Session Distribution Policies
Session distribution policies define how PA-5200 and PA-7000 Series firewalls distribute security processing (App-ID, Content-ID, URL filtering, SSL decryption, and IPSec) among dataplane processors (DPs) on the firewall. Each policy is specifically designed for a certain type of network environment and firewall configuration to ensure that the firewall distributes sessions with maximum efficiency. For example, the Hash session distribution policy is best fit for environments that use large scale source NAT.
The number of DPs on a firewall varies based on the firewall model:
Depends on the number of installed Network Processing Cards (NPCs). Each NPC has multiple dataplane processors (DPs) and you can install multiple NPCs in the firewall.
The PA-5220 firewall has only one DP so sessions distribution policies do not have an effect. Leave the policy set to the default (round-robin).
The following topics provide information about the available session distribution policies, how to change an active policy, and how to view session distribution statistics.
Change the Session Distribution Policy and View Statistics
Change the Session Distribution Policy and View Statistics The following table describes how to view and change the active Session Distribution Policies and describes how ...
Session Distribution Policy Descriptions
Session Distribution Policy Descriptions The following table provides information about Session Distribution Policies to help you decide which policy best fits your environment and firewall ...
SSL Forward Proxy Decryption Profile
The SSL Forward Proxy Decryption profile blocks risky outbound sessions, verifies certificates, and provides session failure checks. ...