Offload Comparison and Value Add with Palo Alto and Checkpoint firewalls as an example:
Summary Benefits:
1. Reduced CPU Dependency: 99%
2. Increased Threat Prevention workloads by 200% (Note 6).
3. IPsec Increased accelerated throughput up 6 times plus more (Note 7).
4. Introduction to AI security for Ingress/Egress real-time packet analysis (Note 6).
5. Savings in a write-off of Millions n large estates with 7080 and 64000 models as well as increased capacity value with VM models. See FW Vendors note 1 below on VM limitations. ETL adds value to these limitations.
6. Reduces your rack space by up to 4/5ths over a standard configuration with ETL’s 2u add-on. to achieve the same throughput would take up to five 19″ racks each containing 42U of mounting space, weight, and power e.g a saving of 19.38 ft² of floor space PXC (2u instance), a saving of up to £900k per annum.
7. Power reduces as a result of less CPU load and Less rack space for bare-metal appliances required. Power reduction of £40k plus per annum.
8. Simplified Licensing.
| Palo Alto-7080 | Capacity Limits | ETL Extensions |
| Firewall Performance and Capacities1 | ||
| Firewall throughput (App-ID, appmix) | 700 Gbps | ~>x6.5 more5 |
| Threat Prevention throughput (appmix) | 350 Gbps | Equals Max Firewall Capacity of 700Gbps6 Plus additional AI workload analysis |
| IPsec VPN throughput | 280 Gbps | ~>4.7 x more7 |
| New sessions per second | 4,800,000 | Increases variable-based workloads up to 4 x more plus. |
| Maximum sessions | 320,000,000 | 4 Times plus more5 |
| Virtual systems (base/max2) | 25/225 | Extends benefits to virtual systems |
| Hardware Specifications | ||
| Interfaces supported NPC option 14 | Up to (120) 10/100/1000, (80) SFP/ SFP+, (40) QSFP+/QSFP28 | Switch Interconnect 8 x 100Gbps Supporting as a value add on |
| Management I/O | ||
| Size | 19U, 19” standard rack | 2U, 19” standard rack |
| Power supply | (4) 2500 W AC (2400 W / 2700 W) expandable to 8 | (2) 2500 W AC (2400 W / 2700 W) expandable to 8 redundancy |
| Redundant power supply | Yes | Yes |
| Disk drives | (2) 240 GB SSD system drive, RAID1 | 20 TB |
| Hot-swappable fans | Yes | Yes |
| (1) VM-Series performance will vary based on underlying virtualization infrastructure (hypervisor/cloud). Refer to the individual datasheets for detailed performance and testing information. |
| (2) Adding virtual systems to the base quantity requires a separately purchased license. |
| (3) New sessions per second and max session capacity for PA-7000 Series specified with 100G-NPCs. |
| (4) Optical/Copper transceivers are sold separately. |
| (5) Traffic Classification and Offload as per the video demo, this complements the firewall. |
| (6) Utilises our Mirroring Technology, which can be extended through our peering exchange technology and AI engine. 4.5 times uplift. |
| (7) Accelerated Workloads using ETLs embedded AVX512/QAT Technology. Extends to cloud interconnects. With our cloud-native tunnels, this number can increase again, this has to be on a case-by-case basis to understand what the tunnel will support. |
Source used for FW numbers, see 7080 series:https://www.paloguard.com/compare-spec.asp
| CheckPoint – 64000 | Capacity Limits |
ETL Extensions |
| Firewall Performance and Capacities1 | ||
| Firewall throughput (App-ID, appmix) | 800 Gbps | ~>6.5 x more5 |
| Threat Prevention throughput (appmix) | 180 Gbps | Equals Max Firewall Capacity of 800Gbps6 Plus additional AI workload analysis |
| IPsec VPN throughput | 180 Gbps | ~>4.7 x more7 |
| New sessions per second | 4,200,000 | Increases based on workload |
| Maximum sessions | 320,000,000 | 4 Times plus more5 |
| Virtual systems (base/max2) | Up to 25 | Virtual Systems Extensible |
| Hardware Specifications | ||
| Interfaces supported NPC option 14 | Up to (4) 100G SFP/ SFP+, (40) QSFP+/QSFP28 | Switch Interconnect 8 x 100Gbps Supporting as a value add on |
| Management I/O | ||
| Size | 19U, 19” standard rack | 2U, 19” standard rack |
| Power supply | (4) 2500 W AC (2400 W / 2700 W) expandable to 8 | (2) 2500 W AC (2400 W / 2700 W) expandable to 8 redundancy |
| Redundant power supply | Yes | Yes |
| Disk drives | (2) N/A | 20 TB |
| Hot-swappable fans | Yes | Yes |
| (1) VM-Series performance will vary based on underlying virtualization infrastructure (hypervisor/cloud). Refer to the individual datasheets for detailed performance and testing information. |
| (2) Adding virtual systems to the base quantity requires a separately purchased license. |
| (3) New sessions per second and max session capacity for PA-7000 Series specified with 100G-NPCs. |
| (4) Optical/Copper transceivers are sold separately. |
| (5) Traffic Classification and Offload as per the video demo, this complements the firewall. |
| (6) Utilises our Mirroring Technology, which can be extended through our peering exchange technology and AI engine. 4.5 times uplift. |
| (7) Accelerated Workloads using ETLs embedded AVX512/QAT Technology. Extends to cloud interconnects. With our cloud-native tunnels, this number can increase again, this has to be on a case-by-case basis to understand what the tunnel will support. |
Source used for FW numbers:https://www.checkpoint.com/downloads/products/44000-64000-security-systems-datasheet.pdf