Virtualized Firewalls

The Palo Alto Networks VM-Series features three virtualized next-generation firewall models – the VM-100, VM-200, and VM-300. These platforms are supported on the VMware ESXi 4.1, 5.0 and 5.5 platforms, and the Citrix NetScaler SDX 11500 and 17550 Series.

You can deploy the VM-Series on ESXi servers in virtualized and for cloud environments for East West traffic inspection. The VM-Series on Citrix NetScaler consolidates security and application delivery controller capabilities for multi-tenant (business unit, application owner, service provider customer) deployments or as a complete solution for Citrix XenApp XenDesktop deployments.

2, 4, or 8 CPU cores on your virtualized server platforms can be assigned for next-generation firewall processing. With 4 CPU cores running, the VM-Series delivers up to 1 Gbps firewall throughput with App-ID enabled. To ensure that management is accessible to you during heavy traffic, the data and control plane are separated. In addition, our unique single-pass software architecture processes functions in a single pass to reduce latency.

VM-Series on the ESXi servers supports 10 virtual network interfaces while VM-Series on the Citrix NetScaler SDX supports 24 virtual network interfaces.

The VM-Series runs PAN-OSTM, a security-specific operating system that:
 - Safely enables all applications, regardless of ports, protocols and evasive tactics
 - Protects you against all known and unknown threats
 - Integrates flexibly in the virtualized environment at layers 1, 2, or 3

PAN-OS next-generation firewall capabilities, such as Dynamic Address Groups and VM-Monitoring, allow you to tie your security policies to virtual machine adds, moves and changes, and to create security policies that instantly sync with virtual workload creation.

VM-300 VM-200 VM-100
- 250,000 max sessions - 100,000 max sessions - 50,000 max sessions
- 2,000 IPSec VPN tunnels/tunnel interfaces - 500 IPSec VPN tunnels/tunnel interfaces - 25 IPSec VPN tunnels/tunnel interfaces
- 500 SSL VPN Users - 200 SSL VPN Users - 25 SSL VPN Users
- 40 security zones - 20 security zones - 10 security zones
- 5,000 max number of policies - 2,000 max number of policies - 250 max number of policies
- 10,000 address objects - 4,000 address objects - 2,500 address objects
- 1Gbps Firewall Throughput (App-ID enabled)* - 1Gbps Firewall Throughput (App-ID enabled)* - 1Gbps Firewall Throughput (App-ID enabled)*
- 600 Mbps Threat Prevention Throughput* - 600 Mbps Threat Prevention Throughput* - 600 Mbps Threat Prevention Throughput*
- 250 Mbps IPSec VPN Throughput* - 250 Mbps IPSec VPN Throughput* - 250 Mbps IPSec VPN Throughput*
- 8,000 New sessions per second* - 8,000 New sessions per second* - 8,000 New sessions per second*

 

*Performance and capacities are measured under ideal testing conditions using PAN-OS 5.0 and 4 CPU cores.