Virtualised Firewall Overview
The Palo Alto Networks VM-Series features three virtualised next-generation firewall models – the VM-100, VM-200, and VM-300. These platforms are supported on the VMware ESXi 4.1, 5.0 and 5.5 platforms, and the Citrix NetScaler SDX 11500 and 17550 Series.
You can deploy the VM-Series on ESXi servers in virtualised and for cloud environments for East West traffic inspection. The VM-Series on Citrix NetScaler consolidates security and application delivery controller capabilities for multi-tenant (business unit, application owner, service provider customer) deployments or as a complete solution for Citrix XenApp XenDesktop deployments.
2, 4, or 8 CPU cores on your virtualised server platforms can be assigned for next-generation firewall processing. With 4 CPU cores running, the VM-Series delivers up to 1 Gbps firewall throughput with App-ID enabled. To ensure that management is accessible to you during heavy traffic, the data and control plane are separated. In addition, our unique single-pass software architecture processes functions in a single pass to reduce latency.
VM-Series on the ESXi servers supports 10 virtual network interfaces while VM-Series on the Citrix NetScaler SDX supports 24 virtual network interfaces.
The VM-Series runs PAN-OSTM, a security-specific operating system that:
- Safely enables all applications, regardless of ports, protocols and evasive tactics
- Protects you against all known and unknown threats
- Integrates flexibly in the virtualized environment at layers 1, 2, or 3
Our PAN-OS next-generation firewall capabilities, such as Dynamic Address Groups and VM-Monitoring, allow you to tie your security policies to virtual machine adds, moves and changes, and to create security policies that instantly sync with virtual workload creation.
VM-1000-HV
- 250,000 max sessions
- 2,000 IPSec VPN tunnels/tunnel interfaces
- 500 SSL VPN Users
- 40 security zones
- 10,000 max number of policies
- 10,000 address objects
- 1Gbps Firewall Throughput (App-ID enabled)*
- 600 Mbps Threat Prevention Throughput*
- 250 Mbps IPSec VPN Throughput*
- 8,000 New sessions per second*
VM 300
- 250,000 max sessions
- 2,000 IPSec VPN tunnels/tunnel interfaces
- 500 SSL VPN Users
- 40 security zones
- 5,000 max number of policies
- 10,000 address objects
- 1Gbps Firewall Throughput (App-ID enabled)*
- 600 Mbps Threat Prevention Throughput*
- 250 Mbps IPSec VPN Throughput*
- 8,000 New sessions per second*
VM 200
- 100,000 max sessions
- 500 IPSec VPN tunnels/tunnel interfaces
- 200 SSL VPN Users
- 20 security zones
- 2,000 max number of policies
- 4,000 address objects
- 1Gbps Firewall Throughput (App-ID enabled)*
- 600 Mbps Threat Prevention Throughput*
- 250 Mbps IPSec VPN Throughput*
- 8,000 New sessions per second*
VM 100
- 50,000 max sessions
- 25 IPSec VPN tunnels/tunnel interfaces
- 25 SSL VPN Users
- 10 security zones
- 250 max number of policies
- 2,500 address objects
- 1Gbps Firewall Throughput (App-ID enabled)*
- 600 Mbps Threat Prevention Throughput*
- 250 Mbps IPSec VPN Throughput*
- 8,000 New sessions per second*
*Performance and capacities are measured under ideal testing conditions using PAN-OS 5.0 and 4 CPU cores.