*Performance and capacities are measured under ideal testing conditions using PAN-OS.0. Additionally, for VM

Similar documents
Configuring PA Firewalls for a Layer 3 Deployment

Chapter 3 LAN Configuration

5.0 Network Architecture. 5.1 Internet vs. Intranet 5.2 NAT 5.3 Mobile Network

About the VM-Series Firewall

Creating a Gateway to Client VPN between Sidewinder G2 and a Mac OS X Client

Supporting Palo Alto Networks Firewalls in CloudStack. April 10, 2014

Implementing Cisco IOS Network Security

Configuring Global Protect SSL VPN with a user-defined port

Creating a VPN with overlapping subnets

Cisco ASA 5500-X Series ASA 5512-X, ASA 5515-X, ASA 5525-X, ASA 5545-X, and ASA 5555-X

VMware vcloud Air Networking Guide

PAN-OS Syslog Integration

IINS Implementing Cisco Network Security 3.0 (IINS)

TECHNICAL WHITEPAPER. Author: Tom Kistner, Chief Software Architect. Table of Contents

How To - Configure Virtual Host using FQDN How To Configure Virtual Host using FQDN

PassGuide.PCNSE6 (48Q)

Course Syllabus. Fundamentals of Windows Server 2008 Network and Applications Infrastructure. Key Data. Audience. Prerequisites. At Course Completion

Source-Connect Network Configuration Last updated May 2009

About the VM-Series Firewall

WildFire Cloud File Analysis

Security. TestOut Modules

Managing Enterprise Security with Cisco Security Manager

vcloud Air - Virtual Private Cloud OnDemand Networking Guide

Securing Networks with PIX and ASA

Hosting more than one FortiOS instance on. VLANs. 1. Network topology

Implementing Core Cisco ASA Security (SASAC)

*TKtr *W4>K. Government of India itwm mitm Ministry of Labour & Employment W T HSlPT&llem. Directorate General of Mines Safety TENDER NOTICE

Fortinet Network Security NSE4 test questions and answers:

Availability Digest. Redundant Load Balancing for High Availability July 2013

Network Configuration Settings

Set Up the VM-Series Firewall in AWS

SonicOS 5.9 / / 6.2 Log Events Reference Guide with Enhanced Logging

Firewall. FortiOS Handbook v3 for FortiOS 4.0 MR3

icrosoft TMG Replacement with NetScaler

VM-Series for VMware. PALO ALTO NETWORKS: VM-Series for VMware

Datasheet. Managed PoE+ Gigabit Switches with SFP. Models: ES-8-150W, ES W, ES W, ES W, ES W, ES W

Cisco AnyConnect Secure Mobility Solution Guide

Securing Networks with Cisco Routers and Switches 1.0 (SECURE)

Datasheet. Managed Gigabit Fiber Switch. Model: ES-12F. Non-Blocking Throughput Switching. High Performance and Low Latency

CCNA Security. IINS v2.0 Implementing Cisco IOS Network Security ( )

Polycom. RealPresence Ready Firewall Traversal Tips

Securing Networks with Cisco Routers and Switches ( )

How To Authenticate An Ssl Vpn With Libap On A Safeprocess On A Libp Server On A Fortigate On A Pc Or Ipad On A Ipad Or Ipa On A Macbook Or Ipod On A Network

Cisco Certified Security Professional (CCSP)

PowerLink Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions

NETASQ MIGRATING FROM V8 TO V9

Datasheet. Managed Gigabit Switches with SFP. Models: ES-24-Lite, ES-48-Lite. Non-Blocking Throughput Switching Performance

Unified Services Routers

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding

Check Point taps the power of virtualization to simplify security for private clouds

This presentation covers virtual application shared services supplied with IBM Workload Deployer version 3.1.

vcloud Director User's Guide

GB-OS Version 6.2. Configuring IPv6. Tel: Fax Web:

Why IPv6 is necessary for new communication scenarios

LAN TCP/IP and DHCP Setup

Computer Networks. Introduc)on to Naming, Addressing, and Rou)ng. Week 09. College of Information Science and Engineering Ritsumeikan University

Configuring the Transparent or Routed Firewall

FortiGate Multi-Threat Security Systems I Administration, Content Inspection and SSL VPN Course #201

Configuring Windows Server 2008 Network Infrastructure

Unified Services Routers

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

SSECMGT: CManaging Enterprise Security with Cisco Security Manager v4.x

Gigabit SSL VPN Security Router

ETSF10 Part 3 Lect 2

Using IPsec VPN to provide communication between offices

NETASQ ACTIVE DIRECTORY INTEGRATION

Cisco ASA, PIX, and FWSM Firewall Handbook

AC 750. Wireless Dual Band ADSL2+ Modem Router. Highlights

WildFire Cloud File Analysis

How To Configure L2TP VPN Connection for MAC OS X client

Fortinet Certified Network Security Administrator

Implementing, Managing and Maintaining a Microsoft Windows Server 2003 Network Infrastructure: Network Services Course No.

Gigabit Content Security Router

Use Domain Name System and IP Version 6

Securing Virtualization with Check Point and Consolidation with Virtualized Security

Chapter 11 Cloud Application Development

Create a VPN on your ipad, iphone or ipod Touch and SonicWALL NSA UTM firewall - Part 1: SonicWALL NSA Appliance

Certificate Management

1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet

Web Interface Reference Guide Version 6.1

Chapter 8 Router and Network Management

Fireware Essentials Exam Study Guide

Next Generation Network Firewall

Savvius Insight Initial Configuration

Configuring GlobalProtect Tech Note PAN-OS 4.1

Chapter 4 Customizing Your Network Settings

How To Orchestrate The Clouddusing Network With Andn

Firewall Defaults, Public Server Rule, and Secondary WAN IP Address

DIR-806A. Wireless AC750 Multi-Function Router. DUAL BAND Simultaneous operation in 5GHz band and 2.4GHz band, a/b/g/n/ac compatible

Cisco RV215W Wireless-N VPN Router

Title: Setting Up A Site to Site VPN Between Microsoft Azure and the Corporate Network

Virtual Data Centre. User Guide

Fundamentals of Windows Server 2008 Network and Applications Infrastructure

Certificate Management. PAN-OS Administrator s Guide. Version 7.0

Networked AV Systems Pretest

SVN5800 Secure Access Gateway

Understanding and Configuring NAT Tech Note PAN-OS 4.1

McAfee NGFW Installation Guide for Firewall/VPN Role 5.7. NGFW Engine in the Firewall/VPN Role

Cisco RV110W Wireless-N VPN Firewall

I. What is VPN? II. Types of VPN connection. There are two types of VPN connection:

Transcription:

Feature PA-5020 PA-3050 VM-1000- HV Performance *Performance and capacities are measured under ideal testing conditions using PAN-OS.0. Additionally, for VM models please refer to hypervisor, cloud specific data sheet for associated performance App-ID firewall throughput 5 Gbps 4 Gbps 4 Gbps Threat prevention throughput 2 Gbps 2 Gbps 2 Gbps IPSec VPN throughput 2 Gbps 500 Mbps In progress Connections per second 120,000 50,000 30,000 Sessions Max sessions (IPv4 or IPv6) 1,000,000 500,000 819,200 Policies Security rules 10,000 5,000 10,000 Security rule schedules 256 256 256 NAT rules 6,000 5,000 5,000 Decryption rules 1,000 500 1,000 App override rules 1,000 500 1,000 QoS rules 1,000 1,000 1,000 Tunnel content inspection rules 500 500 500 Policy based forwarding rules 500 500 500 Captive portal rules 1,000 1,000 1,000 DoS protection rules 1,000 1,000 1,000 Security Zones Max security zones 80 40 40 Objects (addresses and services) Address objects 10,000 10,000 10,000 Address groups 1,000 1,000 1,000 Members per address group 2,500 2,500 2,500 Service objects 2,000 1,000 2,000

Service groups 250 250 500 Members per service group 500 500 500 FQDN address objects 2,000 2,000 2,000 Max IP addresses registered per system *Applies to IP addresses registered to dynamic address groups 25,000 5,000 100,000 Tags per IP address 32 32 32 Security Profiles Security profiles 750 375 375 App-ID Custom App-ID signatures 6,000 6,000 6,000 Shared custom App-IDs 512 512 512 Custom App-IDs (virtual system specific) 6,416 6,416 6,416 User-ID User-IP mappings (management plane) 512,000 512,000 512,000 User-IP mappings (data plane) 128,000 64,000 64,000 Active and unique groups used in policy 10,000 1,000 1,000 Number of agents 100 100 100 Monitored servers per agent 100 100 100 Maximum terminal services agents 1,000 400 400 SSL Decryption Max SSL inbound certificates 100 25 25 SSL certificate cache (forward proxy) 1,024 128 128 Max concurrent decryption sessions 15,872 15,360 15,000 URL Filtering Total entries for allow list, block list and custom categories 25,000 25,000 25,000 Max custom categories 2,849 2,849 2,849 Max custom categories (virtual system specific) 500 500 500 Dataplane cache size for URL filtering 40,000 20,000 40,000 Management plane dynamic cache size 1,000,000 1,000,000 1,000,000 Interfaces Mgmt - out-of-band 10/100/ 1000, RJ45 10/100/ 1000, RJ45 NA

console console Mgmt - 10/100/1000 high availability 2 2 NA Mgmt - 40Gbps high availability NA NA NA Traffic - 10/100/1000 12 12 NA Traffic - 100/1000/10000 NA NA NA Traffic - 1Gbps SFP 8 8 NA Traffic - 10Gbps SFP+ NA NA NA Traffic - 10Gbps XFP NA NA NA Traffic - 40Gbps QSFP NA NA NA 802.1q tags per device 4,094 4,094 4,094 802.1q tags per physical interface 4,094 4,094 4,094 Max interfaces (logical and physical) 2,048 2,048 2,048 Maximum aggregate interfaces 8 8 NA Virtual Routers Virtual routers 20 10 10 Virtual Wires Virtual wires 1,024 1,024 1,024 Virtual Systems Base virtual systems 10 1 1 Max virtual systems *Additional licenses are required for virtual system capacities above the base virtual systems capacity Routing IPv4 forwarding table size *Entries shared across virtual routers IPv6 forwarding table size *Entries shared across virtual routers 20 6 NA 32,000 10,000 10,000 32,000 10,000 10,000 System total forwarding table size 64,000 20,000 20,000 Max route maps per virtual router 50 50 50 Max routing peers (protocol dependent) 500 500 500 Static entries - DNS proxy 1,024 1,024 1,024 Bidirectional Forwarding Detection (BFD) Sessions 1,024 512 512 L2 Forwarding ARP table size per device 20,000 5,000 2,500 IPv6 neighbor table size 20,000 5,000 1,000

MAC table size per device 20,000 5,000 2,500 Max ARP entries per broadcast domain 20,000 5,000 2,500 Max MAC entries per broadcast domain 20,000 5,000 2,500 NAT Total NAT rule capacity 6,000 5,000 5,000 Max NAT rules (static) *Configuring static NAT rules to full capacity requires that no other NAT rule types are used. Max NAT rules (DIP) *Configuring DIP NAT rules to full capacity requires that no other NAT rule types are used. 6,000 5,000 5,000 4,000 3,000 3,000 Max NAT rules (DIPP) 800 600 800 Max translated IPs (DIP) 64,000 128,000 128,000 Max translated IPs (DIPP) *DIPP translated IP capacity is proportional to the DIPP pool oversubscription value. The capacity shown here is based on an oversubscription value of 1x. Default DIPP pool oversubscription *Source IP and source port reuse across concurrent sessions Address Assignment 800 800 800 4 2 2 DHCP servers 20 10 10 Max number of assigned addresses 64,000 64,000 64,000 High Availability Devices supported 2 2 2 Max virtual addresses 1,024 64 128 QoS Number of QoS policies 1,000 1,000 1,000 Physical interfaces supporting QoS 12 6 6 Clear text nodes per physical interface 63 31 31 DSCP marking by policy Yes Yes Yes Subinterfaces supported NA System limit IPSec VPN Site to site 8,000 3,000 2,000 Max IKE Peers 2,000 2,000 1,000 NA

GlobalProtect Client VPN Max tunnels (SSL, IPSec, and IKE with XAUTH) 5,000 2,000 2,000 GlobalProtect Clientless VPN Max SSL tunnels 1,250 500 500 Multicast Replication (egress interfaces) 100 100 100 Routes 4,000 2,000 2,000 Product Notes End-of-sale NA NA NA