| Palo Alto Networks' Next-Generation Firewalls |
| Palo Alto
Networks next-generation firewalls provide flexible deployment options
for your network. Firewall platforms, available in hardware and
virtualized platforms, support the same consistent next-generation
firewall features available in PAN-OS™. In addition, Panorama
management platforms for centralized policy and device management over a
network of next-generation firewalls are also available in both
virtualized and hardware platforms. |
| |
| Firewall Platforms: |
| |
| PA-5000 Series:
Deploy the PA-5060, PA-5050 and PA-5020 to protect high speed
datacenters, server farms and service provider environments with
next-generation firewall security. |
PA-5060
 |
PA-5050
 |
PA-5020
 |
| 20 Gbps firewall throughput |
10 Gbps firewall throughput |
5 Gbps firewall throughput |
| 10 Gbps threat prevention throughput |
5 Gbps threat prevention throughput |
2 Gbps threat prevention throughput |
| 4 Gbps IPSec VPN throughput |
4 Gbps IPSec VPN throughput |
2 Gbps IPSec VPN throughput |
| 4,000,000 max sessions |
2,000,000 max sessions |
1,000,000 max sessions |
| 120,000 new sessions per second |
120,000 new sessions per second |
120,000 new sessions per second |
| 8,000 IPSec VPN tunnels/tunnel interfaces |
4,000 IPSec VPN tunnels/tunnel interfaces |
2,000 IPSec VPN tunnels/tunnel interfaces |
| 20,000 SSL VPN Users |
10,000 SSL VPN Users |
5,000 SSL VPN Users |
| 225 virtual routers |
125 virtual routers |
20 virtual routers |
| 25/225* virtual systems (base/max*) |
25/125* virtual systems (base/max*) |
10/20* virtual systems (base/max*) |
| 900 security zones |
500 security zones |
80 security zones |
| 40,000 max number of policies |
20,000 max number of policies |
10,000 max number of policies |
|
| |
| PA-4000 Series:
Protect the network and datacenters in large enterprises with
next-generation firewall security using the PA-4060, PA-4050 and
PA-4020. |
PA-4060
 |
PA-4050
 |
PA-4020
 |
| 10 Gbps firewall throughput |
10 Gbps firewall throughput |
2 Gbps firewall throughput |
| 5 Gbps threat prevention throughput |
5 Gbps threat prevention throughput |
2 Gbps threat prevention throughput |
| 2 Gbps IPSec VPN throughput |
2 Gbps IPSec VPN throughput |
1 Gbps IPSec VPN throughput |
| 2,000,000 max sessions |
2,000,000 max sessions |
500,000 max sessions |
| 60,000 new sessions per second |
60,000 new sessions per second |
60,000 new sessions per second |
| 4,000 IPSec VPN tunnels/tunnel interfaces |
4,000 IPSec VPN tunnels/tunnel interfaces |
2,000 IPSec VPN tunnels/tunnel interfaces |
| 10,000 SSL VPN Users |
10,000 SSL VPN Users |
5,000 SSL VPN Users |
| 125 virtual routers |
125 virtual routers |
20 virtual routers |
| 25/125* virtual systems (base/max*) |
25/125* virtual systems (base/max*) |
10/20* virtual systems (base/max*) |
| 500 security zones |
500 security zones |
80 security zones |
| 20,000 max number of policies |
20,000 max number of policies |
10,000 max number of policies |
|
| |
| PA-3000 Series:Utilize
the PA-3050 and the PA-3020 to protect medium-to-large branch
enterprise networks with next-generation firewall security. |
PA-3050
 |
PA-3020
 |
| 4 Gbps firewall throughput |
2 Gbps firewall throughput |
| 2 Gbps threat prevention throughput |
1 Gbps threat prevention throughput |
| 500 Mbps IPSec VPN throughput |
500 Mbps IPSec VPN throughput |
| 500,000 max sessions |
250,000 max sessions |
| 50,000 new sessions per second |
50,000 new sessions per second |
| 2,000 IPSec VPN tunnels/tunnel interfaces |
1,000 IPSec VPN tunnels/tunnel interfaces |
| 2,000 SSL VPN Users |
1,000 SSL VPN Users |
| 10 virtual routers |
10 virtual routers |
| 1/6* virtual systems (base/max*) |
1/6* virtual systems (base/max*) |
| 40 security zones |
40 security zones |
| 5,000 max number of policies |
2,500 max number of policies |
|
| |
| PA-2000 Series:
Secure high-speed networks in medium-to-large branch enterprises with
next-generation firewall capabilities using the PA-2050 or the PA-2020. |
PA-2050
 |
PA-2020
 |
| 1 Gbps firewall throughput |
500 Mbps firewall throughput |
| 500 Mbps threat prevention throughput |
200 Mbps threat prevention throughput |
| 300 Mbps IPSec VPN throughput |
200 Mbps IPSec VPN throughput |
| 250,000 max sessions |
125,000 max sessions |
| 15,000 new sessions per second |
15,000 new sessions per second |
| 2,000 IPSec VPN tunnels/tunnel interfaces |
1,000 IPSec VPN tunnels/tunnel interfaces |
| 1,000 SSL VPN Users |
500 SSL VPN Users |
| 10 virtual routers |
10 virtual routers |
| 1/6* virtual systems (base/max*) |
1/6* virtual systems (base/max*) |
| 40 security zones |
40 security zones |
| 5,000 max number of policies |
2,500 max number of policies |
|
| |
| PA-500: Protect medium-to-large branch office and medium enterprise networks with next-generation firewall security from the PA-500. |
PA-500
 |
| 250 Mbps firewall throughput |
| 100 Mbps threat prevention throughput |
| 50 Mbps IPSec VPN throughput |
| 64,000 max sessions |
| 7,500 new sessions per second |
| 250 IPSec VPN tunnels/tunnel interfaces |
| 100 SSL VPN Users |
| 3 virtual routers |
| N/A virtual systems (base/max*) |
| 20 security zones |
| 1,000 max number of policies |
|
| |
| PA-200: Secure medium enterprises and small enterprise branch offices with next-generation firewall security using the PA-200. |
PA-200
 |
| 100 Mbps firewall throughput |
| 50 Mbps threat prevention throughput |
| 50 Mbps IPSec VPN throughput |
| 64,000 max sessions |
| 1,000 new sessions per second |
| 25 IPSec VPN tunnels/tunnel interfaces |
| 25 SSL VPN Users |
| 3 virtual routers |
| 10 security zones |
| 250 max number of policies |
|
| |
| Management Platforms: |
| |
| Panorama
provides you with the ability to manage your distributed network of
our firewalls from a centralized location. From a central location you
can see a consolidated view of all your firewall traffic; manage all
aspects of device configuration; push global policies; and generate
reports on traffic patterns or security incidents. Panorama is
available as either a dedicated management appliance or as a virtual
machine. |
M-100
 |
Virtual Appliance
 |
The M-100
allows you to deploy Panorama management and logging functions on a
dedicated appliance, or you can separate the functions in a distributed
manner for improved performance and scalability. |
You can
deploy Panorama as a virtual appliance on VMware ESX(i), allowing you
to support your virtualization initiatives and consolidate rack space. |
|
| |
| Virtual Firewall Platforms: |
| |
|
| The
Palo Alto Networks VM-Series features three virtualized next-generation
firewall models -- the VM-100, VM-200 and VM-300. These platforms are
supported on the VMware ESXi 4.1 and ESXi 5.0 platforms. 2, 4 or 8 CPU
cores on your virtualized server platforms can be assigned for
next-generation firewall processing. |
VM-300
|
VM-200
|
VM-100
|
| 250,000 max sessions |
100,000 max sessions |
50,000 max sessions |
| 2,000 IPSec VPN tunnels/tunnel interfaces |
500 IPSec VPN tunnels/tunnel interfaces |
25 IPSec VPN tunnels/tunnel interfaces |
| 500 SSL VPN Users |
200 SSL VPN Users |
25 SSL VPN Users |
| 40 security zones |
20 security zones |
10 security zones |
| 5,000 max number of policies |
2,000 max number of policies |
250 max number of policies |
| 10,000 address objects |
4,000 address objects |
2,500 address objects |
| 1Gbps Firewall Throughput |
1Gbps Firewall Throughput |
1Gbps Firewall Throughput |
| 600 Mbps Threat Prevention Throughput |
600 Mbps Threat Prevention Throughput |
600 Mbps Threat Prevention Throughput |
| 250 Mbps IPSec VPN Throughput |
250 Mbps IPSec VPN Throughput |
250 Mbps IPSec VPN Throughput |
| 8,000 New sessions per second |
8,000 New sessions per second |
8,000 New sessions per second |
|
|
| |
| WildFire Platform |
| |
| Extend
the capabilities of your Palo Alto Networks next-generation firewalls
with WildFire, which identifies, analyzes, and blocks known and unknown
malware. |
WF-500
 |
| Organizations
that prefer not to use public cloud applications due to regulatory and
privacy concerns can deploy WildFire as a private cloud using the
WF-500. |
|
| |
|
