PaloAlto PA-5220
Mô tả
Key Security Features:
Classifies all applications, on all ports, all the time
- Identifies the application, regardless of port, encryption (SSL or SSH), or evasive technique employed
- Uses the application, not the port, as the basis for all of your safe enablement policy decisions: allow, deny, schedule, inspect and apply traffic-shaping
- Categorizes unidentified applications for policy control, threat forensics or App-ID™ application identification technology development
Enforces security policies for any user, at any location
- Deploys consistent policies to local and remote users running on the Windows®, Mac® OS X®, Linux®, Android™ or Apple® iOS platforms
- Enables agentless integration with Microsoft® Active Directory® and Terminal Services, LDAP, Novell® eDirectory™ and Citrix®
- Easily integrates your firewall policies with 802.1X wireless, proxies, NAC solutions, and any other source of user identity information
Prevents known and unknown threats
- Blocks a range of known threats, including exploits, malware and spyware, across all ports, regardless of common threat-evasion tactics employed
- Limits the unauthorized transfer of files and sensitive data, and safely enables non-work-related web surfing
- Identifies unknown malware, analyzes it based on hundreds of malicious behaviors, and then automatically creates and delivers protection
The controlling element of the PA-5200 Series is PAN-OS®, security operating system, which that natively classifies all traffic, inclusive of applications, threats and content, and then ties that traffic to the user, regardless of location or device type. The application, content and user – in other words, the business elements that run your business – are then used as the basis of your security policies, resulting in an improved security posture and a reduction in incident response time.
Specification
| STT | Tính năng | Palo Alto PA-5220 |
| 1 | Thông số kỹ thuật | |
| Firewall Throughput | 20 Gbps | |
| Threat Prevention throughput | 8.9 Gbps | |
| IPSec VPN throughput | 10 Gbps | |
| New sessions per second | 133000 | |
| Maximum sessions | 4000000 | |
| Interfaces supported | (4) 100/1000/10G Cu (16) 1G/10G SFP/SFP+ (4) 40G QSFP+ |
|
| Management I/O | (2) 10/100/1000 Cu (1) 10/100/1000 out-of-band management (1) RJ-45 console (1) 40G QSFP28 HA |
|
| Size | 3U, 19” standard rack 5.25” H x 20.5” D x 17.25” W (13.33cm x 52.07cm x 43.81cm) |
|
| Power Supply (Avg/Max Power Consumption) | 571/685 W | |
| Redundant Power Supply | Yes | |
| Storage capacity | System : 240 GB SSD, RAID | Log: 2 TB HDD, RAID1 | |
| Hot-swappable fans | Yes | |
| Max BTU/hr | 2340 | |
| Power Supply (Base/Max) | 1:1 fully redundant (2/2) | |
| AC Input Voltage (Input Hz) | 100–240VAC (50–60Hz) | |
| AC Power Supply Output | 1,200 watts/power supply | |
| Max Current Consumption | AAC: 8.5A @ 100VAC, 3.6A @ 240VAC DC: 19A @ -40VDC, 12.7A @ -60VDC |
|
| Max Inrush Current | AC: 50A @ 230VAC, 50A @ 120VAC DC: 200A @ 72VDC |
|
| Mean Time Between Failure (MTBF) | 9.23 Years | |
| Weight (Stand-Alone Device/ As Shipped) | 46 lbs (20.87 kg)/62 lbs (28.13 kg) | |
| Safety | cCSAus, CB IEC 60950-1 | |
| EMI | FCC Class A, CE Class A, VCCI Class A | |
| Certifications | See https://www.paloaltonetworks.com/company/certifications.html | |
| Enviroment | Operating temperature: 32° to 122° F, 0° to 50° C Non-operating temperature: -4° to 158° F, -20° to 70° C |
|
| 2 | Network Feature | |
| Interface mode | L2, L3, tap, virtual wire (transparent mode) | |
| Routing | OSPFv2/v3 with graceful restart, BGP with graceful restart, RIP, Static routing Policy-based forwarding Point-to-point protocol over Ethernet (PPPoE) and DHCP supported for dynamic address assignment Multicast: PIM-SM, PIM-SSM, IGMP v1, v2, and v3 Bidirectional Forwarding Detection (BFD) |
|
| IPv6 | L2, L3, tap, virtual wire (transparent mode) Features: App-ID, User-ID, Content-ID, WildFire, and SSL decryption SLAAC |
|
| IPSec VPN | Key exchange: manual key, IKEv1 and IKEv2 (pre-shared key, certificate-based authentication) Encryption: 3DES, AES (128-bit, 192-bit, 256-bit) Authentication: MD5, SHA-1, SHA-256, SHA-384, SHA-512 GlobalProtect large-scale VPN for simplified configuration and management |
|
| VLANs | 802.1Q VLAN tags per device/per interface: 4,094/4,094 Aggregate interfaces (802.3ad), LACP |
|
| Network Address Translation | NAT modes (IPv4): static IP, dynamic IP, dynamic IP and port (port address translation) NAT64, NPTv6 Additional NAT features: dynamic IP reservation, tunable dynamic IP and port oversubscription |
|
| High Availability | Modes: active/active, active/passive Failure detection: path monitoring, interface monitoring |
|
| Mobile Network Infrastructure | GTP Security SCTP Security |
