Session Distribution Policies
Session distribution policies define how PA-5200 and PA-7000 Series firewalls distribute security processing (App-ID, Content-ID, URL filtering, SSL decryption, and IPSec) among dataplane processors (DPs) on the firewall. Each policy is specifically designed for a certain type of network environment and firewall configuration to ensure that the firewall distributes sessions with maximum efficiency. For example, the Hash session distribution policy is best fit for environments that use large scale source NAT.
The number of DPs on a firewall varies based on the firewall model:
Depends on the number of installed Network Processing Cards (NPCs). Each NPC has multiple dataplane processors (DPs) and you can install multiple NPCs in the firewall.
The PA-5220 firewall has only one DP so sessions distribution policies do not have an effect. Leave the policy set to the default (round-robin).
PA-5260 and PA-5280 firewalls
The following topics provide information about the available session distribution policies, how to change an active policy, and how to view session distribution statistics.
Change the Session Distribution Policy and View Statistics
Change the Session Distribution Policy and View Statistics The following table describes how to view and change the active Session Distribution Policies and describes how ...
Session Distribution Policy Descriptions
Session Distribution Policy Descriptions The following table provides information about Session Distribution Policies to help you decide which policy best fits your environment and firewall ...
Configure Decryption Broker with One or More Layer 3 Securi...
Configure Decryption Broker with One or More Layer 3 Security Chain Perform the following steps to enable the firewall to act as a decryption broker ...
Session Owner In an HA active/active configuration, both firewalls are active simultaneously, which means packets can be distributed between them. Such distribution requires the firewalls ...
Decryption Broker: Security Chain Health Checks
Decryption Broker: Security Chain Health Checks A decryption broker can monitor the status of security chains to ensure that they are effectively processing decrypted traffic. ...
Decryption Broker: Multiple Security Chains
Decryption Broker: Multiple Security Chains A firewall enabled as a decryption broker supports forwarding to multiple security chains (Layer 3, Transparent Bridge, or a mix ...
Objects > Decryption > Forwarding Profile
Objects > Decryption > Forwarding Profile You can set up a Decryption Forwarding profile to enable the firewall to act as a decryption broker . ...
Protect the entire zone against SYN, UDP, ICMP, ICMPv6, and Other IP flood attacks. ...