Palo Alto Debuts 120 Gbps Network Firewall

Palo Alto Networks promises up to 120 Gbps on the PA-7050, but how does that change under real-world conditions?

By Sean Michael Kerner | Posted Feb 10, 2014
Page of   |  Back to Page 1
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

When it comes to firewalls, vendors have always been eager to talk about how much bandwidth and throughput they have. Palo Alto Networks is no exception to that rule and today is announcing the PA-7050, an appliance it claims to be the world's fastest next generation firewall.

In terms of raw throughput, Palo Alto claims that the PA-7050 can deliver up PA-7050to 120 Gbps of traffic. Matt Keil, director of product marketing at Palo Alto Networks, explained to Enterprise Networking Planet that the top-end throughput is 120 Gbps, measured using HTTP traffic.

"HTTP is an important distinction because it more accurately mimics the type of traffic on a customer network," Keil said. "Prior to the PA-7050, the top end was 20 Gbps."

When it come to firewall performance numbers, however, the numbers always drop as features are turned on. For the PA-7050, Keil said that top end performance for application control plus anti-virus and IPS is 100 Gbps. That number drops even further for IPSec VPN users, all the way down to 24 Gbps of throughput.

The PA-7050 is a net new addition to the Palo Alto portfolio and is not replacing any prior product. Keil noted that it is designed to allow customers to deploy full next-generation firewall security features within the core of their network (datacenter, network segments) where performance demands have often dictated security tradeoffs.

"The PA-7050 has roughly 400 processors distributed across the chassis subsystems," Keil said. "The network processing cards use dual Cavium 32-core chipsets for security, combined with dedicated FPGAs for content inspection and networking."

From a configuration standpoint, each chassis can support up to six network processing cards. Each network processing card supports 12x10/100/1000 GbE + 8xSFP + 4xSFP+ ports.

The PA-7050 also includes support for Palo Alto's WildFire security technology, designed to detect malware and advanced persistent threats. Palo Alto's WildFire technology is also available as a cloud service and on the standalone WF-500 appliance that was announced in June of 2013.

"The PA-7050 supports WildFire using either the cloud or WF-500 deployment scenario," Keil said.

The quest for the world's fastest firewall has been ongoing in the networking security business for a long time. Back in 2010, SonicWALL (now owned by Dell) debuted its SuperMassive firewall technology, at the time boasting next-generation firewall throughput of 40 Gbps. The same year, Cisco debuted its high-end firewall, the ASA-5585, promising up to 35 Gbps.

Keil stressed that the PA-7050 delivers better performance when the next-generation firewall features like application control on all ports, AV, and IPS are enabled. It scales in a linear manner and is easier to manage.

"If you use a race car analogy, F1, Indycar, rally car, pick your favorite vehicle – they go fast because of the sum of their parts," Keil said. "We took the same approach."

Sean Michael Kerner is a senior editor at Enterprise Networking Planet and InternetNews.com. Follow him on Twitter @TechJournalist

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter