Description
HIGHLIGHTS
- World’s first ML-Powered NGFW
- Nine-time Leader in the Gartner Magic Quadrant® for Network Firewalls
- Leader in The Forrester Waveâ„¢: Enterprise Firewalls, Q3 2020
- Highest Security Effectiveness score in the 2019 NSS Labs NGFW Test Report, with 100% of evasions blocked
- Spans a range of performance needs for the distributed enterprise with a broad lineup
- Offers security in a desktop form factor
- Extends visibility and security to all devices, including unmanaged IoT devices, without the need to deploy additional sensors
- Supports high availability with active/active and active/passive modes
- Delivers predictable performance with security services
- Features a silent, fanless design with an optional redundant power supply for branch and home offices
- Simplifies deployment of large numbers of firewalls with optional Zero Touch Provisioning (ZTP)
- Supports centralized administration with Panoramaâ„¢ network security management
PERFORMANCE & CAPACITIES
Firewall throughput (HTTP/appmix)* 3.8/3.2 Gbps
Threat Prevention throughput (HTTP/appmix)†1.6/1.7 Gbps
IPsec VPN throughput‡ 2.2 Gbps
Max sessions 300,000
New sessions per second 52,000
* Firewall throughput is measured with App-ID and logging enabled, utilizing 64 KB HTTP/appmix transactions..
†Threat Prevention throughput is measured with App-ID, IPS, antivirus, anti-spyware, WildFire, file blocking, and logging enabled, utilizing 64 KB HTTP/appmix transactions.2. Firewall throughput is measured with App-ID and logging enabled, using 64
‡ IPsec VPN throughput is measured with 64 KB HTTP transactions and logging enabled.
§ New sessions per second is measured with application-override, utilizing 1 byte HTTP transactions.
|| Adding virtual systems over base quantity requires a separately purchased license.
NETWORKING FEATURES
Interface Modes
L2, L3, tap, virtual wire (transparent mode)
Routing
OSPFv2/v3 with graceful restart, BGP with graceful restart, RIP,
static routing
Policy-based forwarding
Point-to-Point Protocol over Ethernet (PPPoE)
Multicast: PIM-SM, PIM-SSM, IGMP v1, v2, and v3
SD-WAN
Path quality measurement (jitter, packet loss, latency)
Initial path selection (PBF)
Dynamic path change
NETWORKING FEATURES
IPv6
L2, L3, tap, virtual wire (transparent mode)
Features: App-ID, User-ID, Content-ID, WildFire, and SSL
Decryption
SLAAC
IPsec VPN
Key exchange: manual key, IKEv1, and IKEv2
(pre-shared key, certificate-based authentication)
Encryption: 3DES, AES (128-bit, 192-bit, 256-bit)
Authentication: MD5, SHA-1, SHA-256, SHA-384, SHA-512
VLANs
802.1Q VLAN tags per device/per interface: 4,094/4,094
Aggregate interfaces (802.3ad), LACP
Network Address Translation
NAT modes (IPv4): static IP, dynamic IP, dynamic IP and port (port address translation)
NAT64, NPTv6
Additional NAT features: dynamic IP reservation, tunable dynamic IP and port oversubscription
High Availability
Modes: active/active, active/passive
Failure detection: path monitoring, interface monitoring
Zero Touch Provisioning (ZTP)
Available with -ZTP SKUs (PA-220-ZTP)
Requires Panorama 9.1.3 or higher
