PaloAlto PA-5260
Key Security Features:
Classifies all applications, on all ports, all the time
- Identifies the application, regardless of port, encryption (SSL or SSH), or evasive technique employed
- Uses the application, not the port, as the basis for all of your safe enablement policy decisions: allow, deny, schedule, inspect and apply traffic-shaping
- Categorizes unidentified applications for policy control, threat forensics or App-ID™ application identification technology development
Enforces security policies for any user, at any location
- Deploys consistent policies to local and remote users running on the Windows®, Mac® OS X®, Linux®, Android™ or Apple® iOS platforms
- Enables agentless integration with Microsoft® Active Directory® and Terminal Services, LDAP, Novell® eDirectory™ and Citrix®
- Easily integrates your firewall policies with 802.1X wireless, proxies, NAC solutions, and any other source of user identity information
Prevents known and unknown threats
- Blocks a range of known threats, including exploits, malware and spyware, across all ports, regardless of common threat-evasion tactics employed
- Limits the unauthorized transfer of files and sensitive data, and safely enables non-work-related web surfing
- Identifies unknown malware, analyzes it based on hundreds of malicious behaviors, and then automatically creates and delivers protection
The controlling element of the PA-5200 Series is PAN-OS®, security operating system, which that natively classifies all traffic, inclusive of applications, threats and content, and then ties that traffic to the user, regardless of location or device type. The application, content and user – in other words, the business elements that run your business – are then used as the basis of your security policies, resulting in an improved security posture and a reduction in incident response time.
Specification
| STT | Tính năng | Palo Alto PA-5260 |
| 1 | Thông số kỹ thuật | |
| Firewall Throughput | 64 Gbps | |
| Threat Prevention throughput | 31.5 Gbps | |
| IPSec VPN throughput | 27 Gbps | |
| New sessions per second | 450000 | |
| Maximum sessions | 32000000 | |
| Interfaces supported | (4) 100/1000/10G Cu (16) 1G/10G SFP/SFP+ (4) 40G/100G QSFP28 | |
| Management I/O | (2) 10/100/1000 Cu (1) 10/100/1000 out-of-band management (1) RJ-45 console (1) 40G/100G QSFP28 HA | |
| Size | 3U, 19″ standard rack | |
| Power Supply (Avg/Max Power Consumption) | (2) 1200 W AC or DC (1:1 fully redundant) | |
| Redundant Power Supply | Yes | |
| Storage capacity | System : 240 GB SSD, RAID | Log: 2 TB HDD, RAID1 | |
| Hot-swappable fans | Yes | |
| Max BTU/hr | 2340 | |
| Power Supply (Base/Max) | 1:1 fully redundant (2/2) | |
| AC Input Voltage (Input Hz) | 100–240VAC (50–60Hz) | |
| AC Power Supply Output | 1,200 watts/power supply | |
| Max Current Consumption | AAC: 8.5A @ 100VAC, 3.6A @ 240VAC DC: 19A @ -40VDC, 12.7A @ -60VDC | |
| Max Inrush Current | AC: 50A @ 230VAC, 50A @ 120VAC DC: 200A @ 72VDC | |
| Mean Time Between Failure (MTBF) | 9.23 Years | |
| Weight (Stand-Alone Device/ As Shipped) | 46 lbs (20.87 kg)/62 lbs (28.13 kg) | |
| Safety | cCSAus, CB IEC 60950-3 | |
| EMI | FCC Class A, CE Class A, VCCI Class A | |
| Certifications | See https://www.paloaltonetworks.com/company/certifications.html | |
| Enviroment | Operating temperature: 32° to 122° F, 0° to 50° C Non-operating temperature: -4° to 158° F, -20° to 70° C | |
| 2 | Network Feature | |
| Interface mode | L2, L3, tap, virtual wire (transparent mode) | |
| IPv6 | L2, L3, tap, virtual wire (transparent mode) Features: App-ID, User-ID, Content-ID, WildFire, and SSL decryption SLAAC | |
| IPSec VPN | Key exchange: manual key, IKEv1 and IKEv2 (pre-shared key, certificate-based authentication) Encryption: 3DES, AES (128-bit, 192-bit, 256-bit) Authentication: MD5, SHA-1, SHA-256, SHA-384, SHA-512 GlobalProtect large-scale VPN for simplified configuration and management | |
| VLANs | 802.1Q VLAN tags per device/per interface: 4,094/4,094 Aggregate interfaces (802.3ad), LACP | |
| Network Address Translation | NAT modes (IPv4): static IP, dynamic IP, dynamic IP and port (port address translation) NAT64, NPTv6 Additional NAT features: dynamic IP reservation, tunable dynamic IP and port oversubscription | |
| High Availability | Modes: active/active, active/passive Failure detection: path monitoring, interface monitoring | |
| Mobile Network Infrastructure | GTP Security SCTP Security | |
| Routing | OSPFv2/v3 with graceful restart, BGP with graceful restart, RIP, Static routing Policy-based forwarding Point-to-point protocol over Ethernet (PPPoE) and DHCP supported for dynamic address assignment Multicast: PIM-SM, PIM-SSM, IGMP v1, v2, and v3 Bidirectional Forwarding Detection (BFD) |
Subscriptions
The following Palo Alto Networks subscriptions unlock certain firewall features or enable the firewall to
leverage a Palo Alto Networks cloud-delivered service (or both). Here you can read more about each service
or feature that requires a subscription to work with the firewall. To enable a subscription, you must first
Activate Subscription Licenses; once active, most subscription services can use Dynamic Content Updates
to provide new and updated functionality to the firewall.
| Subscriptions You Can Use With the Firewall | |
| Threat Prevention | Threat Prevention provides: • Antivirus, anti-spyware (command-and-control), and vulnerability protection. • Built-in external dynamic lists that you can use to secure your network against malicious hosts. • Ability to identify infected hosts that try to connect to malicious domains. • Get Started with Threat Prevention |
| DNS Security | Provides enhanced DNS sinkholing capabilities by querying DNS Security, an extensible cloud-based service capable of generating DNS signatures using advanced predictive analytics and machine learning. This service provides full access to the continuously expanding DNS-based threat intelligence produced by Palo Alto Networks. To set up DNS Security, you must first purchase and install a Threat Prevention license. • Get Started with DNS Security |
| URL Filtering | Provides the ability to not only control web-access, but how users interact with online content based on dynamic URL categories. You can also prevent credential theft by controlling the sites to which users can submit their corporate credentials. To set up URL Filtering, you must purchase and install a subscription for one of the supported URL filtering databases: PAN-DB or BrightCloud. With PAN-DB, you can set up access to the PAN-DB public cloud or to the PAN-DB private cloud. • Get Started with URL Filtering |
| WildFire | Although basic WildFire® support is included as part of the Threat Prevention license, the WildFire subscription service provides enhanced services for organizations that require immediate coverage for threats, frequent WildFire signature updates, advanced file type forwarding (APK, PDF, Microsoft Office, and Java Applet), as well as the ability to upload files using the WildFire API. A WildFire subscription is also required if your firewalls will be forwarding files to an on-premise WF-500 appliance. • Get Started with WildFire |
| AutoFocus | Provides a graphical analysis of firewall traffic logs and identifies potential risks to your network using threat intelligence from the AutoFocus portal. With an active license, you can also open an AutoFocus search based on logs recorded on the firewall. • Get Started with AutoFocus |
| Cortex Data Lake Cortex Data Lake was previously called the Logging Service. The Customer Support Portal and firewall web interface both still reference the Logging Service in some places, including the device license name that’s displayed in the firewall web interface (Device > Licenses). |
Provides cloud-based, centralized log storage and aggregation. The Logging Service is required or highly-recommended to support several other cloud-delivered services, including Magnifier, GlobalProtect cloud service, and Traps management service. • Get Started with Cortex Data Lake |
| GlobalProtect | Provides mobility solutions and/or large-scale VPN capabilities. By default, you can deploy GlobalProtect portals and gateways (without HIP checks) without a license. If you want to use advanced GlobalProtect features (HIP checks and related content updates, the GlobalProtect Mobile App, IPv6 connections, or a GlobalProtect Clientless VPN) you will need a GlobalProtect license (subscription) for each gateway. • Get Started with GlobalProtect |
| Virtual Systems | This license is required to enable support for multiple virtual systems on PA-3200 Series firewalls. In addition, you must purchase a Virtual Systems license if you want to increase the number of virtual systems beyond the base number provided by default on PA-5200 Series, and PA-7000 Series firewalls (the base number varies by platform). The PA-800 Series, PA-220, and VM-Series firewalls do not support virtual systems. • Get Started with Virtual Systems |
Specs
System Performance
| Firewall throughput | 60/67 Gbps |
| Concurrent connections | 32,000,000 |
| New connections/sec | 390,000 |
| Threat Protection Throughput | 28/33 Gbps |
| IPSec VPN throughput | 24 Gbps |
Physical interfaces
| GE RJ45 Ports | (4) 100/1000/10G Cu |
| GE SFP Slots | (16) 1G/10G SFP/ SFP+, (4) 40G/100G QSFP28 |
| I/O ports | (2) 10/100/1000, (1) 40G/100G QSFP28 HA, (1) 10/100/1000 out-of-band management, (1) RJ45 console port |
| Storage | 240 GB SSD, RAID1, system storage | 2 TB HDD, RAID1, log storage |
Dimensions & Enviroment
| Mounting | 3U, 19” standard rack 5.25” H x 20.5” D x 17.25” W (13.33cm x 52.07cm x 43.81cm) |
| Weight | 46 lbs (20.87 kg)/62 lbs (28.13 kg) (Stand-Alone Device/As Shipped) |
| Power supply | 571/685 W |
| AC input voltage | 100–240VAC (50–60Hz) |
| Safety | cCSAus, CB IEC 60950-1 |
| Max BTU/hr | 2,340 |
| Power Supplies (Base/Max) | 1:1 fully redundant (2/2) |
| Max Current Consumption | AAC: 8.5A @ 100VAC, 3.6A @ 240VAC | DC: 19A @ -40VDC, 12.7A @ -60VDC |
| AC Power Supply Output | 1,200 watts/power supply |
| Mean Time Between Failure (MTBF) | 9.23 years |
| EMI | FCC Class A, CE Class A, VCCI Class A |
| Max Inrush Current | AC: 50A @ 230VAC, 50A @ 120VAC | DC: 200A @ 72VDC |
| Operating Temperature | 32° to 122° F, 0° to 50° C |
| Non-operating temperature | -4° to 158° F, -20° to 70° C |
| Certifications | See https://www.paloaltonetworks.com/company/certifications.html |
