flow chart

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

flow chart

L1 Bithead

Hi guys.
I'm new in Palo Alto, but have quite a few years with other Firewalls.
Some time, for getting good decisions, you have to know the flow chart of the Firewall.
Maybe it's existing, but I can't find it.
What I mean by flow chart, is how the information pass thru the firewall.
for example - Routing, Nat, Policy base rout, Security, QOS, Security profile, SD-Wan and so on.
what is coming first and what is later.

Is there any graphical chart that show this?

Thanks, and any help will be appreciated?

Thanks, and any help will be appreciated.
🙂
Regards,
Goldy

Assumption is the mother of all Fu.. ups
1 accepted solution

Accepted Solutions

Cyber Elite
Cyber Elite

Hello @YGoldy ,

 

Your flow chart is included in this link.  https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClVHCA0

 

Here are my notes on the flow chart (which may not be entirely correct):

 

  1. Ingress
    1. Packet Checking/Parsing
    2. Decapsulation/Decryption
  2. Session Lookup
    1. Match 6-tuple key: source-address, destination-address, source-port, destination-port, protocol, and security-zone.
    2. Match = Fastpath.  No = Session Setup/Slowpath.
  3. Session Setup/Slowpath
    1. The session is created.
    2. Lookups are done, but NAT is not applied to the packet.  PBF takes precedence over routing.
    3. Zone and DoS Protection are checked.
  4. Fastpath
    1. Application Override
    2. Decryption
    3. App-ID
    4. Content-ID
  5. Egress
    1. QoS
    2. NAT
    3. SD-WAN
    4. Encryption/Encapsulation

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClVECA0

 

Thanks,

 

Tom

Help the community: Like helpful comments and mark solutions.

View solution in original post

2 REPLIES 2

Cyber Elite
Cyber Elite

Hello @YGoldy ,

 

Your flow chart is included in this link.  https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClVHCA0

 

Here are my notes on the flow chart (which may not be entirely correct):

 

  1. Ingress
    1. Packet Checking/Parsing
    2. Decapsulation/Decryption
  2. Session Lookup
    1. Match 6-tuple key: source-address, destination-address, source-port, destination-port, protocol, and security-zone.
    2. Match = Fastpath.  No = Session Setup/Slowpath.
  3. Session Setup/Slowpath
    1. The session is created.
    2. Lookups are done, but NAT is not applied to the packet.  PBF takes precedence over routing.
    3. Zone and DoS Protection are checked.
  4. Fastpath
    1. Application Override
    2. Decryption
    3. App-ID
    4. Content-ID
  5. Egress
    1. QoS
    2. NAT
    3. SD-WAN
    4. Encryption/Encapsulation

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClVECA0

 

Thanks,

 

Tom

Help the community: Like helpful comments and mark solutions.

L1 Bithead

Thanks.

It's a shame the chart picture in the link is in not too sharp and in high resolution so we can englare it.

 

Assumption is the mother of all Fu.. ups
  • 1 accepted solution
  • 1302 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!