NGFW

Palo Alto Networks hardware platforms offer a full range of specially designed next-generation firewalls from PA-200 made for remote offices to PA-5060 for high-speed data centers. They use single pass software architecture and specific processing methods for each function: network organization, security, threat prevention and management that provides predictable level of performance.

Network security management
The enterprise security platforms can be managed individually via a command-line interface or through a full-featured browser-based interface. For large-scale deployments you can use Panorama to globally deliver visibility, policy editing, reporting, and logging features for all of your hardware and virtual appliance firewalls.

Protecting enabled applications and content
When you apply threat prevention and content scanning policies, the context of the application and the user become integral components of your security policy. Full context within your threat prevention policies neutralizes evasion tactics such as port-hopping and tunneling. Reduce the threat target surface area by enabling a select set of applications, and then apply threat prevention and content scanning policies to that traffic.

Reporting and logging
Security best practice means striking a balance between ongoing management efforts and being reactive, which may involve investigating and analyzing security incidents or generating day-to-day reports.


PA-200

Palo Alto Networks PA-200 is a platform for distributed enterprise branch offices and medium sized businesses. The controlling element of the PA-200 is PAN-OS, a security-specific operating system that natively classifies all traffic, inclusive of applications, threats and content, then ties that traffic to the user, regardless of location or device type. The application, content, and user are then used as the basis of your security policies, resulting in an improved security posture and a reduction in incident response time.

Technical Specifications

Firewall throughput (App-ID enabled) 100 Mbps
Threat prevention throughput 50 Mbps
IPSec VPN throughput 50 Mbps
New sessions per second 1 000
Max sessions 64 000
IPSec VPN tunnels/tunnel interfaces 25
GlobalProtect (SSL VPN) simultaneous users 25
SSL decryption sessions 1 000
SSL incoming certificates 25
Virtual routers 3
Security zones 10
Max number of policies 250


PA-500

Palo Alto Networks PA-500 is a platform focused on high-speed firewall deployment for enterprise branch offices and medium sized businesses.

Technical Specifications

Firewall throughput (App-ID enabled) 250 Mbps
Threat prevention throughput 100 Mbps
IPSec VPN throughput 50 Mbps
New sessions per second 7 500
Max sessions 64 000
IPSec VPN tunnels/tunnel interfaces 250
GlobalProtect (SSL VPN) simultaneous users 100
SSL decryption sessions 1 000
SSL incoming certificates 25
Virtual routers 3
Security zones 20
Max number of policies 1 000

Palo Alto Networks PA-3000 Series is comprised of PA-3060, PA-3050 and PA-3020, all of which are targeted at high speed Internet gateway deployments. PA-3000 Series manages network traffic flows using dedicated processing and memory for networking, security, threat prevention and management.

PA-3020

Technical Specifications PA-3020

Firewall throughput (App-ID enabled) 2 Gbps
Threat prevention throughput 1 Gbps
IPSec VPN throughput 500 Mbps
New sessions per second 16 000
Max sessions 250 000
IPSec VPN tunnels/tunnel interfaces 1 000
GlobalProtect (SSL VPN) simultaneous users 1 000
SSL decryption sessions 1 000
SSL incoming certificates 25
Virtual routers 10
Virtual systems (base variant/max.2) 1/6
Security zones 40
Max number of policies 2 500

PA-3050

Technical Specifications PA-3050

Firewall throughput (App-ID enabled) 4 Gbps
Threat prevention throughput 2 Gbps
IPSec VPN throughput 500 Mbps
New sessions per second 16 000
Max sessions 500 000
IPSec VPN tunnels/tunnel interfaces 2 000
GlobalProtect (SSL VPN) simultaneous users 2 000
SSL decryption sessions 1 000
SSL incoming certificates 25
Virtual routers 10
Virtual systems (base variant/max.2) 1/6
Security zones 40
Max number of policies 5 000

PA-3060

Technical Specifications PA-3060

Firewall throughput (App-ID enabled) 4 Gbps
Threat prevention throughput 2 Gbps
IPSec VPN throughput 500 Mbps
New sessions per second 50 000
Max sessions 500 000
IPSec VPN tunnels/tunnel interfaces 2 000
GlobalProtect (SSL VPN) simultaneous users 2 000
SSL decryption sessions 2 000
SSL incoming certificates 25
Virtual routers 10
Virtual systems (base variant/max.2) 1/6
Security zones 40
Max number of policies 5 000

Palo Alto Networks PA-5000 Series is comprised of PA-5060, PA-5050 and PA-5020, all of which are targeted at high speed datacenter and Internet gateway deployments. PA-5000 Series delivers up to 20 Gbps of throughput using dedicated processing and memory for the key functional areas of networking, security, threat prevention and management.

PA-5020

Technical Specifications PA-5020

Firewall throughput (App-ID enabled) 5 Gbps
Threat prevention throughput 2 Gbps
IPSec VPN throughput 2 Gbps
New sessions per second 120 000
Max sessions 1 000 000
IPSec VPN tunnels/tunnel interfaces 2 000
GlobalProtect (SSL VPN) simultaneous users 5 000
SSL decryption sessions 15 000
SSL incoming certificates 100
Virtual routers 20
Virtual systems (base variant/max.2) 10/20
Security zones 80
Max number of policies 10 000

PA-5050

Technical Specifications PA-5050

Firewall throughput (App-ID enabled) 10 Gbps
Threat prevention throughput 5 Gbps
IPSec VPN throughput 4 Gbps
New sessions per second 120 000
Max sessions 2 000 000
IPSec VPN tunnels/tunnel interfaces 4 000
GlobalProtect (SSL VPN) simultaneous users 10 000
SSL decryption sessions 45 000
SSL incoming certificates 300
Virtual routers 125
Virtual systems (base variant/max.2) 25/125
Security zones 500
Max number of policies 20 000

PA-5060

Technical Specifications PA-5060

Firewall throughput (App-ID enabled) 20 Gbps
Threat prevention throughput 10 Gbps
IPSec VPN throughput 4 Gbps
New sessions per second 120 000
Max sessions 4 000 000
IPSec VPN tunnels/tunnel interfaces 8 000
GlobalProtect (SSL VPN) simultaneous users 20 000
SSL decryption sessions 90 000
SSL incoming certificates 1 000
Virtual routers 225
Virtual systems (base variant/max.2) 25/225
Security zones 900
Max number of policies 40 000