Palo Alto Networks® PA-3000 Series of next-generation firewall appliances is comprised of the PA-3060, PA-3050 and PA-3020, all of which are targeted at high-speed Internet gateway deployments. The PA-3000 Series manages network traffic flows using dedicated processing and memory for networking, security, threat prevention and management.
The controlling element of the PA – 3000 Series is PAN – OS, a security-specific operating system that natively classifies all traffic, inclusive of applications, threats and content, and then ties that traffic to the user, regardless of location or device type. The application, content and user – in other words, the business elements that run your business – are then used as the basis of your security policies, resulting in an improved security posture and a reduction in incident response time.
Key Security Features
Classifies all applications, on all ports, all the time
· Identifies the application, regardless of port, encryption (SSL or SSH), or evasive technique employed.
· Uses the application, not the port, as the basis for all of your safe enablement policy decisions: allow, deny, schedule, inspect and apply traffic-shaping.
· Categorizes unidentified applications for policy control, threat forensics or App-ID™ development.
Enforces security policies for any user, at any location
· Deploys consistent policies to local and remote users running on the Windows®, Mac® OS X®, Linux®, Android®, or Apple® iOS platforms.
· Enables agentless integration with Microsoft® Active Directory® and Terminal Services, LDAP, Novell® eDirectory™ and Citrix®.
· Easily integrates your firewall policies with 802.1X wireless, proxies, NAC solutions, and any other source of user identity information.
Prevent known and unknown threats
· Blocks a range of known threats, including exploits, malware and spyware, across all ports, regardless of common threat-evasion tactics employed.
· Limits the unauthorized transfer of files and sensitive data, and safely enables non-work-related web surfing.
· Identifies unknown malware, analyzes it based on hundreds of malicious behaviors, and then automatically creates and delivers protection.
Networking Features
Interface Modes
|
L2, L3, Tap, Virtual wire (transparent mode)
|
Routing
|
OSPFv2/v3 with graceful restart, BGP with graceful restart, RIP, static routing
|
Policy-based forwarding
|
Point-to-Point Protocol over Ethernet (PPPoE)
|
Multicast: PIM-SM, PIM-SSM, IGMP v1, v2, and v3
|
Bidirectional Forwarding Detection (BFD)
|
IPv6
|
L2, L3, Tap, Virtual Wire (transparent mode)
|
Features: App-ID, User-ID, Content-ID, WildFire and SSL decryption
|
SLAAC
|
IPSec VPN
|
Key Exchange: Manual key, IKEv1 and IKEv2 (pre-shared key, certificate-based authentication)
|
Encryption: 3DES, AES (128-bit, 192-bit, 256-bit)
|
Authentication: MD5, SHA-1, SHA-256, SHA-384, SHA-512
|
VLANs
|
802.1q VLAN tags per device/per interface: 4,094/4,094
Aggregate interfaces (802.3ad), LACP
|
Network Address Translation (NAT)
|
NAT modes (IPv4): Static IP, dynamic IP, dynamic IP and port (port address translation)
|
NAT64, NPTv6
|
Additional NAT features: dynamic IP reservation, tunable dynamic IP and port oversubscription
|
High availability
|
Modes: Active/Active, Active/Passive
|
Failure detection: Path monitoring, interface monitorin
|
Hardware Specifications
I/O
|
(8) 10/100/1000
|
Management I/O
|
(1) 10/100/1000 out-of-band management port,
(1) RJ-45 console port
|
Storage capacity
|
160GB HDD
|
Power supply (Avg/Max power consumption)
|
180W (40W/75W)
|
Max BTU/hr
|
256
|
Input voltage (Input frequency)
|
100-240VAC (50-60Hz)
|
Max current consumption
|
1A@100VAC
|
Mean Time Between Failure (MTBF)
|
10.16 years
|
Max Inrush Current
|
110A@230VAC; 51A@115VAC
|
Rack mountable (Dimensions)
|
1U, 19” standard rack (1.75”H x 10”D x 17”W)
|
Weight (Stand-alone device/As shipped)
|
8lbs/13lbs
|
Safety
|
cCSAus, CB
|
EMI
|
FCC Class A, CE Class A, VCCI Class A
|
Certifications
|
See: https://www.paloaltonetworks.com/company/certifications.html
|
Environment
|
Operating temperature: 32 to 122 F, 0 to 50 C
|
Non-operating temperature: -4 to 158 F, -20 to 70 C
|
Performance and Capacities1
|
PA-3050
|
PA-3060
|
PA-3020
|
Firewall throughput (App-ID enabled)
|
4 Gbps
|
4 Gbps
|
2 Gbps
|
Threat prevention throughput
|
2 Gbps
|
2 Gbps
|
1 Gbps
|
IPsec VPN throughput
|
500 Mbps
|
500 Mbps
|
500 Mbps
|
New sessions per second
|
50,000
|
50,000
|
50,000
|
Max sessions
|
500,000
|
500,000
|
250,000
|
Virtual systems (base/max2)
|
1/6
|
1/6
|
1/6
|
Post a Comment