Palo Alto Networks next-generation firewalls enable policy-based visibility and control over applications, users and content using three unique identification technologies: App-ID, User-ID and Content-ID. The Palo Alto Networks next-generation firewall addresses the rapid evolution in the application landscape that have new applications using increasingly sophisticated security evasion techniques such as dynamic or random port numbers, application emulation and SSL encryption. The era where “port/protocol = application” no longer exists, which means that existing security solutions that rely on port/protocol to identify traffic are no longer effective. Palo Alto Networks uses App-ID, a patent-pending traffic classification mechanism that accurately identifies more than 900 applications. The application identity is mapped to the user identity (User-ID) for control, while traffic is inspected for content policy violations (Content-ID). Deployed either as a complement to existing security infrastructure components, or as a primary firewall, Palo Alto Networks takes a traditional, positive approach to security enforcement—deny all traffic except that which is expressly allowed.