品牌
其他厂商性质
上海所在地
| Performance and Capacities1 | PA-7080 System2 | PA-7050 System2 | PA-5260 | PA-5250 | PA-5220 |
| Firewall throughput (App-ID) | 200 Gbps | 120 Gbps | 72.2 Gbps | 35.9 Gbps | 18.5 Gbps |
| Threat prevention throughput IPSec VPN throughput | 100 Gbps | 60 Gbps | 30 Gbps | 20.3 Gbps | 9.2 Gbps |
| 80 Gbps | 48 Gbps | 21 Gbps | 14 Gbps | 5 Gbps | |
| New sessions per second | 1,200,000 | 720,000 | 458,000 | 348,000 | 169,000 |
|
| 3 | 3 |
|
|
|
| Max sessions Virtual systems (base/max2) | 40,000,000/80,000,000 | 24,000,000/48,000,000 | 32,000,000 | 8,000,000 | 4,000,000 |
| 25/225 | 25/225 | 25/225 | 25/125 | 10/20 | |
| Hardware Specifications 4 | PA-7080 System | PA-7050 System | PA-5260 | PA-5250 | PA-5220 |
| Interfaces supported NPC option 1 Interfaces supported NPC option 24 | Up to (20) QSFP+, (120) SFP+ | Up to (12) QSFP+, (72) SFP+ | (4) 100/1000/10G Cu, (16) 1G/10G SFP/SFP+, (4) 40G/100G QSFP28 | (4) 100/1000/10G Cu, (16) 1G/10G SFP/SFP+, (4) 40G QSFP+ | |
| Up to (120) 10/100/1000, (80) SFP, (40) SFP+ | Up to (72) 10/100/1000, (48) SFP, (24) SFP+ | ||||
| Management I/O | (2) 10/100/1000, (2) QSFP+ high availability, (1) 10/100/1000 out-of-band management, (1) RJ45 console | (2) 10/100/1000 Cu, (1) 10/100/1000 out-of-band management, (1) RJ45 console | |||
|
| (1) 40G/100G QSFP28 HA | (1) 40G QSFP+ HA | |||
| Rack mountable? | 19U, 19” standard rack | 9U, 19” standard rack or 14U, 19” standard rack with optional Airduct kit | 3U, 19” standard rack | ||
| Power supply | 4x2500W AC (2400W / 2700) expandable to 8 | 4x2500W AC (2400W / 2700W) | 2x1200W AC or DC (1:1 Fully Redundant) | ||
| Redundant power supply? Disk drives | Yes | Yes | |||
| 2TB RAID1 | System: 240GB SSD, RAID1. Log: 2TB HDD, RAID1 | ||||
| Hot swap fans | Yes | Yes | |||
Performance and Capacities
| Firewall throughput (App-ID) |
|
|
|
|
|
|
| 20 Gbps | 10 Gbps | 5 Gbps | 4 Gbps | 4 Gbps | 2 Gbps | |
| Threat prevention throughput | 10 Gbps | 5 Gbps | 2 Gbps | 2 Gbps | 2 Gbps | 1 Gbps |
| IPSec VPN throughput | 4 Gbps | 4 Gbps | 2 Gbps | 500 Mbps | 500 Mbps | 500 Mbps |
| New sessions per second |
|
|
|
|
|
|
| 120,000 | 120,000 | 120,000 | 50,000 | 50,000 | 50,000 | |
| Max sessions Virtual systems (base/max2) | 4,000,000 | 2,000,000 | 1,000,000 | 500,000 | 500,000 | 250,000 |
| 25/225 | 25/125 | 10/20 | 1/6 | 1/6 | 1/6 | |
| Hardware Specifications | PA-5060 | PA-5050 | PA-5020 | PA-3060 | PA-3050 | PA-3020 |
| Interfaces supported4 | (12) 10/100/1000, (8) SFP, (4) 10 SFP+ | (12) 10/100/1000, (8) SFP | (8) 10/100/1000, (8) SFP, (2) 10 SFP+ | (12) 10/100/1000, (8) SFP | ||
| Management I/O | (2) 10/100/1000 high availability, (1) 10/100/1000 out-of-band management, (1) RJ45 console | (1) 10/100/1000 out-of-band management,(2) 10/100/1000 high availability, (1) RJ-45 console | ||||
| Rack mountable? | 2U, 19” standard rack | 1.5U, 19” standard rack | 1U, 19” standard rack | |||
| Power supply Redundant power supply? | Redundant 450W AC or DC | Redundant 400W AC | 250W AC | |||
| Yes | Yes | No | ||||
| Disk drives | 120GB or 240GB SSD, RAID Optional | 120GB SSD | ||||
|
|
|
| ||||
| |
|
|
| Performance and Capacities1 | PA-850 | PA-820 | PA-500 | PA-220 | PA-200 |
| Firewall throughput (App-ID) Threat prevention throughput | 1.9 Gbps | 940 Mbps | 250 Mbps | 500 Mbps | 100 Mbps |
| 780 Mbps | 610 Mbps | 100 Mbps | 150 Mbps | 50 Mbps | |
| IPSec VPN throughput | 500 Mbps | 400 Mbps | 50 Mbps | 100 Mbps | 50 Mbps |
| New sessions per second Max sessions | 9,500 | 8,300 | 7,500 | 4,200 | 1,000 |
| 192,000 | 128,000 | 64,000 | 64,000 | 64,000 | |
| Virtual systems (base) | 1 | 1 | N/A | 1 | N/A |
| Hardware Specifications | PA-850 | PA-820 | PA-500 | PA-220 | PA-200 |
| Interfaces supported4 |
|
|
|
|
|
| (4) 10/100/1000, (4/8) SFP, (0/4) 10 SFP+ | (4) 10/100/1000, (8) SFP | (8) 10/100/1000 | (8) 10/100/1000 | (4) 10/100/1000 | |
| Management I/O | (1) 10/100/1000 out-of-band management, (2) 10/100/1000 high availability, (1) RJ-45 console, (1) USB, (1) Micro USB console | (1) 10/100/1000 out-of-band management, (1) RJ-45 console | (1) 10/100/1000 out-of-band management, (1) RJ-45 console, (1) USB, (1) Micro USB console | (1) 10/100/1000 out-ofband management, (1) RJ-45 console | |
| Rack mountable? | 1U, 19” standard rack | 1U, 19” standard rack | 1.62”H X 6.29”D X 8.07”W | 1.75” H x 7”D x 9.25”W | |
| Power supply Redundant power supply? | Two 500W AC. One is redundant. | 200W | 180W | Dual redundant 40W | 40W |
| Yes | No | No | Yes (optional) | No | |
| Disk drives Hot swap fans | 240GB SSD | 160GB | 32GB EMMC | 16GB SSD | |
| No | No | No | No | ||
SHAPE * MERGEFORMAT
February 2017 (PAN-OS 8.0) Specifications and features summary is for comparison only. Refer to the respective spec sheets as the source of the most up-to-date information.
| Performance and Capacities 1 | VM-50 | VM-100/VM-200 |
| VM-300/VM-1000HV | VM-500 |
| VM-700 |
| Firewall throughput (App-ID) Threat prevention throughput | 200 Mbps | 2 Gbps |
| 4 Gbps | 8 Gbps |
| 16 Gbps |
| 100 Mbps | 1 Gbps |
| 2 Gbps | 4 Gbps |
| 8 Gbps | |
| IPSec VPN throughput | 100 Mbps | 1 Gbps |
| 1.8 Gbps | 4 Gbps |
| 6 Gbps |
| 1 |
|
|
|
|
|
|
|
| New sessions per second CPU Configurations Supported | 3,000 | 15,000 |
| 30,000 | 60,000 |
| 120,000 |
| 25 | 2 |
| 2,4 | 2,4,8 |
| 2,4,8,16 | |
| Dedicated Memory (Minimum) Dedicated Disk drive capacity (Min) | 4.5GB | 6.5GB |
| 9GB | 16GB |
| 56GB |
| 32GB6 | 60GB |
| 60GB | 60GB |
| 60GB | |
| Supported Environments |
|
|
|
|
|
| |
| VMware ESXi 5.1/5.5/6.0 (Standalone) KVM on CentOS/RHEL and Ubuntu Microsoft Hyper-V (Windows 2012 R2 Server) |
|
| Yes |
|
|
| |
| NSX Manager 6.0/6.1/6.2 | No |
| Yes | Yes |
| No | |
| Citrix Xen Server on SDX 10.1 |
|
| No |
| |||
| Amazon AWS | Y (BYOL Only) |
| Y (BYOL and Marketplace) |
| Y (BY | OL Only) | |
| Microsoft Azure | |||||||
(1) Performance and capacities are measured under ideal testing conditions with PAN-OS 8.0. For VM-Series, they may vary based on underlying virtualization infrastructure(hypervisor/cloud). Refer to the individual datasheets for detailed performance and testing information. (2) Adding virtual systems to the base quantity requires a separately purchased license. (3) Max session capacity for PA-7000 NPCs with standard memory/extended memory. (4) Optical/Copper transceivers are sold separately. (5) CPU oversubscription supported with up to 5 instances running on a 2 CPU configuration. (6) 60GB required at initial boot. VM-Series will use 32GB after license activation.
| |
|
|
|
|
|
| Firewall |
|
| Thousands of applications for visibility and control, ability to create custom applications, ability to manage unknown traffic based on policy | P |
| User identification and control: VPNs, WLAN Controllers, Captive Portal, Proxies, Active Directory, eDirectory, Exchange, Terminal Services, Syslog parsing, XML API | P |
| Granular SSL decryption & inspection (inbound and outbound), per-policy SSH control (inbound and outbound) | P |
| Networking: Dynamic routing (RIP, OSPF, BGP, Multiprotocol BGP), DHCP, DNS, NAT, Route redistribution, ECMP, LLDP, BFD, Tunnel content inspection | P |
| QoS: Policy-based traffic shaping (priority, guaranteed, maximum) per application, per user, per tunnel, based on DSCP classification | P |
| Virtual systems: Logical, separately-managed firewall instances within a single physical firewall, with each virtual system’s traffic kept separate | P |
| Zone-based network segmentation and zone protection; DoS protection against flooding of new sessions | P |
| Threat Prevention (subscription required) |
|
| Prevention of a wide variety of threats, including vulnerability exploits, malware and botnets | P |
| Blocking polymorphic malware by focusing on payload, instead of hash or filename | P |
| Protections automatically updated every five minutes (with WildFire subscription) | P |
| Advanced Malware Protection (WildFire subscription required) Dynamic analysis: Detonation of files in a custom-build evasion resistant virtual environment, enabling detection of zero-day malware and exploits |
P |
| Static analysis: Detection of malware and exploits that attempt to evade dynamic analysis, as well as instantly identifying variants of existing malware | P |
| Machine learning: Extraction of thousands of unique features from each file, training a predictive machine learning classifier to identify new malware and exploits | P |
| Bare metal analysis: Evasive threats automatically sent to a real hardware environment for detonation, entirely removing an adversary’s ability to deploy anti-VM analysis | P |
| Automated signature updates every 5 minutes for zero-day malware and exploits discovered by any WildFire subscriber | P |
| Contextual Threat Intelligence Service (AutoFocus subscription required) Context around attacks, adversaries and campaigns, including targeted industries |
P |
| Accelerated analysis and response efforts, including prioritized alerts for the most critical threats | P |
| URL Filtering (Subscription Required) |
|
| Protection against malicious sites exposing your people and data to malware and exploit kits | P |
| Protection from credential phishing by inspecting webpages to determine whether the content and purpose is malicious in nature | P |
| Custom URL categories, customizable alerts and notification pages | P |
| File and Data Filtering Bidirectional control over the unauthorized transfer of file types and Social Security Numbers, Credit Card Numbers, and custom data patterns |
P |
| Security (GlobalProtect subscription required) |
|
| Remote access VPN (SSL, IPSec, clientless) and threat prevention and policy enforcement based on apps, users, content, device and device state | P |
| BYOD: app-level VPN for user privacy | P |
| Management and Visibility Tools (Panorama subscription required for managing multiple firewalls) |
|
| Intuitive policy control with applications, users, threats, advanced malware protection, URL, file types, data patterns – all in the same policy | P |
| Actionable insight into traffic and threats with Application Command Center (ACC), fully customizable reporting | P |
| Aggregated logging and event correlation | P |
| Consistent management of all hardware and all VM-Series, role-based access control, logical and hierarchical device groups, and templates | P |
| GUI, CLI, XML-based REST API | P |
