Palo Alto Networks Enterprise Firewall PA-5220
No Compromise Security, High-Performance Versatility
Looking for sizing recommendation? Take our Firewall Sizing Survey
Please Note: We cannot provide sizing recommendations for Palo Alto firewalls being deployed outside of the United States. Palo Alto firewalls are only available for
licensed businesses (not home users). Palo Alto firewalls cannot be sold outside of the United States excluding Canada. 1 Year minimum of Partner Enabled Backline Support is required for all new Palo Alto firewall purchases
Click here to jump to more pricing!
Overview:
Key Security Features:
Classifies all applications, on all ports, all the time- Identifies the application, regardless of port, encryption (SSL or SSH), or evasive technique employed
- Uses the application, not the port, as the basis for all of your safe enablement policy decisions: allow, deny, schedule, inspect and apply traffic-shaping
- Categorizes unidentified applications for policy control, threat forensics or App-ID™ application identification technology development
- Deploys consistent policies to local and remote users running on the Windows®, Mac® OS X®, Linux®, Android™ or Apple® iOS platforms
- Enables agentless integration with Microsoft® Active Directory® and Terminal Services, LDAP, Novell® eDirectory™ and Citrix®
- Easily integrates your firewall policies with 802.1X wireless, proxies, NAC solutions, and any other source of user identity information
- Blocks a range of known threats, including exploits, malware and spyware, across all ports, regardless of common threat-evasion tactics employed
- Limits the unauthorized transfer of files and sensitive data, and safely enables non-work-related web surfing
- Identifies unknown malware, analyzes it based on hundreds of malicious behaviors, and then automatically creates and delivers protection
The controlling element of the PA-5200 Series is PAN-OS®, security operating system, which that natively classifies all traffic, inclusive of applications, threats and content, and then ties that traffic to the user, regardless of location or device type. The application, content and user – in other words, the business elements that run your business – are then used as the basis of your security policies, resulting in an improved security posture and a reduction in incident response time.
| Performance and Capacities1 | PA-5260 | PA-5250 | PA-5220 |
| Firewall throughput2 (App-ID enabled) | 72.2 Gbps | 35.9 Gbps | 18.5 Gbps |
| Threat prevention throughput3 | 30 Gbps | 20.3 Gbps | 9.2 Gbps |
| IPsec VPN throughput | 21 Gbps | 14 Gbps | 5 Gbps |
| Max sessions | 32,000,000 | 8,000,000 | 4,000,000 |
| New sessions per second4 | 458,000 | 348,000 | 169,000 |
| Virtual systems (base/max5) | 25/225 | 25/125 | 10/20 |
- Performance and capacities are measured under ideal testing conditions.
- Firewall throughput measured with App-ID and User-ID features enabled utilizing 64K HTTP transactions
- Threat prevention throughput measured with App-ID, User-ID, IPS, AntiVirus and Anti-Spyware features enabled utilizing 64K HTTP transactions
- New sessions per second is measured with 4K HTTP transactions
- Adding virtual systems base quantity requires a separately purchased license
Networking Features:
| Interface Modes |
|
| Routing |
|
| IPv6 |
|
| IPsec VPN |
|
| VLANs |
|
| Network Address Translation (NAT) |
|
| High Availability |
| Modes: Active/Active, Active/Passive Failure detection: Path monitoring, interface monitoring |
Technical Specifications:
| I/O |
PA-5260 | PA-5250 - (4) 100/1000/10G Cu, (16) Gig/10Gig SFP/SFP+, (4) 40G/100G QSFP28 PA-5220 – (4)100/1000/10G Cu, (16) Gig/10Gig SFP/SFP+, (4) 40G QSFP+ |
| Management I/O |
PA-5260 | PA-5250 - (2) 10/100/1000, (1) 40G/100G QSFP28 HA, (1) 10/100/1000 out-of-band management, (1) RJ45 console port PA-5220 - (2) 10/100/1000, (1) 40G QSFP+ HA, (1) 10/100/1000 out-of-band management, (1) RJ45 console port |
| Storage Options |
Dual Solid State Disk Drives |
| Storage Capacity |
240GB SSD, RAID1, System Storage 2TB HDD, RAID1, Log Storage |
| Power (Max Power Consumption) |
870 Watts |
| Max BTU/hr |
2,970 |
| Power Supplies (base/max) |
1:1 Fully Redundant (2/2) |
| AC Input Voltage (input Hz) |
100-240VAC (50-60Hz) |
| AC Power Supply Output |
1200 Watt/power supply |
| Max Current |
AC power supplies — 6.5A@100-240VAC DC power supplies — 19A@-40 to -60VDC |
| Max Inrush Current |
AC power supplies — 50A@230VAC, 50A@120VAC DC power supplies — 200A@72VDC |
| Mean Time Between Failure (MTBF) |
9.23 Years |
| Rack Mount (Dimensions) |
3U, 19” Standard Rack 5.25”H X 20.5”D X 17.25”W (13.33cm X 52.07cm X 43.81cm) |
| Weight |
46lbs (20.87Kg) System only, 62lbs (28.13Kg) as shipped |
| Safety |
cCSAus, CB IEC60950-1 |
| EMI |
FCC Class A, CE Class A, VCCI Class A |
| Certifications |
See https://www.paloaltonetworks.com/company/certifications.html |
| Environment |
Operating Temperature: 32°F to 122°F (0° to 50°C) Non-Operating Temperature: -20° to 70°C (-4°F to 158°F) |
Documentation:
Download the Palo Alto Networks Firewall Overview Datasheet (PDF).
Download the Palo Alto Networks PA-5200 Series Specification Datasheet (PDF).
Pricing Notes:
- Pricing subject to change without notice.
- We cannot provide sizing recommendations for Palo Alto firewalls being deployed outside of the United States.
Palo Alto firewalls are only available for licensed businesses (not home users). Palo Alto firewalls cannot be sold outside of the United States excluding Canada. 1 Year minimum of Partner Enabled Backline Support is required for all new Palo Alto firewall purchases