hi @BhartiAirtel ,
Palo Alto firewall is having Single Pass Software which processes the packet to perform networking, User-ID, policy lookup, traffic inspection with App-ID, Signature inspection for Anti-Virus, Threats etc which are all performed once per packet. This way firewall is no longer have to inspect the packet multiple times. And Firewall's Single Pass Parallel Processing (SP3) Architecture buffers and inspect a packet in a single time which allows firewall to do multiple functions parallelly, avoids packet from re-buffer and re-inspect it at hardware level. It has dedicated Data Plane and Control plane. Each of these planes have its own CPU and RAM.
Control plane is used for management functions. Depending upon hardware platform, it has it's own dual core CPU or single Core. It is responsible for functions like logging and reporting etc.
Data Plane is the actual traffic handling plane. Data plane has separate chip sets/processors (virtual or dedicated hardware depending upon platform). Data plane in higher platforms contains three processors (CPUs) as follows -
1. Security Processor - Dedicated processor which handles the inspection of App-ID, SSL Decryption, IPSEC etc.
2. Network Processor - This is for forwarding for routing, NAT, Qos, Route and MAC lookup etc.
3. Signature Match Processor - Dedicated to inspect vulnerability, Viruses etc
This way Control and Data Plane works with each other and does parallel processing of packet.
Hope it helps!
@BhartiAirtelIf you talk about higher models like 7000.
The key element in 7000 series are Network Processing Card (NPC), Switch Management Card (SMC) and FPP (First Packet Processor) and LPC (Log Processing Card).
1. NPC - It is dedicated to perform all the packet processing tasks like networking, traffic handling and managing threats/virus prevention. Each NPC has 64 processing cores and cores varies depending upon the generation/platform. Each line card maintains session state. And there are Singanture Matching, Network Processing and Security Processing processors behind each NPCs.
2. SMC - This card intelligently manage all traffic and executes all functions using combination of FPP, High-Speed back plane and management sub-system.
FPP - This is actual packet processor, we can say FPP is brain behind all traffic handling in other words. It does session distribution and session tracking. It maintains its global session table.
LPC - It is dedicated system to manage high volume of logs generated by firewall.
Now when traffic comes in 7000, FPP will check if session for this packet was already processed or it is new session so it does session lookup. If it has session state available in its global session table then it will forward traffic to desired card (NPC). If it is new session then based on session distribution algorithm, traffic will be assigned and session gets created.
Now as said, each card has its own Singanture Matching, Network Processing and Security Processing processors which handles traffic/session in same manner once traffic comes into it. So overall traffic is handle in this manner. Do not think about specific/multiple Data Plane. When packet comes in, firewall handles it according to its session table state (i.e. if packet is already seen/or it is new) and forwards it.
Hope it helps!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!