Single Pass : The single pass software performs operations once per packet. As a packet is processed, networking functions, policy lookup, application identification and decoding, and signature matching for any and all threats and content are all performed just once. Instead of using separate engines and signature sets (requiring multi-pass scanning) and instead of using file proxies (requiring file download prior to scanning), the single pass software in next-generation firewalls scans content once and in a stream-based fashion to avoid latency introduction.
Parallel Processing : PA designed with separate data and control planes to support parallel processing. The second important element of the Parallel Processing hardware is the use of discrete, specialized processing groups to perform several critical functions.
- Networking: routing, flow lookup, stats counting, NAT, and similar functions are performed on network-specific hardware
- User-ID, App-ID, and policy all occur on a multi-core security engine with hardware acceleration for encryption, decryption, and decompression.
- Content-ID content analysis uses dedicated, specialized content scanning engine
- On the controlplane, a dedicated management processor (with dedicated disk and RAM) drives the configuration management, logging, and reporting without touching data processing hardware.
0 Comments