PCNSA – 1.2

Identify the components and operation of Single-Pass Parallel
Processing architecture.

Palo Alto PCNSA Study Guide v10

Single-Pass Parallel Processing

The Palo Alto firewalls use a single-pass parallel processing architecture. It combines single-pass software with parallel processing hardware. The goal is to “scan it all, scan it once.” The software uses stream processing. These stream processors include antivirus, spyware, data filtering, and vulnerability protection. In addition to the stream processors, the software also includes App-ID, User-ID, and Wildfire information.

  • App-ID: How Palo Alto defines applications such as Facebook, AWS, and Microsoft 365.
  • User-ID: How Palo Alto associates end users with their traffic.
  • Wildfire: Threat information to block known bad traffic.

Management and
Data Planes

The hardware architecture of the Palo Alto firewall uses two separate planes. Both the management and data planes have their own resources (CPU, RAM, and storage) dedicated to their use.

The management (control) plane consists of the following:

  • Configuration of the firewall
  • Logging (Panorama/Syslog)
  • Reporting

The data plane provides the following features:

  • Signature matching
    • antivirus
    • spyware
    • data filtering (SSN, Credit Card #s)
  • Security processing
    • App-ID
    • User-ID
    • URL
    • SSL/IPSec
    • Policy Enforcement
  • Network processing
    • Routing
    • QoS
    • NAT