The document summarizes a partnership solution between Palo Alto Networks and Net Optics that provides next-generation firewall security with expanding scalability. The solution uses Palo Alto Networks PA-5000 Series firewalls, Net Optics Bypass switches, and Net Optics xBalancers. This allows customers to easily scale their deployment as needs grow while maintaining network uptime through high availability features. The Net Optics devices monitor the firewalls and balance traffic across multiple firewalls to prevent overburdening and ensure continuity of operations.
Palo Alto Networks - Next-generation Firewall Security with Expanding Scalability
1. Partner I Solution Brief
Palo Alto Networks and Net Optics
Next-generation Firewall Security with Expanding Scalability
Solution Overview
Net Optics and Palo Alto Networks are excited to offer
our customers an easily deployed and scalable solution
for maintaining network uptime while protecting it from
the many network security threats that exist today. The
Palo Alto Networks and Net Optics partnership delivers
a security solution consisting of Palo Alto Networks
PA-5000 Series of next-generation firewalls; Net Optics
Bypass™ (IBPO-HBSR-XFP); and Net Optics xBalancer™ (XF-
A secure, resilient solution that expands easily
to accommodate growth
• Easily scale deployment to meet growing needs
• Handle increasing traffic volumes without investing in
new 10G capital equipment
• Protect your application infrastructure against
network and application downtime
• Prevent device failure through easy-to-implement
high availability features
2XB). This solution enables customers to scale their Palo
Alto Networks deployments as their needs grow, while
Switch
Router
maintaining network uptime through the use of easy-toimplement High Availability (HA) features.
Palo Alto Networks’ PA-5000 Series of next-generation
firewalls is designed to protect data centers, large
enterprise Internet gateways, and service provider
environments where traffic demands dictate predictable
firewall and threat prevention throughput. These high
performance platforms are tailor-made to provide
ON
OFF
Net Optics iBypass
Net Optics Benefits
• iBypass ensures network uptime
by monitoring xBalancer
• Up to 16 NGFW in a single load balancing group
• Maintain session stickiness through all PA-5000
• Tool monitoring through configurable
heartbeat packet
enterprise firewall protection at throughput speeds of up
to 20 Gbps. Ideally suited for both datacenter and service
Net Optics xBalancer
provider deployments, the PA-5000 Series is powered by
more than 40 processors distributed across four functional
areas: networking, security, content inspection and
management. Reliability and resiliency is delivered by
Palo Alto Networks PA-5000
active/active or active/passive high availability; physical
separation of data and control plane; and redundant, hot
swappable components.
Palo Alto Networks PA-5000
Palo Alto Networks PA-5000
Palo Alto Benefits
• App-ID: Classifying All Applications, All Ports, All the Time
• Content-ID: Protecting Allowed Traffic
• User-ID: Enabling Applications by Users and Groups
• Secure Application Enablement
Figure 1
2. Partner I Solution Brief
With this partnership solution, the Net Optics Bypass Switch
deployments. The Bypass Switch will also immediately detect
and xBalancer together with the Palo Alto NGFW gives
the change, either by link-state or by loss of the heartbeats,
customers a solution that provides superior performance,
and will re-route traffic around the xBalancer. Once xBalancer is
scalability, and resiliency for demanding network
brought back online, traffic automatically resumes. Net Optics
environments. The use of a heartbeat to monitor both the
offers a range of Bypass Switches, with copper or fiber ports,
xBalancer and Palo Alto devices ensures that HA scenarios
and speeds of 10/100/1000 Mbps and 10 Gbps. The Bypass
are accounted for and provides a security solution which
Switches provide redundant power to maximize reliability of
can easily scale and maintain network uptime while offering
the network. The joint solution from Palo Alto Networks and
protection from threats that exist in networks today.
Net Optics provides next-generation load-balancing capability
See Figure 1 for an illustration of how the solution works.
without compromising on reliability.
The Bypass Switch has two network ports which are
Net Optics
connected in-line to the upstream and downstream network
devices and two Monitor ports that connect to the Palo Alto
Networks solution. Under normal network conditions, the
Bypass Switch will pass a heartbeat through the appliance
to ensure operation and all network traffic will be routed
through the firewall.
Net Optics is the leading provider of Total Application and
Network Visibility solutions that deliver real-time network
intelligence for peak performance in network monitoring and
security. As a result, businesses achieve the scalable end-toend visibility they need to optimize network performance of
physical, virtual and private cloud environments, and remote
xBalancer
branch offices. More than 8,000 enterprises, service providers
Net Optics xBalancer is the first appliance in the industry built
and government organizations—including 85 percent of the
specifically to prevent tool overburdening by distributing
the traffic load to multiple monitoring tools. xBalancer
thus allows customers to scale their deployments as the
need grows while insulating the network from device
failure through the use of easily implemented HA features.
Fortune 100—trust Net Optics’ comprehensive plug and play
family of application-aware NPM, Network Packet Broker,
Virtual/Cloud and Visibility Management System (VMS) solutions
to deliver immediate results and quick time to value through an
easy-to-use interface. Net Optics maintains a global presence
xBalancer’s load-balancing capability splits traffic into
through leading OEM partner and reseller networks.
multiple streams so that data can be processed by multiple
Palo Alto Networks
tools working in parallel. It takes traffic from any network
port or aggregated set of network ports and distributes it to
two, three, four, or up to sixteen monitor ports for balancing
according to IP address, port, protocol, VLAN, and MAC
address, or other parameters.
Palo Alto Networks™ next-generation firewalls enable
unprecedented visibility and granular policy control of
applications and content – by user, not just IP address – at 20
Gbps network throughput levels. Based on patent pending AppID™ technology, Palo Alto Networks firewalls accurately identify
Bypass Switches
and control applications – regardless of port, protocol, evasive
By using a Net Optics Bypass Switch, customers can rest easy
tactic or SSL encryption – and scan content to stop threats and
knowing that their security solution won’t become a network
problem. The Bypass Switch will monitor the xBalancer
and in case of failure protect the network link in in-line
3300 Olcott Street
Santa Clara, CA 95054
Main: +1 (408) 753-4000
www.paloaltonetworks.com
prevent data leakage. Enterprises can, for the first time, embrace
Web 2.0 and maintain complete visibility and control, while
significantly reducing total cost of ownership through device
consolidation.
5303 Betsy Ross Drive
Santa Clara, CA 95054
Main: +1 (408) 737-7777
www.netoptics.com
Net Optics® is a registered trademark of Net Optics, an Ixia company. Copyright 1996-2013 Net Optics, an Ixia company. All rights reserved. Additional company and product names may be trademarks or
registered trademarks of the individual companies and are respectfully acknowledged.
Palo Alto Networks and the Palo Alto Networks logo are registered trademarks or trademarks of Palo Alto Networks, Inc. or its subsidiaries in the United States and other countries. Other marks and brands may
be claimed as the property of others. The product plans, specifications and descriptions herein are provided for information only and subject to change without notice, and are provided without warranty of
any kind, express or implied.