I was taking wireless certs last year and wanted to get back on my security track. I'm already certified in Cisco and Check Point firewalls and now it's time for me to learn Palo Alto Networks (PAN) firewall. Last year, I had the opportunity to configure a PAN firewall using the web GUI and established a site-to-site IPSec VPN tunnel with a Cisco router. That incident inspired me to learn PAN firewall and why it's popular in many network environment.
I'll be taking first the Accredited Configuration Engineer (ACE), which is a free online exam in Palo Alto Networks' Learning Center website. Then I'll take the Palo Alto Networks Certified Network Security Engineer (PCNSE), which is a paid exam via the Pearson VUE website. To help me prepare, I've used the PCNSE7 Study Guide, attended the free Essentials 1 (101) PAN-OS 7.0 online training in PAN Learning Center, and RouteHub's Palo Alto Networks training videos. I've also setup my own virtual (VM-100) and physical (PA-200) labs which I'll be sharing on my succeeding posts. I'll start off by sharing my notes regarding the SP3 architecture which makes the PAN firewall unique and a market leader in network security.
Traffic Processing Sequence and Single Pass Parallel Processing (SP3) Architecture
The Palo Alto Networks firewall processes can be visualized using the following graphical representation. Your understanding of this linear version of the traffic flow can be very useful when you set up the initial configuration and when you adjust the rules after installation. Note that the graphical representation is a simplified version of the complete flow that can be found in document #1628, Day in the Life of a Packet.
Palo Alto Network next-generation firewalls use a unique Single Pass Parallel Processing (SP3) Architecture which enables high-throughput, low latency network security, all while incorporating unprecedented features and technology. Palo Alto Networks solves the performance problems that plague today's security infrastructure with the SP3 architecture, which combines two complementary components - Single Pass software, Parallel Processing hardware. The result is an excellent mix of raw throughput, transaction processing, and network security that today's high performance networks require.
I'll be taking first the Accredited Configuration Engineer (ACE), which is a free online exam in Palo Alto Networks' Learning Center website. Then I'll take the Palo Alto Networks Certified Network Security Engineer (PCNSE), which is a paid exam via the Pearson VUE website. To help me prepare, I've used the PCNSE7 Study Guide, attended the free Essentials 1 (101) PAN-OS 7.0 online training in PAN Learning Center, and RouteHub's Palo Alto Networks training videos. I've also setup my own virtual (VM-100) and physical (PA-200) labs which I'll be sharing on my succeeding posts. I'll start off by sharing my notes regarding the SP3 architecture which makes the PAN firewall unique and a market leader in network security.
Traffic Processing Sequence and Single Pass Parallel Processing (SP3) Architecture
The Palo Alto Networks firewall processes can be visualized using the following graphical representation. Your understanding of this linear version of the traffic flow can be very useful when you set up the initial configuration and when you adjust the rules after installation. Note that the graphical representation is a simplified version of the complete flow that can be found in document #1628, Day in the Life of a Packet.
Palo Alto Network next-generation firewalls use a unique Single Pass Parallel Processing (SP3) Architecture which enables high-throughput, low latency network security, all while incorporating unprecedented features and technology. Palo Alto Networks solves the performance problems that plague today's security infrastructure with the SP3 architecture, which combines two complementary components - Single Pass software, Parallel Processing hardware. The result is an excellent mix of raw throughput, transaction processing, and network security that today's high performance networks require.
No comments:
Post a Comment