalls. DNS is a very ancient protocol. The protocol 53 and the UCP and so on, and ARP. We need to review that architecture due to the way we do networking is open to hacking. People can poison the cache, and therefore we need to look at a way of doing away with ARP, doing away with the UCP and having, let's say, the address convert automatically into the IP address and do away with IP version 6. IP version 6 was a total mess. Although the protocol works, it consumes too much overhead and it's too much of a fat protocol. It uses 64 bit, 128 bit, hex addressing at the Mac layer and also at the network layer when using hex. We need to stick with expanding IP version 4, data in notation. That works at a human level better than working at the network layer. When you use, let's say, IP version 6 it is very difficult to troubleshoot. It's a lot easier to troubleshoot IP version 4, that it's decimal and hex at the network layer. It's a lot easier to identify patterns, easier for the eye to be able to recognize that something is negative or to understand how protocols are working or how routing is working. Right now, most companies operate with all the DNS. What's surrounding the DNS are the firewalls, intrusion protection and detection, load balancing, fault tolerance et cetera. Other than that, we don't have a secure DNS. That's why we need to reinvent networking. We need to switch to a new method of networking, where we have a truly secure DNS. Without the DNS the internet does not work. That's like having a store open to pirates. DNS is the best thing that has been invented, as far as the internet goes, as that's what allows the browsers to work, that's what allows network solutions to work. Without it we're dead. I'd rate the solution at an eight out of ten.
For us, this is the best product that we have used. Nonetheless, I will recommend it only once they have integration with Cisco Meraki so that the two technologies can work together. I would rate this solution a nine out of ten.
We all know it's really hard to get good pricing and cost information.
Please share what you can so you can help your peers.
Let the community know what you think. Share your opinions now!