Partner I Solution Brief

Palo Alto Networks and Net Optics

Next-generation Firewall Security with Expanding Scalability

Solution Overview Net Optics and Palo Alto Networks are excited to offer our customers an easily deployed and scalable solution for maintaining network uptime while protecting it from the many network security threats that exist today. The Palo Alto Networks and Net Optics partnership delivers a security solution consisting of Palo Alto Networks PA-5000 Series of next-generation firewalls; Net Optics Bypass (IBPO-HBSR-XFP); and Net Optics xBalancer (XF2XB). This solution enables customers to scale their Palo Alto Networks deployments as their needs grow, while maintaining network uptime through the use of easy-toimplement High Availability (HA) features. Palo Alto Networks PA-5000 Series of next-generation firewalls is designed to protect data centers, large enterprise Internet gateways, and service provider environments where traffic demands dictate predictable firewall and threat prevention throughput. These high performance platforms are tailor-made to provide enterprise firewall protection at throughput speeds of up to 20 Gbps. Ideally suited for both datacenter and service provider deployments, the PA-5000 Series is powered by more than 40 processors distributed across four functional areas: networking, security, content inspection and management. Reliability and resiliency is delivered by active/active or active/passive high availability; physical separation of data and control plane; and redundant, hot swappable components.

A secure, resilient solution that expands easily to accommodate growth Easily scale deployment to meet growing needs Handle increasing traffic volumes without investing in new 10G capital equipment Protect your application infrastructure against network and application downtime Prevent device failure through easy-to-implement high availability features

Router

Switch

ON OFF

Net Optics iBypass Net Optics Benefits iBypass ensures network uptime by monitoring xBalancer Up to 16 NGFW in a single load balancing group Maintain session stickiness through all PA-5000 Tool monitoring through configurable heartbeat packet

Net Optics xBalancer

Palo Alto Networks PA-5000

Palo Alto Networks PA-5000

Palo Alto Networks PA-5000

Palo Alto Benefits App-ID: Classifying All Applications, All Ports, All the Time Content-ID: Protecting Allowed Trac User-ID: Enabling Applications by Users and Groups Secure Application Enablement

Figure 1

Partner I Solution Brief With this partnership solution, the Net Optics Bypass Switch and xBalancer together with the Palo Alto NGFW gives customers a solution that provides superior performance, scalability, and resiliency for demanding network environments. The use of a heartbeat to monitor both the xBalancer and Palo Alto devices ensures that HA scenarios are accounted for and provides a security solution which can easily scale and maintain network uptime while offering protection from threats that exist in networks today. See Figure 1 for an illustration of how the solution works. The Bypass Switch has two network ports which are connected in-line to the upstream and downstream network devices and two Monitor ports that connect to the Palo Alto Networks solution. Under normal network conditions, the Bypass Switch will pass a heartbeat through the appliance to ensure operation and all network traffic will be routed through the firewall. xBalancer Net Optics xBalancer is the first appliance in the industry built specifically to prevent tool overburdening by distributing the traffic load to multiple monitoring tools. xBalancer thus allows customers to scale their deployments as the need grows while insulating the network from device failure through the use of easily implemented HA features. xBalancers load-balancing capability splits traffic into multiple streams so that data can be processed by multiple tools working in parallel. It takes traffic from any network port or aggregated set of network ports and distributes it to two, three, four, or up to sixteen monitor ports for balancing according to IP address, port, protocol, VLAN, and MAC address, or other parameters. Bypass Switches By using a Net Optics Bypass Switch, customers can rest easy knowing that their security solution wont become a network problem. The Bypass Switch will monitor the xBalancer and in case of failure protect the network link in in-line deployments. The Bypass Switch will also immediately detect the change, either by link-state or by loss of the heartbeats, and will re-route traffic around the xBalancer. Once xBalancer is brought back online, traffic automatically resumes. Net Optics offers a range of Bypass Switches, with copper or fiber ports, and speeds of 10/100/1000 Mbps and 10 Gbps. The Bypass Switches provide redundant power to maximize reliability of the network. The joint solution from Palo Alto Networks and Net Optics provides next-generation load-balancing capability without compromising on reliability. Net Optics Net Optics is the leading provider of Total Application and Network Visibility solutions that deliver real-time network intelligence for peak performance in network monitoring and security. As a result, businesses achieve the scalable end-toend visibility they need to optimize network performance of physical, virtual and private cloud environments, and remote branch offices. More than 8,000 enterprises, service providers and government organizationsincluding 85 percent of the Fortune 100trust Net Optics comprehensive plug and play family of application-aware NPM, Network Packet Broker, Virtual/Cloud and Visibility Management System (VMS) solutions to deliver immediate results and quick time to value through an easy-to-use interface. Net Optics maintains a global presence through leading OEM partner and reseller networks. Palo Alto Networks Palo Alto Networks next-generation firewalls enable unprecedented visibility and granular policy control of applications and content by user, not just IP address at 20 Gbps network throughput levels. Based on patent pending AppID technology, Palo Alto Networks firewalls accurately identify and control applications regardless of port, protocol, evasive tactic or SSL encryption and scan content to stop threats and prevent data leakage. Enterprises can, for the first time, embrace Web 2.0 and maintain complete visibility and control, while significantly reducing total cost of ownership through device consolidation.

3300 Olcott Street Santa Clara, CA 95054 Main: +1 (408) 753-4000 www.paloaltonetworks.com

5303 Betsy Ross Drive Santa Clara, CA 95054 Main: +1 (408) 737-7777 www.netoptics.com

Net Optics is a registered trademark of Net Optics, an Ixia company. Copyright 1996-2013 Net Optics, an Ixia company. All rights reserved. Additional company and product names may be trademarks or registered trademarks of the individual companies and are respectfully acknowledged. Palo Alto Networks and the Palo Alto Networks logo are registered trademarks or trademarks of Palo Alto Networks, Inc. or its subsidiaries in the United States and other countries. Other marks and brands may be claimed as the property of others. The product plans, specifications and descriptions herein are provided for information only and subject to change without notice, and are provided without warranty of any kind, express or implied.