Who Me Too'd this topic

Who Me Too'd this topic

L0 Member

Palo Alto VM vs Appliance Based Firewalls


I am still pretty new to the Palo Alto product line and was hoping I can enlist the help of the community to get some feedback and possible use case scenarios for using the VM based firewall. I am currently working on a few new branch office projects and originally planned on using the PA-500 for small office (less than 40 users) and the PA-3020 for larger office (40+ users with 100 max). Due to some new budget constraints, I am being asked to reduce the firewall budget. This is partially due to our IT folks deploying a 2 host Vmware cluster at each of the sites,  based on some hefty HP  G8 servers. Hence the reason why my budget was reduced. :-)

After doing some research, I noticed that the VM edition firewalls are all rated at 1Gbps when the host machine is setup for (4) cores.There are some obvious differences between models when it comes to number of policies, sessions, and etc..

My plan is since there is going to be a vmware cluster, why not use the VM edition of the firewall running on the cluster to save some money on the appliance hardware. The use case for the cluster currently is to server up DHCP, DNS, and possibly a domain controller. So there should plenty of resources left over to run the firewall. My assumption is since we will have a vcenter license, that I will probably not need to cluster the VM appliances since if one Vmware host fails, the VM will be Vmotioned to the second Vmware host.

Is there anyone in the community that are using the virtual edition firewalls in this fashion? If they are, could you provide me some feedback with the performance and possibly some recommendations.

Best Regards,

Jaime Silva

Tags (1)
Who Me Too'd this topic