Palo Alto Firewall – Platforms and Architecture
Control Plane and Dataplane Overview
Debug functions run on either the control plane or the Dataplane
Logging (to the hard drive) is controlled by the control plane
The control plane also referred as Management plane, is where configurations are defined and configured. The control plane considered to be the brain of the firewall and the Dataplane is the muscle of the firewall.
Configuration made within the control plane are pushed by a commit operation to the Dataplane.
The component of the control plane and the Dataplane vary for each platform, series of the firewall.
Different items can leverage the single pass other items can leverage parallel processing
- Signature match is done in parallel.
The stream passes and is scanned for “signatures” or patterns. - Security Processing requires computation to calculate keys for SSL, IPSEC, opening SSL and setting up sessions.
This is a simple CPU set of tasks.
The actual rules are processed here too and the logs are created. So report & Enforce.
Network processing does networking, like NAT and QoS.
Palo Alto Firewall models
PA-200 Model and Features
PA-500 Model and Features
PA-2000 Model and Features
PA-3020 Model and Features
PA-3050 Model and Features
PA-5000 Models and Features
PA-7000 Models and Features
Palo Alto Virtual Firewalls
Useful Links
https://www.paloaltonetworks.com
https://sanchitgurukul.com/tutorials-cat
