Palo Alto Networks Enterprise Firewall PA-850

Model: PA-850

Identifies the application, regardless of port, encryption (SSL or SSH), or evasive technique employedUses the application, not the port, as the basis for all of your safe enablement policy decisions


Overview:

Classifies all applications, on all ports, all the time

  • Identifies the application, regardless of port, encryption (SSL or SSH), or evasive technique employed
  • Uses the application, not the port, as the basis for all of your safe enablement policy decisions: allow, deny, schedule, inspect and apply traffic-shaping
  • Categorizes unidentified applications for policy control, threat forensics or App-ID™ application identification technology development

Enforces security policies for any user, at any location

  • Deploys consistent policies to local and remote users running on the Windows®, Mac® OS X®, Linux®, Android™ or Apple® iOS platforms
  • Enables agentless integration with Microsoft® Active Directory® and Terminal Services, LDAP, Novell® eDirectory™ and Citrix®
  • Easily integrates your firewall policies with 802.1X wireless, proxies, NAC solutions, and any other source of user identity information

Prevents known and unknown threats

  • Blocks a range of known threats, including exploits, malware and spyware, across all ports, regardless of common threat-evasion tactics employed
  • Limits the unauthorized transfer of files and sensitive data, and safely enables non-work-related web surfing
  • Identifies unknown malware, analyzes it based on hundreds of malicious behaviors, and then automatically creates and delivers protection

Palo Alto Networks PA-800 Series next-generation firewall appliances, comprised of the PA-820 and PA-850, are designed to secure enterprise branch offices and midsized businesses.

The controlling element of the Palo Alto Networks® PA-800 Series appliances is PAN-OS® security operat- ing system, which natively classifies all traffic, inclusive of applications, threats and content, and then ties that traffic to the user, regardless of location or device type. The application, content and user – in other words, the business elements that run your business – are then used as the basis of your security policies, resulting in an improved security posture and a reduction in incident response time.

Performance and Capacities1 PA-850 PA-820
Firewall throughput (App-ID)2, 4 1.9 Gbps 940 Mbps
Threat prevention throughput3, 4 780 Mbps 610 Mbps
IPsec VPN throughput2, 4  500 Mbps 400 Mbps
New sessions per second 9,500 8,300
Max sessions 192,000 128,000

Networking Features:

PA-800 Series appliances support a wide range of networking features that enable you to more easily integrate our security features into your existing network.

Interface Modes
L2, L3, Tap, Virtual wire (transparent mode)
Routing
OSPFv2/v3 with graceful restart, BGP with graceful restart, RIP, Static routing
Policy-based forwarding
Point-to-Point Protocol over Ethernet (PPPoE)
Multicast: PIM-SM, PIM-SSM, IGMP v1, v2, and v3
Bidirectional Forwarding Detection (BFD)
IPv6
L2, L3, Tap, Virtual wire (transparent mode)
Features: App-ID, User-ID, Content-ID, WildFire and SSL decryption
SLAAC
IPsec VPN
Key exchange: Manual key, IKEv1 and IKEv2 (pre-shared key, certificate-based authentication)
Encryption: 3DES, AES (128-bit, 192-bit, 256-bit)
Authentication: MD5, SHA-1, SHA-256, SHA-384, SHA-512
VLANs
802.1q VLAN tags per device/per interface: 4,094/4,094
Aggregate interfaces (802.3ad), LACP
Network Address Translation (NAT)
NAT modes (IPv4): Static IP, dynamic IP, dynamic IP and port (port address translation)
NAT64, NPTv6
Additional NAT features: Dynamic IP reservation, tunable dynamic IP and port oversubscription
High Availability
Modes: Active/Active, Active/Passive
Failure detection: Path monitoring, interface monitoring

Technical Specifications:

Management I/O
  1. 10/100/1000 out-of-band management port
  2. 10/100/1000 high availability
(1) RJ-45 console port (1) USB port (1) Micro USB console port
Storage Capacity
240GB SSD
Power Supply (Average Power Consumption)
PA-850: Two 500W AC power supplies. One power supply is redundant. (75W) PA-820: 200W power supply. (45W)
Max BTU/hr
256
Input Voltage (Input frequency)
100-240VAC (50-60Hz)
Max Current Consumption
2.0A @ 100VAC,1.0A @ 240VAC (PA-850) 1.0A @ 100VAC,0.5A @ 240VAC (PA-820)
Max Inrush Current
1.0A @ 230VAC,1.84A @ 120VAC (PA-850) 0.4A @ 230VAC,0.96A @ 120VAC (PA-820)
Rack Mountable (Dimensions)
PA-850 - 1U, 19” standard rack (1.75”H x 14.5”D x 17.125”W) PA-820 - 1U, 19” standard rack (1.75”H x 14”D x 17.125”W)
Weight (Stand-Alone Device/As Shipped)
PA-850 13.5lbs/21.5 lbs PA-820 11lbs/18 lbs
Safety
cCSAus, CB
EMI
FCC Class A, CE Class A, VCCI Class A
Certifications
See: https://www.paloaltonetworks.com/company/certifications.html
Environment
Operating temperature: 32° to 104° F, 0° to 40° C Non-operating temperature: -4° to 158° F, -20° to 70° C
Airflow
Front to back