Call a Specialist Today! 844-294-0778

Single Pass Parallel Processing (SP3) Architecture

Palo Alto Networks next-generation firewalls are based on a unique Single Pass Parallel Processing (SP3) Architecture – which enables high-throughput, low-latency network security, even while incorporating unprecedented features and technology.

Palo Alto Networks solves the performance problems that plague today’s security infrastructure with the SP3 architecture, which combines two complementary components:

The results is the perfect mix of raw throughput, transaction processing and network security that today’s high performance networks require.

Single Pass Parallel Processing Architecture

Single Pass Software

Palo Alto Networks Single Pass software is designed to accomplish two key functions within the Palo Alto Networks next-generation firewall. First, the single pass software performs operations once per packet. As a packet is processed, networking functions, policy lookup, application identification and decoding, and signature matching for any and all threats and content are all performed just once. This significantly reduces the amount of processing overhead required to perform multiple functions in one security device. Second, the content scanning step in Palo Alto Networks’ Single Pass software is stream-based, and uses uniform signature matching to detect and block threats.  Instead of using separate engines and signature sets (requiring multi-pass scanning) and instead of using file proxies (requiring file download prior to scanning), the single pass software in our next-generation firewalls scans content once and in a stream-based fashion to avoid latency introduction.

This Single Pass traffic processing enables very high throughput and low latency – with all security functions active.  It also offers the additional benefit of a single, fully integrated policy, enabling simple, easier management of enterprise network security.

Parallel Processing Hardware

The other critical piece of Palo Alto Networks SP3 Architecture is hardware. Palo Alto Networks next-generation firewalls use Parallel Processing hardware to ensure that the Single Pass software runs fast. First, Palo Alto Networks engineers designed separate data and control planes. This separation means that heavy utilization of one won’t negatively impact the other – for example, an administrator could be running a very processor-intensive report, and yet the ability to process packets would be completely unhindered, due to the separation of data and control planes.

The second important element of the Parallel Processing hardware is the use of discrete, specialized processing groups that work in harmony to perform several critical functions.

The combination of Single Pass software and Parallel Processing hardware is completely unique in network security, and enables Palo Alto Networks next-generation firewalls to restore visibility and control to enterprise networks at very high levels of performance.