Genel Özellikler
Multi-gig-throughput firewalls with extreme versatility
Safely enable applications, users and content at high throughput speeds and SSL session capacity to secure encrypted traffic without slowing down your business, simplify deployments, and uncover and stop hidden threats without compromising privacy.
Predictable performance, broad threat coverage
Classify all applications on all ports, all the time
Identify any application, regardless of port, encryption (SSL or SSH) or evasive technique employed, and use the application – not the port – as the basis for all your safe enablement policy decisions: allow, deny, schedule, inspect and apply traffic-shaping. You can also categorize unidentified applications for policy control, threat forensics or custom App-ID™ technology development.
Enforce consistent policies for any user, at any location
Deploy consistent policies to local and remote users running on Windows®, macOS®, Linux, Android® or Apple iOS platforms. You can choose from a multitude of ways to identify users, including GlobalProtect™ network security for endpoints, captive portal, AAA servers, Microsoft Active Directory®, Terminal Services, LDAP and Novell eDirectory™, as well as other sources you can add using XML API. Our SD-WAN subscription also lets you leverage the PA-3200 Series appliances as an SD-WAN hub to interconnect all your branch locations.
Prevent known and unknown threats
Block a range of threats, including exploits, malware and spyware, across all ports, regardless of threat-evasion tactics employed. Gain full visibility into the details of all TLS encrypted connections and stop threats hidden within encrypted traffic, including traffic that uses TLS1.3 and HTTP/2 protocols. These appliances limit the unauthorized transfer of files and sensitive data to safely enable web and application access. They also identify unknown malware, analyze it based on malicious behaviors, and then automatically create and deliver protection.
Teknik Spesifikasyonlar
Performance
App-ID firewall throughput6.6 Gbps
Threat prevention throughput3 Gbps
IPSec VPN throughput3.2 Gbps
Connections per second82,000
Sessions
Max sessions (IPv4 or IPv6)2,000,000
Policies
Security rules10,000
Security rule schedules256
NAT rules6,000
Decryption rules1,500
App override rules1,500
Tunnel content inspection rules2,500
SD-WAN rules300
Policy based forwarding rules1,000
Captive portal rules2,000
DoS protection rules2,000
Security Zones
Max security zones200
Objects (addresses and services)
Address objects30,000
Address groups15,000
Members per address group2,500
Service objects4,000
Service groups2,000
Members per service group2,500
FQDN address objects2,048
Max DAG IP addresses200,000
Tags per IP address32
Security Profiles
Security profiles375
App-ID
Custom App-ID signatures6,000
Shared custom App-IDs512
Custom App-IDs (virtual system specific)6,416
User-ID
User-IP mappings (management plane)512,000
User-IP mappings (data plane)128,000
Active and unique groups used in policy10,000
Number of User-ID agents100
Monitored servers for User-ID100
Terminal server agents2,000
Tags per User32
SSL Decryption
Max SSL inbound certificates300
SSL certificate cache (forward proxy)8,000
Max concurrent decryption sessions200,000
SSL Port MirrorYes
SSL Decryption BrokerYes
HSM SupportedYes
URL Filtering
Total entries for allow list, block list and custom categories25,000
Max custom categories2,849
Max custom categories (virtual system specific)500
Dataplane cache size for URL filtering250,000
Management plane dynamic cache size600,000
EDL
Max number of custom lists30
Max number of IPs per system150,000
Max number of DNS Domains per system1,000,000
Max number of URL per system100,000
Shortest check interval (min)5
Interfaces
Mgmt - out-of-band10/100/1000, RJ45/Micro USB console
Mgmt - 10/100/1000 high availability2
Mgmt - 40Gbps high availabilityNA
Mgmt - 10Gbps high availability1
Traffic - 10/100/100012
Traffic - 100/1000/10000NA
Traffic - 1Gbps SFP0/8
Traffic - 10Gbps SFP+0/8
Traffic - 40Gbps QSFP0
802.1q tags per device4,094
802.1q tags per physical interface4,094
Max interfaces (logical and physical)4,096
Maximum aggregate interfaces8
Maximum SD-WAN virtual interfaces1,000
Virtual Routers
Virtual routers10
Virtual Wires
Virtual wires2,048
Virtual Systems
Base virtual systems1
Max virtual systems6
Routing
IPv4 forwarding table size44,000
IPv6 forwarding table size44,000
System total forwarding table size88,000
Max route maps per virtual router50
Max routing peers (protocol dependent)1,000
Static entries - DNS proxy1,024
Bidirectional Forwarding Detection (BFD) Sessions512
L2 Forwarding
ARP table size per device72,000
IPv6 neighbor table size72,000
MAC table size per device72,000
Max ARP entries per broadcast domain72,000
Max MAC entries per broadcast domain72,000
NAT
Total NAT rule capacity6,000
Max NAT rules (static)6,000
Max NAT rules (DIP)4,000
Max NAT rules (DIPP)4,000
Max translated IPs (DIP)128,000
Max translated IPs (DIPP)4,000
Default DIPP pool oversubscription4
Address Assignment
DHCP servers500
DHCP relays500
Max number of assigned addresses64,000
High Availability
Devices supported2
Max virtual addresses128
QoS
Number of QoS policies2,000
Physical interfaces supporting QoS12
Clear text nodes per physical interface31
DSCP marking by policyYes
Subinterfaces supported2,048
IPSec VPN
Max IKE Peers3,000
Site to site (with proxy id)6,000
SD-WAN IPSec tunnels3,000
GlobalProtect Client VPN
Max tunnels (SSL, IPSec, and IKE with XAUTH)2,048
GlobalProtect Clientless VPN
Max SSL tunnels400
Multicast
Replication (egress interfaces)1,000
Routes4,000
