NextGig Systems, Inc. - Network Connectivity & Test Solutions

Palo Alto Networks' Next-Generation Firewalls - Redundancy & Resiliency

Redundancy & Resiliency

Palo Alto Networks next-generation firewalls support a series of redundancy and resiliency features that ensure the firewall will enable the business through secure application enablement.

Questions? Call  1-805-277-2400

Stateful Active/Active or Active/Passive high availability.

Either active/passive or active/active high availability are supported, complete with session and configuration synchronization. A heartbeat connection between the two identically configured devices ensures seamless failover in the event that the a device goes down.

Active/passive: The active device continuously synchronizes its configuration and session information with the identically configured passive device. A heartbeat connection between the two identically configured devices ensures seamless failover in the event that the active device goes down.

Active/active: The allotted bandwidth is divided between two identically configured devices that share session and state information. If either device fails, a heartbeat connection signals the other device to continue operating, assuming the management responsibility for all of the allotted bandwidth.

Active/active and asymmetric routing: To better support asymmetrically routed environments, two devices can be deployed in an HA configuration with either virtual wire interfaces or layer 3 interfaces. App-ID and Content-ID are fully supported in asymmetric environments. A/A also incorporates flexible layer 3 deployment options supporting load-sharing and interface IP failover.


Built-in resiliency and component redundancy.

To ensure that management is accessible under periods of heavy traffic, the data plane and the control plane are physically separated, each with dedicated processing and memory. The data plane houses dedicated processing and memory for networking, security and content inspection while dedicated management processing and memory reside on the control plane. The physical separation of data and control plane ensures that management access is always available, irrespective of the traffic load.

The PA-5000 Series supports several levels of hardware component redundancy: the dual power supplies and the dual, solid-state hard disc drives are hot swappable. The single fan tray is also hot swappable. The PA-4000 Series also supports dual power supplies that are hot-swappable.

For more information, pricing, demonstration or evaluation on Palo Alto Networks Products please contact us here.