The Palo Alto Networks VM-Series features three virtualized next-generation firewall models – the VM-100, VM-200, and VM-300. These platforms are supported on the VMware ESXi 4.1, 5.0 and 5.5 platforms, and the Citrix NetScaler SDX 11500 and 17550 Series.
You can deploy the VM-Series on ESXi servers in virtualized and for cloud environments for East West traffic inspection. The VM-Series on Citrix NetScaler consolidates security and application delivery controller capabilities for multi-tenant (business unit, application owner, service provider customer) deployments or as a complete solution for Citrix XenApp XenDesktop deployments.
2, 4, or 8 CPU cores on your virtualized server platforms can be assigned for next-generation firewall processing. With 4 CPU cores running, the VM-Series delivers up to 1 Gbps firewall throughput with App-ID enabled. To ensure that management is accessible to you during heavy traffic, the data and control plane are separated. In addition, our unique single-pass software architecture processes functions in a single pass to reduce latency.
VM-Series on the ESXi servers supports 10 virtual network interfaces while VM-Series on the Citrix NetScaler SDX supports 24 virtual network interfaces.
The VM-Series runs PAN-OSTM, a security-specific operating system that:
- Safely enables all applications, regardless of ports, protocols and evasive tactics
- Protects you against all known and unknown threats
- Integrates flexibly in the virtualized environment at layers 1, 2, or 3
PAN-OS next-generation firewall capabilities, such as Dynamic Address Groups and VM-Monitoring, allow you to tie your security policies to virtual machine adds, moves and changes, and to create security policies that instantly sync with virtual workload creation.
|- 250,000 max sessions||- 100,000 max sessions||- 50,000 max sessions|
|- 2,000 IPSec VPN tunnels/tunnel interfaces||- 500 IPSec VPN tunnels/tunnel interfaces||- 25 IPSec VPN tunnels/tunnel interfaces|
|- 500 SSL VPN Users||- 200 SSL VPN Users||- 25 SSL VPN Users|
|- 40 security zones||- 20 security zones||- 10 security zones|
|- 5,000 max number of policies||- 2,000 max number of policies||- 250 max number of policies|
|- 10,000 address objects||- 4,000 address objects||- 2,500 address objects|
|- 1Gbps Firewall Throughput (App-ID enabled)*||- 1Gbps Firewall Throughput (App-ID enabled)*||- 1Gbps Firewall Throughput (App-ID enabled)*|
|- 600 Mbps Threat Prevention Throughput*||- 600 Mbps Threat Prevention Throughput*||- 600 Mbps Threat Prevention Throughput*|
|- 250 Mbps IPSec VPN Throughput*||- 250 Mbps IPSec VPN Throughput*||- 250 Mbps IPSec VPN Throughput*|
|- 8,000 New sessions per second*||- 8,000 New sessions per second*||- 8,000 New sessions per second*|
*Performance and capacities are measured under ideal testing conditions using PAN-OS 5.0 and 4 CPU cores.