Scribd
Upload
79 views4 pages

10-Palo Alto Firewall Architecture

Palo Alto Firewall Architecture utilizes a Single Pass Parallel Processing (SP3) design for high-throughput and low-latency network security. The architecture includes Single Pass Software for efficient packet processing and Parallel Processing Hardware that separates data and control planes to enhance performance. This setup allows dedicated processors to handle specific tasks in parallel, ensuring optimal functionality without performance degradation.

Uploaded by

les3expertz
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
79 views4 pages

10-Palo Alto Firewall Architecture

Palo Alto Firewall Architecture utilizes a Single Pass Parallel Processing (SP3) design for high-throughput and low-latency network security. The architecture includes Single Pass Software for efficient packet processing and Parallel Processing Hardware that separates data and control planes to enhance performance. This setup allows dedicated processors to handle specific tasks in parallel, ensuring optimal functionality without performance degradation.

Uploaded by

les3expertz
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

Palo Alto Firewall Architecture:

Palo Alto Firewall Architecture is based upon an exclusive design of Single Pass Parallel
Processing (SP3) Architecture. This setup enables high-throughput, low-latency network
security integrated with remarkably features and technology. Palo Alto Networks fixes the
performance problems that impact today’s security infrastructure with the SP3 architecture,
which is composed of two key components Single Pass Software and Parallel Processing
Hardware.

1 | P a g e Created by Ahmad Ali E-Mail: [email protected] , WhatsApp: 00966564303717


Single Pass Software:
Palo Alto Networks Next-Generation Firewall is provided with a Single Pass Software. Single
Pass Software performs an operation once per packet. It processes the packet to perform
features such as networking, user identification (User-ID), policy lookup, traffic classification
with application identification (App-ID), decoding, signature matching for detecting threats and
malicious contents. Processing of a packet in one go or single pass by Palo Alto Networks Next-
Generation Firewall significantly reduces the overhead of packet processing.
The packet processed in Single Pass software is stream based, and uses uniform signature
matching to detect and block threats. Single Pass does not use separate engines and signature
sets and file proxies requiring for file download prior to scanning, the single pass software in
our next generation firewalls scans packets once and stream based fashion to avoid latency and
throughput.
Other Firewall Vendor’s Next-Generation Firewalls is Unified Threat Management (UTM) which
processes the packet and then verifies the contents of packet. As a result, spike in CPU
overhead affects latency and throughput of the Firewalls, a degradation in performance.

Parallel Processing Hardware:


Palo Alto Networks Parallel Processing hardware makes sure function specific processing is
done in parallel at the hardware level, which in conjunction with the dedicated data plane and
control plane, produces amazing performance results. By separation of the data plane and
control plane, Palo Alto Networks is ensuring heavy utilization of either plane will not impact
the overall performance of the platform.

2 | P a g e Created by Ahmad Ali E-Mail: [email protected] , WhatsApp: 00966564303717


Palo Alto Firewall Control Plane & Data Plane:
Palo Alto Firewall Architecture design split up the two 2 planes. it has separate Data Plane and
Control Plane. This separation means that heavy utilization of one plane will never impact the
other.

Control Plane:
Management Functionality is provided via a dedicated control plan processor. Control plane is
responsible for tasks such as management, configuration of Palo Alto firewall and it also takes
care of logging and reporting features. Palo Alto Networks Next-Generation Firewall’s main
feature is the set of dedicated processors which are responsible for specific functions all of
these work in parallel. Palo Alto Control Plan has its own Dual Core CPU, dedicated RAM, and
dedicated RAM.

Data Plane:
The Data Plane in the high end models contains three types of processors (CPUs) connected by
high speed of 1Gbps busses. Palo Alto Firewall Data Plan It is the Traffic Forwarding Plan with
different chip sets.

Types of Processors:
Security Matching Processor:
This is dedicated processor that performs vulnerability and virus detection tasks. Signature
Match process inspects traffic built on Regular Expressions.

Security Processor:
This is dedicated processor that performs hardware acceleration and handles security tasks
such as SSL decryption, IPsec decryption and similar other tasks. Security Processors matches
against Palo Alto security policies.

Network Processor:
This is dedicated processor responsible for network tasks such as routing, NAT, QOS, route
lookup, MAC Lookup and network layer communications. Network Processor is used for traffic
forwarding etc.

3 | P a g e Created by Ahmad Ali E-Mail: [email protected] , WhatsApp: 00966564303717


4 | P a g e Created by Ahmad Ali E-Mail: [email protected] , WhatsApp: 00966564303717

You might also like