The combination of rising data volumes, performance expectations, and processing demands has placed stringent requirements on next-generation firewalls (NGFWs) positioned at the enterprise edge. Advanced security measures such as threat protection, SSL inspection, and high-capacity processing are now considered fundamental features for any NGFW tasked with securing an enterprise network.
A key challenge faced by IT teams is determining what constitutes sufficient security performance to enable business operations at the speed and scale required by the market, without compromising the security standards mandated by users and regulatory bodies.
It is essential that all network traffic, whether encrypted or unencrypted, undergoes inspection and that security controls are enforced without causing a decline in network performance. However, many of the NGFW solutions currently available are not capable of meeting this requirement.
Full threat protection (TP) can only be maintained without degrading network speed if security measures are applied at rates equal to or exceeding network capacity. As WAN speeds reach and surpass 40G to 100G, NGFWs at the network edge must be able to deliver threat protection at near-wire rates. Unlike some vendor solutions that require disabling crucial TP functions or SSL decryption to sustain performance, enterprises cannot afford such compromises. Threat protection throughput must be evaluated with firewall, application control, intrusion prevention (IPS), and antimalware/antivirus features enabled, using an enterprise-level traffic mix. Additionally, SSL inspection must remain fully operational to secure real-world enterprise traffic effectively.
Capacity is another essential consideration because many NGFW appliances today are limited to a few million concurrent sessions. As traffic volumes and connected devices continue to rise, maintaining a high session capacity to handle peak network demand is crucial.
Since nearly 80% of web traffic is now encrypted, SSL inspection has become one of the most vital functions of an NGFW. It serves as a critical defense against data breaches caused by advanced threats concealed within SSL traffic. To achieve this, deep packet inspection of SSL traffic must be performed, and security policies must be enforced without negatively affecting network performance. However, SSL inspection introduces additional processing overhead and latency, which can significantly impact network efficiency.
For this reason, SSL inspection performance metrics are often not disclosed by many NGFW vendors. It is unacceptable for a solution to claim high levels of threat protection throughput if performance drastically declines when SSL inspection is enabled, particularly when most network traffic is encrypted. For instance, a solution advertised as providing 30G of threat protection but only delivering 6.5 Gbps of SSL inspection throughput effectively offers just 6.5 Gbps of security performance for most network traffic—a level that is insufficient for enterprise needs. Since a traditional chassis model is not considered an optimal choice in this scenario. What is required is the performance, scalability, and capacity of a high-performance chassis, but within a compact, efficient, and highly scalable appliance footprint.
To address the above needs, a new class of ultra-high-performance security appliances has been introduced-the PA-7500 series NGFWs developed to meet the real-world demands of digital enterprises by redefining industry benchmarks for threat protection (TP) throughput, SSL inspection, connectivity, and capacity.
The PA-7500 is powered by a scalable architecture for the purposes of applying the appropriate type and volume of processing power to the key functional tasks of networking, security, and management. The PA-7500 is managed as a single, unified system, enabling you to easily direct all available resources to protect your data. The PA-7500 chassis intelligently distributes processing demands across three subsystems, each with massive amounts of computing power and dedicated memory: the Network Processing Card (PA-7500-NPC-A), the Data Processing Card (PA-7500-DPC-A), and the Management Processing Card (PA-7500-MPC-A).
The PA-7500 offers nine slots that can be populated with these cards, with a minimum configuration requiring at least one of each card. Additionally, one or two Switching Fabric Cards (PAN-PA-7500-SFC-A) with optional redundancy is rear mounted for orthogonal mating.
For instance, a fully populated PA-7500 model has been designed to allow customers to inspect and secure all traffic efficiently, without causing network slowdowns, by delivering:
Official Datasheet: https://www.paloaltonetworks.com/apps/pan/public/downloadResource?pagePath=/content/pan/en_US/resour...
Comparison page: https://www.paloaltonetworks.com/products/product-comparison
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
| Subject | Likes |
|---|---|
| 6 Likes | |
| 3 Likes | |
| 2 Likes | |
| 2 Likes | |
| 2 Likes |
