Palo Alto Networks
Firewalls enforce network access via a positive control model, where only specific traffic defined in policies is granted access to the network while all other traffic is denied. Access Control Lists (ACLs) initially performed this functionality, often in routers, but their rudimentary approach gave way to dedicated packet filtering and stateful inspection firewall devices that offered deeper levels of access controls. Unfortunately, these traditional firewalls shared a common shortcoming—an inability to see all of the applications traversing the network across all ports and protocols. The use of proxy-based devices began providing more granular visibility into a small set of applications and protocols where traditional firewalls were blind.