PaloAlto PA-7050

The PA-7050 protects datacenters and high-speed networks with firewall throughput of up to 120 Gbps and, fullthreat prevention at speeds of up to 100 Gbps. To address the computationally intensive nature of full-stack classification and analysis at speeds of 120 Gbps, more than 400 processors are distributed across networking, security, switch managementand logging functions. The result is that the PA-7050 allows you to deploy next-generation security in your datacenters without compromising performance.

Classify all applications, on all port, all the time with App-ID.

• Identify the application, regardless of port, encryption (SSL or SSH) or evasive technique employed.
• Use the application, not the port, as the basis for all safe enablement policy decisions: allow, deny, schedule, inspect, apply traffic shaping.
• Categorize unidentified applications for policy control, threat forensics, custom App-ID creation, or packet capture for App-ID development.

Extend safe application enablement policies to any user, at any location, with User-ID and GlobalProtect.

• Agentless integration with Active Directory, LDAP, eDirectory Citrix and Microsoft Terminal Services.
• Easily integrate firewall policies with NAC, 802.1X wireless, Proxies and NAC solutions.
• Deploy consistent policies to local and remote users running Microsoft Windows, Mac OS X, Linux, Android or iOS platforms.

Protect against all threat—both known and unknown—with Content-ID and Wildfire

• Block a range of known threats including exploits, malware and spyware, across all ports, regardless of common threat evasion tactics employed.
• Limit unauthorized transfer of files and sensitive data, and control non-workrelated web surfing.
• Identify unknown malware, analyze for more than 100 malicious behaviors, automatically create and deliver a signature in the next available update.

Delivering Linear Scalability and Performance

The PA-7050 achieves predictable datacenter level protection and performance by applying more than 400 function-specific processors distributed across the following chassis subsystems:

• Network Processing Card (NPC): Each NPC delivers 20 Gbps of firewall performance using multi-core security optimized processors, along with dedicated high-speed networking and content inspection processors. Up to six NPCs, each with 24 traffic interfaces are supported in the PA-7050.
• Switch Management Card (SMC): The SMC is comprised of three elements that are key to delivering predictable datacenter protection and performance: the First Packet Processor, the 1.2 Tbps switch fabric and the management subsystem.
  • First Packet Processor (FPP): The FPP utilizes dedicated processing to apply intelligence to the incoming traffic, directing it to the appropriate processing resource to maximize throughput efficiency.
  • High Speed Switch Fabric: The 1.2 Tbps switch fabric means that each NPC has access to approximately 100 Gbps of traffic capacity, ensuring that performance and capacity will scale in a linear manner as NPCs are added to the PA-7050.
  • Management Subsystem: Unified point of contact for managing all aspects of the PA-7050.
• Log Processing Card (LPC): The LPC uses multi-core processors and 2TB of RAID 1 storage to offload the logging related activities without impacting the processing required for other management related tasks. The LPC allows you to generate on-system queries and reports from the most recent logs collected or forward them to a syslog server for archiving or additional analysis.

The PA-7050 delivers performance and scalability by intelligently applying all available networking and security processing power to application layer traffic classification and threat protection tasks. Orchestrating this ballet of session management tasks is the First Packet Processor which constantly tracks the shared pool of processing and I/O resources across all of the NPCs. When the FPP determines that additional processing resources are available, traffic is intelligently directed across the high-speed switch fabric to that location, even if it resides on a separate NPC. The FPP is the key to delivering linear scalability to the PA-7050, working in conjunction with each of the network processors on the NPCs to utilize all of the available computing resources as a single, cohesive system. This means that as NPCs are added, no traffic engineering changes are required in order to utilize the added capacity.

The controlling element of the PA-7050 is PAN-OSTM, a securityspecific operating system that natively classifies all traffic, inclusive of applications, threats and content, then ties that traffic to the user, regardless of location or device type. The application, content, and user—the elements that run your business—are then used as the basis of your security policies, resulting in an improved security posture and a reduction in incident response time. All traffic classification, content inspection, policy lookup and execution are performed in a single pass. The single pass software architecture, when combined with the processing power of the PA-7050, ensures that you achieve predictable throughput.

Subscriptions

The following Palo Alto Networks subscriptions unlock certain firewall features or enable the firewall to
leverage a Palo Alto Networks cloud-delivered service (or both). Here you can read more about each service
or feature that requires a subscription to work with the firewall. To enable a subscription, you must first
Activate Subscription Licenses; once active, most subscription services can use Dynamic Content Updates
to provide new and updated functionality to the firewall.

Specs

Documentation

Datasheet Palo Alto 7050