Palo Alto Networks Products

PA-850

1.9 Gbps firewall throughput (App-ID enabled) 780 Mbps threat prevention throughput 500 Mbps IPSec VPN throughput 192,000 max sessions 9,500 new sessions per second 1000 IPSec VPN tunnels/tunnel interfaces 5 virtual routers 40 security zones 1,500 max number of policies

PA-820

940 Mbps firewall throughput (App-ID enabled) 610 Mbps threat prevention throughput 400 Mbps IPSec VPN throughput 128,000 max sessions 8,300 new sessions per second 1000 IPSec VPN tunnels/tunnel interfaces 5 virtual routers 30 security zones 1,500 max number of policies

PA-5220

18.5 Gbps firewall throughput (App-ID enabled1) 9.2 Gbps threat prevention throughput 5 Gbps IPSec VPN throughput 4,000,000 max sessions 169,000 new sessions per second 20 virtual routers 10/20 virtual systems (base/max2)

PA-5250

35.9 Gbps firewall throughput (App-ID enabled1) 20.3 Gbps threat prevention throughput 14 Gbps IPSec VPN throughput 8,000,000 max sessions 348,000 new sessions per second 125 virtual routers 25/125 virtual systems (base/max2)

PA-5260

72.2 Gbps firewall throughput (App-ID enabled) 30 Gbps threat prevention throughput 21 Gbps IPSec VPN throughput 32,000,000 max sessions 458,000 new sessions per second 225 virtual routers 25/225 virtual systems (base/max2)

PA-500

250 Mbps firewall throughput (App-ID enabled) 100 Mbps threat prevention throughput 50 Mbps IPSec VPN throughput 64,000 max sessions 7,500 new sessions per second 250 IPSec VPN tunnels/tunnel interfaces

PA-220

500 Mbps firewall throughput (App-ID enabled) 150 Mbps threat prevention throughput 100 Mbps IPSec VPN throughput 64,000 max sessions 4,200 new sessions per second 250 IPSec VPN tunnels/tunnel interfaces 3 virtual routers 15 security zones 250 max number of policies

PA-7050

Redefining high-performance network security, the PA-7000 Series offers the perfect blend of power, intelligence and simplicity. Power derived from a proven architecture that blends ultra-efficient software with nearly 700 function specific processers for networking, security, content inspection and management. Intelligence that maximizes security processing resource utilization and automatically scales as new computing power becomes available. Simplicity defined by a single system approach to management and licensing.

PA-7080

Redefining high-performance network security, the PA-7000 Series offers the perfect blend of power, intelligence and simplicity. Power derived from a proven architecture that blends ultra-efficient software with nearly 700 function specific processers for networking, security, content inspection and management. Intelligence that maximizes security processing resource utilization and automatically scales as new computing power becomes available. Simplicity defined by a single system approach to management and licensing.

PA-5060

Firewall throughput (App-ID enabled) 20 Gbps; Threat prevention throughput 10 Gbps; IPSec VPN throughput 4 Gbps; Max sessions 4,000,000; New sessions per second 120,000; IPSec VPN tunnels/tunnel interfaces 8,000; SSL VPN users 20,000; Virtual routers 225; Virtual systems (base/max) 25/225; Security zones 900; Max number of policies 40,000

PA-5050

Firewall throughput (App-ID enabled) 10 Gbps; Threat prevention throughput 5 Gbps; IPSec VPN throughput 4 Gbps; Max sessions 2,000,000; New sessions per second 120,000; IPSec VPN tunnels/tunnel interfaces 4,000; SSL VPN users 10,000; Virtual routers 125; Virtual systems (base/max) 25/125; Security zones 500; Max number of policies 20,000

PA-5020

Firewall throughput (App-ID enabled) 5 Gbps; Threat prevention throughput 2 Gbps; IPSec VPN throughput 2 Gbps; Max sessions 1,000,000; New sessions per second 120,000; IPSec VPN tunnels/tunnel interfaces 2,000; SSL VPN users 5,000; Virtual routers 20; Virtual systems (base/max) 10/20; Security zones 80; Max number of policies 10,000

PA-3060

Firewall throughput (App-ID enabled) 4 Gbps; Threat prevention throughput 2 Gbps; IPSec VPN throughput 500 Mbps; Max sessions 500,000; New sessions per second 50,000; IPSec VPN tunnels/tunnel interfaces 2,000; SSL VPN users 2,000; Virtual routers 10; Virtual systems (base/max) 1/6; Security zones 40; Max number of policies 5,000

PA-3050

Firewall throughput (App-ID enabled) 4 Gbps; Threat prevention throughput 2 Gbps; IPSec VPN throughput 500 Mbps; Max sessions 500,000; New sessions per second 50,000; IPSec VPN tunnels/tunnel interfaces 2,000; SSL VPN users 2,000; Virtual routers 10; Virtual systems (base/max) 1/6; Security zones 40; Max number of policies 5,000

PA-3020

Firewall throughput (App-ID enabled) 2 Gbps; Threat prevention throughput 1 Gbps; IPSec VPN throughput 500 Mbps; Max sessions 250,000; New sessions per second 50,000; IPSec VPN tunnels/tunnel interfaces 1,000; SSL VPN users 1,000; Virtual routers 10; Virtual systems (base/max) 1/6; Security zones 40; Max number of policies 2,500

PA-500

Firewall throughput (App-ID enabled) 250 Mbps; Threat prevention throughput 100 Mbps; IPSec VPN throughput 50 Mbps; Max sessions 64,000; New sessions per second 7,500; IPSec VPN tunnels/tunnel interfaces 250; SSL VPN users 100; Virtual routers 3; Security zones 20; Max number of policies 1,000

PA-200

Firewall throughput (App-ID enabled) 100 Mbps; Threat prevention throughput 50 Mbps; IPSec VPN throughput 50 Mbps; Max sessions 64,000; New sessions per second 1,000; IPSec VPN tunnels/tunnel interfaces 25; SSL VPN users 25; Security zones 10; Max number of policies 250

PA-7000 NPC (Network Processing Card)

The NPC is dedicated to executing all security-related tasks including networking, traffic classification and threat prevention. Each NPC has up to 67 processing cores, all focused on the singular task of protecting your network at up to 20 Gbps per NPC. Scaling throughput and capacity to the maximum 200 Gbps on the PA-7080 or 120 Gbps on the PA-7050 is as easy as adding a new NPC and allowing the system to determine the best use of the newly added processing power. Addressing the increasing demand for higher density 10 Gig and 40 Gig connectivity, as well as the more common 10 Gbps and 1 Gbps interface alternatives, two NPC options are available and can be used interchangeably. Firewall throughput (App-ID enabled) 20 Gbps; Threat prevention throughput (DSRI Enabled) 16 Gbps; Threat prevention throughput 10 Gbps; IPSec VPN throughput 8 Gbps; Max sessions 4,000,000; New sessions per second 120,000

Panorama

Up to 1,000 devices supported; High availability, Active/Passive; Administrator authentication, local database, RADIUS; Management tools and APIS, Graphical User Interface (GUI), Command Line Interface (CLI), XML-based REST API

Virtual Appliance

MINIMUM SERVER REQUIREMENTS: 40 GB hard drive, 2 CPU cores, 4 GB RAM; VMWARE SUPPORT: VMware ESX 3.5, 4.0, 4.1, 5.0; BROWSER SUPPORT: IE v7 or greater, Firefox v3.6 or greater, Safari v5.0 or greater, Chrome v11.0 or greater; LOG STORAGE: VMware Virtual Disk: 2 TB maximum, NFS

M-500

GigE ports; Currently supported: (3) 10/100/1000, (1) DB9 console serial port STORAGE: Maximum Configuration: 12 TB RAID: 24 x 1 TB RAID Certified HDD for 12 TB RAID Certified HDD for 8 TB of RAID storage Default shipping configuration: 4 TB: 8 x 1TB RAID Certified HDD for 4 TB of RAID storage POWER SUPPLY/ MAX POWER CONSUMPTION: Dual Power Supplies, hot swap redundant configuration, 1200W/493W (total system) MAX BTU/HR: 1,681 BTU/hr INPUT VOLTAGE (INPUT FREQUENCY): 100-240 VAC (50-60 Hz) MAX CURRENT CONSUMPTION: 4.2A @ 120 VAC MEAN TIME BETWEEN FAILURES (MTBF): 6 years RACK MOUNTABLE (DIMENSIONS): 2 U, 19" standard rack (3.5"H x 21"D x 17.5"W) WIEGHT: 42.5 lbs SAFETY: UL, CUL, CB EMI FCC Class A, CE Class A, VCCI Class A ENVIRONMENT: Operating temp. 50 to 95 degrees F, 10 to 35 degrees C, Non-operating temp. -40 to 158 degrees F, -40 to 65 degrees C

M-100

I/O: (4) 10/100/1000, [1] DB9 console serial port, (1) USB port. Currently supported: (3) 10/100/1000, (1) DB9 console serial port STORAGE: Maximum Supported: 4 TB RAID: 8 x 1 TB RAID Certified HDD for 4 TB of RAID storage POWER SUPPLY/MAX POWER CONSUMPTION: 500W/500W MAX BTU/HR 1,705 BTU/hr INPUT VOLTAGE (INPUT FREQUENCY) 100-240 VAC (50-60Hz) MAX CURRENT CONSUMPTION 10A@100 VAC MEAN TIME BETWEEN FAILURES (MTBF) 14.5 YEARS RACK MOUNTABLE (DIMENSIONS) 1U, 19" standard rack (1.75"H x 23"D x 17.2"W) WEIGHT: 26.7 lbs SAFETY: UL, CUL, CB EMI: FCC Class A, VCCI Class A ENVIRONMENT' Operating temperature: 40 to 104 degrees F, 5 to 40 degrees C Non-operating temperature: -40 to 149 degrees F, -40 to 65 degrees C

AutoFocus

Prioritize alerts for targeted, advanced attacks that require immediate attention. Provide context around attacks, adversaries, and campaigns, including targeted industries. Proactively respond to threats and prevent future attacks.

GlobalProtect

In addition to traditional VPN remote access and secure connectivity, GlobalProtect secures the mobile workforce with next-generation security, providing protection against targeted cyberattacks, evasive application traffic, phishing, malicious websites, command and control traffic, and known and unknown threats; GlobalProtect secures your network and applications with next-generation access policies to significantly reduce the attack surface area while enabling authorized users to access the data center, private cloud, and SaaS applications. Enforce access policies based on the application, user and device state.; Extend your existing next-generation security platform deployment at the perimeter, or deploy dedicated GlobalProtect gateways for mobile users, and easily expand to provide coverage around the globe, using any mix of our physical or virtual appliances in the public or private cloud.

Threat Prevention

Purpose-built within the next-generation security platform, Threat Prevention Services protect networks from a wide range of threats. Scan all traffic in full context of applications and users. Prevent threats at every step of the Cyber Attack Lifecycle. Single-pass scanning architecture allows for high throughput, even when all threat prevention features are enabled. Single policy table reduces management overhead. Daily, automatic updates for protections against new malware and malicious DNS entries

URL Filtering PAN DB

The perfect complement to the policy-based application control provided by App-ID is our on-box URL filtering database, which gives you total control over related web activity. By addressing your lack of visibility and control from both an application and web perspective, App-ID and URL filtering together protect you from a full spectrum of legal, regulatory, productivity, and resource utilization risks.

WildFire

Granular malware detection across all protocols. Analysis of file types commonly used in targeted attacks, including Microsoft Office, PDFs, Portable Executables, and Java files. Automatically creates protections against new threats within 15 minutes. Detailed forensics to easily prioritize and execute follow-on security actions.

VM-1000-HV

Max sessions 250,000; IPSec VPN tunnels/ tunnel interfaces 2,000; SSL VPN users 500; Security zones 40; Max number of policies 10,000; Address objects 10,000; Firewall throughput (App-ID enabled) 1Gbps; Threat prevention throughput 600 Mbps; IPSec VPN Throughput 250 Mbps; New sessions per second 8,000

VM-100

Max sessions 50,000; IPSec VPN tunnels/ tunnel interfaces 25; SSL VPN users25; Security zones 10; Max number of policies 250; Address objects 2,5000; Firewall throughput (App-ID enabled) 1 Gbps; Threat prevention throughput 600 Mbps; IPSec VPN Throughput 250 Mbps; New sessions per second 8,000

VM-200

Max sessions 100,000; IPSec VPN tunnels/ tunnel interfaces 500; SSL VPN users 200; Security zones 20; Max number of policies 2,000; Address objects 4,000; Firewall throughput (App-ID enabled) 1 Gbps; Threat prevention throughput 600 Mbps; IPSec VPN Throughput 250 Mbps; New sessions per second 8,000

VM-300

Max sessions 250,000; IPSec VPN tunnels/ tunnel interfaces 2,000; SSL VPN users 500; Security zones 40; Max number of policies 5,000; Address objects 10,000; Firewall throughput (App-ID enabled) 1 Gbps; Threat prevention throughput 600 Mbps; IPSec VPN Throughput 250 Mbps; New sessions per second 8,000

VM-Series for AWS

With knowledge comes power. Identifying the applications in use in your Amazon Web Services environment, regardless of port, gives you unmatched visibility into your AWS environment. Armed with this knowledge, you can make more-informed security policy decisions. Using the application as the basis for your AWS security policy enables you to leverage the deny-all-else premise that a firewall is based upon for both gateway and VPC-to-VPC protection. Allow the applications you want in use, and then deny all others. In order to further protect your AWS environment, you can deploy application-specific threat prevention policies that will block both known and unknown malware.

VM-Series for Citrix

VM-Series running on Citrix NetScaler SDX consolidates next-generation security and ADC services on an integrated hardware appliance resulting in the easy deployment and safe enablement of applications and the prevention of known and unknown threats. The joint solution provides dedicated per-application load balancing and next-generation firewalling services per tenant. In addition, REST and XML APIs enable real-time orchestration of individual technologies and capabilities in response to changing conditions. VM-Series on Citrix NetScaler SDX delivers consolidated security and availability for Citrix XenApp and XenDesktop users with safe application enablement and Zero Trust segmentation of Virtual Desktop Infrastructure (VDI).

VM-Series for KVM and Open Stack

With knowledge comes power. Identifying applications within your virtualized environment, regardless of port, gives you unmatched visibility into your KVM-based deployment. Armed with this knowledge, you can make more-informed security policy decisions. Using the application as the basis for your VM-Series security policy allows you to leverage the deny-all-else premise that a firewall is based upon for both gateway and workload-to-workload protection. You can safely enable allowed applications and deny all others. In order to further protect your KVM deployment, you can deploy application-specific threat prevention policies that will block both known and unknown malware.

VM-Series for Microsoft Azure

With knowledge comes power. Identifying the applications in use in your Microsoft Azure deployment, regardless of port, gives you unmatched visibility into your Azure traffic. Armed with this knowledge, you can make more-informed security policy decisions. Using the application as the basis for your security policy enables you to leverage the deny-all-else premise that a firewall is based upon for both gateway and segmentation use cases. Allow the applications you want in use, and then deny all others. In order to further protect your Azure deployment, you can enable application-specific threat prevention policies that will block both known and unknown malware, across all applications, irrespective of port.

VM-Series for Microsoft Hyper-V

With knowledge comes power. Identifying applications within your virtualized environment, regardless of port, gives you unmatched visibility into your Microsoft Hyper-V -based deployment. Armed with this knowledge, you can make more-informed security policy decisions. Using the application as the basis for your VM-Series security policy allows you to leverage the deny-all-else premise that a firewall is based upon for both gateway and workload-to-workload protection. You can safely enable allowed applications and deny all others. In order to further protect your Hyper-V deployment, you can deploy application specific threat prevention policies that will block both known and unknown malware.

VM-Series for VMware NSX

VM-Series for VMware NSX enables you to deploy advanced security policies within software-defined data centers (SDDC) to identify, control, and safely enable data center applications, as opposed to port, protocol and IP address-based policies, while inspecting all contents for known and unknown threats. The integrated solution allows for the automated provisioning and deployment of next-generation firewall and advanced threat prevention, ensuring security stays in lockstep with your ever-changing virtualized infrastructure. You can centrally manage consistent security policies across north-south and east-west data center traffic with Panorama network security management. As virtualized applications are instantiated, they are placed in security groups in VMware NSX manager, which are recognized by Panorama and the VM-Series. Security groups then become the basis of the advanced security policies that are deployed to each VM-Series.

VM-Series for ESXi/ vCloud Air

With knowledge comes power. Identifying applications within your virtualized environment, regardless of port, gives you unmatched visibility into your VMware ESXi and vCloud Air deployment. Armed with this knowledge, you can make more-informed security policy decisions. Using the application as the basis for your VM-Series security policy lets you leverage the deny-all-else premise that a firewall is based upon for both gateway and workload-to-workload protection. You can safely enable allowed applications and deny all others. In order to further protect your ESXi and vCloud Air deployment, you can deploy application-specific threat prevention policies that will block both known and unknown malware.