Next Generation Firewalls

1. Palo Alto Networks Customer Presentation May 2010

3. World-class team with strong security and networking experience

4. Founded in 2005 by security visionary NirZuk

5. Top-tier investors

6. Builds next-generation firewalls that identify / control 1000+ applications

7. Restores the firewall as the core of the enterprise network security infrastructure

8. Innovations: App-ID™, User-ID™, Content-ID™

11. IP Addresses ≠ Users

12. Packets ≠ ContentNeed to restore visibility and control in the firewall

15. Tunneling and port hoppingare common

17. Why It Has To Be The Firewall IPS IPS Applications Firewall Path of least resistance - build it with legacy security boxes Applications = threats Can only see what you expressly look for Can’t “allow, but…” Most difficult path - can’t be built with legacy security boxes Applications = applications, threats = threats Can see everything Can “allow, but…” Firewall Applications Traffic decision is made at the firewall No application knowledge = bad decision

19. Identify the application

20. User-ID™

21. Identify the user

22. Content-ID™

24. Traffic classification (app identification)

25. User/group mapping

26. Content scanning – threats, URLs, confidential data

28. Separate data/control planesUp to 10Gbps, Low Latency

29. © 2010 Palo Alto Networks. Proprietary and Confidential. Page 11 | Comprehensive View of Applications, Users & Content Filter on Facebook-baseand user cook Remove Facebook to expand view of cook Application Command Center (ACC) View applications, URLs, threats, data filtering activity Add/remove filters to achieve desired result Filter on Facebook-base

30. © 2010 Palo Alto Networks. Proprietary and Confidential. Page 12 | PAN-OS Core Firewall Features Visibility and control of applications, users and content complement core firewall features Zone-based architecture All interfaces assigned to security zones for policy enforcement High Availability Active / passive Configuration and session synchronization Path, link, and HA monitoring Virtual Systems Establish multiple virtual firewalls in a single device (PA-4000 and PA-2000 Series only) Simple, flexible management CLI, Web, Panorama, SNMP, Syslog Strong networking foundation Dynamic routing (BGP, OSPF, RIPv2) Tap mode – connect to SPAN port Virtual wire (“Layer 1”) for true transparent in-line deployment L2/L3 switching foundation Policy-based forwarding VPN Site-to-site IPSec VPN SSL VPN QoS traffic shaping Max/guaranteed and priority By user, app, interface, zone, & more Real-time bandwidth monitor PA-4060 PA-4050 PA-4020 PA-2050 PA-2020 PA-500

31. 2010 Magic Quadrant for Enterprise Network Firewalls © 2010 Palo Alto Networks. Proprietary and Confidential. Page 13 | Cisco Juniper Networks Fortinet Check Point Software Technologies McAfee ability to execute Stonesoft Palo Alto Networks SonicWALL WatchGuard NETASQ Astaro phion 3Com/H3C visionaries niche players As of March 2010 completeness of vision Source: Gartner

32. Addresses Three Key Business Problems Identify and Control Applications Visibility of 1000+ applications, regardless of port, protocol, encryption, or evasive tactic Fine-grained control over applications (allow, deny, limit, scan, shape) Addresses the key deficiencies of legacy firewall infrastructure Prevent Threats Stop a variety of threats – exploits (by vulnerability), viruses, spyware Stop leaks of confidential data (e.g., credit card #, social security #) Stream-based engine ensures high performance Enforce acceptable use policies on users for general web site browsing Simplify Security Infrastructure Put the firewall at the center of the network security infrastructure Reduce complexity in architecture and operations © 2010 Palo Alto Networks. Proprietary and Confidential. Page 14 |

33. Thank You © 2010 Palo Alto Networks. Proprietary and Confidential. Page 15 |

34. Additional Information Speeds and Feeds, Deployment, Customers, TCO, Support, and Management

36. 5 Gbps threat prevention

37. 2,000,000 sessions

38. 16 copper gigabit

40. 2 Gbps threat prevention

41. 500,000 sessions

42. 16 copper gigabit

44. 5 Gbps threat prevention

45. 2,000,000 sessions

46. 4 XFP (10 Gig) I/O

48. 500 Mbps threat prevention

49. 250,000 sessions

50. 16 copper gigabit

52. 200 Mbps threat prevention

53. 125,000 sessions

54. 12 copper gigabit

56. 100 Mbps threat prevention

57. 50,000 sessions

59. G2000 Organizations Trust Palo Alto Networks © 2010 Palo Alto Networks. Proprietary and Confidential. Page 19 |

62. Support contracts

63. Subscriptions

64. Power and HVAC

65. Save on “soft” costs too

66. Rack space, deployment/integration, headcount, training, help desk callsCut by as much as 65%

67. Legendary Customer Support Experience Strong TSE team with deep network security and infrastructure knowledge Experience with every major firewall TSEs average over 15 years of experience TSEs co-located with engineering – in Sunnyvale, CA Premium and Standard offerings Rave reviews from customers © 2010 Palo Alto Networks. Proprietary and Confidential. Page 21 | Customer support has always been amazing. Whenever I call, I always get someone knowledgeable right away, and never have to wait. They give me the answer I need quickly and completely. Every support rep I have spoken with knows his stuff. -Mark Kimball, Hewlett-Packard Customer support has been extraordinarily helpful – which is not the norm when dealing with technology companies. Their level of knowledge, their willingness to participate – it’s night and day compared to other companies. It’s an incredible strength of Palo Alto Networks. -James Jones, UPMC

69. IPS with app visibility & control

70. Consolidation of IPS & URL filtering

71. Firewall replacement with app visibility & control

72. Firewall + IPS

74. Enables Visibility Into Applications, Users, and Content

75. Site-to-Site and Remote Access VPN Site-to-site VPN connectivity Remote user connectivity Secure connectivity Standards-based site-to-site IPSec VPN SSL VPN for remote access Policy-based visibility and control over applications, users and content for all VPN traffic Included as features in PAN-OS at no extra charge

76. Traffic Shaping Extends Policy Control Options Traffic shaping policies ensure business applications are not bandwidth starved Guaranteed, prioritized and maximum bandwidth settings Apply traffic shaping policies by application, user, source, destination, interface, IPSec VPN tunnel and more Enables more effective deployment of appropriate application usage policies Included as a feature in PAN-OS at no extra charge

77. Real-time Bandwidth Monitor Real-time view of bandwidth and session consumption for applications, users, and rules

78. Flexible Policy Control Responses Intuitive policy editor enables appropriate usage policies with flexible policy responses

79. App-ID: Comprehensive Application Visibility Policy-based control more than 1000 applications distributed across five categories and 25 sub-categories Balanced mix of business, internet and networking applications and networking protocols 3 - 5 new applications added weekly App override and custom HTTP/SSL applications address internal applications

80. User-ID: Enterprise Directory Integration Users no longer defined solely by IP address Leverage existing enterprise directory services (Active Directory, LDAP, eDirectory) without desktop agent rollout Identify Citrix users and tie policies to user and group, not just the IP address Manage and enforce policy based on user and/or group Understand user application and threat behavior based on username, not just IP Investigate security incidents, generate custom reports XML API enables integration with other user repositories

81. Content-ID: Real-Time Content Scanning Detect and block a wide range of threats, limit unauthorized data transfer and control non-work related web surfing Stream-based, not file-based, for real-time performance Uniform signature engine scans for broad range of threats in single pass Vulnerability exploits (IPS), viruses, and spyware (both downloads and phone-home) Block transfer of sensitive data and file transfers by type Looks for CC # and SSN patterns Looks into file to determine type – not extension based Web filtering enabled via fully integrated URL database Local 20M URL database (78 categories) maximizes performance (1,000’s URLs/sec) Dynamic DB and customizable categories adapts to local, regional, or industry focused surfing patterns

82. Trace Session Tool Improve forensics and incident investigation - View all logs from other databases a particular session.