Palo Alto Networks PA-5020 - PA-5050

Palo Alto PA-5000 Serisi UTM Firewall

Palo Alto PA-5020 & PA-5050 & PA-5060 UTM Firewall

Genel Bakış
Model Karşılaştırmaları
Teknik Özellikler

Palo Alto PA-5000 Serisi UTM Firewall

The Palo Alto Networks™ PA-5000 Series is comprised of three high performance models, the PA-5060, the PA-5050 and the PA-5020, all of which are targeted at high speed datacenter and Internet gateway deployments.

Use the PA-5060, PA-5050, and PA-5020 to safely enable applications, users, and content in high-speed datacenter, large Internet gateway, service provider, and multi-tenant environments. Predictable throughput levels of up to 20 Gbps are achieved using dedicated, function-specific processing for networking, security, content inspection, and management.

Palo Alto Networks
PA-5000 Serisi

The PA-5000 Series delivers up to 20 Gbps of throughput using dedicated processing and memory for the key functional areas of networking, security, threat prevention and management. To ensure that management access is always available, irrespective of the traffic load, the data and control planes are physically separated. The controlling element of the PA-5000 Series is PAN-OS™, a security-specific operating system that allows organizations to safely enable applications using App-ID, User-ID, Content-ID, GlobalProtect and, WildFire.

Classify all applications, on all port, all the time with App-ID.
Identify the application, regardless of port, encryption (SSL or SSH) or evasive technique employed.
Use the application, not the port, as the basis for all safe enablement policy decisions: allow, deny, schedule, inspect, apply traffic shaping.
Categorize unidentified applications for policy control, threat forensics, custom App-ID creation, or packet capture for App-ID development.

Extend safe application enablement policies to any user, at any location, with User-ID and GlobalProtect.
Agentless integration with Active Directory, LDAP, eDirectory Citrix and Microsoft Terminal Services.
Integrate with NAC, 802.1X wireless and other non-standard user repositories with an XML API.
Deploy consistent policies to local and remote users running Microsoft Windows, Mac OS X, Linux, Android or iOS platforms.

Protect against all threat—both known and unknown—with Content-ID and Wildfire
Block a range of known threats including exploits, malware and spyware, across all ports, regardless of common threat evasion tactics employed.
Limit unauthorized transfer of files and sensitive data, and control non-workrelated web surfing.
Identify unknown malware, analyze for more than 100 malicious behaviors, automatically create and deliver a signature in the next available update.
- Palo Alto PA-5020
  Performans ve Kapasite:
  Firewall Değeri (Throughput):
  5 Gbps
  Tehdit Önleme (Throughput):
  2 Gbps
  IPSec VPN (Throughput):
  2 Gbps
  New Session per Second:
  120.000
  Max Sessions:
  1.000.000
  IPSec VPN tunnels / tunnel interfaces:
  2.000
  GlobalProtect (SSL VPN) Eşzamanlı Bağlantı:
  5.000
  SSL decrypt sessions:
  15.000
  SSL inbound certificates:
  100
  Virtual routers:
  20
  Virtual systems (base/max):
  10/20
  Security zones:
  80
  Max. number of policies:
  10.000
  Donanım Özellikleri:
  Interface:
  12 x 10/100/1000
  8 x SFP optical Gigabit
  Management Interface:
  1 x 10/100/1000 out-of-band management port
  2 x 10/100/1000 high availability
  1 x RJ-45 Console Port
  Storage Options:
  Single veya Dual Solid State Disk Sürücüsü (SSD)
  Storage Capacity:
  120Gb, 240Gb SSD, Raid 1
  Güç Tüketimi:
  Yedekli 450W
  Max BTU/HR:
  1.160
  AC Power:
  100-240V
  Max Akım Tüketimi:
  8A@100VAC
  Rack Montajı:
  2U, 19″ Standart Rack
  Boyutlar:
  8.9cm (H) x 41.9cm (D) x 44.5cm (W)
  Ağırlık:
  18.5 Kg
  Güvenlik:
  UL, CUL, CB
  EMI:
  FCC Class A, CE Class A, VCCI Class A
  Çalışma Ortamı:
  0° – 50° C
  Sertifikalar:
  NEBS Level 3, FIPS level 2, ICSA
  Performans ve Kapasite
  Firewall Değeri (Throughput)
  Tehdit Önleme (Throughput)
  IPSec VPN (Throughput)
  New Session per Second
  Max Sessions
  IPSec VPN tunnels / tunnel interfaces
  GlobalProtect (SSL VPN) Eşzamanlı Bağlantı
  SSL decrypt sessions
  SSL inbound certificates
  Virtual routers
  Virtual systems (base/max)
  Security zones
  Max. number of policies
  Donanım Özellikleri
  Interface
  Management Interface
  Storage Options
  Storage Capacity
  Güç Tüketimi
  Max BTU/HR
  AC Power
  Max Akım Tüketimi
  Rack Montajı
  Boyutlar
  Ağırlık
  Güvenlik
  EMI
  Çalışma Ortamı
  Sertifikalar
- Palo Alto PA-5050
  Performans ve Kapasite:
  Firewall Değeri (Throughput):
  10 Gbps
  Tehdit Önleme (Throughput):
  5 Gbps
  IPSec VPN (Throughput):
  4 Gbps
  New Session per Second:
  120.000
  Max Sessions:
  2.000.000
  IPSec VPN tunnels / tunnel interfaces:
  4.000
  GlobalProtect (SSL VPN) Eşzamanlı Bağlantı:
  10.000
  SSL decrypt sessions:
  45.000
  SSL inbound certificates:
  300
  Virtual routers:
  125
  Virtual systems (base/max):
  25/125
  Security zones:
  500
  Max. number of policies:
  20.000
  Donanım Özellikleri:
  Interface:
  12 x 10/100/1000
  8 x SFP optical Gigabit
  4 x 10 Gigabit SFP+
  Management Interface:
  1 x 10/100/1000 out-of-band management port
  2 x 10/100/1000 high availability
  1 x RJ-45 Console Port
  Storage Options:
  Single veya Dual Solid State Disk Sürücüsü (SSD)
  Storage Capacity:
  120Gb, 240Gb SSD, Raid 1
  Güç Tüketimi:
  Yedekli 450W
  Max BTU/HR:
  1.160
  AC Power:
  100-240V
  Max Akım Tüketimi:
  8A@100VAC
  Rack Montajı:
  2U, 19″ Standart Rack
  Boyutlar:
  8.9cm (H) x 41.9cm (D) x 44.5cm (W)
  Ağırlık:
  18.5 Kg
  Güvenlik:
  UL, CUL, CB
  EMI:
  FCC Class A, CE Class A, VCCI Class A
  Çalışma Ortamı:
  0° – 50° C
  Sertifikalar:
  NEBS Level 3, FIPS level 2, ICSA
- Palo Alto PA-5060
  Performans ve Kapasite:
  Firewall Değeri (Throughput):
  20 Gbps
  Tehdit Önleme (Throughput):
  10 Gbps
  IPSec VPN (Throughput):
  4 Gbps
  New Session per Second:
  120.000
  Max Sessions:
  4.000.000
  IPSec VPN tunnels / tunnel interfaces:
  8.000
  GlobalProtect (SSL VPN) Eşzamanlı Bağlantı:
  20.000
  SSL decrypt sessions:
  90.000
  SSL inbound certificates:
  1.000
  Virtual routers:
  225
  Virtual systems (base/max):
  25/225
  Security zones:
  900
  Max. number of policies:
  40.000
  Donanım Özellikleri:
  Interface:
  12 x 10/100/1000
  8 x SFP optical Gigabit
  4 x 10 Gigabit SFP+
  Management Interface:
  1 x 10/100/1000 out-of-band management port
  2 x 10/100/1000 high availability
  1 x RJ-45 Console Port
  Storage Options:
  Single veya Dual Solid State Disk Sürücüsü (SSD)
  Storage Capacity:
  120Gb, 240Gb SSD, Raid 1
  Güç Tüketimi:
  Yedekli 450W
  Max BTU/HR:
  1.416
  AC Power:
  100-240V
  Max Akım Tüketimi:
  8A@100VAC
  Rack Montajı:
  2U, 19″ Standart Rack
  Boyutlar:
  8.9cm (H) x 41.9cm (D) x 44.5cm (W)
  Ağırlık:
  18.5 Kg
  Güvenlik:
  UL, CUL, CB
  EMI:
  FCC Class A, CE Class A, VCCI Class A
  Çalışma Ortamı:
  0° – 50° C
  Sertifikalar:
  NEBS Level 3, FIPS level 2, ICSA
Ağ Özellikleri
Interface Modları
- L2, L3, Tap, Virtual Wire (transparent mode)
VLAN
- 802.1q VLAN tags
- Cihaz Başına: 4.094 / interface Başına: 4.094
- Maksimum interfaces:
  PA-5020: 2.048
  PA-5050: 4.096
  PA-5050: 4.096
- Aggregate interfaces (802.3ad)
Routing
- Modes: OSPF, RIP, BGP, Static
- Yönlendirme Tablosu Boyutu (Cihaz Başına Kayıt/per VR): 64.000 / 64.000
- Policy-based yönlendirme
- Point-to-Point Protocol over Ethernet (PPPoE)
- Multicast: PIM-SM, PIM-SSM, IGMP v1, v2, and v3
NAT / PAT
- Max NAT rules:
  PA-5020: 1.000
  PA-5050: 4.000
  PA-5060: 8.000
- Max NAT rules (DIPP):
  PA-5020: 200
  PA-5050: 250
  PA-5060: 450
- Dynamic IP and port pool: 254
- Dynamic IP pool: 32.000
- NAT Modes: 1:1 NAT, n:n NAT, m:n NAT
- DIPP oversubscription (Unique destination IPs per source port and IP): PA-5020: 4 / PA-5050 & PA-5060: 8
- NAT64
High-Availability
- Active/Passive with no session synchronization
- Failure detection: Path monitoring, Interface monitoring
Virtual Wire
- Max virtual wires:
  PA-5020: 1.024
  PA-5050: 2.048
  PA-5060: 2.048
- Interface types mapped to virtual wires: physical and subinterfaces
Address Assignment
- Address assignment for device: DHCP Client/PPPoE/Static
- Address assignment for users: DHCP Server/DHCP Relay/Static
Layer2 Yönlendirme
- ARP table size/device:
  PA-5020: 20.000
  PA-5050: 32.000
  PA-5060: 32.000
- MAC table size/device:
  PA-5020: 20.000
  PA-5050: 32.000
  PA-5060: 32.000
- IPv6 neighbor table size:
  PA-5020: 2.000
  PA-5050: 5.000
  PA-5060: 5.000
IPV6
- Features: L2, L3, Tap, Virtual Wire (transparent mode)
- Services: App-ID, User-ID, Content-ID, WildFire and SSL Decryption
Güvenlik Özellikleri
Firewall
- Policy-based control over applications, users and content
- Fragmented packet protection
- Reconnaissance scan protection
- Denial of Service (DoS)/Distributed Denial of Services (DDoS) protection
- Decryption: SSL (inbound and outbound), SSH
Threat Prevention (Subscription Required)
- Application, operating system vulnerability exploit protection
- Stream-based protection against viruses (including those embedded in HTML, Javascript, PDF and compressed), spyware, worms
Wildfire
- Identify and analyze targeted and unknown files for more than 100 malicious behaviors
- Generate and automatically deliver protection for newly discovered malware via signature updates
- Signature update delivery in less than 1 hour, integrated logging/reporting; access to WildFire API for programmatic submission of up to 100 samples per day and up to 1,000 report queries by file hash per day (Subscription Required)
URL Filtering (Subscription Required)
- Pre-defined and custom URL categories
- Device cache for most recently accessed URLs
- URL category as part of match criteria for security policies
- Browse time information
File and Data Filtering
- File transfer: Bi-directional control over more than 60 unique file types
- Data transfer: Bi-directional control over unauthorized transfer of CC# and SSN
- Drive-by download protection
Quality of Service (QOS)
- Policy-based traffic shaping by application, user, source, destination, interface, IPSec VPN tunnel and more
- 8 traffic classes with guaranteed, maximum and priority bandwidth parameters
- Real-time bandwidth monitor
- Per policy diffserv marking
- Physical interfaces supported for QoS: 4
User Integration (User-ID)
- Microsoft Active Directory, Novell eDirectory, Sun One and other LDAP-based directories
- Microsoft Windows Server 2003/2008/2008r2, Microsoft Exchange Server 2003/2007/2010
- Microsoft Terminal Services, Citrix XenApp
- XML API to facilitate integration with non-standard user repositories
SSL VPN / Remote Access (GlobalProtect)
- GlobalProtect Gateway
- GlobalProtect Portal
- Transport: IPSec with SSL fall-back
- Authentication: LDAP, SecurID, or local DB
- Client OS: Mac OS X 10.6, 10.7 (32/64 bit), 10.8 (32/64 bit), Windows XP, Windows Vista (32/64 bit), Windows 7 (32/64 bit)
- Third party client support: Apple iOS, Android 4.0 and greater, VPNC IPSec for Linux
IPSEC VPN (Site-To-Site)
- Key Exchange: Manual key, IKE v1
- Encryption: 3DES, AES (128-bit, 192-bit, 256-bit)
- Authentication: MD5, SHA-1, SHA-256, SHA-384, SHA-512
- Dynamic VPN tunnel creation (GlobalProtect)
Management, Reporting, Visibility Tools
- Integrated web interface, CLI or central management (Panorama)
- Multi-language user interface
- Syslog, Netflow v9 and SNMP v2/v3
- XML-based REST API
- Graphical summary of applications, URL categories, threats and data (ACC)
- View, filter and export traffic, threat, WildFire, URL, and data filtering logs
- Fully customizable reporting

Palo Alto PA-5000 Serisi UTM Firewall

Genel Bakış

Model Karşılaştırmaları

Teknik Özellikler

Palo Alto PA-5000 Serisi UTM Firewall

Palo Alto NetworksPA-5000 Serisi

Classify all applications, on all port, all the time with App-ID.

Extend safe application enablement policies to any user, at any location, with User-ID and GlobalProtect.

Protect against all threat—both known and unknown—with Content-ID and Wildfire

Palo Alto PA-5020

Palo Alto PA-5050

Palo Alto PA-5060

Ağ Özellikleri

Güvenlik Özellikleri

Bize Ulaşın

Palo Alto Networks
PA-5000 Serisi