Palo Alto Firewall – Platforms and Architecture

Control Plane and Dataplane Overview

Debug functions run on either the control plane or the Dataplane

Logging (to the hard drive) is controlled by the control plane

The control plane also referred as Management plane, is where configurations are defined and configured. The control plane considered to be the brain of the firewall and the Dataplane is the muscle of the firewall.

Configuration made within the control plane are pushed by a commit operation to the Dataplane.

The component of the control plane and the Dataplane vary for each platform, series of the firewall.

Control Plane - Dataplane front.png

 

Architecture front

Different items can leverage the single pass other items can leverage parallel processing

Picture1

  • Signature match is done in parallel.
    The stream passes and is scanned for “signatures”  or patterns.
  • Security Processing requires computation to calculate keys for SSL, IPSEC, opening SSL and setting up sessions.
    This is a simple CPU set of tasks.
    The actual rules are processed here too and the logs are created. So report & Enforce.
    Network processing does networking, like NAT and QoS.

 

Palo Alto Firewall models 

 

PA-200 Model and Features

PA-200 front

 

PA-500 Model and Features

PA-500 front

PA-2000 Model and Features

 

PA-2000s front

 

PA-3020 Model and FeaturesPA-3020 front

 

PA-3050 Model and Features

PA-3050 front

 

PA-5000 Models and Features

 

PA-5000 front

 

PA-7000 Models and Features

 

PA-7000 front

 

Palo Alto Virtual Firewalls 

 

VM series firewalls front

 


 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Create a website or blog at WordPress.com

%d bloggers like this: