PAN PA2000 series

508 views
426 views

Published on

Datasheet for Palo Alto Networks PA2000 series. Includes PA2020 and PA2050.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
508
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

PAN PA2000 series

  1. 1. PA L O A LT O N E T W O R K S : PA - 2 0 0 0 S e r i e s S p e c s h e e tPA-2000 SeriesThe PA-2000 Series is a next-generationfirewall that delivers unprecedented PA-2020 PA-2050visibility and control over applications,users and content on enterprise The Palo Alto NetworksTM PA-2000 Series is comprised of twonetworks. high performance platforms, the PA-2020 and the PA-2050, both of which are targeted at high speed Internet gateway APPLICATION IDENTIFICATION: deployments. The PA-2000 Series manages network traffic • Identifies more than 950 applications flows using dedicated processing and memory for networking, irrespective of port, protocol, SSL security, threat prevention and management. encryption or evasive tactic employed. • Enables positive enforcement A high speed backplane smoothes the pathway between dedicated processors, application usage policies: allow, deny, schedule, inspect, apply traffic shaping. and the separation of data and control plane ensures that management access • Graphical visibility tools enable simple is always available, irrespective of the traffic load. Interface density for the and intuitive view into application traffic. PA-2020 and the PA-2050 is unmatched with up to 20 traffic interfaces and dedicated out-of-band management interfaces. USER IDENTIFICATION: • Policy-based visibility and control over The controlling element of the PA-2000 Series next-generation firewalls is who is using the applications through PAN-OSTM, a security-specific operating system that tightly integrates three seamless integration with Active unique identification technologies: App-IDTM, User-ID and Content-ID, with Directory, LDAP, and eDirectory. key firewall, networking, VPN and management features. • Identifies Citrix and Microsoft Terminal Services users, enabling visibility and control over their respective application KEy PERFORmANCE SPECIFICATIONS PA-2020 PA-2050 usage. • Control non-Windows hosts via web- Firewall throughput 500 Mbps 1 Gbps Threat prevention throughput 200 Mbps 500 Mbps based authentication. IPSec VPN throughput 200 Mbps 300 Mbps CONTENT IDENTIFICATION: IPSec VPN tunnels/interfaces 1,000 2,000 • Block viruses, spyware, and vulnerability SSL VPN concurrent users 500 1,000 New sessions per second 15,000 15,000 exploits, limit unauthorized transfer of Max sessions 125,000 250,000 files and sensitive data such as CC# or SSN, and control non-work related web surfing. For a complete description of the PA-2000 Series feature set, please visit www. • Single pass software architecture paloaltonetworks.com/literature. enables multi-gigabit throughput with low latency while scanning content.
  2. 2. PA L O A LT O N E T W O R K S : PA - 2 0 0 0 S e r i e s S p e c s h e e tAdditional PA-2000 Series Specifications and Features APP-ID NETwORKINg • Identifies and controls more than 950 applications • Dynamic routing (BGP, OSPF and RIPv2) • SSL decryption (inbound and outbound) • Tap mode, virtual wire, layer 2, layer 3 • Customize application properties • Network address translation (NAT) • Custom HTTP and SSL applications - Source and destination address translation - Dynamic IP and port pool: 254 FIREwALL - Dynamic IP pool: 16,234 • Policy-based control by application, application category, • DHCP server/ DHCP relay: Up to 3 servers subcategory, technology, risk factor or characteristic • 802.1Q VLANs: 4,094 • Application function control • Policy-based forwarding • Fragmented packet protection • Point-to-Point Protocol over Ethernet (PPPoE) • Reconnaissance scan protection • IPv6 application visibility, control and full content inspection (Virtual • Denial of Service (DoS)/Distributed Denial of Services (DDoS) wire mode only) protection • Virtual routers: 10 • Maximum number of policies: (PA-2020) 2,500 (PA-2050) 5,000 • Security zones: 40 • Virtual systems (base/max): 1/6* USER-ID THREAT PREVENTION (SUbSCRIPTION REqUIRED) • Visibility and control by user, group and IP address • Active Directory, LDAP, eDirectory, Citrix and Microsoft Terminal • Detect and block application vulnerability exploits (IPS) Services • Stream-based protection against viruses, spyware and worms • XML API (external user repository integration) • HTML/Javascript virus protection • WMI and NetBios polling • Inspect compressed files that use the Deflate algorithm (Zip, Gzip, • Maximum concurrent user/IP mappings: 64,000 etc) • Custom vulnerability and spyware phone home signatures DATA FILTERINg • Content updates: daily (malware), weekly (vulnerability signatures), • Control unauthorized data transfer (social security numbers, credit emergency (all) card numbers, custom data patterns) qUALITy OF SERVICE (qOS) • Control unauthorized transfer of more than 50 file types • Policy-based traffic shaping by application, user, source, destination, URL FILTERINg (SUbSCRIPTION REqUIRED) interface, IPSec VPN tunnel and more • 76-category, 20M URL on-box database • 8 traffic classes with guaranteed, maximum and priority bandwidth • Custom 1M URL cache database (from 180M URL database) parameters • Custom block pages and URL categories • Real-time bandwidth monitor • Per policy diffserv marking IPSEC VPN (SITE-TO-SITE) mANAgEmENT TOOLS • Manual key, IKE v1 • 3DES, AES (128-bit, 192-bit, 256-bit) encryption • Integrated web interface • SHA1, MD5 authentication • Command line interface (CLI) • Role-based administration SSL VPN (REmOTE ACCESS) • Syslog and SNMPv2 • IPSec transport with SSL fall-back • Customizable administrator login banner • Enforce unique policies for SSL VPN traffic • XML-based REST API • Enable/disable split tunneling to control client access • Centralized management (Panorama) • LDAP, SecurID, or local DB authentication • Centrally manage PAN-OS and content updates (Panorama) • Client OS: Windows XP, Windows Vista (32 and 64 bit), Windows 7 (32 • Shared policies (Panorama) and 64 bit) VISIbILITy AND REPORTINg TOOLS HIgH AVAILAbILITy • Graphical summary of applications, URL categories, threats and data • Active/Passive failover (ACC) • Configuration and session synchronization • View, filter, export traffic, threat, URL, and data filtering logs • Heartbeat checking • Fully customizable reporting • Link and path failure monitoring • Trace session tool* Adding virtual systems to the base quantity requires a separately purchased license. PAGE 2
  3. 3. PA L O A LT O N E T W O R K S : PA - 2 0 0 0 S e r i e s S p e c s h e e t HARDwARE SPECIFICATIONS PA-2050 PA-2020 I/O (16) 10/100/1000 + (4) SFP optical gigabit (PA-2050) (12) 10/100/1000 + (2) SFP optical gigabit (PA-2020) Management I/O ( 1) 10/100/1000 out-of-band management port, (1) RJ-45 console port Power supply (Avg/max power consumption) 175W/200W (105W/120W) Input voltage (Input frequency) 100-240Vac (50-60Hz) Power factor 0.65 to 0.70 (PA-2050, PA-2020) Max input current 70A@230Vac; 35A@115Vac Rack mountable (Dimensions) 1U, 19” standard rack (1.75”H x 17”D x 17”W) Safety UL, CUL, CB EMI FCC Class A, CE Class A, VCCI Class A, TUV MTBF 7.3 years (PA-2050, PA-2020) ENVIRONmENT Operating temperature 32° to 122° F, 0° to 50° C Non-operating temperature -4° to 158° F, -20° to 70° C ORDERINg INFORmATION PA-2050 PA-2020 Platform PAN-PA-2050 PAN-PA-2020 Annual threat prevention subscription PAN-PA-2050-TP PAN-PA-2020-TP Annual URL filtering subscription PAN-PA-2050-URL2 PAN-PA-2020-URL2 Virtual systems PAN-PA-2050-VSYS-5 PAN-PA-2020-VSYS-5For additional Information on the PA-2000 Series software features, please visit www.paloaltonetworks.com/literature. Your Palo Alto Networks Reseller www.altaware.com sales@altaware.com (866) 833-4070 Palo Alto Networks Copyright ©2010, Palo Alto Networks, Inc. All rights reserved. Palo Alto Networks, the Palo Alto Networks Logo, PAN-OS, App-ID and Panorama are trademarks of Palo Alto Networks, Inc. All specifications are subject to change without notice. 232 E. Java Drive Palo Alto Networks assumes no responsibility for any inaccuracies in this document or for any obligation to update Sunnyvale, CA. 94089 information in this document. Palo Alto Networks reserves the right to change, modify, transfer, or otherwise revise this Sales 866.320.4788 publication without notice. PAN-OS 3.1, March 2010. 408.738.7700 840-000003-00B www.paloaltonetworks.com

×