The Single-Pass Architecture is the overall design approach for our next-generation firewalls. The architecture enables full, contextual classification of traffic, followed by a rich set of enforcement and threat prevention options. The architecture classifies and controls traffic in a “single pass” through the firewall using a variety of stream-based technology components.

This architecture is unique in the industry, allowing you to achieve superior security posture and efficiency. Our next-generation firewalls are implementations of the single-pass architecture, available in a range of portfolio options (both physical and virtual).

Our patented App-ID™, User-ID™, and Content-ID™ technologies allow our next-generation firewalls to develop contextual awareness for all traffic attempting to traverse the firewall.  Session traffic is understood with respect to applications, users, sensitive data patterns and a variety of other context.

Once context is determined, policy-based enforcement actions can be performed on traffic that matches any combination of that context (e.g., by application and/or user). Session traffic can be allowed, denied, or conditionally allowed subject to further policy (e.g., threat inspection). 

The single-pass architecture approach of providing full situational awareness, and then flexible control based on that awareness, is simple yet powerful. While providing the flexibility needed for superior security posture, it also enables more straightforward management. Plus, the stream-based design of the architecture results in superior performance, especially when multiple security functions are enabled.

Our single-pass architecture stands in contrast to many competitive offers, which are typically based on traditional port-based firewall technology. In competitive approaches, next-generation features are often added in a sequence of separate engines that limit policy flexibility, negatively impact performance, and increase management complexity.

Whether using our physical or virtual next-generation firewalls, the single-pass architecture’s “scan it all, scan it once” approach enables superior security posture and performance. The architecture is simple, but not simplistic, incorporating advanced technologies (e.g., App-ID, User-ID, WildFire®) to provide unparalleled classification and control capabilities to help secure your organization.