Palo Alto Networks Enterprise Firewall PA-5220

Please request a quote for pricing

PERFORMANCE & CAPACITIES

Firewall throughput (HTTP/appmix)* 16/18 Gbps
Threat Prevention throughput (HTTP/appmix)† 8.2/10 Gbps
IPsec VPN throughput‡ 11 Gbps
Max sessions 4M
New sessions per second§ 180,000
Virtual systems (base/max)|| 10/20

* Firewall throughput is measured with App-ID and logging enabled, utilizing 64 KB HTTP/appmix transactions..
† Threat Prevention throughput is measured with App-ID, IPS, antivirus, anti-spyware, WildFire, file blocking, and logging enabled, utilizing 64 KB HTTP/appmix transactions.2. Firewall throughput is measured with App-ID and logging enabled, using 64
‡ IPsec VPN throughput is measured with 64 KB HTTP transactions and logging enabled.
§ New sessions per second is measured with application-override, utilizing 1 byte HTTP transactions.
|| Adding virtual systems over base quantity requires a separately purchased license.

PA-5220 Premium Support - 1 Year

Premium support 1 year

PA-5220 Premium Support - 3 Year

Premium support 3 years

PA-5220 Premium Support - 5 Year

Premium support 5 years

Request a Quote
Categories: , SKU: PAN-PA-5220-AC

Description

PA-5220

Firewall Throughput 18 Gbps (App-ID) | Threat Prevention Throughput 10 Gbps (App-ID)

HIGHLIGHTS

  • World’s first ML-Powered NGFW
  • Nine-time Leader in the Gartner Magic Quadrant® for Network Firewalls
  • Leader in The Forrester Wave™: Enterprise Firewalls, Q3 2020
  • Highest Security Effectiveness score in the 2019 NSS Labs NGFW Test Report, with 100% of evasions blocked
  • Extends visibility and security to all devices, including unmanaged IoT devices, without the need to deploy additional sensors
  • Supports high availability with active/ active and active/passive modes
  • Delivers predictable performance with security services
  • Features a silent, fanless design with an optional redundant power supply for branch and home offices
  • Simplifies deployment of large numbers of firewalls with optional Zero Touch Provisioning (ZTP)

PERFORMANCE & CAPACITIES

Firewall throughput (HTTP/appmix)* 16/18 Gbps
Threat Prevention throughput (HTTP/appmix)† 8.2/10 Gbps
IPsec VPN throughput‡ 11 Gbps
Max sessions 4M
New sessions per second§ 180,000
Virtual systems (base/max)|| 10/20

* Firewall throughput is measured with App-ID and logging enabled, utilizing 64 KB HTTP/appmix transactions..
† Threat Prevention throughput is measured with App-ID, IPS, antivirus, anti-spyware, WildFire, file blocking, and logging enabled, utilizing 64 KB HTTP/appmix transactions.2. Firewall throughput is measured with App-ID and logging enabled, using 64
‡ IPsec VPN throughput is measured with 64 KB HTTP transactions and logging enabled.
§ New sessions per second is measured with application-override, utilizing 1 byte HTTP transactions.
|| Adding virtual systems over base quantity requires a separately purchased license.

NETWORKING FEATURES

Interface Modes

L2, L3, tap, virtual wire (transparent mode)

Routing

OSPFv2/v3 with graceful restart, BGP with graceful restart, RIP,
static routing
Policy-based forwarding
Point-to-Point Protocol over Ethernet (PPPoE)
Multicast: PIM-SM, PIM-SSM, IGMP v1, v2, and v3

SD-WAN

Path quality measurement (jitter, packet loss, latency)
Initial path selection (PBF)
Dynamic path change

NETWORKING FEATURES

IPv6

L2, L3, tap, virtual wire (transparent mode)
Features: App-ID, User-ID, Content-ID, WildFire, and SSL
Decryption
SLAAC

IPsec VPN

Key exchange: manual key, IKEv1, and IKEv2
(pre-shared key, certificate-based authentication)
Encryption: 3DES, AES (128-bit, 192-bit, 256-bit)
Authentication: MD5, SHA-1, SHA-256, SHA-384, SHA-512

VLANs

802.1Q VLAN tags per device/per interface: 4,094/4,094
Aggregate interfaces (802.3ad), LACP

Network Address Translation

NAT modes (IPv4): static IP, dynamic IP, dynamic IP and port (port address translation)
NAT64, NPTv6
Additional NAT features: dynamic IP reservation, tunable dynamic IP and port oversubscription

High Availability

Modes: active/active, active/passive
Failure detection: path monitoring, interface monitoring

Zero Touch Provisioning (ZTP)

Available with -ZTP SKUs (PA-220-ZTP)
Requires Panorama 9.1.3 or higher