Session distribution policies define how PA-5200 and
PA-7000 Series firewalls distribute security processing (App-ID,
Content-ID, URL filtering, SSL decryption, and IPSec) among dataplane
processors (DPs) on the firewall. Each policy is specifically designed
for a certain type of network environment and firewall configuration
to ensure that the firewall distributes sessions with maximum efficiency.
For example, the Hash session distribution policy is best fit for
environments that use large scale source NAT.
The number of DPs on a firewall varies based on the firewall
model:
Firewall Model
Dataplane Processor(s)
PA-7000 Series
Depends on the number of installed
Network Processing Cards (NPCs). Each NPC has multiple dataplane
processors (DPs) and you can install multiple NPCs in the firewall.
PA-5220 firewall
1
The PA-5220 firewall
has only one DP so sessions distribution policies do not have an
effect. Leave the policy set to the default (round-robin).
PA-5250 firewall
2
PA-5260 and PA-5280
firewalls
3
PA-5450 firewall
Depends on the number of installed Data
Processing Cards (DPCs).
The following topics provide information about the available
session distribution policies, how to change an active policy, and
how to view session distribution statistics.
