- Palo Alto Networks
Palo Alto Networks PA-220 brings next-generation firewall capabilities to
­distributed enterprise branch offices, retail locations and midsized businesses.
Key Security Features:
Classifies all applications, on all ports, all the time
• Identifies the application, regardless of port,
encryption (SSL or SSH) or evasive technique
• Uses the application, not the port, as the basis for
all of your safe enablement policy decisions: allow,
deny, schedule, inspect and apply traffic-shaping
• Categorizes unidentified applications for policy
control, threat forensics or App-ID™ application
identification technology development
Enforces security policies for any user, at any
• Deploys consistent policies to local and remote
users running on the Windows®, Mac® OS X®,
­macOS™, Linux®, Android™ or Apple® iOS
­ latforms
• Enables agentless integration with Microsoft®
Active Directory® and Terminal Services, LDAP,
Novell® eDirectory™ and Citrix®
The controlling element of the Palo Alto ­Networks® PA-220 is
PAN-OS® security operating system, which natively classifies
all traffic, inclusive of applications, threats and content, and
then ties that traffic to the user, regardless of location or device
type. The application, content and user – in other words, the
elements that run your business – are then used as the basis of
your security policies, resulting in an improved security posture
and a reduction in incident response time.
• High availability with active/active and active/passive modes
• Redundant power input for increased reliability
• Fan-less design
• Simplified deployments of large numbers of firewalls through USB
• Easily integrates your firewall policies with 802.1X
wireless, proxies, NAC solutions and any other
source of user identity information
Performance and Capacities1
Firewall throughput (App-ID enabled)2, 4
500 Mbps
Threat prevention throughput
150 Mbps
IPsec VPN throughput
100 Mbps
3, 4
Prevents known and unknown threats
2, 4
• Blocks a range of known threats, including exploits,
malware and spyware, across all ports, regardless
of common evasion tactics employed
• Limits the unauthorized transfer of files and
sensitive data, and safely enables non-work-related
web surfing
• Identifies unknown malware, analyzes it based
on hundreds of malicious behaviors, and then
automatically creates and delivers protection
Palo Alto Networks | PA-220 | Datasheet
New sessions per second5
Max sessions
Performance and capacities are measured under ideal testing running PAN-OS 8.0
Firewall and IPsec VPN throughput are measured with App-ID and User-ID
features enabled
Threat prevention throughput is measured with App-ID, User-ID, IPS, Antivirus
and Anti-Spyware features enabled
Throughput is measured with 64Kb HTTP transactions
New sessions per second is measured with 4Kb HTTP transactions
The PA-220 supports a wide range of networking features that enable you to more easily integrate our security features
into your existing network.
Networking Features
Hardware Specifications
Interface Modes
L2, L3, Tap, Virtual wire (transparent mode)
(8) 10/100/1000
Management I/O
OSPFv2/v3 with graceful restart, BGP with graceful restart, RIP,
Static routing
(1) 10/100/1000 out-of-band management port
(1) RJ-45 console port
(1) USB port
(1) Micro USB console port
Policy-based forwarding
Point-to-Point Protocol over Ethernet (PPPoE)
Multicast: PIM-SM, PIM-SSM, IGMP v1, v2, and v3
L2, L3, Tap, Virtual wire (transparent mode)
Features: App-ID, User-ID™, Content-ID™, WildFire™ and SSL
Storage Capacity
Power Supply (Avg/Max Power Consumption)
Dual redundant 40W (21W/25W)
Max BTU/hr
102 BTU
Key exchange: Manual key, IKEv1 and IKEv2 (pre-shared key,
­certificate-based authentication)
Input Voltage (Input Frequency)
100–240VAC (50–60Hz)
Encryption: 3DES, AES (128-bit, 192-bit, 256-bit)
Max Current Consumption
Authentication: MD5, SHA-1, SHA-256, SHA-384, SHA-512
Firewall—1.75A @ 12VDC
Power supply (AC side)—0.5A @ 100VAC, 0.2A @ 240VAC
802.1q VLAN tags per device/per interface: 4,094/4,094
Network Address Translation (NAT)
NAT modes (IPv4): Static IP, dynamic IP, dynamic IP and port
(port address translation)
1.62”H X 6.29”D X 8.07”W
Weight (Stand-Alone Device/As Shipped)
3.0 lbs / 5.4 lbs
NAT64, NPTv6
Additional NAT features: Dynamic IP reservation, tunable dynamic IP
and port oversubscription
cCSAus, CB
High Availability
FCC Class B, CE Class B, VCCI Class B
Modes: Active/Active, Active/Passive
Failure detection: path monitoring, interface monitoring
See: https://www.paloaltonetworks.com/company/certifications.html
Operating temperature: 32° to 104° F, 0° to 40° C
Non-operating temperature: -4° to 158° F, -20° to 70° C
Passive cooling
To view additional information about the features and associated capacities of the PA-220, please visit
4401 Great America Parkway
Santa Clara, CA 95054
© 2017 Palo Alto Networks, Inc. Palo Alto Networks is a registered trademark
of Palo Alto Networks. A list of our trademarks can be found at http://www.
paloaltonetworks.com/company/trademarks.html. All other marks mentioned
herein may be trademarks of their respective companies.
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF