Paloalto PA-220

Paloalto PA-220

Paloalto PA-220

Genel Özellikler
Teknik Spesifikasyonlar
Markalar ve Modeller

Genel Özellikler

                                  Compact, powerful protection

Leave no security gaps. Protect even the smallest parts of your business with the PA-220 Next-Generation Firewall appliance. This small appliance secures your network by preventing a broad range of cyberthreats while safely enabling SD-WAN.

IoT Security is easier than you think

Your security team is now empowered to secure your enterprise IoT investments without additional resources, creating new processes and investing in new siloed tools..

Visibility, control and power to prevent network threats

Consistent security everywhere

Gain full visibility into the details of all TLS encrypted connections and stop threats hidden within encrypted traffic, including traffic that uses TLS1.3 and HTTP/2 protocols.

Security and SD-WAN natively integrated

Enable secure SD-WAN from a single appliance and management interface for seamless branch connectivity.

Simplified operations

With zero touch provisioning, you can automate tedious deployment processes and simplify manual operations.


Teknik Spesifikasyonlar

App-ID firewall throughput580 Mbps
Threat prevention throughput280 Mbps
IPSec VPN throughput500 Mbps
Connections per second4,200
Max sessions (IPv4 or IPv6)64,000
Security rules500
Security rule schedules256
NAT rules400
Decryption rules100
App override rules100
Tunnel content inspection rules100
SD-WAN rules100
Policy based forwarding rules100
Captive portal rules500
DoS protection rules100
Security Zones
Max security zones15
Objects (addresses and services)
Address objects2,500
Address groups250
Members per address group2,500
Service objects1,000
Service groups250
Members per service group500
FQDN address objects2,000
Max DAG IP addresses*1,000
Tags per IP address32
Security Profiles
Security profiles75
Custom App-ID signatures6,000
Shared custom App-IDs512
Custom App-IDs (virtual system specific)6,416
User-IP mappings (management plane)512,000
User-IP mappings (data plane)128,000
Active and unique groups used in policy*1,000
Number of User-ID agents100
Monitored servers for User-ID100
Terminal server agents400
Tags per User*32
SSL Decryption
Max SSL inbound certificates25
SSL certificate cache (forward proxy)128
Max concurrent decryption sessions6,400
SSL Port MirrorYes
SSL Decryption BrokerNo
HSM SupportedNo
URL Filtering
Total entries for allow list, block list and custom categories25,000
Max custom categories2,849
Max custom categories (virtual system specific)500
Dataplane cache size for URL filtering90,000
Management plane dynamic cache size100,000
Max number of custom lists30
Max number of IPs per system50,000
Max number of DNS Domains per system50,000
Max number of URL per system50,000
Shortest check interval (min)5
Mgmt - out-of-band10/100/1000, RJ45/Micro USB console
Mgmt - 10/100/1000 high availabilityNA
Mgmt - 40Gbps high availabilityundefined
Mgmt - 10Gbps high availabilityNA
Traffic - 10/100/10008
Traffic - 100/1000/10000NA
Traffic - 1Gbps SFPNA
Traffic - 10Gbps SFP+NA
Traffic - 40Gbps QSFPNA
802.1q tags per device4,094
802.1q tags per physical interface4,094
Max interfaces (logical and physical)1,024
Maximum aggregate interfaces4
Maximum SD-WAN virtual interfaces300
Virtual Routers
Virtual routers3
Virtual Wires
Virtual wires256
Virtual Systems
Base virtual systems1
Max virtual systems*NA
IPv4 forwarding table size*2,500
IPv6 forwarding table size*2,500
System total forwarding table size5,000
Max route maps per virtual router50
Max routing peers (protocol dependent)500
Static entries - DNS proxy1,024
Bidirectional Forwarding Detection (BFD) SessionsNA
L2 Forwarding
ARP table size per device1,500
IPv6 neighbor table size1,500
MAC table size per device1,500
Max ARP entries per broadcast domain1,500
Max MAC entries per broadcast domain1,500
Total NAT rule capacity400
Max NAT rules (static)*400
Max NAT rules (DIP)*400
Max NAT rules (DIPP)200
Max translated IPs (DIP)16,000
Max translated IPs (DIPP)*200
Default DIPP pool oversubscription*2
Address Assignment
DHCP servers3
DHCP relays*500*
Max number of assigned addresses64,000
High Availability
Devices supported2
Max virtual addresses32
Number of QoS policies100
Physical interfaces supporting QoS8
Clear text nodes per physical interface31
DSCP marking by policyYes
Subinterfaces supportedSystem Limit
Max IKE Peers1,000
Site to site (with proxy id)1,000
SD-WAN IPSec tunnels1,000
GlobalProtect Client VPN
Max tunnels (SSL, IPSec, and IKE with XAUTH)250
GlobalProtect Clientless VPN
Max SSL tunnels20
Replication (egress interfaces)100
Model bulunamadı.