Paloalto PA-5220

Paloalto PA-5220

Paloalto PA-5220

Genel Özellikler
Teknik Spesifikasyonlar
Markalar ve Modeller

Genel Özellikler

Prevent attacks and fuel business growth

Don’t let the constraints of piecemeal security systems slow you down. Secure your business with a prevention-focused architecture that is easy to deploy, scale, manage and use across your high-speed data center, internet gateway and service provider deployments.

Risk reduction. Automation. Innovation. Pick three.

Broad protection across a wide range of use cases

Prevent threats and safely enable applications across a diverse set of high-performance use cases – including internet gateway, data center and service provider environments.

High performance with granular visibility and control

Get predictable, consistent performance, deep visibility and control over all traffic. Secure your organization through advanced visibility and control of applications, users and content at throughput speeds of up to 67 Gbps.

Strong security for encrypted traffic

Gain full visibility into TLS encrypted connections and stop threats hidden within encrypted traffic, including traffic that uses TLS1.3 and HTTP/2 protocols. The PA-5200 Series hardware and PAN-OS software deliver high decryption throughput and SSL session capacity, removing all barriers to decryption.

Prevent known and unknown threats

Block a range of threats, including exploits, malware and spyware, across all ports, regardless of common evasion tactics employed. Limit the unauthorized transfer of files and sensitive data to safely enable non-work-related web surfing.


Teknik Spesifikasyonlar

App-ID firewall throughput20 Gbps
Threat prevention throughput8.9 Gbps
IPSec VPN throughput10 Gbps
Connections per second133,000
Max sessions (IPv4 or IPv6)4,000,000
Security rules30,000
Security rule schedules256
NAT rules6,000
Decryption rules3,500
App override rules3,500
Tunnel content inspection rules2,500
SD-WAN rules300
Policy based forwarding rules2,000
Captive portal rules8,000
DoS protection rules2,000
Security Zones
Max security zones4,000
Objects (addresses and services)
Address objects80,000
Address groups40,000
Members per address group2,500
Service objects8,000
Service groups4,000
Members per service group2,500
FQDN address objects6,144
Max DAG IP addresses*500,000
Tags per IP address32
Security Profiles
Security profiles750
Custom App-ID signatures6,000
Shared custom App-IDs512
Custom App-IDs (virtual system specific)6,416
User-IP mappings (management plane)512,000
User-IP mappings (data plane)512,000
Active and unique groups used in policy*10,000
Number of User-ID agents100
Monitored servers for User-ID100
Terminal server agents2,500
Tags per User*32
SSL Decryption
Max SSL inbound certificates600
SSL certificate cache (forward proxy)16,000
Max concurrent decryption sessions400,000
SSL Port MirrorYes
SSL Decryption BrokerYes
HSM SupportedYes
URL Filtering
Total entries for allow list, block list and custom categories100,000
Max custom categories2,849
Max custom categories (virtual system specific)500
Dataplane cache size for URL filtering250,000
Management plane dynamic cache size600,000
Max number of custom lists30
Max number of IPs per system150,000
Max number of DNS Domains per system4,000,000
Max number of URL per system250,000
Shortest check interval (min)5
Mgmt - out-of-band10/100/1000, RJ45 console
Mgmt - 10/100/1000 high availabilityNA
Mgmt - 40Gbps high availability1
Mgmt - 10Gbps high availabilityNA
Traffic - 10/100/1000NA
Traffic - 100/1000/100004
Traffic - 1Gbps SFP0/16
Traffic - 10Gbps SFP+0/16
Traffic - 40Gbps QSFP4X40
802.1q tags per device4,094
802.1q tags per physical interface4,094
Max interfaces (logical and physical)4,096
Maximum aggregate interfaces8
Maximum SD-WAN virtual interfaces1,500
Virtual Routers
Virtual routers20
Virtual Wires
Virtual wires2,048
Virtual Systems
Base virtual systems10
Max virtual systems*20
IPv4 forwarding table size*100,000
IPv6 forwarding table size*100,000
System total forwarding table size200,000
Max route maps per virtual router50
Max routing peers (protocol dependent)1,000
Static entries - DNS proxy1,024
Bidirectional Forwarding Detection (BFD) Sessions1,024
L2 Forwarding
ARP table size per device128,000
IPv6 neighbor table size128,000
MAC table size per device128,000
Max ARP entries per broadcast domain128,000
Max MAC entries per broadcast domain128,000
Total NAT rule capacity6,000
Max NAT rules (static)*6,000
Max NAT rules (DIP)*4,000
Max NAT rules (DIPP)4,000
Max translated IPs (DIP)64,000
Max translated IPs (DIPP)*4,000
Default DIPP pool oversubscription*8
Address Assignment
DHCP servers500
DHCP relays*2,048*
Max number of assigned addresses64,000
High Availability
Devices supported2
Max virtual addresses4,096
Number of QoS policies4,000
Physical interfaces supporting QoS12
Clear text nodes per physical interface63
DSCP marking by policyYes
Subinterfaces supported2,048
Max IKE Peers3,000
Site to site (with proxy id)10,000
SD-WAN IPSec tunnels3,000
GlobalProtect Client VPN
Max tunnels (SSL, IPSec, and IKE with XAUTH)15,000
GlobalProtect Clientless VPN
Max SSL tunnels2,500
Replication (egress interfaces)1,000
Model bulunamadı.