The Single-Pass Architecture is the overall design approach for our next-generation firewalls. The architecture enables full, contextual classification of traffic, followed by a rich set of enforcement and threat prevention options. The architecture classifies and controls traffic in a “single pass” through the firewall using a variety of stream-based technology components.

This architecture is unique in the industry, allowing you to achieve superior security posture and efficiency. Our next-generation firewalls are implementations of the single-pass architecture, available in a range of portfolio options (both physical and virtual).

Our patented App-ID™, User-ID™, and Content-ID™ technologies allow our next-generation firewalls to develop contextual awareness for all traffic attempting to traverse the firewall.  Session traffic is understood with respect to applications, users, sensitive data patterns and a variety of other context.

Once context is determined, policy-based enforcement actions can be performed on traffic that matches any combination of that context (e.g., by application and/or user). Session traffic can be allowed, denied, or conditionally allowed subject to further policy (e.g., threat inspection). 

The single-pass architecture approach of providing full situational awareness, and then flexible control based on that awareness, is simple yet powerful. While providing the flexibility needed for superior security posture, it also enables more straightforward management. Plus, the stream-based design of the architecture results in superior performance, especially when multiple security functions are enabled.

Our single-pass architecture stands in contrast to many competitive offers, which are typically based on traditional port-based firewall technology. In competitive approaches, next-generation features are often added in a sequence of separate engines that limit policy flexibility, negatively impact performance, and increase management complexity.

Whether using our physical or virtual next-generation firewalls, the single-pass architecture’s “scan it all, scan it once” approach enables superior security posture and performance. The architecture is simple, but not simplistic, incorporating advanced technologies (e.g., App-ID, User-ID, WildFire®) to provide unparalleled classification and control capabilities to help secure your organization.


Single-Pass Architecture

Outlines the benefits of intelligently integrating security functions into your firewall, why past approaches have failed, and how Palo Alto Networks succeeded with our single-pass architecture approach.
  • 6
  • 13570

What Is a Next-Generation Security Platform?

This brief describes what a next-generation security platform is and how it enables organizations across the globe to successfully protect against cyberattacks.
  • 1
  • 967

Automotive Security Reference Blueprint

Please register for a UTD on our Next Generation Firewall
  • 0
  • 166