Genel Özellikler
Prevent attacks and fuel business growth
Don’t let the constraints of piecemeal security
systems slow you down. Secure your business with a prevention-focused
architecture that is easy to deploy, scale, manage and use across your
high-speed data center, internet gateway and service provider deployments.
Risk reduction.
Automation. Innovation. Pick three.
Broad protection across a wide range of use cases
Prevent
threats and safely enable applications across a diverse set of high-performance
use cases – including internet gateway, data center and service provider
environments.
High performance with granular visibility and control
Get
predictable, consistent performance, deep visibility and control over all
traffic. Secure your organization through advanced visibility and control of
applications, users and content at throughput speeds of up to 67 Gbps.
Strong security for encrypted traffic
Gain
full visibility into TLS encrypted connections and stop threats hidden within
encrypted traffic, including traffic that uses TLS1.3 and HTTP/2 protocols. The
PA-5200 Series hardware and PAN-OS software deliver high decryption throughput
and SSL session capacity, removing all barriers to decryption.
Prevent known and
unknown threats
Block a range of threats, including exploits, malware
and spyware, across all ports, regardless of common evasion tactics employed.
Limit the unauthorized transfer of files and sensitive data to safely enable
non-work-related web surfing.
Teknik Spesifikasyonlar
Performance
App-ID firewall throughput20 Gbps
Threat prevention throughput8.9 Gbps
IPSec VPN throughput10 Gbps
Connections per second133,000
Sessions
Max sessions (IPv4 or IPv6)4,000,000
Policies
Security rules30,000
Security rule schedules256
NAT rules6,000
Decryption rules3,500
App override rules3,500
Tunnel content inspection rules2,500
SD-WAN rules300
Policy based forwarding rules2,000
Captive portal rules8,000
DoS protection rules2,000
Security Zones
Max security zones4,000
Objects (addresses and services)
Address objects80,000
Address groups40,000
Members per address group2,500
Service objects8,000
Service groups4,000
Members per service group2,500
FQDN address objects6,144
Max DAG IP addresses500,000
Tags per IP address32
Security Profiles
Security profiles750
App-ID
Custom App-ID signatures6,000
Shared custom App-IDs512
Custom App-IDs (virtual system specific)6,416
User-ID
User-IP mappings (management plane)512,000
User-IP mappings (data plane)512,000
Active and unique groups used in policy10,000
Number of User-ID agents100
Monitored servers for User-ID100
Terminal server agents2,500
Tags per User32
SSL Decryption
Max SSL inbound certificates600
SSL certificate cache (forward proxy)16,000
Max concurrent decryption sessions400,000
SSL Port MirrorYes
SSL Decryption BrokerYes
HSM SupportedYes
URL Filtering
Total entries for allow list, block list and custom categories100,000
Max custom categories2,849
Max custom categories (virtual system specific)500
Dataplane cache size for URL filtering250,000
Management plane dynamic cache size600,000
EDL
Max number of custom lists30
Max number of IPs per system150,000
Max number of DNS Domains per system4,000,000
Max number of URL per system250,000
Shortest check interval (min)5
Interfaces
Mgmt - out-of-band10/100/1000, RJ45 console
Mgmt - 10/100/1000 high availabilityNA
Mgmt - 40Gbps high availability1
Mgmt - 10Gbps high availabilityNA
Traffic - 10/100/1000NA
Traffic - 100/1000/100004
Traffic - 1Gbps SFP0/16
Traffic - 10Gbps SFP+0/16
Traffic - 40Gbps QSFP4X40
802.1q tags per device4,094
802.1q tags per physical interface4,094
Max interfaces (logical and physical)4,096
Maximum aggregate interfaces8
Maximum SD-WAN virtual interfaces1,500
Virtual Routers
Virtual routers20
Virtual Wires
Virtual wires2,048
Virtual Systems
Base virtual systems10
Max virtual systems20
Routing
IPv4 forwarding table size100,000
IPv6 forwarding table size100,000
System total forwarding table size200,000
Max route maps per virtual router50
Max routing peers (protocol dependent)1,000
Static entries - DNS proxy1,024
Bidirectional Forwarding Detection (BFD) Sessions1,024
L2 Forwarding
ARP table size per device128,000
IPv6 neighbor table size128,000
MAC table size per device128,000
Max ARP entries per broadcast domain128,000
Max MAC entries per broadcast domain128,000
NAT
Total NAT rule capacity6,000
Max NAT rules (static)6,000
Max NAT rules (DIP)4,000
Max NAT rules (DIPP)4,000
Max translated IPs (DIP)64,000
Max translated IPs (DIPP)4,000
Default DIPP pool oversubscription8
Address Assignment
DHCP servers500
DHCP relays2,048
Max number of assigned addresses64,000
High Availability
Devices supported2
Max virtual addresses4,096
QoS
Number of QoS policies4,000
Physical interfaces supporting QoS12
Clear text nodes per physical interface63
DSCP marking by policyYes
Subinterfaces supported2,048
IPSec VPN
Max IKE Peers3,000
Site to site (with proxy id)10,000
SD-WAN IPSec tunnels3,000
GlobalProtect Client VPN
Max tunnels (SSL, IPSec, and IKE with XAUTH)15,000
GlobalProtect Clientless VPN
Max SSL tunnels2,500
Multicast
Replication (egress interfaces)1,000
Routes4,000
