Session Distribution Policies

Session distribution policies define how PA-5200 and PA-7000 Series firewalls distribute security processing (App-ID, Content-ID, URL filtering, SSL decryption, and IPSec) among dataplane processors (DPs) on the firewall. Each policy is specifically designed for a certain type of network environment and firewall configuration to ensure that the firewall distributes sessions with maximum efficiency. For example, the Hash session distribution policy is best fit for environments that use large scale source NAT.
The number of DPs on a firewall varies based on the firewall model:
Firewall Model
Dataplane Processor(s)
PA-7000 Series
Depends on the number of installed Network Processing Cards (NPCs). Each NPC has multiple dataplane processors (DPs) and you can install multiple NPCs in the firewall.
PA-5220 firewall
The PA-5220 firewall has only one DP so sessions distribution policies do not have an effect. Leave the policy set to the default (round-robin).
PA-5250 firewall
PA-5260 and PA-5280 firewalls
PA-5450 firewall
Depends on the number of installed Data Processing Cards (DPCs).
The following topics provide information about the available session distribution policies, how to change an active policy, and how to view session distribution statistics.

Recommended For You