I read Startup Launches New Firewall Line posted by Andrew Conry-Murray. He claimed it was innovative. It sounded to me like an application gateway firewall from the mid-90s, only faster. I asked him about it, and he replied, "It's not an application gateway... it's not proxying the applications. The company uses signatures to identify applications rather than try to recreate every app that admins want to allow through." In a traditional application gateway firewall, proxy software that mimic various application servers (usually in a secure fashion) provide the security. He pointed me to From The Labs: Palo Alto's Firewall Appliance.
So, instead of writing proxy software for "550 applications," Palo Alto has "a signature-based system that allows for matching network traffic against a database of more than 550 applications."
It does sound innovative. Check it out and see if you agree.