Call a Specialist Today! 866-981-2998

  1. Home
  2. Products
  3. Strata
  4. Firewall PA Series
  5. Firewall PA 5220

Palo Alto Networks Enterprise Firewall PA-5220
No Compromise Security, High-Performance Versatility

Palo Alto Networks Enterprise Firewall PA-5250


Looking for sizing recommendation? Take our Firewall Sizing Survey

Please Note: We cannot provide sizing recommendations for Palo Alto firewalls being deployed outside of the United States. Palo Alto firewalls are only available for
licensed businesses (not home users). Palo Alto firewalls cannot be sold outside of the United States excluding Canada. 1 Year minimum of Partner Enabled Backline Support is required for all new Palo Alto firewall purchases

Palo Alto Networks Products
PA-5220 Series Hardware
Palo Alto Networks PA-5220 with redundant AC power supplies
#PAN-PA-5220-AC
Get a Quote!
Get a Quote
Palo Alto Networks PA-5220 with redundant DC power supplies
#PAN-PA-5220-DC
Get a Quote!
Get a Quote

Click here to jump to more pricing!

Overview:

Key Security Features:

Classifies all applications, on all ports, all the time
  • Identifies the application, regardless of port, encryption (SSL or SSH), or evasive technique employed
  • Uses the application, not the port, as the basis for all of your safe enablement policy decisions: allow, deny, schedule, inspect and apply traffic-shaping
  • Categorizes unidentified applications for policy control, threat forensics or App-ID™ application identification technology development
Enforces security policies for any user, at any location
  • Deploys consistent policies to local and remote users running on the Windows®, Mac® OS X®, Linux®, Android™ or Apple® iOS platforms
  • Enables agentless integration with Microsoft® Active Directory® and Terminal Services, LDAP, Novell® eDirectory™ and Citrix®
  • Easily integrates your firewall policies with 802.1X wireless, proxies, NAC solutions, and any other source of user identity information
Prevents known and unknown threats
  • Blocks a range of known threats, including exploits, malware and spyware, across all ports, regardless of common threat-evasion tactics employed
  • Limits the unauthorized transfer of files and sensitive data, and safely enables non-work-related web surfing
  • Identifies unknown malware, analyzes it based on hundreds of malicious behaviors, and then automatically creates and delivers protection

The controlling element of the PA-5200 Series is PAN-OS®, security operating system, which that natively classifies all traffic, inclusive of applications, threats and content, and then ties that traffic to the user, regardless of location or device type. The application, content and user – in other words, the business elements that run your business – are then used as the basis of your security policies, resulting in an improved security posture and a reduction in incident response time.

Performance and Capacities1 PA-5260 PA-5250 PA-5220
Firewall throughput2 (App-ID enabled) 72.2 Gbps 35.9 Gbps 18.5 Gbps
Threat prevention throughput3 30 Gbps 20.3 Gbps 9.2 Gbps
IPsec VPN throughput 21 Gbps 14 Gbps 5 Gbps
Max sessions 32,000,000 8,000,000 4,000,000
New sessions per second4 458,000 348,000 169,000
Virtual systems (base/max5) 25/225 25/125 10/20
  1. Performance and capacities are measured under ideal testing conditions.
  2. Firewall throughput measured with App-ID and User-ID features enabled utilizing 64K HTTP transactions
  3. Threat prevention throughput measured with App-ID, User-ID, IPS, AntiVirus and Anti-Spyware features enabled utilizing 64K HTTP transactions
  4. New sessions per second is measured with 4K HTTP transactions
  5. Adding virtual systems base quantity requires a separately purchased license

Networking Features:


Interface Modes
  • L2, L3, Tap, Virtual wire (transparent mode)
  • Point-to-point protocol over Ethernet (PPPoE) and DHCP supported for dynamic address assignment
Routing
  • OSPFv2/v3 with graceful restart, BGP with graceful restart, RIP, Static routing
  • Policy-based forwarding
  • Multicast: PIM-SM, PIM-SSM, IGMP v1, v2, and v3
  • Bidirectional Forwarding Detection (BFD)
IPv6
  • L2, L3, Tap, Virtual Wire (transparent mode)
  • Features: App-ID™, User-ID™, Content-ID™, WildFire™, and SSL decryption
  • SLAAC
IPsec VPN
  • Key exchange: Manual key, IKE v1 and IKEv2 (pre-shared key, certificate-based authentication)
  • Encryption: 3DES, AES (128-bit, 192-bit, 256-bit)
  • Authentication: MD5, SHA-1, SHA-256, SHA-384, SHA-512
  • GlobalProtect™ large-scale VPN (LSVPN) for simplified configuration and management
VLANs
  • 802.1q VLAN tags per device/per interface: 4,094/4,094
  • Aggregate interfaces (802.3ad), LACP
Network Address Translation (NAT)
  • NAT modes (IPv4): static IP, dynamic IP, dynamic IP and port (port address translation)
  • NAT64, NPTv6
  • Additional NAT features: Dynamic IP reservation, tun- able dynamic IP and port oversubscription
High Availability
Modes: Active/Active, Active/Passive
Failure detection: Path monitoring, interface monitoring

Technical Specifications:

I/O

PA-5260 | PA-5250 - (4) 100/1000/10G Cu, (16) Gig/10Gig SFP/SFP+, (4) 40G/100G QSFP28

PA-5220 – (4)100/1000/10G Cu, (16) Gig/10Gig SFP/SFP+, (4) 40G QSFP+
Management I/O

PA-5260 | PA-5250 - (2) 10/100/1000, (1) 40G/100G QSFP28 HA, (1) 10/100/1000 out-of-band management, (1) RJ45 console port

PA-5220 - (2) 10/100/1000, (1) 40G QSFP+ HA, (1) 10/100/1000 out-of-band management, (1) RJ45 console port
Storage Options

Dual Solid State Disk Drives
Storage Capacity

240GB SSD, RAID1, System Storage 2TB HDD, RAID1, Log Storage
Power (Max Power Consumption)

870 Watts
Max BTU/hr

2,970
Power Supplies (base/max)

1:1 Fully Redundant (2/2)
AC Input Voltage (input Hz)

100-240VAC (50-60Hz)
AC Power Supply Output

1200 Watt/power supply
Max Current

AC power supplies — 6.5A@100-240VAC DC power supplies — 19A@-40 to -60VDC
Max Inrush Current

AC power supplies — 50A@230VAC, 50A@120VAC DC power supplies — 200A@72VDC
Mean Time Between Failure (MTBF)

9.23 Years
Rack Mount (Dimensions)

3U, 19” Standard Rack

5.25”H X 20.5”D X 17.25”W (13.33cm X 52.07cm X 43.81cm)
Weight

46lbs (20.87Kg) System only, 62lbs (28.13Kg) as shipped
Safety

cCSAus, CB IEC60950-1
EMI

FCC Class A, CE Class A, VCCI Class A
Certifications

See https://www.paloaltonetworks.com/company/certifications.html
Environment

Operating Temperature: 32°F to 122°F (0° to 50°C)

Non-Operating Temperature: -20° to 70°C (-4°F to 158°F)

Pricing Notes:

  • Pricing subject to change without notice.
  • We cannot provide sizing recommendations for Palo Alto firewalls being deployed outside of the United States.
    Palo Alto firewalls are only available for licensed businesses (not home users). Palo Alto firewalls cannot be sold outside of the United States excluding Canada. 1 Year minimum of Partner Enabled Backline Support is required for all new Palo Alto firewall purchases
Palo Alto Networks Products
PA-5220 Series Hardware
Palo Alto Networks PA-5220 with redundant AC power supplies
#PAN-PA-5220-AC
Get a Quote!
Get a Quote
Palo Alto Networks PA-5220 with redundant DC power supplies
#PAN-PA-5220-DC
Get a Quote!
Get a Quote
Partner Enabled Premium Support
Partner enabled premium support year 1, PA-5220
#PAN-SVC-BKLN-5220
Get a Quote!
Get a Quote
Partner enabled premium support renewal, PA-5220
#PAN-SVC-BKLN-5220-R
Get a Quote!
Get a Quote
Partner enabled premium support 3-year prepaid, PA-5220
#PAN-SVC-BKLN-5220-3YR
Get a Quote!
Get a Quote
Partner enabled premium support 3-year prepaid renewal, PA-5220
#PAN-SVC-BKLN-5220-3YR-R
Get a Quote!
Get a Quote
Partner enabled premium support 5 year prepaid, PA-5220
#PAN-SVC-BKLN-5220-5YR
Get a Quote!
Get a Quote
Partner enabled premium support 5 year prepaid renewal, PA-5220
#PAN-SVC-BKLN-5220-5YR-R
Get a Quote!
Get a Quote
FIPS Hardware Kit
FIPS hardware kit for the PA-5200 Series
#PAN-FIPS-KIT-5200
Get a Quote!
Get a Quote
Power supply
PA-5200 Series 1200 Watt AC power supply
#PAN-PWR-1200W-AC
Get a Quote!
Get a Quote
PA-5200 Series 1200 Watt DC power supply
#PAN-PWR-1200W-DC
Get a Quote!
Get a Quote
Transceivers
NOTE: only models or series cited are supported, unlisted models or series are not supported
QSFP+ form factor, 40Gb Bidirectional optical transceiver, 100m reach over OM3 MMF, 150m over OM4 MMF, duplex LC
PA-7000 Series, PA-5450, PA-5200 Series, PA-3260; NOTE: only models or series cited are supported, unlisted models or series are not supported
#PAN-QSFP-40GBASE-BIDI
Our Price: $2,000.00
QSFP+ form factor, 40Gb ER4 optical transceiver, extended reach 40Km, SMF, duplex LC, IEEE 802.3ba 40GBASE-ER4 compliant
PA-7000 Series, PA-5450, PA-5200 Series, PA-3260; NOTE: only models or series cited are supported, unlisted models or series are not supported
#PAN-QSFP-40GBASE-ER4
Our Price: $20,000.00
Call For Lowest Price!
QSFP+ form factor, 40Gb LM4 universal optical transceiver, 140m OM3 MMF, 160m OM4 MMF, 1km SMF, duplex LC, utilizes IEEE 802.3ba 40GBASE-LR4 4x10G channel plan adaptation referred to as 40GBASE-LM4
PA-7000 Series, PA-5450, PA-5200 Series, PA-3260; NOTE: only models or series cited are supported, unlisted models or series are not supported
#PAN-QSFP-40GBASE-LM4
Our Price: $3,000.00
QSFP+ form factor, 40Gb LR4 optical transceiver, long reach 10Km, SMF, duplex LC, IEEE 802.3ba 40GBASE-LR4 compliant
PA-7000 Series, PA-5450, PA-5200 Series, PA-3260; NOTE: only models or series cited are supported, unlisted models or series are not supported
#PAN-QSFP-40GBASE-LR4
Our Price: $8,000.00
QSFP+ form factor, 40Gb SR4 optical transceiver, short reach 100m OM3, 8/12 strand MPO connector, IEEE 802.3ba 40GBASE-SR4 compliant
PA-7000 Series, PA-5450, PA-5200 Series, PA-3260; NOTE: only models or series cited are supported, unlisted models or series are not supported
#PAN-QSFP-40GBASE-SR4
Our Price: $2,000.00
QSFP+ form factor, 40Gb active optical cable with 2 transceivers and 10m of cable permanently bonded as an assembly
PA-7000 series, PA-5450, PA-5200 Series, PA-3260; NOTE: only models or series cited are supported, unlisted models or series are not supported
#PAN-QSFP-AOC-10M
Our Price: $1,800.00
SFP form factor, 1Gb copper transceiver, 100m over Cat5 RJ-45, IEEE 802.3ab 1000BASE-T compliant
PA-7000 Series, PA-5450, PA-5000 Series, PA-5200 Series, PA-3200 Series, PA-3000 Series, PA-800 Series, PA-220R; NOTE: only models or series cited are supported, unlisted models or series are not supported
#PAN-SFP-CG
Our Price: $1,000.00
SFP form factor, LX 1Gb optical transceiver, 10Km reach, SMF, duplex LC, IEEE 802.3ab 1000BASE-LX compliant
PA-7000 Series, PA-5450, PA-5000 Series, PA-5200 Series, PA-3200 Series, PA-3000 Series, PA-800 Series. PA-220R; NOTE: only models or series cited are supported, unlisted models or series are not supported
#PAN-SFP-LX
Our Price: $1,000.00
SFP+ form factor, 10Gb copper transceiver, 30m over Cat6a RJ-45, IEEE 802.3an 10GBASE-T compliant
PA-7050-SMC-B, PA-7080-SMC-B, PA-7000-100G-NPC-A, PA-7000-20GQXM-NPC, PA-5450 (NC only), PA-5200 Series, PA-5050, PA-5060, PA-3060, PA-850; NOTE: only models or series cited are supported, unlisted models or series are not supported
#PAN-SFP-PLUS-10GBASE-T
Our Price: $1,000.00
SFP+ form factor, ER 10Gb optical transceiver, extended reach 40Km, SMF, duplex LC, IEEE 802.3ae 10GBASE-ER compliant
PA-7000 series, PA-5450 (NC only), PA-5200 Series, PA-5060, PA-5050, PA-3200 Series, PA-3060, PA-850; NOTE: only models or series cited are supported, unlisted models or series are not supported
#PAN-SFP-PLUS-ER
Our Price: $3,000.00
SFP+ form factor, LR 10Gb optical transceiver, long reach 10Km, SMF, duplex LC, IEEE 802.3ae 10GBASE-LR compliant
PA-7000 series, PA-5450, PA-5200 Series, PA-5060, PA-5050, PA-3200 Series, PA-3060, PA-850; NOTE: only models or series cited are supported, unlisted models or series are not supported
#PAN-SFP-PLUS-LR
Our Price: $2,000.00
SFP+ form factor, SR 10Gb optical transceiver, short reach 300m, OM3 MMF, duplex LC, IEEE 802.3ae 10GBASE-SR compliant
PA-7000 series, PA-5450, PA-5200 Series, PA-5060, PA-5050, PA-3200 Series, PA-3060, PA-850; NOTE: only models or series cited are supported, unlisted models or series are not supported
#PAN-SFP-PLUS-SR
Our Price: $1,500.00
SFP form factor, SX 1Gb optical transceiver, 550m reach on OM2 MMF, duplex LC, IEEE 802.3z 1000BASE-SX compliant
PA-7000 Series, PA-5450, PA-5000 Series, PA-5200 Series, PA-3200 Series, PA-3000 Series, PA-800 Series, PA-220R; NOTE: only models or series cited are supported, unlisted models or series are not supported
#PAN-SFP-SX
Our Price: $500.00
SFP form factor, ZX 1Gb optical transceiver, 80Km reach, SMF, duplex LC
PA-7000 Series, PA-5000 Series, PA-5200 Series, PA-3200 Series, PA-3000 Series, PA-800 Series, PA-220R; NOTE: only models or series cited are supported, unlisted models or series are not supported
#PAN-SFP-ZX
Our Price: $2,000.00
TAA Compliant QSFP+ form factor, 40Gb LR4 optical transceiver, long reach 10Km, SMF, duplex LC, IEEE 802.3ba 40GBASE-LR4 compliant
PA-7000 Series, PA-5450, PA-5200 Series, PA-3260; NOTE: only models or series cited are supported, unlisted models or series are not supported
#PAN-T-Q-40GBASE-LR4
Our Price: $9,200.00
TAA Compliant QSFP+ form factor, 40Gb SR4 optical transceiver, short reach 100m OM3, 8/12 strand MPO connector, IEEE 802.3ba 40GBASE-SR4 compliant
PA-7000 Series, PA_5450, PA-5200 Series, PA-3260; NOTE: only models or series cited are supported, unlisted models or series are not supported
#PAN-T-Q-40GBASE-SR4
Our Price: $2,300.00
TAA Compliant SFP form factor, 1Gb copper transceiver, 100m over Cat5 RJ-45, IEEE 802.3ab 1000BASE-T compliant
PA-7000 Series, PA-5450, PA-5000 Series, PA-5200 Series, PA-3200 Series, PA-3000 Series, PA-800 Series, PA-220R; NOTE: only models or series cited are supported, unlisted models or series are not supported
#PAN-T-S-CG
Our Price: $1,150.00
TAA Compliant SFP form factor, LX 1Gb optical transceiver, 10Km reach, SMF, duplex LC, IEEE 802.3ab 1000BASE-LX compliant
PA-7000 Series, PA-5450, PA-5000 Series, PA-5200 Series, PA-3200 Series, PA-3000 Series, PA-800 Series. PA-220R; NOTE: only models or series cited are supported, unlisted models or series are not supported
#PAN-T-S-LX
Our Price: $1,150.00
TAA Compliant SFP+ form factor, LR 10Gb optical transceiver, long reach 10Km, SMF, duplex LC, IEEE 802.3ae 10GBASE-LR compliant
PA-7000 series, PA-5450, PA-5200 Series, PA-5060, PA-5050, PA-3200 Series, PA-3060, PA-850; NOTE: only models or series cited are supported, unlisted models or series are not supported
#PAN-T-S-PLUS-LR
Our Price: $2,300.00
TAA Compliant SFP+ form factor, SR 10Gb optical transceiver, short reach 300m, OM3 MMF, duplex LC, IEEE 802.3ae 10GBASE-SR compliant
PA-7000 series, PA-5450, PA-5200 Series, PA-5060, PA-5050, PA-3200 Series, PA-3060, PA-850; NOTE: only models or series cited are supported, unlisted models or series are not supported
#PAN-T-S-PLUS-SR
Our Price: $1,730.00
TAA Compliant SFP form factor, SX 1Gb optical transceiver, 550m reach on OM2 MMF, duplex LC, IEEE 802.3z 1000BASE-SX compliant
PA-7000 Series, PA-5450, PA-5000 Series, PA-5200 Series, PA-3200 Series, PA-3000 Series, PA-800 Series, PA-220R; NOTE: only models or series cited are supported, unlisted models or series are not supported
#PAN-T-S-SX
Our Price: $580.00
Cable
NOTE: only models or series cited are supported, unlisted models or series are not supported
SFP+ form factor, 10Gb direct attach twin-ax passive cable with 2 transceiver ends and 5m of cable permanently bonded as an assembly, IEEE 802.3ae 10GBASE-CR compliant
PA-7000 Series, PA-5450, PA-5200 Series, PA-5060, PA-5050,PA-3200 Series PA-3060, PA-850; NOTE: only models or series cited are supported, unlisted models or series are not supported
#PAN-SFP-PLUS-CU-5M
Our Price: $500.00
PA-5200 Packaging Set
PA-5200 packaging set - 1 each of ESD unit bag, foam set, insert tray, and shipping box
#PAN-PA-5200-PKG-SET
Get a Quote!
Get a Quote