OCI 中的可扩展防火墙架构 [LRN2000].pdf

《OCI 中的可扩展防火墙架构 [LRN2000].pdf》由会员分享，可在线阅读，更多相关《OCI 中的可扩展防火墙架构 [LRN2000].pdf（39页珍藏版）》请在三个皮匠报告上搜索。

1、Scalable Firewall Architectures in OCISession-LRN2000Copyright 2025,Oracle and/or its affiliates Ionut NeubauerOracle Senior ManagerNetwork Engineering SpecialistBart MikaPalo Alto NetworksProfessional Services ConsultantCopyright 2025,Oracle and/or its affiliates AgendaFeaturesScalabilityTraffic pa

2、tternsCopyright 2025,Oracle and/or its affiliates Palo Alto VM-SeriesCopyright 2025,Oracle and/or its affiliates Palo Alto Networks NVA featuresIntegrates with the Palo Alto Networks platform for unified management and logging promoting synergy in firewall operations:PanoramaStrata Cloud Manager(SCM

3、)APITerraformOpenConfigFull PanOS functionality including:Threat inspectionUserIDAuthenticationGlobalProtectAI Runtime Security inspection(future)And many moreCopyright 2025,Oracle and/or its affiliates Scaling firewall inspection with vm-series firewallsActiveActiveActiveActiveActiveorPassivePassiv

4、eActiveActiveActiveUpOutCopyright 2025,Oracle and/or its affiliates Advantages and Disadvantages of vertical scaling-HAA Palo Alto Networks HA pair can sync the sessions for sessions to persist after a failoverA Palo Alto Networks HA pair can synchronise configuration with its passive peerResiliency

5、 requires a peer that is passiveMaximum scaling limitMarketplace Pay-As-You-Go pricingVM-Standard 2.16 at 8 OCPUs=5.2Gbps Threat Prevention ThroughputBring your own license pricingVM.Optimized3.Flex=40Gbps at 20+OCPUs(requires BYOL)VM.Standard3.Flex=32Gbps at 32+OCPUs(requires BYOL)VM.Standard2.24=2

6、4.6Gbps 24+OCPUs(requires BYOL)Copyright 2025,Oracle and/or its affiliates Advantages and Disadvantages of horizontally scalingThe resiliency is orchestrated by Network Load Balancer session tracking and health probingAll firewalls are activeAll licenses and compute are utilized to process the traff