PA L O A LT O N E T W O R K S : PA - 5 0 0 S p e c s h e e t
PA-500
The PA-500 is a next-generation firewall
that delivers unprecedented visibility
PA-500
and control over applications, users and
content on enterprise networks.
APPLICATION IDENTIFICATION:
• Identifies
and controls applications
irrespective of port, protocol, encryption
(SSL or SSH) or evasive tactic employed.
• Enables
positive enforcement
application usage policies: allow, deny,
schedule, inspect, apply traffic shaping.
• Graphical
visibility tools enable simple
and intuitive view into application traffic.
USER IDENTIFICATION:
• Policy-based
visibility and control over
who is using the applications through
seamless integration with Active
Directory, LDAP, and eDirectory.
• Identifies
Citrix, Microsoft Terminal
Services and XenWorks users, enabling
visibility and control over their
respective application usage.
• Control
non-Windows hosts via webbased authentication.
CONTENT IDENTIFICATION:
• Block
viruses, spyware, and vulnerability
exploits, limit unauthorized transfer of
files and sensitive data such as CC# or
SSN, and control non-work related web
surfing.
• Single
pass software architecture
enables multi-gigabit throughput with
low latency while scanning content.
The Palo Alto NetworksTM PA-500 is targeted at high speed
Internet gateway deployments for enterprise branch offices and
medium size businesses. The PA-500 manages network traffic
flows using dedicated computing resources for networking,
security, threat prevention and management.
A high speed backplane smoothes the pathway between processors and the
separation of data and control plane ensures that management access is always
available, irrespective of the traffic load. The controlling element of the PA500 Series next-generation firewalls is PAN-OSTM, a security-specific operating
system that tightly integrates three unique identification technologies: AppIDTM, User-ID and Content-ID, with key firewall, networking and management
features.
KEY PERFORMANCE SPECIFICATIONSPA-500
Firewall throughput
Threat prevention throughput
IPSec VPN throughput New sessions per second
Max sessions
IPSec VPN tunnels/tunnel interfaces
SSL VPN users
Virtual routers
Virtual systems
Security Zones
Max number of policies
250 Mbps
100 Mbps
50 Mbps
7,500
64,000
250
100
3
Not supported
20
1,000
PA L O A LT O N E T W O R K S : PA - 5 0 0 S p e c s h e e t
Additional PA-500 Features and Specifications
NETWORKINGPA-500
Deployment • Modes
Routing • Modes • Forwarding table size (entries per device/per VR)
• Policy-based forwarding
• Point-to-Point Protocol over Ethernet (PPPoE)
NAT/PAT • Max NAT rules
• Max NAT rules (DIPP)
• Dynamic IP and port pool
• Dynamic IP pool
• NAT Modes
• PAT- Unique destination IPs per source port and IP
VLANs • 802.1q VLAN tags per device
• 802.1q VLAN tags per physical interface
• Max interfaces
• Aggregate Interfaces (802.3ad)
Virtual Wire • Max virtual wires:
• Physical interfaces mapped to VWs
Address Assignment • Captive Portal for Management Interface
• DHCP server/DHCP relay • Max Addresses
L2 Forwarding
• ARP table size/device
• IPv6 neighbor table size
• MAC table size/device
L2, L3, Tap, Virtual Wire (transparent mode)
OSPF, RIP, BGP, Static
1,250 / 1,250
Supported
Supported
125
125
254
16,234
1:1 NAT, n:n NAT, m:n NAT
1
4,094
4,094
250
Not Supported
4
Supported
Supported
up to 3 servers
64,000
500
500
500
SECURITY
FIREWALL
NETCONNECT SSL VPN (REMOTE ACCESS)
•Policy-based control over applications, users and content •Fragmented packet protection
•Reconnaissance scan protection
•Denial of Service (DoS)/Distributed Denial of Services (DDoS)
protection
•Decryption: SSL (inbound and outbound), SSH
•Transport: IPSec with SSL fall-back •Authentication: LDAP, SecurID, or local DB
•Client OS: Macintosh, Windows XP, Windows Vista (32 and 64 bit),
Windows 7 (32 and 64 bit)
USER INTEGRATION (USER-ID)
•Active Directory, LDAP, eDirectory, Citrix and Microsoft Terminal
Services, Xenworks, XML API
IPSEC VPN (SITE-TO-SITE)
•Key Exchange: Manual key, IKE v1
•Encryption: 3DES, AES (128-bit, 192-bit, 256-bit)
•Authentication: SHA1, MD5
DATA FILTERING
•Control unauthorized data transfer (data patterns and file types)
•Drive-by download protection
MANAGEMENT, REPORTING, VISIBILITY TOOLS
• Integrated web interface, CLI or central management (Panorama) •Syslog and SNMPv2
•XML-based REST API •Graphical summary of applications, URL categories, threats and
data (ACC)
•View, filter, export traffic, threat, URL, and data filtering logs
•Fully customizable reporting
PAGE 2
THREAT PREVENTION (SUBSCRIPTION REQUIRED)
•Application, operating system vulnerability exploit protection
•Stream-based protection against viruses (including those embedded
in HTML, Javascript, PDF and compressed), spyware, worms
QUALITY OF SERVICE (QOS)
•Policy-based traffic shaping by application, user, source, destination,
interface, IPSec VPN tunnel and more
•8 traffic classes with guaranteed, maximum and priority bandwidth
parameters
•Real-time bandwidth monitor
•Per policy diffserv marking
GLOBALPROTECT
•GlobalProtect Gateway •GlobalProtect Portal
•Client OS: Windows XP, Windows Vista (32/64 bit), Windows 7 (32 bit)
URL FILTERING (SUBSCRIPTION REQUIRED)
•76-category, 20M URL on-box database
•Custom URL cache database (from 180M URL database)
•Custom block pages and URL categories
PA L O A LT O N E T W O R K S : PA - 5 0 0 S p e c s h e e t
HARDWARE SPECIFICATIONS
I/O
Management I/O
Power supply (Avg/max power consumption)
Input voltage (Input frequency)
Max input current
Rack mountable (Dimensions)
Safety
EMI
(8) 10/100/1000
(1) 10/100/1000 out-of-band management port, (1) RJ-45 console port
180W (10W/75W)
100-240Vac (50-60Hz)
110A@230Vac; 1A@115Vac
1U, 19” standard rack (1.75”H x 10”D x 17”W)
UL, CUL, CB
FCC Class A, CE Class A, VCCI Class A, TUV
ENVIRONMENT
Operating temperature
Non-operating temperature
32° to 122° F, 0° to 50° C
-4° to 158° F, -20° to 70° C
ORDERING INFORMATION
PA-500
PlatformPAN-PA-500
For additional Information on the PA-500 next-generation firewall feature set, please visit www.paloaltonetworks.com/literature.
Palo Alto Networks
232 E. Java Drive
Sunnyvale, CA. 94089
Sales 866.320.4788 408.738.7700
www.paloaltonetworks.com
Copyright ©2011, Palo Alto Networks, Inc. All rights reserved. Palo Alto Networks, the Palo Alto Networks Logo, PAN-OS,
App-ID and Panorama are trademarks of Palo Alto Networks, Inc. All specifications are subject to change without notice.
Palo Alto Networks assumes no responsibility for any inaccuracies in this document or for any obligation to update
information in this document. Palo Alto Networks reserves the right to change, modify, transfer, or otherwise revise this
publication without notice. PAN-OS 4.0, March 2011.
Download PDF
Similar pages