Home  >  Palo Alto Networks
Palo Alto Networks
PDF
Print
E-mail

Contact us to find out how you can save on all Palo Alto products and services! NDM is a leading national reseller of Palo Alto and can provide demonstrations, proof of concepts, evaluations, implementation services and the best pricing.

Palo Alto Networks next-generation firewalls are based on a unique Single Pass Parallel Processing (SP3) Architecture – which enables high-throughput, low-latency network security, even while incorporating unprecedented features and technology.

Palo Alto Networks solves the performance problems that plague today’s security infrastructure with the SP3 architecture, which combines two complementary components:

  • Single Pass software
  • Parallel Processing hardware

The results is the perfect mix of raw throughput, transaction processing and network security that today’s high performance networks require.

Single Pass Software

Palo Alto Networks Single Pass software is designed to accomplish two key functions within the Palo Alto Networks next-generation firewall. First, the single pass software performs operations once per packet. As a packet is processed, networking functions, policy lookup, application identification and decoding, and signature matching for any and all threats and content are all performed just once. This significantly reduces the amount of processing overhead required to perform multiple functions in one security device. Second, the content scanning step in Palo Alto Networks’ Single Pass software is stream-based, and uses uniform signature matching to detect and block threats.  Instead of using separate engines and signature sets (requiring multi-pass scanning) and instead of using file proxies (requiring file download prior to scanning), the single pass software in our next-generation firewalls scans content once and in a stream-based fashion to avoid latency introduction.

This Single Pass traffic processing enables very high throughput and low latency – with all security functions active.  It also offers the additional benefit of a single, fully integrated policy, enabling simple, easier management of enterprise network security.

Parallel Processing Hardware

The other critical piece of Palo Alto Networks SP3 Architecture is hardware. Palo Alto Networks next-generation firewalls use Parallel Processing hardware to ensure that the Single Pass software runs fast. First, Palo Alto Networks engineers designed separate data and control planes. This separation means that heavy utilization of one won’t negatively impact the other – for example, an administrator could be running a very processor-intensive report, and yet the ability to process packets would be completely unhindered, due to the separation of data and control planes.

The second important element of the Parallel Processing hardware is the use of discrete, specialized processing groups that work in harmony to perform several critical functions.

  • Networking: routing, flow lookup, stats counting, NAT, and similar functions are performed on network-specific hardware
  • User-ID, App-ID, and policy all occur on a multi-core security engine with hardware acceleration for encryption, decryption, and decompression.
  • Content-ID content analysis uses dedicated, specialized content scanning engine
  • On the controlplane, a dedicated management processor (with dedicated disk and RAM) drives the configuration management, logging, and reporting without touching data processing hardware.
The combination of Single Pass software and Parallel Processing hardware is completely unique in network security, and enables Palo Alto Networks next-generation firewalls to restore visibility and control to enterprise networks at very high levels of performance.

KEY PERFORMANCE SPECIFICATIONS PA-2050  PA-2020
Firewall throughput  1 Gbps   500 Mbps
Threat prevention throughput    500 Mbps 200 Mbps
IPSec VPN throughput    300 Mbps 200 Mbps
Max sessions  250000 125000
New sessions per second    15000 15000
IPSec VPN tunnels/tunnel interfaces  2000 1000
SSL VPN Users  1000 500
Virtual routers   10 10
Virtual systems (base/max2)   01/06/11 01/06/11
Security zones  40 40
Max number of policies  5000 2500

KEY-PERFORMANCE SPECIFICATIONS PA-4060  PA-4050  PA-4020
Firewall throughput  10 Gbps   10 Gbps   2 Gbps
Threat prevention throughput    5 Gbps 5 Gbps 2 Gbps
IPSec VPN throughput    2 Gbps 2 Gbps 1 Gbps
Max sessions  2000000 2000000 500000
New sessions per second    60000 60000 60000
IPSec VPN tunnels/tunnel interfaces  4000 4000 2000
SSL VPN Users  10000 10000 5000
Virtual routers   125 125 20
Virtual systems (base/max2)   25/125 25/125  10/20/11
Security zones  500 500 80
Max number of policies  20000 20000 10000

KEY-PERFORMANCE SPECIFICATIONS PA-5060  PA-5050  PA-5020
Firewall throughput  20 Gbps   10 Gbps   5 Gbps
Threat prevention throughput    10 Gbps 5 Gbps 2 Gbps
IPSec VPN throughput    4 Gbps 4 Gbps 2 Gbps
Max sessions  4000000 2000000 1000000
New sessions per second    120000 120000 120000
IPSec VPN tunnels/tunnel interfaces  8000 4000 2000
SSL VPN Users  20000 10000 5000
Virtual routers   225 125 20
Virtual systems (base/max2)   25/225 25/125  20-Oct
Security zones  900 500 80
Max number of policies  40000 20000 10000
 

Guaranteed Lowest Pricing
Please let us know your name.
Please let us know your email address.
Please write a subject for your message.
Please let us know your message.
Your Private Information is Strictly Confidential.

Palo Alto Networks

Barracuda Networks | Blackberry BES | BlueCoat | Dell Storage | EMCEnterasys | F5 Networks | Firewall | Fortinet | HP | HP StorageHP TippingPoint | IPS | Isilon | Juniper Networks | McAfee | Microsoft | NetApp | NCP | Novell | Sourcefire | Veeam | VMware | WatchGuard