Hello, I've been using Checkpoint firewall solutions for the past 10 years... currently I have a Checkpoint NG R65 firewall as our primary Internet firewall. It's been relatively solid but over the years I've longed for more features such as... - Active Directory integration / ability to create policies based on user vs IP - Better reporting on user activity - App-ID Bandwidth Management I realize that there are solutions out there that address these items separately from the firewall (SurfControl, PacketShaper, etc) and have been looking at those potential solutions. Last week a counterpart of mine raved to me about a company called Palo Alto Networks who build next-generation firewalls that integrate with Active Directory and utilize App-ID. I'm just wondering if anybody has any experience with Palo Alto Networks and knows of the upsides and downsides... does it really do everything they say it does and is it as secure as a Checkpoint, Juniper solutions? I'm currently working on a project which might give me the opportunity to replace my Checkpoint firewall and I'm now seriously considering Palo Alto Networks as their solution seems like a huge step up. Thanks! -Dave