Palo Alto PA-2020 & PA-2050 UTM Firewall
Palo Alto PA-2000 Serisi UTM Firewall
The Palo Alto Networks™ PA-2000 Series is comprised of two high performance platforms, the PA-2050 and the PA-2020, both of which are targeted at high speed Internet gateway deployments. The PA-2000 Series manages network traffic flows using dedicated processing and memory for networking, security, threat prevention and management.
The Palo Alto Networks next-generation firewall PA-2000 Series is comprised of two high performance platforms, the PA-2020 and the PA-2050, both of which are ideally suited for high speed Internet gateway deployments within large branch offices and medium sized enterprises to ensure network security and threat prevention.
The Palo Alto Networks next-generation firewall, PA-2000 Series, manages network traffic flows using dedicated processing and memory for networking, security, threat prevention, URL filtering and management. This next-generation firewall’s high speed backplane smoothes the pathway between processors and the separation of data and control plane ensures that management access is always available, irrespective of the traffic load.
The high speed backplane is divided into separate data and control planes, thereby ensuring that management access is always available, irrespective of the traffic load. The controlling element of the PA-2000 Series is PAN-OS™, a securityspecific operating system that allows organizations to safely enable applications using App-ID, User-ID, Content-ID, GlobalProtect, and WildFire.
Classify all applications, on all port, all the time with App-ID.
Identify the application, regardless of port, encryption (SSL or SSH) or evasive technique employed.
Use the application, not the port, as the basis for all safe enablement policy decisions: allow, deny, schedule, inspect, apply traffic shaping.
Categorize unidentified applications for policy control, threat forensics, custom App-ID creation, or packet capture for App-ID development.
Extend safe application enablement policies to any user, at any location, with User-ID and GlobalProtect.
Agentless integration with Active Directory, LDAP, eDirectory Citrix and Microsoft Terminal Services.
Integrate with NAC, 802.1X wireless and other non-standard user repositories with an XML API.
Deploy consistent policies to local and remote users running Microsoft Windows, Mac OS X, Linux, Android or iOS platforms.
Protect against all threat—both known and unknown—with Content-ID and Wildfire
Block a range of known threats including exploits, malware and spyware, across all ports, regardless of common threat evasion tactics employed.
Limit unauthorized transfer of files and sensitive data, and control non-workrelated web surfing.
Identify unknown malware, analyze for more than 100 malicious behaviors, automatically create and deliver a signature in the next available update.
Palo Alto PA-2020Performans ve Kapasite:Firewall Değeri (Throughput):500 MbpsTehdit Önleme (Throughput):200 MbpsIPSec VPN (Throughput):200 MbpsNew Session per Second:15.000Max Sessions:125.000IPSec VPN tunnels / tunnel interfaces:1.000GlobalProtect (SSL VPN) Eşzamanlı Bağlantı:500SSL decrypt sessions:1.000SSL inbound certificates:25Virtual routers:10Virtual systems (base/max):1/6Security zones:40Max. number of policies:2.500Donanım Özellikleri:Interface:12 x 10/100/1000
2 x SFP optical GigabitManagement Interface:1 x 10/100/1000 out-of-band
1 x RJ-45 Console PortStorage Capacity:160 Gb HDDGüç Tüketimi:250WMax BTU/HR:409AC Power:100-240VMax Akım Tüketimi:3A@100VACRack Montajı:1U, 19″ Standart RackBoyutlar:4.4cm (H) x 43.2cm (D) x 43.2cm (W)Ağırlık:6.8 KgGüvenlik:UL, CUL, CBEMI:FCC Class A, CE Class A, VCCI Class A, TUVÇalışma Ortamı:0° – 50° CSertifikalar:FIPS 140 Level 2, Common Criteria EAL2, ICSA, UCAPLPerformans ve KapasiteFirewall Değeri (Throughput)Tehdit Önleme (Throughput)IPSec VPN (Throughput)New Session per SecondMax SessionsIPSec VPN tunnels / tunnel interfacesGlobalProtect (SSL VPN) Eşzamanlı BağlantıSSL decrypt sessionsSSL inbound certificatesVirtual routersVirtual systems (base/max)Security zonesMax. number of policiesDonanım ÖzellikleriInterfaceManagement InterfaceStorage CapacityGüç TüketimiMax BTU/HRAC PowerMax Akım TüketimiRack MontajıBoyutlarAğırlıkGüvenlikEMIÇalışma OrtamıSertifikalar
Palo Alto PA-2050Performans ve Kapasite:Firewall Değeri (Throughput):1 GbpsTehdit Önleme (Throughput):500 MbpsIPSec VPN (Throughput):300 MbpsNew Session per Second:15.000Max Sessions:250.000IPSec VPN tunnels / tunnel interfaces:2.000GlobalProtect (SSL VPN) Eşzamanlı Bağlantı:1.000SSL decrypt sessions:1.000SSL inbound certificates:25Virtual routers:10Virtual systems (base/max):1/6Security zones:40Max. number of policies:5.000Donanım Özellikleri:Interface:16 x 10/100/1000
4 x SFP optical GigabitManagement Interface:1 x 10/100/1000 out-of-band
1 x RJ-45 Console PortStorage Capacity:160 Gb HDDGüç Tüketimi:250WMax BTU/HR:409AC Power:100-240VMax Akım Tüketimi:3A@100VACRack Montajı:1U, 19″ Standart RackBoyutlar:4.4cm (H) x 43.2cm (D) x 43.2cm (W)Ağırlık:6.8 KgGüvenlik:UL, CUL, CBEMI:FCC Class A, CE Class A, VCCI Class A, TUVÇalışma Ortamı:0° – 50° CSertifikalar:FIPS 140 Level 2, Common Criteria EAL2, ICSA, UCAPL
Ağ ÖzellikleriInterface Modları
- L2, L3, Tap, Virtual Wire (transparent mode)
- 802.1q VLAN tags
- Cihaz Başına: 4.094 / interface Başına: 4.094
- Maksimum interfaces: PA-2020: 1.024 / PA-2050: 2.048
- Aggregate interfaces (802.3ad)
NAT / PAT
- Modes: OSPF, RIP, BGP, Static
- Yönlendirme Tablosu Boyutu (Cihaz Başına Kayıt/per VR):
PA-2020: 2.500/2.500 / PA-2050: 5.000/2.500
- Policy-based yönlendirme
- Point-to-Point Protocol over Ethernet (PPPoE)
- Multicast: PIM-SM, PIM-SSM, IGMP v1, v2, and v3
- Max NAT rules: 1.000
- Max NAT rules (DIPP): 200
- Dynamic IP and port pool: 254
- Dynamic IP pool: 16,234
- NAT Modes: 1:1 NAT, n:n NAT, m:n NAT
- DIPP oversubscription (Unique destination IPs per source port and IP): 2
- Active/Passive with no session synchronization
- Failure detection: Path monitoring, Interface monitoring
- Max virtual wires: PA-2020: 512 / PA-2050: 1.024
- Interface types mapped to virtual wires: physical and subinterfaces
- Address assignment for device: DHCP Client/PPPoE/Static
- Address assignment for users: DHCP Server/DHCP Relay/Static
- ARP table size/device: PA-2020: 1.000 / PA-2050: 2.500
- MAC table size/device: PA-2020: 1.000 / PA-2050: 2.500
- IPv6 neighbor table size: PA-2020: 1.000/PA-2050: 1.000
- Features: L2, L3, Tap, Virtual Wire (transparent mode)
- Services: App-ID, User-ID, Content-ID, WildFire and SSL Decryption
Threat Prevention (Subscription Required)
- Policy-based control over applications, users and content
- Fragmented packet protection
- Reconnaissance scan protection
- Denial of Service (DoS)/Distributed Denial of Services (DDoS) protection
- Decryption: SSL (inbound and outbound), SSH
- Application, operating system vulnerability exploit protection
URL Filtering (Subscription Required)
- Identify and analyze targeted and unknown files for more than 100 malicious behaviors
- Generate and automatically deliver protection for newly discovered malware via signature updates
- Signature update delivery in less than 1 hour, integrated logging/reporting; access to WildFire API for programmatic submission of up to 100 samples per day and up to 1,000 report queries by file hash per day (Subscription Required)
File and Data Filtering
- Pre-defined and custom URL categories
- Device cache for most recently accessed URLs
- URL category as part of match criteria for security policies
- Browse time information
Quality of Service (QOS)
- File transfer: Bi-directional control over more than 60 unique file types
- Data transfer: Bi-directional control over unauthorized transfer of CC# and SSN
- Drive-by download protection
User Integration (User-ID)
- Policy-based traffic shaping by application, user, source, destination, interface, IPSec VPN tunnel and more
- 8 traffic classes with guaranteed, maximum and priority bandwidth parameters
- Real-time bandwidth monitor
- Per policy diffserv marking
- Physical interfaces supported for QoS: 4
SSL VPN / Remote Access (GlobalProtect)
- Microsoft Active Directory, Novell eDirectory, Sun One and other LDAP-based directories
- Microsoft Windows Server 2003/2008/2008r2, Microsoft Exchange Server 2003/2007/2010
- Microsoft Terminal Services, Citrix XenApp
- XML API to facilitate integration with non-standard user repositories
IPSEC VPN (Site-To-Site)
- GlobalProtect Gateway
- GlobalProtect Portal
- Transport: IPSec with SSL fall-back
- Authentication: LDAP, SecurID, or local DB
- Client OS: Mac OS X 10.6, 10.7 (32/64 bit), 10.8 (32/64 bit), Windows XP, Windows Vista (32/64 bit), Windows 7 (32/64 bit)
- Third party client support: Apple iOS, Android 4.0 and greater, VPNC IPSec for Linux
Management, Reporting, Visibility Tools
- Key Exchange: Manual key, IKE v1
- Encryption: 3DES, AES (128-bit, 192-bit, 256-bit)
- Authentication: MD5, SHA-1, SHA-256, SHA-384, SHA-512
- Dynamic VPN tunnel creation (GlobalProtect)
- Integrated web interface, CLI or central management (Panorama)
- Multi-language user interface
- Syslog, Netflow v9 and SNMP v2/v3
- XML-based REST API
- Graphical summary of applications, URL categories, threats and data (ACC)
- View, filter and export traffic, threat, WildFire, URL, and data filtering logs
- Fully customizable reporting