PA-4000 Series
PA L O A LT O N E T W O R K S : PA - 4 0 0 0 S e r i e s S p e c s h e e t
PA-4000 Series
The PA-4000 Series is a next-generation
firewall that delivers unprecedented
visibility and control over applications,
users and content on enterprise
PA-4060
networks.
APPLICATION IDENTIFICATION:
• Identifies
more than 950 applications
irrespective of port, protocol, SSL
encryption or evasive tactic employed.
• Enables
positive enforcement
application usage policies: allow, deny,
schedule, inspect, apply traffic shaping.
• Graphical
visibility tools enable simple
and intuitive view into application traffic.
USER IDENTIFICATION:
• Policy-based
visibility and control over
who is using the applications through
seamless integration with Active
Directory, LDAP, and eDirectory.
• Identifies
Citrix and Microsoft Terminal
Services users, enabling visibility and
control over their respective application
usage. • Control
non-Windows hosts via webbased authentication.
CONTENT IDENTIFICATION:
• Block
viruses, spyware, and vulnerability
exploits, limit unauthorized transfer of
files and sensitive data such as CC# or
SSN, and control non-work related web
surfing.
pass software architecture
enables multi-gigabit throughput with
low latency while scanning content.
PA-4050
PA-4020
The Palo Alto NetworksTM PA-4000 Series is comprised of three
high performance platforms, the PA-4020, the PA-4050 and
the PA-4060, all of which are targeted at high speed Internet
gateway and datacenter deployments. The PA-4000 Series
manages multi-Gbps traffic flows using dedicated processing
and memory for networking, security, threat prevention and
management.
A 10 Gbps backplane smoothes the pathway between dedicated processors,
and the physical separation of data and control plane ensures that
management access is always available, irrespective of the traffic load. The PA4050 and PA-4020 each have 24 traffic interfaces while the PA-4060 supports
10 Gbps interfaces. All of the PA-4000 Series platforms have dedicated high
availability and out-of-band management interfaces.
The controlling element of the PA-4000 Series next-generation firewalls is
PAN-OSTM, a security-specific operating system that tightly integrates three
unique identification technologies: App-IDTM, User-ID and Content-ID, with
key firewall, networking and management features.
• Single
Key Performance Specifications
Firewall throughput
Threat prevention throughput
IPSec VPN throughput IPSec VPN tunnels/interfaces
SSL VPN concurrent users
New sessions per second
Max sessions
PA-4020
PA-4050
PA-4060
2 Gbps
2 Gbps
1 Gbps
2,000
5,000
60,000
500,000
10 Gbps
5 Gbps
2 Gbps
4,000
10,000
60,000
2,000,000
10 Gbps
5 Gbps
2 Gbps
4,000
10,000
60,000
2,000,000
For a complete description of the PA-4000 Series next-generation firewall
feature set, please visit www.paloaltonetworks.com/literature.
PA L O A LT O N E T W O R K S : PA - 4 0 0 0 S e r i e s S p e c s h e e t
Additional PA-4000 Series Specifications and Features
App-ID
Networking
•Identifies and controls more than 950 applications •SSL decryption (inbound and outbound) •Customize application properties
•Custom HTTP and SSL applications
•Dynamic routing (BGP, OSPF and RIPv2) •Tap mode, virtual wire, layer 2, layer 3
•Network address translation (NAT)
- Source and destination address translation
- Dynamic IP and port pool: 254
- Dynamic IP pool: 16,234 •DHCP server/ DHCP relay: Up to 3 servers
•802.1Q VLANs: 4,094
•Policy-based forwarding
•802.3ad link aggregation
•Point-to-Point Protocol over Ethernet (PPPoE)
•IPv6 application visibility, control and full content inspection (Virtual
wire mode only)
•Jumbo frames
•Virtual routers: (PA-4020) 20, (PA-4050) 125, (PA-4060) 125
•Security zones: (PA-4020) 80, (PA-4050) 500, (PA-4060) 500
•Virtual systems (base/max): (PA-4020) 10/20*, (PA-4050) 25/125*,
(PA-4060) 25/125*
firewall
•Policy-based control by application, application category,
subcategory, technology, risk factor or characteristic •Application function control
•Fragmented packet protection
•Reconnaissance scan protection
•Denial of Service (DoS)/Distributed Denial of Services (DDoS)
protection
•Maximum number of policies: (PA-4020) 10,000, (PA-4050) 20,000,
(PA-4060) 20,000
user-id
•Visibility and control by user, group and IP address •Active Directory, LDAP, eDirectory, Citrix and Microsoft Terminal
Services
•XML API (external user repository integration)
•WMI and NetBios polling
•Maximum concurrent user/IP mappings: 64,000
Threat Prevention (Subscription Required)
•Control unauthorized data transfer (social security numbers, credit
card numbers, custom data patterns) •Control unauthorized transfer of more than 50 file types
•Detect and block application vulnerability exploits (IPS) •Stream-based protection against viruses, spyware and worms
•HTML/Javascript virus protection
•Inspect compressed files that use the Deflate algorithm (Zip, Gzip,
etc)
•Custom vulnerability and spyware phone home signatures
•Content updates: daily (malware), weekly (vulnerability signatures),
emergency (all)
URL Filtering (Subscription Required)
Quality of Service (QoS)
•76-category, 20M URL on-box database •Custom 1M URL cache database (from 180M URL database)
•Custom block pages and URL categories
•Policy-based traffic shaping by application, user, source, destination,
interface, IPSec VPN tunnel and more •Define up to 8 traffic classes with guaranteed, maximum and priority
bandwidth parameters
•Real-time bandwidth monitor
•Per policy diffserv marking
Data Filtering
IPSec VPN (Site-to-Site)
•Manual key, IKE v1 •3DES, AES (128-bit, 192-bit, 256-bit) encryption
•SHA1, MD5 authentication
SSL VPN (Remote Access)
•IPSec transport with SSL fall-back •Enforce unique policies for SSL VPN traffic
•Enable/disable split tunneling to control client access
•LDAP, SecurID, or local DB authentication
•Client OS: Windows XP, Windows Vista (32 and 64 bit), Windows 7 (32
and 64 bit)
High Availability
•Active/Passive failover •Configuration and session synchronization
•Heartbeat checking
•Link and path failure monitoring
* Adding virtual systems to the base quantity requires a separately purchased license.
PAGE 2
Management Tools
•Integrated web interface •Command line interface (CLI)
•Role-based administration
•Syslog and SNMPv2
•Customizable administrator login banner
•XML-based REST API
•Centralized management (Panorama)
•Centrally manage PAN-OS and content updates (Panorama)
•Shared policies (Panorama)
Visibility and Reporting Tools
•Graphical summary of applications, URL categories, threats and data
(ACC) •View, filter, export traffic, threat, URL, and data filtering logs
•Fully customizable reporting
•Trace session tool
PA L O A LT O N E T W O R K S : PA - 4 0 0 0 S e r i e s S p e c s h e e t
Hardware Specifications
I/O
Management I/O
Power supply (Avg/max power consumption)
Input voltage (Input frequency)
Max input current
Power factor
Safety
EMI
Rack mountable (dimensions)
MTBF
PA-4060 PA-4050/PA-4020
(4) 10 Gigabit XFP + (4) Gigabit SFP (16) 10/100/1000 + (8) Gigabit SFP
(2) 10/100/1000 high availability, (2) 10/100/1000 high availability,
(1) 10/100/1000 out-of-band management, (1) 10/100/1000 out-of-band management,
(1) DB9 console port
(1) DB9 console port
Redundant 400W AC (175W/200W)
100-240Vac (50-60Hz)
50A@230Vac; 30A@120Vac
0.93 to 0.95 (PA-4060, PA-4050, PA-4020)
UL, CUL, CB
FCC Class A, CE Class A, VCCI Class A, TUV
2U, 19” standard rack (3.5”H x 16.5”D x 17.5”W)
7.18 years (PA-4060, PA-4050, PA-4020)
Environment
Operating temperature
Non-operating temperature
32° to 122° F, 0° to 50° C
-4° to 158° F, -20° to 70° C
Ordering Information
PA-4060 PA-4050
PA-4020
Platform
Annual threat prevention subscription
Annual URL filtering subscription
VSYS upgrade (10 additional) VSYS upgrade (50 additional)
VSYS upgrade (100 additional)
PAN-PA-4060 PAN-PA-4060-TP PAN-PA-4060-URL2
---
PAN-PA-4060-VSYS-50
PAN-PA-4060-VSYS-100
PAN-PA-4050
PAN-PA-4050-TP
PAN-PA-4050-URL2
---
PAN-PA-4050-VSYS-50
PAN-PA-4050-VSYS-100
PAN-PA-4020
PAN-PA-4020-TP
PAN-PA-4020-URL2
PAN-PA-4020-VSYS-10
-----
For additional information on the PA-4000 Series software features, please visit www.paloaltonetworks.com/literature.
Palo Alto Networks
232 E. Java Drive
Sunnyvale, CA. 94089
Sales 866.320.4788 408.738.7700
www.paloaltonetworks.com
Copyright ©2010, Palo Alto Networks, Inc. All rights reserved. Palo Alto Networks, the Palo Alto Networks Logo, PAN-OS,
App-ID and Panorama are trademarks of Palo Alto Networks, Inc. All specifications are subject to change without notice.
Palo Alto Networks assumes no responsibility for any inaccuracies in this document or for any obligation to update
information in this document. Palo Alto Networks reserves the right to change, modify, transfer, or otherwise revise this
publication without notice. PAN-OS 3.1, March 2010.
840-000002-00D
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertising