Palo Alto Firewall – Platforms and Architecture

Control Plane and Dataplane Overview

Debug functions run on either the control plane or the Dataplane

Logging (to the hard drive) is controlled by the control plane

The control plane also referred as Management plane, is where configurations are defined and configured. The control plane considered to be the brain of the firewall and the Dataplane is the muscle of the firewall.

Configuration made within the control plane are pushed by a commit operation to the Dataplane.

The component of the control plane and the Dataplane vary for each platform, series of the firewall.

Control Plane - Dataplane front.png


Architecture front

Different items can leverage the single pass other items can leverage parallel processing


  • Signature match is done in parallel.
    The stream passes and is scanned for “signatures”  or patterns.
  • Security Processing requires computation to calculate keys for SSL, IPSEC, opening SSL and setting up sessions.
    This is a simple CPU set of tasks.
    The actual rules are processed here too and the logs are created. So report & Enforce.
    Network processing does networking, like NAT and QoS.


Palo Alto Firewall models 


PA-200 Model and Features

PA-200 front


PA-500 Model and Features

PA-500 front

PA-2000 Model and Features


PA-2000s front


PA-3020 Model and FeaturesPA-3020 front


PA-3050 Model and Features

PA-3050 front


PA-5000 Models and Features


PA-5000 front


PA-7000 Models and Features


PA-7000 front


Palo Alto Virtual Firewalls 


VM series firewalls front



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Create a website or blog at

%d bloggers like this: