NGFW Feature Matrix
Next-Generation Firewall (NGFW) feature matrix
NGFW support and feature matrix |
|||
---|---|---|---|
Standard firewall features |
|||
NetSec support for Palo Alto Networks® | NetSec support for Cisco® (FTD) | ||
Interfaces | Supported | Supported | Interfaces |
IPv4 routing | Supported | Supported | IPv4 routing |
IPv6 routing | Supported | Supported | IPv6 routing |
NAT | Supported | Supported | NAT |
Packet filtering | Supported | Supported | Packet filtering |
Global Protect Basic (Client VPN) | Supported | Supported | Anyconnect Plus |
Management | Supported | Supported | Management |
High availability (HA—active/standby) | Supported | Supported | High availability (HA—active/standby) |
Routed mode | Supported | Supported | Routed mode |
Two-factor authentication | Two-factor authentication | ||
Duo Version 1 | Supported with customer provided by proxy server | Supported with customer provided by proxy server | Duo Version 1 |
Duo Version 2 | Roadmap item | Roadmap item | Duo Version 2 |
Site-to-site VPN | Site-to-site VPN | ||
Policy-based VPN | Supported | Supported | Policy-based VPN |
Route-based VPN | Supported | Supported | Route-based VPN |
RackConnect | Version 3 Only | Unsupported Feature | RackConnect |
NGFW features—Threat intelligence feeds |
|||
---|---|---|---|
NetSec support for Palo Alto Networks® | NetSec support for Cisco® (FTD) | ||
Threat prevention (IPS) | NetSec—configure only | NetSec—configure only | Threat prevention (IPS) |
Geofencing | Supported | Supported | Geofencing updates included threat-prevention license |
Anti-virus |
Supported (Default template) | Supported | Umbrella |
Anti-spyware |
Supported (Default template) | Security intelligence DNS security | |
Vulnerability protection |
Supported (default template) | Supported | Security intelligence for IP and URL |
URL Filtering | Supported | Supported | URL Filtering (URL) |
SSL Inbound decryption | Supported | Supported | SSL Inbound decryption |
SSL Outbound decryption (requires PKI infrastructure) | Supported | Supported | SSL Outbound decryption (requires PKI infrastructure) |
DNS sinkhole | Supported | Supported | DNS sinkhole |
DOS profiles | Supported (default template) | ||
Zone-based protection | Supported (default template) | ||
Profiles | Supported (default template) |
MALWARE protection |
|||
---|---|---|---|
Wildfire |
Threat Grid Cloud |
||
Advanced Wildfire | Supported (Default template) | Supported on Firepower hardware only | Anti-malware protection (AMP for networks) |
Wildfire signature updates (24-48 hours) | Supported | Not supported on ASA-X hardware | Anti-malware protection (AMP for networks) |
Instant signature updates (Less than 5 minutes) | Supported | ||
Data filtering and file blocking | Supported (default template) | Supported | File-type filtering and blocking |
Advanced connectivity options |
|||
---|---|---|---|
Global Protect Advanced | Professional Services required | Professional Services required | Anyconnect Apex |
Global Protect HIP checks |
Professional Services required | ||
Global Protect mobile support |
Professional Services required | ||
Global Protect IPv6 support |
Professional Services required | ||
Global Protect clientless Mode |
Professional Services required |
Updated 3 months ago