Can someone tell me how exactly the Palo Alto firewalls, especially the PA-3020, process traffic?
Is that done via Software/CPU or via hardware?
I mean, if it's done via Software, the palo alto firewalls are just workstations with a linux os and network cards, aren't they?
Sometimes I observe that the latency in the network rises. That is when large files are copied to the fileserver with 1Gbit/s. (That's the speed of the interfaces of the Palo Alto, full speed so to say). That traffic is routed over the pa-3020 (8.0.7) since there are different vlans. (client in another vlan than the fileserver). Besides, the management and data plane cpu utilization rise, too.
Packet Flow is heavily documented, an example would be this knowledgebase article HERE. As for the device question, like most other networking hardware, the box is effectively a highly customized Linux installation with specific hardware to help accomplish high data rates.
If you haven't done so already options to speed up SMB traffic processing would be to disable DSRI or utilize an application-override policy to disable layer7 inspection and app-id to your file servers.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!