Session distribution policies define how PA-5200 and PA-7000
Series firewalls distribute security processing (App-ID, Content-ID, URL
filtering, SSL decryption, and IPSec) among dataplane processors
(DPs) on the firewall. Each policy is specifically designed for
a certain type of network environment and firewall configuration
to ensure that the firewall distributes sessions with maximum efficiency.
For example, the Hash session distribution policy is best fit for
environments that use large scale source NAT.
The number of DPs on a firewall varies based on the firewall
model:
Firewall Model
Dataplane Processor(s)
PA-7000 Series
Depends on the number of installed
Network Processing Cards (NPCs). Each NPC has multiple dataplane
processors (DPs) and you can install multiple NPCs in the firewall.
PA-5220 firewall
1
The PA-5220 firewall
has only one DP so sessions distribution policies do not have an
effect. Leave the policy set to the default (round-robin).
PA-5250 firewall
2
PA-5260 and PA-5280 firewalls
3
The following topics provide information about the available
session distribution policies, how to change an active policy, and
how to view session distribution statistics.
