PAN PA4000
-
Upload
altaware-inc -
Category
Technology
-
view
404 -
download
0
Transcript of PAN PA4000
![Page 1: PAN PA4000](https://reader035.fdocuments.us/reader035/viewer/2022071814/55a67b131a28ab6c0f8b48e9/html5/thumbnails/1.jpg)
The PA-4000 Series is a next-generation firewall that delivers unprecedented visibility and control over applications, users and content on enterprise networks.
The Palo Alto NetworksTM PA-4000 Series is comprised of three high performance platforms, the PA-4020, the PA-4050 and the PA-4060, all of which are targeted at high speed Internet gateway and datacenter deployments. The PA-4000 Series manages multi-Gbps traffic flows using dedicated processing and memory for networking, security, threat prevention and management.
A 10 Gbps backplane smoothes the pathway between dedicated processors, and the physical separation of data and control plane ensures that management access is always available, irrespective of the traffic load. The PA-4050 and PA-4020 each have 24 traffic interfaces while the PA-4060 supports 10 Gbps interfaces. All of the PA-4000 Series platforms have dedicated high availability and out-of-band management interfaces.
The controlling element of the PA-4000 Series next-generation firewalls is PAN-OSTM, a security-specific operating system that tightly integrates three unique identification technologies: App-IDTM, User-ID and Content-ID, with key firewall, networking and management features.
For a complete description of the PA-4000 Series next-generation firewall feature set, please visit www.paloaltonetworks.com/literature.
PA-4000 Series
APPLICATION IDENTIFICATION:• Identifiesmorethan950applications
irrespectiveofport,protocol,SSLencryptionorevasivetacticemployed.
• Enablespositiveenforcementapplicationusagepolicies:allow,deny,schedule,inspect,applytrafficshaping.
• Graphicalvisibilitytoolsenablesimpleandintuitiveviewintoapplicationtraffic.
USER IDENTIFICATION:• Policy-basedvisibilityandcontrolover
whoisusingtheapplicationsthroughseamlessintegrationwithActiveDirectory,LDAP,andeDirectory.
• IdentifiesCitrixandMicrosoftTerminalServicesusers,enablingvisibilityandcontrolovertheirrespectiveapplicationusage.
• Controlnon-Windowshostsviaweb-basedauthentication.
CONTENT IDENTIFICATION:• Blockviruses,spyware,andvulnerability
exploits,limitunauthorizedtransferoffilesandsensitivedatasuchasCC#orSSN,andcontrolnon-workrelatedwebsurfing.
• Singlepasssoftwarearchitectureenablesmulti-gigabitthroughputwithlowlatencywhilescanningcontent.
P A L O A LT O N E T W O R K S : P A - 4 0 0 0 S e r i e s S p e c s h e e t
PA-4050
PA-4060
KEy PERFORmANCE SPECIFICATIONS PA-4020 PA-4050 PA-4060
Firewallthroughput 2Gbps 10Gbps 10GbpsThreatpreventionthroughput 2Gbps 5Gbps 5GbpsIPSecVPNthroughput 1Gbps 2Gbps 2GbpsIPSecVPNtunnels/interfaces 2,000 4,000 4,000SSLVPNconcurrentusers 5,000 10,000 10,000Newsessionspersecond 60,000 60,000 60,000Maxsessions 500,000 2,000,000 2,000,000
PA-4020
![Page 2: PAN PA4000](https://reader035.fdocuments.us/reader035/viewer/2022071814/55a67b131a28ab6c0f8b48e9/html5/thumbnails/2.jpg)
P A L O A LT O N E T W O R K S : P A - 4 0 0 0 S e r i e s S p e c s h e e t
PAGE2
Additional PA-4000 Series Specifications and Features
APP-ID
•Identifiesandcontrolsmorethan950applications•SSLdecryption(inboundandoutbound)•Customizeapplicationproperties•CustomHTTPandSSLapplications
FIREwALL
•Policy-basedcontrolbyapplication,applicationcategory,subcategory,technology,riskfactororcharacteristic
•Applicationfunctioncontrol•Fragmentedpacketprotection•Reconnaissancescanprotection•DenialofService(DoS)/DistributedDenialofServices(DDoS)
protection•Maximumnumberofpolicies:(PA-4020)10,000,(PA-4050)20,000,
(PA-4060)20,000
USER-ID
•Visibilityandcontrolbyuser,groupandIPaddress•ActiveDirectory,LDAP,eDirectory,CitrixandMicrosoftTerminal
Services•XMLAPI(externaluserrepositoryintegration)•WMIandNetBiospolling•Maximumconcurrentuser/IPmappings:64,000
DATA FILTERINg
•Controlunauthorizeddatatransfer(socialsecuritynumbers,creditcardnumbers,customdatapatterns)
•Controlunauthorizedtransferofmorethan50filetypes
URL FILTERINg (SUbSCRIPTION REqUIRED)
•76-category,20MURLon-boxdatabase•Custom1MURLcachedatabase(from180MURLdatabase)•CustomblockpagesandURLcategories
IPSEC VPN (SITE-TO-SITE)
•Manualkey,IKEv1•3DES,AES(128-bit,192-bit,256-bit)encryption•SHA1,MD5authentication
SSL VPN (REmOTE ACCESS)
•IPSectransportwithSSLfall-back•EnforceuniquepoliciesforSSLVPNtraffic•Enable/disablesplittunnelingtocontrolclientaccess•LDAP,SecurID,orlocalDBauthentication•ClientOS:WindowsXP,WindowsVista(32and64bit),Windows7(32
and64bit)
HIgH AVAILAbILITy
•Active/Passivefailover•Configurationandsessionsynchronization•Heartbeatchecking•Linkandpathfailuremonitoring
NETwORKINg
•Dynamicrouting(BGP,OSPFandRIPv2)•Tapmode,virtualwire,layer2,layer3•Networkaddresstranslation(NAT)
-Sourceanddestinationaddresstranslation-DynamicIPandportpool:254-DynamicIPpool:16,234
•DHCPserver/DHCPrelay:Upto3servers•802.1QVLANs:4,094•Policy-basedforwarding•802.3adlinkaggregation•Point-to-PointProtocoloverEthernet(PPPoE)•IPv6applicationvisibility,controlandfullcontentinspection(Virtual
wiremodeonly)•Jumboframes•Virtualrouters:(PA-4020)20,(PA-4050)125,(PA-4060)125•Securityzones:(PA-4020)80,(PA-4050)500,(PA-4060)500•Virtualsystems(base/max):(PA-4020)10/20*,(PA-4050)25/125*,
(PA-4060)25/125*
THREAT PREVENTION (SUbSCRIPTION REqUIRED)
•Detectandblockapplicationvulnerabilityexploits(IPS)•Stream-basedprotectionagainstviruses,spywareandworms•HTML/Javascriptvirusprotection•InspectcompressedfilesthatusetheDeflatealgorithm(Zip,Gzip,
etc)•Customvulnerabilityandspywarephonehomesignatures•Contentupdates:daily(malware),weekly(vulnerabilitysignatures),
emergency(all)
qUALITy OF SERVICE (qOS)
•Policy-basedtrafficshapingbyapplication,user,source,destination,interface,IPSecVPNtunnelandmore
•Defineupto8trafficclasseswithguaranteed,maximumandprioritybandwidthparameters
•Real-timebandwidthmonitor•Perpolicydiffservmarking
mANAgEmENT TOOLS
•Integratedwebinterface•Commandlineinterface(CLI)•Role-basedadministration•SyslogandSNMPv2•Customizableadministratorloginbanner•XML-basedRESTAPI•Centralizedmanagement(Panorama)•CentrallymanagePAN-OSandcontentupdates(Panorama)•Sharedpolicies(Panorama)
VISIbILITy AND REPORTINg TOOLS
•Graphicalsummaryofapplications,URLcategories,threatsanddata(ACC)
•View,filter,exporttraffic,threat,URL,anddatafilteringlogs•Fullycustomizablereporting•Tracesessiontool
*Addingvirtualsystemstothebasequantityrequiresaseparatelypurchasedlicense.
![Page 3: PAN PA4000](https://reader035.fdocuments.us/reader035/viewer/2022071814/55a67b131a28ab6c0f8b48e9/html5/thumbnails/3.jpg)
P A L O A LT O N E T W O R K S : P A - 4 0 0 0 S e r i e s S p e c s h e e t
HARDwARE SPECIFICATIONS PA-4060 PA-4050/PA-4020
I/O (4)10GigabitXFP+(4)GigabitSFP (16)10/100/1000+(8)GigabitSFPManagementI/O (2)10/100/1000highavailability, (2)10/100/1000highavailability, (1)10/100/1000out-of-bandmanagement, (1)10/100/1000out-of-bandmanagement, (1)DB9consoleport (1)DB9consoleportPowersupply(Avg/maxpowerconsumption) Redundant400WAC(175W/200W)Inputvoltage(Inputfrequency) 100-240Vac(50-60Hz)Maxinputcurrent 50A@230Vac;30A@120VacPowerfactor 0.93to0.95(PA-4060,PA-4050,PA-4020)Safety UL,CUL,CBEMI FCCClassA,CEClassA,VCCIClassA,TUVRackmountable(dimensions) 2U,19”standardrack(3.5”Hx16.5”Dx17.5”W)MTBF 7.18years(PA-4060,PA-4050,PA-4020)
ENVIRONmENT
Operatingtemperature 32°to122°F,0°to50°CNon-operatingtemperature -4°to158°F,-20°to70°C
ORDERINg INFORmATION PA-4060 PA-4050 PA-4020
Platform PAN-PA-4060 PAN-PA-4050 PAN-PA-4020Annualthreatpreventionsubscription PAN-PA-4060-TP PAN-PA-4050-TP PAN-PA-4020-TPAnnualURLfilteringsubscription PAN-PA-4060-URL2 PAN-PA-4050-URL2 PAN-PA-4020-URL2VSYSupgrade(10additional) --- --- PAN-PA-4020-VSYS-10VSYSupgrade(50additional) PAN-PA-4060-VSYS-50 PAN-PA-4050-VSYS-50 ---VSYSupgrade(100additional) PAN-PA-4060-VSYS-100 PAN-PA-4050-VSYS-100 ---
ForadditionalinformationonthePA-4000Seriessoftwarefeatures,pleasevisitwww.paloaltonetworks.com/literature.
Palo Alto Networks232E.JavaDriveSunnyvale,CA.94089Sales866.320.4788 408.738.7700www.paloaltonetworks.com
Copyright ©2010, Palo Alto Networks, Inc. All rights reserved. Palo Alto Networks, the Palo Alto Networks Logo, PAN-OS, App-ID and Panorama are trademarks of Palo Alto Networks, Inc. All specifications are subject to change without notice. Palo Alto Networks assumes no responsibility for any inaccuracies in this document or for any obligation to update information in this document. Palo Alto Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. PAN-OS 3.1, March 2010.
840-000002-00D