Palo Alto Network NGFW Architecture

Next Generation firewalls does much more duties than a legacy firewalls which  lncludes firewall policy, URL Filtering, IPS, Antivirus,Anti-spyware,file blocking,wildfire etc. .This results in  consuming a lot of Firewall hardware resources like CPU consumption, or memory utilization.

To overcome such situations Palo Alto Networks next-generation firewalls are build based on a unique Single Pass Parallel Processing (SP3) Architecture .This combines two components:
  • Single Pass software
  • Parallel Processing hardware


The SP3 architecture is a unique approach to hardware and software integration that simplifies management, streamlines processing and maximizes performance

The combination of Single Pass software and Parallel Processing hardware is completely unique in network security, and enables Palo Alto Networks next-generation firewalls to restore visibility and control to enterprise networks at very high levels of performance.



The Control Plane has its own dual core processor, RAM, and hard drive. This processor is responsible for tasks such as management Ul, configuration, logging, and reporting.

The Data Plane contains three types of processors :
  • Signature Match Processor: Performs vulnerability and virus detection
  • Security Processors: Multi-core processors, which handle security tasks such as SSL decryption
  • Network Processor: Responsible for routing, NAT, and network layer communication

How packet flow in Palo Alto Firewall?

Basic:

Initial Packet Processing —-> Security Pre-Policy —-> Application —-> Security Policy —-> Post Policy Processing

Advance:

1 comment: