Change search
ReferencesLink to record
Permanent link

Direct link
A comparative study of Palo Alto Networks and Juniper Networks next-generation firewalls for a small enterprise network
Mälardalen University, School of Innovation, Design and Engineering.
Mälardalen University, School of Innovation, Design and Engineering.
2016 (English)Independent thesis Basic level (professional degree), 10 credits / 15 HE creditsStudent thesis
Abstract [en]

This thesis is a comparative study of two Next-Generation Firewalls (NGFWs) with the aim to conclude which one is the most suitable for a small enterprise network. The network in question is Company A’s Office A1. Office A is in the process of upgrading their internal network and with the upgrade a new NGFW will be implemented. The two NGFW platforms that have been researched per Company A’s request are Juniper Networks’ SRX-series firewalls and Palo Alto Networks’ (PAN) PA-series, with focus on the SRX1500 and PA-3020 for a fair comparison. To be able to evaluate different platforms and appliances, the concept of NGFW and what it constitutes has been researched and presented. Both of the NGFW platforms have been tested and compared in terms of ease-of-use and cost analysis. The testing focused on the respective web-interfaces and shows no significant differences between the two NGFWs at a first glance in terms of functionality. However, PAN’s web-interface does objectively feel more up-to-date and provides application visibility natively, which Juniper offers as a separate service as part of the centralised management platform, which is excessive for Office A’s network. The research and collection of data has been conducted based on Office A’s needs and requirements. Third-party research has been collected from NSS Labs and Gartner and serves as a basis for the evaluation. The future network of Office A introduces new services and the general usage will mainly consist of office oriented application based traffic. The evaluation of the research of the two NGFWs and the collection of data, in the context of Office A’s network, shows that the PA-3020 would be favoured. The key points are as follows:

  • PAN’s NGFWs are built specifically for application awareness whereas Juniper are new in the NGFW market and has recently started to add the more advanced application awareness features.
  • PAN offers a one-box solution suited for smaller networks such as Office A whereas a Juniper implementation would require additional hardware (VM’s) to obtain similar features.
  • PAN offers more features in terms of user identification which is a key factor in enabling a true context aware security environment seamlessly integrated and invisible to the users.

No major difference in cost if a similar set of features are to be implemented, based on non-rebated list prices (additional hardware not included).

1 Note: Due to confidentiality, the name and details of the company has been anonymised throughout the report.

Place, publisher, year, edition, pages
2016. , 45 p.
Keyword [en]
Next-Generation Firewall, NGFW, Palo Alto Networks, Juniper, SRX1500, PA-3020
National Category
Communication Systems
URN: urn:nbn:se:mdh:diva-31767OAI: diva2:934269
External cooperation
Subject / course
Computer Science
Available from: 2016-06-17 Created: 2016-06-08 Last updated: 2016-06-17Bibliographically approved

Open Access in DiVA

fulltext(1673 kB)22 downloads
File information
File name FULLTEXT01.pdfFile size 1673 kBChecksum SHA-512
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
Malmgren, AndreasPersson, Simon
By organisation
School of Innovation, Design and Engineering
Communication Systems

Search outside of DiVA

GoogleGoogle Scholar
Total: 22 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 88 hits
ReferencesLink to record
Permanent link

Direct link