PaloAlto PA-5250

PaloAlto PA-5250
SKU:
Brand: Palo Alto Networks
Category: Firewall

Đánh giá của chúng tôi

Đánh giá dựa trên nhận định của chuyên gia

5
  • Hiệu năng 5 / 10

Key Security Features:

Classifies all applications, on all ports, all the time

  • Identifies the application, regardless of port, encryption (SSL or SSH), or evasive technique employed
  • Uses the application, not the port, as the basis for all of your safe enablement policy decisions: allow, deny, schedule, inspect and apply traffic-shaping
  • Categorizes unidentified applications for policy control, threat forensics or App-ID™ application identification technology development

Enforces security policies for any user, at any location

  • Deploys consistent policies to local and remote users running on the Windows®, Mac® OS X®, Linux®, Android™ or Apple® iOS platforms
  • Enables agentless integration with Microsoft® Active Directory® and Terminal Services, LDAP, Novell® eDirectory™ and Citrix®
  • Easily integrates your firewall policies with 802.1X wireless, proxies, NAC solutions, and any other source of user identity information

Prevents known and unknown threats

  • Blocks a range of known threats, including exploits, malware and spyware, across all ports, regardless of common threat-evasion tactics employed
  • Limits the unauthorized transfer of files and sensitive data, and safely enables non-work-related web surfing
  • Identifies unknown malware, analyzes it based on hundreds of malicious behaviors, and then automatically creates and delivers protection

The controlling element of the PA-5200 Series is PAN-OS®, security operating system, which that natively classifies all traffic, inclusive of applications, threats and content, and then ties that traffic to the user, regardless of location or device type. The application, content and user – in other words, the business elements that run your business – are then used as the basis of your security policies, resulting in an improved security posture and a reduction in incident response time.

Specification

STTTính năngPalo Alto PA-5250
1Thông số kỹ thuật
Firewall Throughput40 Gbps
Threat Prevention throughput21 Gbps
IPSec VPN throughput18 Gbps
New sessions per second297000
Maximum sessions8000000
Interfaces supported(4) 100/1000/10G Cu
(16) 1G/10G SFP/SFP+
(4) 40G/100G QSFP28
Management I/O(2) 10/100/1000 Cu
(1) 10/100/1000 out-of-band management
(1) RJ-45 console
(1) 40G/100G QSFP28 HA
Size3U, 19″ standard rack
Power Supply (Avg/Max Power Consumption)(2) 1200 W AC or DC (1:1 fully redundant)
Redundant Power SupplyYes
Storage capacitySystem : 240 GB SSD, RAID | Log: 2 TB HDD, RAID1
Hot-swappable fansYes
Max BTU/hr2340
Power Supply (Base/Max)1:1 fully redundant (2/2)
AC Input Voltage (Input Hz)100–240VAC (50–60Hz)
AC Power Supply Output1,200 watts/power supply
Max Current ConsumptionAAC: 8.5A @ 100VAC, 3.6A @ 240VAC
DC: 19A @ -40VDC, 12.7A @ -60VDC
Max Inrush CurrentAC: 50A @ 230VAC, 50A @ 120VAC
DC: 200A @ 72VDC
Mean Time Between Failure (MTBF)9.23 Years
Weight (Stand-Alone Device/ As Shipped)46 lbs (20.87 kg)/62 lbs (28.13 kg)
SafetycCSAus, CB IEC 60950-2
EMIFCC Class A, CE Class A, VCCI Class A
CertificationsSee https://www.paloaltonetworks.com/company/certifications.html
EnviromentOperating temperature: 32° to 122° F, 0° to 50° C
Non-operating temperature: -4° to 158° F, -20° to 70° C
2Network Feature
Interface modeL2, L3, tap, virtual wire (transparent mode)
RoutingOSPFv2/v3 with graceful restart, BGP with graceful
restart, RIP, Static routing
Policy-based forwarding
Point-to-point protocol over Ethernet (PPPoE) and
DHCP supported for dynamic address assignment
Multicast: PIM-SM, PIM-SSM, IGMP v1, v2, and v3
Bidirectional Forwarding Detection (BFD)
IPv6L2, L3, tap, virtual wire (transparent mode)
Features: App-ID, User-ID, Content-ID, WildFire, and SSL
decryption
SLAAC
IPSec VPNKey exchange: manual key, IKEv1 and IKEv2
(pre-shared key, certificate-based authentication)
Encryption: 3DES, AES (128-bit, 192-bit, 256-bit)
Authentication: MD5, SHA-1, SHA-256, SHA-384,
SHA-512
GlobalProtect large-scale VPN for simplified
configuration and management
VLANs802.1Q VLAN tags per device/per interface: 4,094/4,094
Aggregate interfaces (802.3ad), LACP
Network Address TranslationNAT modes (IPv4): static IP, dynamic IP, dynamic IP and
port (port address translation)
NAT64, NPTv6
Additional NAT features: dynamic IP reservation,
tunable dynamic IP and port oversubscription
High AvailabilityModes: active/active, active/passive
Failure detection: path monitoring, interface monitoring
Mobile Network InfrastructureGTP Security
SCTP Security

PaloAlto PA-5250 - Subscriptions

The following Palo Alto Networks subscriptions unlock certain firewall features or enable the firewall to
leverage a Palo Alto Networks cloud-delivered service (or both). Here you can read more about each service
or feature that requires a subscription to work with the firewall. To enable a subscription, you must first
Activate Subscription Licenses; once active, most subscription services can use Dynamic Content Updates
to provide new and updated functionality to the firewall.

Subscriptions You Can Use With the Firewall
Threat Prevention Threat Prevention provides:
• Antivirus, anti-spyware (command-and-control), and vulnerability
protection.
Built-in external dynamic lists that you can use to secure your
network against malicious hosts.
• Ability to identify infected hosts that try to connect to malicious
domains.
Get Started with Threat Prevention
DNS Security Provides enhanced DNS sinkholing capabilities by querying DNS
Security, an extensible cloud-based service capable of generating
DNS signatures using advanced predictive analytics and machine
learning. This service provides full access to the continuously
expanding DNS-based threat intelligence produced by Palo Alto
Networks.
To set up DNS Security, you must first purchase and install a Threat
Prevention license.
Get Started with DNS Security
URL Filtering Provides the ability to not only control web-access, but how users
interact with online content based on dynamic URL categories. You
can also prevent credential theft by controlling the sites to which
users can submit their corporate credentials.
To set up URL Filtering, you must purchase and install a subscription
for one of the supported URL filtering databases: PAN-DB or
BrightCloud. With PAN-DB, you can set up access to the PAN-DB
public cloud or to the PAN-DB private cloud.
Get Started with URL Filtering
WildFire Although basic WildFire® support is included as part of the Threat
Prevention license, the WildFire subscription service provides
enhanced services for organizations that require immediate coverage
for threats, frequent WildFire signature updates, advanced file
type forwarding (APK, PDF, Microsoft Office, and Java Applet), as
well as the ability to upload files using the WildFire API. A WildFire
subscription is also required if your firewalls will be forwarding files
to an on-premise WF-500 appliance.
Get Started with WildFire
AutoFocus Provides a graphical analysis of firewall traffic logs and identifies
potential risks to your network using threat intelligence from the
AutoFocus portal. With an active license, you can also open an
AutoFocus search based on logs recorded on the firewall.
Get Started with AutoFocus
Cortex Data Lake
Cortex Data
Lake was
previously called
the Logging
Service. The
Customer
Support Portal
and firewall web
interface both
still reference
the Logging
Service in some
places, including
the device
license name
that’s displayed
in the firewall
web interface
(Device >
Licenses).
Provides cloud-based, centralized log storage and aggregation. The
Logging Service is required or highly-recommended to support
several other cloud-delivered services, including Magnifier,
GlobalProtect cloud service, and Traps management service.
Get Started with Cortex Data Lake
GlobalProtect Provides mobility solutions and/or large-scale VPN capabilities.
By default, you can deploy GlobalProtect portals and gateways
(without HIP checks) without a license. If you want to use advanced
GlobalProtect features (HIP checks and related content updates,
the GlobalProtect Mobile App, IPv6 connections, or a GlobalProtect
Clientless VPN) you will need a GlobalProtect license (subscription)
for each gateway.
Get Started with GlobalProtect
Virtual Systems This license is required to enable support for multiple virtual systems
on PA-3200 Series firewalls. In addition, you must purchase a
Virtual Systems license if you want to increase the number of virtual
systems beyond the base number provided by default on PA-5200
Series, and PA-7000 Series firewalls (the base number varies by
platform). The PA-800 Series, PA-220, and VM-Series firewalls do
not support virtual systems.
Get Started with Virtual Systems

PaloAlto PA-5250 - Specs

System Performance

Firewall throughput 39/40 Gbps
Concurrent connections 8,000,000
New connections/sec 284,000
Threat Protection Throughput 18/23 Gbps
IPSec VPN throughput 16 Gbps

Physical interfaces

GE RJ45 Ports (4) 100/1000/10G Cu
GE SFP Slots (16) 1G/10G SFP/ SFP+, (4) 40G/100G QSFP28
I/O ports (2) 10/100/1000, (1) 40G/100G QSFP28 HA, (1) 10/100/1000 out-of-band management, (1) RJ45 console port
Storage 240 GB SSD, RAID1, system storage | 2 TB HDD, RAID1, log storage

Dimensions & Enviroment

Mounting 3U, 19” standard rack 5.25” H x 20.5” D x 17.25” W (13.33cm x 52.07cm x 43.81cm)
Weight 46 lbs (20.87 kg)/62 lbs (28.13 kg) (Stand-Alone Device/As Shipped)
Power supply 571/685 W
AC input voltage 100–240VAC (50–60Hz)
Safety cCSAus, CB IEC 60950-1
Max BTU/hr 2,340
Power Supplies (Base/Max) 1:1 fully redundant (2/2)
Max Current Consumption AAC: 8.5A @ 100VAC, 3.6A @ 240VAC | DC: 19A @ -40VDC, 12.7A @ -60VDC
AC Power Supply Output 1,200 watts/power supply
Mean Time Between Failure (MTBF) 9.23 years
EMI FCC Class A, CE Class A, VCCI Class A
Max Inrush Current AC: 50A @ 230VAC, 50A @ 120VAC | DC: 200A @ 72VDC
Operating Temperature 32° to 122° F, 0° to 50° C
Non-operating temperature -4° to 158° F, -20° to 70° C
Certifications See https://www.paloaltonetworks.com/company/certifications.html

Wireless Specification (XG Wireless only)

Product Certifications

PaloAlto PA-5250 - Documentation

Datasheet Palo Alto 5250

PaloAlto PA-5250 - Reviews

  • Be the first to add a Review

    Please post a user review only if you have / had this product.

  • Rate this Product

  • 5
  • 6 / 10 based on your selection

Thương hiệuView All

Show More Brands