Palo Alto Networks Enterprise Firewall PA-5220

Model: PA-5220

  • 18.5 Gbps firewall throughput (App-ID enabled)
  • 9.2 Gbps threat prevention throughput
  • 5 Gbps IPSec VPN throughput
  • 4,000,000 max sessions
  • 169,000 new sessions per second
  • 20 virtual routers
  • 10/20 virtual systems (base/max)

Overview:

Key Security Features:

Classifies all applications, on all ports, all the time

  • Identifies the application, regardless of port, encryption (SSL or SSH), or evasive technique employed
  • Uses the application, not the port, as the basis for all of your safe enablement policy decisions: allow, deny, schedule, inspect and apply traffic-shaping
  • Categorizes unidentified applications for policy control, threat forensics or App-ID™ application identification technology development

Enforces security policies for any user, at any location

  • Deploys consistent policies to local and remote users running on the Windows®, Mac® OS X®, Linux®, Android™ or Apple® iOS platforms
  • Enables agentless integration with Microsoft® Active Directory® and Terminal Services, LDAP, Novell® eDirectory™ and Citrix®
  • Easily integrates your firewall policies with 802.1X wireless, proxies, NAC solutions, and any other source of user identity information

Prevents known and unknown threats

  • Blocks a range of known threats, including exploits, malware and spyware, across all ports, regardless of common threat-evasion tactics employed
  • Limits the unauthorized transfer of files and sensitive data, and safely enables non-work-related web surfing
  • Identifies unknown malware, analyzes it based on hundreds of malicious behaviors, and then automatically creates and delivers protection

The controlling element of the PA-5200 Series is PAN-OS®, security operating system, which that natively classifies all traffic, inclusive of applications, threats and content, and then ties that traffic to the user, regardless of location or device type. The application, content and user – in other words, the business elements that run your business – are then used as the basis of your security policies, resulting in an improved security posture and a reduction in incident response time.

Performance and Capacities1 PA-5260 PA-5250 PA-5220
Firewall throughput2 (App-ID enabled) 72.2 Gbps 35.9 Gbps 18.5 Gbps
Threat prevention throughput3 30 Gbps 20.3 Gbps 9.2 Gbps
IPsec VPN throughput 21 Gbps 14 Gbps 5 Gbps
Max sessions 32,000,000 8,000,000 4,000,000
New sessions per second4 458,000 348,000 169,000
Virtual systems (base/max5) 25/225 25/125 10/20

 

Networking Features:

 

Interface Modes
  • L2, L3, Tap, Virtual wire (transparent mode)
  • Point-to-point protocol over Ethernet (PPPoE) and DHCP supported for dynamic address assignment
Routing
  • OSPFv2/v3 with graceful restart, BGP with graceful restart, RIP, Static routing
  • Policy-based forwarding
  • Multicast: PIM-SM, PIM-SSM, IGMP v1, v2, and v3
  • Bidirectional Forwarding Detection (BFD)
IPv6
  • L2, L3, Tap, Virtual Wire (transparent mode)
  • Features: App-ID™, User-ID™, Content-ID™, WildFire™, and SSL decryption
  • SLAAC
IPsec VPN
  • Key exchange: Manual key, IKE v1 and IKEv2 (pre-shared key, certificate-based authentication)
  • Encryption: 3DES, AES (128-bit, 192-bit, 256-bit)
  • Authentication: MD5, SHA-1, SHA-256, SHA-384, SHA-512
  • GlobalProtect™ large-scale VPN (LSVPN) for simplified configuration and management
VLANs
  • 802.1q VLAN tags per device/per interface: 4,094/4,094
  • Aggregate interfaces (802.3ad), LACP
Network Address Translation (NAT)
  • NAT modes (IPv4): static IP, dynamic IP, dynamic IP and port (port address translation)
  • NAT64, NPTv6
  • Additional NAT features: Dynamic IP reservation, tun- able dynamic IP and port oversubscription
High Availability
Modes: Active/Active, Active/Passive
Failure detection: Path monitoring, interface monitoring

 

Technical Specifications:

I/O

PA-5260 | PA-5250 - (4) 100/1000/10G Cu, (16) Gig/10Gig SFP/SFP+, (4) 40G/100G QSFP28

PA-5220 – (4)100/1000/10G Cu, (16) Gig/10Gig SFP/SFP+, (4) 40G QSFP+

Management I/O

PA-5260 | PA-5250 - (2) 10/100/1000, (1) 40G/100G QSFP28 HA, (1) 10/100/1000 out-of-band management, (1) RJ45 console port

PA-5220 - (2) 10/100/1000, (1) 40G QSFP+ HA, (1) 10/100/1000 out-of-band management, (1) RJ45 console port

Storage Options

Dual Solid State Disk Drives

Storage Capacity

240GB SSD, RAID1, System Storage 2TB HDD, RAID1, Log Storage

Power (Max Power Consumption)

870 Watts

Max BTU/hr

2,970

Power Supplies (base/max)

1:1 Fully Redundant (2/2)

AC Input Voltage (input Hz)

100-240VAC (50-60Hz)

AC Power Supply Output

1200 Watt/power supply

Max Current

AC power supplies — 6.5A@100-240VAC DC power supplies — 19A@-40 to -60VDC

Max Inrush Current

AC power supplies — 50A@230VAC, 50A@120VAC DC power supplies — 200A@72VDC

Mean Time Between Failure (MTBF)

9.23 Years

Rack Mount (Dimensions)

3U, 19” Standard Rack

5.25”H X 20.5”D X 17.25”W (13.33cm X 52.07cm X 43.81cm)

Weight

46lbs (20.87Kg) System only, 62lbs (28.13Kg) as shipped

Safety

cCSAus, CB IEC60950-1

EMI

FCC Class A, CE Class A, VCCI Class A

Certifications

See https://www.paloaltonetworks.com/company/certifications.html

Environment

Operating Temperature: 32°F to 122°F (0° to 50°C)

Non-Operating Temperature: -20° to 70°C (-4°F to 158°F)