Palo Alto Networks Next Generation Firewall (PA-Series, VM-Series, CN-Series)

Next Generation Firewall (NGFW) from Palo Alto Networks is an advanced network security platform that integrates traditional firewall functions with modern security mechanisms, application identification, and identity-based access control. Palo Alto NGFW solutions are available for physical environments (PA series), public and private clouds (VM series), and Kubernetes-based container platforms (CN series). All solutions offer complete visibility and control over network traffic from layer 2 (data link) to layer 7 (application) of the ISO/OSI model.

Palo Alto NGFWs are built on a unique Single-Pass Parallel Processing (SP3) architecture that combines two key elements, Single Pass Software and Parallel Processing Hardware, to deliver low latency while analyzing applications, users, content, and threats in real time. Single Pass Software means that each packet is processed only once using all available network and security features, such as App-ID, User-ID, Device-ID, and Content-ID. Parallel Processing Hardware is the simultaneous execution of tasks such as routing, user and application identification, content inspection, and management by specialized and dedicated groups of processors. Palo’s NGFW architecture distributes traffic processing and management tasks across different groups of processors, preventing management issues during NGFW traffic processing and performance degradation during intensive administrative work.

A key component is the patented App-ID mechanism for identifying, classifying, and controlling applications in network traffic regardless of the ports, protocols, or encryption used. App-ID uses a combination of signature analysis, protocol decoding, and heuristics to classify traffic in real time.

The User-ID mechanism allows network traffic to be mapped to users regardless of their assigned IP address, enabling administrators to create security rules based on user identity regardless of their IP address.

Device ID is a mechanism for identifying and classifying devices on a network based on their characteristics and behavior, using logs collected by the firewall and analyzed by the Palo Alto IoT Security service. Analysis of metadata, protocols, and sessions leads to the creation of device profiles and device-based security policy recommendations, which increases the precision of traffic management and network protection.

Content-ID is a content inspection mechanism that analyzes processed network traffic for threats such as malware, exploits, phishing, unauthorized data transfer, and unwanted content. Content-ID operates within Single Pass Software, which minimizes the impact of content inspection on firewall performance, even with numerous security features enabled. Content-ID uses advanced methods to detect known and unknown threats, including integration with the WildFire service, which analyzes suspicious files in a SandBox environment, enables web traffic filtering based on URL categories, blocks malicious websites, and controls the transfer of files and confidential data.

Palo Alto NGFW solutions offer a range of network security features such as IDS/IPS, DNS protection, WildFire sandbox, SSL/TLS decryption, web proxy, and SD-WAN.

All versions of the Palo Alto NGFW solution can be managed individually by an administrator or through one of two central management platforms. Palo Alto Networks offers two central management solutions: Panorama, available as a physical or virtual solution, and Strata Cloud Manager (SCM), available as a Software as a Service (SaaS) solution.