当前位置:首页 > 报告详情

OCI 中的可扩展防火墙架构 [LRN2000].pdf

上传人: Fl****zo 编号:970903 2025-11-08 39页 8.91MB

1、Scalable Firewall Architectures in OCISession-LRN2000Copyright 2025,Oracle and/or its affiliates Ionut NeubauerOracle Senior ManagerNetwork Engineering SpecialistBart MikaPalo Alto NetworksProfessional Services ConsultantCopyright 2025,Oracle and/or its affiliates AgendaFeaturesScalabilityTraffic pa

2、tternsCopyright 2025,Oracle and/or its affiliates Palo Alto VM-SeriesCopyright 2025,Oracle and/or its affiliates Palo Alto Networks NVA featuresIntegrates with the Palo Alto Networks platform for unified management and logging promoting synergy in firewall operations:PanoramaStrata Cloud Manager(SCM

3、)APITerraformOpenConfigFull PanOS functionality including:Threat inspectionUserIDAuthenticationGlobalProtectAI Runtime Security inspection(future)And many moreCopyright 2025,Oracle and/or its affiliates Scaling firewall inspection with vm-series firewallsActiveActiveActiveActiveActiveorPassivePassiv

4、eActiveActiveActiveUpOutCopyright 2025,Oracle and/or its affiliates Advantages and Disadvantages of vertical scaling-HAA Palo Alto Networks HA pair can sync the sessions for sessions to persist after a failoverA Palo Alto Networks HA pair can synchronise configuration with its passive peerResiliency

5、 requires a peer that is passiveMaximum scaling limitMarketplace Pay-As-You-Go pricingVM-Standard 2.16 at 8 OCPUs=5.2Gbps Threat Prevention ThroughputBring your own license pricingVM.Optimized3.Flex=40Gbps at 20+OCPUs(requires BYOL)VM.Standard3.Flex=32Gbps at 32+OCPUs(requires BYOL)VM.Standard2.24=2

6、4.6Gbps 24+OCPUs(requires BYOL)Copyright 2025,Oracle and/or its affiliates Advantages and Disadvantages of horizontally scalingThe resiliency is orchestrated by Network Load Balancer session tracking and health probingAll firewalls are activeAll licenses and compute are utilized to process the traff

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
根据报告的内容,以下是全文主要内容的简明扼要概括: 1. **Palo Alto VM-Series**:提供全功能的PanOS,包括威胁检测、用户身份验证、全球保护等。 2. **垂直扩展**:Palo Alto Networks HA对可以同步会话和配置,提高容错能力,但存在最大扩展限制。 3. **水平扩展**:通过网络负载均衡器实现,支持多达512个防火墙实例,吞吐量可超过48Gbps。 4. **OCI Network Firewall**:由Palo Alto Networks提供,支持8或25Gbps的吞吐量,具有高可用性和n+1扩展模型。 5. **安全功能**:包括IDS/IPS、URL/FQDN过滤、SSL检查、NAT规则、IDPS和TLS/SSL加密流量检查。 6. **部署拓扑**:支持集中式和分布式部署,以及中心辐射架构。 7. **与OCI WAF结合**:提供网络和应用程序工作负载的安全,与OCI WAF结合提供分层防御。
防火墙如何横向扩展?" 如何实现最佳安全防护?" 加密流量如何安全分析?"
客服
商务合作
小程序
服务号
折叠