1
Palo Alto Networks Platorm Specificatons and Features Summary
Performance and Capacities1
PA-70803
PA-70503
PA-5280
PA-5260
PA-5250
PA-5220
Firewall throughput (App-ID, Appmix)
720 Gbps
430 Gbps
67 Gbps
67 Gbps
40 Gbps
20 Gbps
Threat Prevention throughput (Appmix)
350 Gbps
210 Gbps
33 Gbps
33 Gbps
23 Gbps
9 Gbps
IPsec VPN throughput
240 Gbps
144 Gbps
24 Gbps
24 Gbps
16 Gbps
8 Gbps
New sessions per second
4,800,000
2,900,000
390,000
390,000
284,000
150,000
Maximum sessions
320,000,000
192,000,000
64,000,000
32,000,000
8,000,000
4,000,000
Virtual systems (base/max2)
25/225
25/225
25/225
25/225
25/125
10/20
Hardware Specifications
PA-7080
PA-7050
PA-5280
PA-5260
PA-5250
PA-5220
Up to (72) 10/100/1000, (48) SFP/
(4) 100/1000/10G Cu, (16)
Up to (120) 10/100/1000, (80) SFP/
Interfaces supported NPC option 14
SFP+, (24) QSFP+/
(4) 100/1000/10G Cu, (16) 1G/10G SFP/SFP+, (4) 40G/100G QSFP28
1G/10G SFP/SFP+, (4) 40G
SFP+, (40) QSFP+/QSFP28
QSFP28
QSFP+
(2) 10/100/1000 Cu, (1) 10/100/1000 out-of-band management, (1) RJ45 console
(2) SFP/SFP+ MGT, (2) SFP/SFP+ HA1, (2) HSCI HA2/HA3
Management I/O
QSFP+/QSFP28, (1) RJ45 serial console, (1) micro-USB serial console
(1) 40G/100G QSFP28 HA
(1) 40G QSFP+ HA
9U, 19” standard rack or 14U,
Size
19U, 19” standard rack
19” standard rack with optional
3U, 19” standard rack
PAN-AIRDUCT kit
4 x 2500 W AC (2400 W / 2700 W)
Power supply
4 x 2500 W AC (2400 W / 2700 W)
2 x 1200 W AC or DC (1:1 fully redundant)
expandable to 8
Redundant power supply
Yes
Yes
Disk drives
(2) 240 GB SSD system drive, RAID1
System: 240 GB SSD, RAID1. Log: 2 TB HDD, RAID1
Hot-swappable fans
Yes
Yes
Performance and Capacities1
PA-3260
PA-3250
PA-3220
Firewall throughput (App-ID, Appmix)
10 Gbps
7 Gbps
4.6 Gbps
Threat Prevention throughput (Appmix)
4.7 Gbps
3.1 Gbps
2.6 Gbps
IPsec VPN throughput
4.8 Gbps
3.2 Gbps
2.5 Gbps
New sessions per second
118,000
84,000
57,000
Maximum sessions
3,000,000
2,000,000
1,000,000
Virtual systems (base/max2)
1/6
1/6
1/6
Hardware Specifications
PA-3260
PA-3250
PA-3220
Interfaces supported4
(12) 10/100/1000, (8) 1G/10G SFP/SFP+, (4) 40G QSFP+
(12) 10/100/1000, (8) 1G/10G SFP/SFP+
(12) 10/100/1000, (4) 1G SFP, (4) 1G/10G SFP/SFP+
Management I/O
(1) 10/100/1000 out-of-band management port, (2) 10/100/1000 high availability, (1) 10G SFP+ high availability, (1) RJ-45 console port, (1) Micro USB
Size
2U, 19” standard rack (3.5” H x 20.53” D x 17.34” W)
Power supply
650 W AC or DC (180/240)
Redundant power supply
Yes
Disk drives
240 GB SSD
Hot-swappable fans
Yes
April 2019 (PAN-OS 9.0) This specificatons and features summary is for comparison purposes only. Refer to the respectve product specsheets for the most up-to-date informaton.
2
Palo Alto Networks Platorm Specificatons and Features Summary
Performance and Capacities1
PA-850
PA-820
PA-220
PA-220/R
Firewall throughput (App-ID, Appmix)
2 Gbps
1 Gbps
560 Mbps
560 Mbps
Threat Prevention throughput (Appmix)
1 Gbps
790 Mbps
260 Mbps
260 Mbps
IPsec VPN throughput
500 Mbps
400 Mbps
100 Mbps
100 Mbps
New sessions per second
13,000
8,300
4,200
4,200
Maximum sessions
192,000
128,000
64,000
64,000
Virtual systems (base)
1
1
1
1
Hardware Specifications
PA-850
PA-820
PA-220
PA-220/R
Interfaces supported4
(4) 10/100/1000, (4) SFP, (4) 10 SFP+
(4) 10/100/1000, (8) SFP
(8) 10/100/1000
(6) 10/100/1000 and 2 SFP
(1) 10/100/1000 Out-of-band man-
(1) 10/100/1000 Out-of-band
(1) 10/100/1000 out-of-band management, (2) 10/100/1000 high availability,
Management I/O
agement, (1) RJ-45 Console, (1) USB,
management, (1) RJ-45 Console,
(1) RJ-45 console, (1) USB, (1) Micro USB console
(1) Micro USB console
(1) USB, (1) Micro USB console
Size
1U, 19” standard rack
1.62” H x 6.29” D x 8.07” W
2.0” H x 8.66” D x 9.25” W
Power supply
Two 500 W AC; one is redundant
200 W
Dual redundant 40 W
None
Redundant power supply
Yes
No
Yes (optional)
None
Disk drives
240 GB SSD
32 GB EMMC
32 GB EMMC
Hot-swappable fans
No
No
No
Performance and Capacities1
VM-50/VM-50 Lite
VM-100/VM-200
VM-300/VM-1000-HV
VM-500
VM-700
Firewall throughput (App-ID)
200 Mbps
2 Gbps
4 Gbps
8 Gbps
16 Gbps
Threat Prevention throughput
100 Mbps
1 Gbps
2 Gbps
4 Gbps
8 Gbps
IPsec VPN throughput
100 Mbps
1 Gbps
1.8 Gbps
4 Gbps
6 Gbps
New sessions per second1
3,000
15,000
30,000
60,000
120,000
CPUs supported
26
2
2, 4
2, 4, 8
2, 4, 8, 16
Dedicated memory (minimum)
4.08/4.5 GB
6.5 GB
9 GB
16 GB
56 GB
Dedicated disk drive capacity (minimum)
32 GB7
60 GB
60 GB
60 GB
60 GB
VM-Series Supported Environments
VM-50/VM-50 Lite
VM-100/VM-200
VM-300/VM-1000-HV
VM-500
VM-700
Private Cloud
1. VMware NSX Manager 6.3/6.4.1 or later
No
Yes
Yes
Yes
No
2. Cisco ACI 2.3/3.0/3.1/3.2
Yes
Yes
Yes
Yes
Yes
3. Openstack Mirantis 8.0 with Contrail 3.2;
Yes
Yes
Yes
Yes
Yes
OpenStack Newton 10
4. Nutanix AOS 5.1.5/5.5.4 or later/5.9/5.10;
Yes
Yes
Yes
Yes
Yes
Hypervisor
1. VMware ESXi 6.0/6.5/6.7
Yes
Yes
Yes
Yes
Yes
2. KVM on CentOS/RHEL 7.0/7.1/7.2/7.5 and
Yes
Yes
Yes
Yes
Yes
Ubuntu 14.04/16.04 LTS
3. Microsoft Hyper-V (Windows 2016 with
Yes
Yes
Yes
Yes
Yes
Hyper-V role or Hyper-V 2016)
Public Cloud
1. Amazon Web Services (AWS)
No
BYOL or VM-Series ELA
PAYG (VM-300), BYOL or VM-Series ELA
BYOL or VM-Series ELA
BYOL or VM-Series ELA
2. Microsoft Azure
No
BYOL or VM-Series ELA
PAYG (VM-300), BYOL or VM-Series ELA
BYOL or VM-Series ELA
BYOL or VM-Series ELA
3. Google Cloud Platform (GCP)
No
BYOL or VM-Series ELA
PAYG (VM-300), BYOL or VM-Series ELA
BYOL or VM-Series ELA
BYOL or VM-Series ELA
4. Oracle Cloud
No
BYOL or VM-Series ELA
BYOL or VM-Series ELA
BYOL or VM-Series ELA
BYOL or VM-Series ELA
5. Alibaba Cloud
No
BYOL or VM-Series ELA
BYOL or VM-Series ELA
BYOL or VM-Series ELA
BYOL or VM-Series ELA
(1) VM-Series performance will vary based on underlying virtualization infrastructure (hypervisor/cloud). Refer to the individual datasheets for detailed performance and testing information. (2) Adding virtual systems to the base quantity requires a sepa-
rately purchased license. (3) New sessions per second and Max session capacity for PA-7000 Series specified with 100G-NPCs. (4) Optical/Copper transceivers are sold separately. (6) CPU oversubscription supported with up to five instances running on
a two-CPU configuration. (7) 60 GB required at initial boot. VM-Series will use 32 GB after license activation. (8) Supported with VM-50 Lite model only.
April 2019 (PAN-OS 9.0) This specificatons and features summary is for comparison purposes only. Refer to the respectve product specsheets for the most up-to-date informaton.
3
Palo Alto Networks Platorm Specificatons and Features Summary
Key Features
Supported Across All Models
Next-Generation Firewall
Deep visibility and granular control for thousands of applications; ability to create custom applications; ability to manage unknown traffic based on policy
ü
User identification and control: VPNs, WLAN controllers, captive portal, proxies, Active Directory, eDirectory, Exchange, Terminal Services, syslog parsing, XML API
ü
Granular SSL decryption and inspection (inbound and outbound); per-policy SSH control (inbound and outbound)
ü
Networking: dynamic routing (RIP, OSPF, BGP, multiprotocol BGP), DHCP, DNS, NAT, route redistribution, ECMP, LLDP, BFD, tunnel content inspection
ü
QoS: policy-based traffic shaping (priority, guaranteed, maximum) per application, per user, per tunnel, based on DSCP classification
ü
Virtual systems: logical, separately managed firewall instances within a single physical firewall, with each virtual system’s traffic kept separate
ü
Zone-based network segmentation and zone protection; DoS protection against flooding of new sessions
ü
Threat Prevention (subscription required)
In-line malware prevention automatically enforced through payload-based signatures, updated daily
ü
Vulnerability-based protections against exploits and evasive techniques on network and application layers, including port scans, buffer overflows, packet fragmentation, and obfuscation
ü
Command-and-control (C2) activity stopped from exfiltrating data or delivering secondary malware payloads; infected hosts identified through DNS sinkholing
ü
URL Filtering (subscription required)
Automatic prevention of web-based attacks, including phishing links in emails, phishing sites, HTTP-based C2, and pages that carry exploit kits
ü
Ability to stop in-process credential phishing
ü
Custom URL categories, alerts, and notification pages
ü
WildFire malware prevention (subscription required)
Detection of zero-day malware and exploits with layered, complementary analysis techniques
ü
Automated prevention in as few as five minutes across networks, endpoints, and clouds
ü
Community-based data for protection, including more than 29,000 subscribers
ü
AutoFocus threat intelligence (subscription required)
Contextualization and classification of attacks, including malware family, adversary, and campaign, to speed triage and response efforts
ü
Rich, globally correlated threat analysis sourced from WildFire
ü
Third-party threat intelligence for automated prevention
ü
DNS Security (subscription required)
Automatically prevent tens of millions of malicious domains identified with real-time analysis and continuously growing global threat intelligence
ü
Quickly detect command-and-control or data theft employing DNS tunneling with machine learning-powered analysis
ü
Automate dynamic response to find infected machines and quickly respond in policy
ü
File and data filtering
Bidirectional control over the unauthorized transfer of file types and Social Security numbers, credit card numbers, and custom data patterns
ü
GlobalProtect network security for endpoints (subscription required)
Remote access VPN (SSL, IPsec, clientless); mobile threat prevention and policy enforcement based on apps, users, content, device, and device state
ü
BYOD: app-level VPN for user privacy
ü
Panorama network security management (subscription required for managing multiple firewalls)
Intuitive policy control with applications, users, threats, advanced malware prevention, URLs, file types, and data patterns all in the same policy
ü
Actionable insight into traffic and threats with Application Command Center (ACC); fully customizable reporting
ü
Aggregated logging and event correlation
ü
Consistent scalable management of up to 30,000 hardware and all VM-Series firewalls; role-based access control; logical and hierarchical device groups; and templates
ü
GUI, CLI, XML-based REST API
ü
April 2019 (PAN-OS 9.0) This specificatons and features summary is for comparison purposes only. Refer to the respectve product specsheets for the most up-to-date informaton.