Introduction to PaloAlto Networks Next Generations Firewall: PA7080
We talk about Next Generation Firewalls or so called NGFW a
lot and in this article we are going to discuss about the feature and the
capabilities of NGFW PA7080. There are various factors which shows the
capability, the throughput and the capacity of the devices.
Fig 1.1- Next Generation Firewall (NGFW)- PA7080 PaloAlto Networks |
The throughput of PaloAlto PA7080 NGFW is 700 Gbps and it’s huge. This is stateful firewall throughput and if we take same PaloAlto box with stateful + threat prevention the overall throughput will be 350 Gbps. The major and the most important is the IPSEC throughput of the Box and the throughput is 280 Gbps. Below are the points to remember for PaloAlto PA7080 NGFW.
Things to Remember
- Firewall throughput: 700 Gbps
- Threat Protection throughput: 350 Gbps
- IPSEC VPN throughput: 280 Gbps
The above throughput is what PaloAlto committing for the
PA7080 Next Generation Firewall.
For NGFW, the other things we need to take care for
evaluation is the sessions and these sessions are important. So for this PA7080
box its 4,800,000 new sessions per second. The maximum sessions are as
320,000,000 for Palo Alto 7080 NGFW. Below are the points to remember for
PaloAlto PA7080 NGFW.
Things to Remember
- New Sessions per second: 4,800,000
- Maximum Sessions: 320,000,000
Hardware
Capabilities
Now take a look on the hardware of PaloAlto PA7080 Next Generation Firewalls. Interface supported for PA7080 device are 10/100/1000 (up to 120), SFP/ SFP+ (up to 80), QSFP+/QSFP28 (up to 40) while management interfaces are SFP/SFP+ MGT (2), SFP/SFP+ HA1 (2), HSCI HA2/HA3 QSFP+/QSFP28 (2), RJ45 serial console (1), Micro USB serial console (1) and the size of the device is 19U, 19” standard rack. Power supply for this device is: 2500 W AC (2400 W / 2700 W) (4; expandable to 8) with redundant power supply with 240 GB SSD system drive, RAID1 (2) and capability of Hot-swappable fans. Below are the points to remember for PaloAlto PA7080 NGFW.
Now take a look on the hardware of PaloAlto PA7080 Next Generation Firewalls. Interface supported for PA7080 device are 10/100/1000 (up to 120), SFP/ SFP+ (up to 80), QSFP+/QSFP28 (up to 40) while management interfaces are SFP/SFP+ MGT (2), SFP/SFP+ HA1 (2), HSCI HA2/HA3 QSFP+/QSFP28 (2), RJ45 serial console (1), Micro USB serial console (1) and the size of the device is 19U, 19” standard rack. Power supply for this device is: 2500 W AC (2400 W / 2700 W) (4; expandable to 8) with redundant power supply with 240 GB SSD system drive, RAID1 (2) and capability of Hot-swappable fans. Below are the points to remember for PaloAlto PA7080 NGFW.
Things to Remember
- Interfaces: 10/100/1000 (up to 120), SFP/ SFP+ (up to 80), QSFP+/QSFP28 (up to 40)
- Management: SFP/SFP+ MGT (2), SFP/SFP+ HA1 (2), HSCI HA2/HA3 QSFP+/QSFP28 (2), RJ45 serial console (1), Micro USB serial console (1)
Key Features
There are various key features of PaloAlto Next Generation firewalls specially PA7080 box. As next generation firewalls are based on the application visibility, so PA7080 has deep visibility and granular control for thousands of applications. It also has ability for customer applications to be created. Let’s talk about all features as key points below.
There are various key features of PaloAlto Next Generation firewalls specially PA7080 box. As next generation firewalls are based on the application visibility, so PA7080 has deep visibility and granular control for thousands of applications. It also has ability for customer applications to be created. Let’s talk about all features as key points below.
Things to Remember
- User identification and control: VPNs, WLAN controllers, captive portal, proxies, Active Directory, eDirectory, Exchange, Terminal Services, syslog parsing, XML API
- Granular SSL decryption and inspection (inbound and outbound); per-policy SSH control (inbound and outbound)
- QoS: policy-based traffic shaping (priority, guaranteed, maximum) per application, per user, per tunnel, based on DSCP classification
- Virtual systems: logical, separately managed firewall instances within a single physical firewall, with each virtual system’s traffic kept separate
- Zone-based network segmentation and zone protection; DoS protection against flooding of new sessions
- In-line malware prevention automatically enforced through payload-based signatures, updated daily
- Vulnerability-based protections against exploits and evasive techniques on network and application layers, including port scans, buffer overflows, packet fragmentation, and obfuscation
- Detection of zero-day malware and exploits with layered, complementary analysis techniques
- Automatically prevent tens of millions of malicious domains identified with realtime analysis and continuously growing global threat intelligence
- Bidirectional control over the unauthorized transfer of file types and Social Security numbers, credit card numbers, and custom data patterns
- Remote access VPN (SSL, IPsec, clientless); mobile threat prevention and policy enforcement based on apps, users, content, device, and device state
- Consistent scalable management of up to 30,000 hardware and all VM-Series firewalls; role-based access control; logical and hierarchical device groups; and templates