First there was AOL. Remember how hard it was to block access to what most admins considered a trivial time waster?
AOL would change their IP addresses on a regular basis which made it hard for firewalls to block access. And then there the peer to peer apps that gave firewalls nervous breakdowns.
Skype is still a challenge for many organizations. Because it is peer to peer and uses an encryption scheme it is very hard to write a simple rule for blocking it. Skype detection has become a selling point for UTMs and firewalls that go beyond stateful connections and look into actual traffic.
Now application awareness is the defining feature of advanced firewalls.
Web apps in particular have become a nightmare for IT staff. Should users be allowed to use Twitter, URL shorteners like bit.ly or ur1.ca, or even Facebook? And if they do what should they be allowed to do within the app? Posting updates is one thing. Playing Mafia Wars is another.
I interviewed Chris King, Director of Product Marketing at Palo Alto Networks (PAN to insiders) to find out more about application control in the network and PAN's Next Generation Firewalls.