Virtualised Firewall Overview

The Palo Alto Networks VM-Series features three virtualised next-generation firewall models – the VM-100, VM-200, and VM-300. These platforms are supported on the VMware ESXi 4.1, 5.0 and 5.5 platforms, and the Citrix NetScaler SDX 11500 and 17550 Series.

 

You can deploy the VM-Series on ESXi servers in virtualised and for cloud environments for East West traffic inspection. The VM-Series on Citrix NetScaler consolidates security and application delivery controller capabilities for multi-tenant (business unit, application owner, service provider customer) deployments or as a complete solution for Citrix XenApp XenDesktop deployments.

 

2, 4, or 8 CPU cores on your virtualised server platforms can be assigned for next-generation firewall processing. With 4 CPU cores running, the VM-Series delivers up to 1 Gbps firewall throughput with App-ID enabled. To ensure that management is accessible to you during heavy traffic, the data and control plane are separated. In addition, our unique single-pass software architecture processes functions in a single pass to reduce latency.

 

VM-Series on the ESXi servers supports 10 virtual network interfaces while VM-Series on the Citrix NetScaler SDX supports 24 virtual network interfaces.

 

The VM-Series runs PAN-OSTM, a security-specific operating system that:

 

  • Safely enables all applications, regardless of ports, protocols and evasive tactics
  • Protects you against all known and unknown threats
  • Integrates flexibly in the virtualized environment at layers 1, 2, or 3

 

Our PAN-OS next-generation firewall capabilities, such as Dynamic Address Groups and VM-Monitoring, allow you to tie your security policies to virtual machine adds, moves and changes, and to create security policies that instantly sync with virtual workload creation.

 

VM-1000-HV

VM-1000-HV

 

 

  • 250,000 max sessions
  • 2,000 IPSec VPN tunnels/tunnel interfaces
  • 500 SSL VPN Users
  • 40 security zones
  • 10,000 max number of policies
  • 10,000 address objects
  • 1Gbps Firewall Throughput (App-ID enabled)*
  • 600 Mbps Threat Prevention Throughput*
  • 250 Mbps IPSec VPN Throughput*
  • 8,000 New sessions per second*

VM 300

VM 300

  • 250,000 max sessions
  • 2,000 IPSec VPN tunnels/tunnel interfaces
  • 500 SSL VPN Users
  • 40 security zones
  • 5,000 max number of policies
  • 10,000 address objects
  • 1Gbps Firewall Throughput (App-ID enabled)*
  • 600 Mbps Threat Prevention Throughput*
  • 250 Mbps IPSec VPN Throughput*
  • 8,000 New sessions per second*

VM 200

VM 200

  • 100,000 max sessions
  • 500 IPSec VPN tunnels/tunnel interfaces
  • 200 SSL VPN Users
  • 20 security zones
  • 2,000 max number of policies
  • 4,000 address objects
  • 1Gbps Firewall Throughput (App-ID enabled)*
  • 600 Mbps Threat Prevention Throughput*
  • 250 Mbps IPSec VPN Throughput*
  • 8,000 New sessions per second*

VM 100

VM 100

  • 50,000 max sessions
  • 25 IPSec VPN tunnels/tunnel interfaces
  • 25 SSL VPN Users
  • 10 security zones
  • 250 max number of policies
  • 2,500 address objects
  • 1Gbps Firewall Throughput (App-ID enabled)*
  • 600 Mbps Threat Prevention Throughput*
  • 250 Mbps IPSec VPN Throughput*
  • 8,000 New sessions per second*
Quarter Column

*Performance and capacities are measured under ideal testing conditions using PAN-OS 5.0 and 4 CPU cores.

 

 

Copyright © Kaztech