Intelligent Traffic Offloading

Question 1

What is Intelligent Traffic Offloading (ITO)?

Answer 1

a VM-Series firewall Security subscription that, when configured with the NVIDIA BlueField-2 DPU, increases capacity throughput for the VM-Series firewall

Question 2

The VM-Series firewall and the BlueField-2 DPU must be installed on which system, platform and kernel?

Answer 2

• system = Ubuntu 18.04
• kernel version = 4.15.0-20
• platform = x86 physical host

Question 3

What is the only supported interface mode?

Answer 3

virtual wire

should be also L3 since PAN-OS 11.2

Question 4

How many firewalls and BlueField-2 DPUs can you deploy per host?

Answer 4

only 1

Question 5

How does ITO work?

Answer 5

1. ITO service routes the first few packets of a flow to the firewall for inspection to determine whether the rest of the packets in the flow should be inspected or offloaded. The decision is based on policy or whether the flow can be inspected (for example, encrypted traffic can’t be inspected)
2. By only inspecting flows that can benefit from security inspection, the overall load on the firewall is greatly reduced and VM-Series firewall performance increases without sacrificing security

Question 6

What is the top sessions per second threshold for ITO?

Answer 6

7,000; when reached traffic still flows through the VM-Series firewall and is inspected

or the offload session table is ful

Question 7

What is the minumum number of vCPUs for ITO?

Answer 7

18