*Performance and capacities are measured under ideal testing conditions using PAN-OS.0. Additionally, for VM

Similar documents
*Performance and capacities are measured under ideal testing conditions using PAN-OS 8.0. Additionally, for VM

*1. Firewall throughput measured with App-ID and User-ID features enabled utilizing 64KB HTTP transactions. 2.

*1. Firewall throughput measured with App-ID and User-ID features enabled utilizing 64KB HTTP transactions. 2.

*1. Firewall throughput measured with App-ID and User-ID features enabled utilizing 64KB HTTP transactions. 2.

*1. Firewall throughput measured with App-ID and User-ID features enabled utilizing 64KB HTTP transactions. 2.

*1. Firewall throughput measured with App-ID and User-ID features enabled utilizing 64KB HTTP transactions. 2.

*1. Firewall throughput measured with App-ID and User-ID features enabled utilizing 64KB HTTP transactions. 2.

*1. Firewall throughput measured with App-ID and User-ID features enabled utilizing 64KB HTTP transactions. 2.

*1. Firewall throughput measured with App-ID and User-ID features enabled utilizing 64KB HTTP transactions. 2.

*1. Firewall throughput measured with App-ID and User-ID features enabled utilizing 64KB HTTP transactions. 2.

Max sessions (IPv4 or IPv6) 500, , ,000

*1. Firewall throughput measured with App-ID and User-ID features enabled utilizing 64KB HTTP transactions. 2.

*1. Firewall throughput measured with App-ID and User-ID features enabled utilizing 64KB HTTP transactions. 2.

Feature. *1. Firewall throughput measured with App-ID and User-ID features enabled utilizing 64KB HTTP transactions. 2.

Test Accredited Configuration Engineer (ACE) Exam PAN OS 6.0 Version

High Availability Synchronization PAN-OS 5.0.3

Test - Accredited Configuration Engineer (ACE) Exam - PAN-OS 6.0 Version

Palo Alto Networks PCNSE7 Exam

How to Configure Mobile VPN for Forcepoint NGFW TECHNICAL DOCUMENT

Appliance Comparison Chart

Transparent or Routed Firewall Mode

Appliance Comparison Chart

Exam Questions PCNSE6

Gigabit SSL VPN Security Router

Stonesoft Next Generation Firewall

Paloalto Networks. Exam Questions PCNSE6. Palo Alto Networks Certified Network Security Engineer 6.0. Version:Demo

DrayTek Vigor Technical Specifications. PPPoE, PPTP, DHCP client, static IP, L2TP*, Ipv6. Redundancy. By WAN interfaces traffic volume

Fireware-Essentials. Number: Fireware Essentials Passing Score: 800 Time Limit: 120 min File Version: 7.

Unified Services Routers

Palo Alto Networks Stallion Spring Seminar -Tech Track. Peter Gustafsson, June 2010

NSX-T Data Center Migration Coordinator Guide. 5 APR 2019 VMware NSX-T Data Center 2.4

New Features for ASA Version 9.0(2)

SMALL BUSINESS. Model 20/30/50 30 LTE One 210/ BPL-210 BPL-310

Cisco RV110W Wireless-N VPN Firewall

Cisco IOS IPv6. Cisco IOS IPv6 IPv6 IPv6 service provider IPv6. IPv6. data link IPv6 Cisco IOS IPv6. IPv6

Request for Proposal (RFP) for Supply and Implementation of Firewall for Internet Access (RFP Ref )

CONFIGURING AND DEPLOYING THE AX411 WIRELESS ACCESS POINT

High Availability. Palo Alto Supports Two types of High Availability. I. Active/Passive II. Active/Active

Next-Generation Firewall Series Datasheet

Cisco CVR100W Wireless-N VPN Router with Highly Secure Business-Class Connectivity for Small Offices/Home Offices (SOHO)

Check Point Virtual Systems & Identity Awareness

This section describes the clustering architecture and how it works. Management access to each ASA for configuration and monitoring.

Hillstone E-Series Next-Generation Firewall

Palo Alto Networks PCNSE Exam Questions and Answers (PDF) Palo Alto Networks PCNSE Exam Questions PCNSE BrainDumps

McAfee NGFW Installation Guide for Firewall/VPN Role 5.7. NGFW Engine in the Firewall/VPN Role

VPN Routers DSR-150/250/500/1000AC. Product Highlights. Features. Overview. Comprehensive Management Capabilities. Web Authentication Capabilities

Contents New Features Changes to Default Behavior Upgrade and Downgrade Procedures Associated Software Versions...

Implementing Core Cisco ASA Security (SASAC)

Technical Specification of the proposed components :

Next Generation Firewall

Exam : Title : Security Solutions for Systems Engineers. Version : Demo

Transparent or Routed Firewall Mode

Some features are not supported when using clustering. See Unsupported Features with Clustering, on page 11.

Licenses: Smart Software Licensing (ASAv, ASA on Firepower)

GLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications

Overview 1. Service Features 1

VM-SERIES FOR VMWARE VM VM

Cisco ASA with FirePOWER services Eric Kostlan, Technical Marketing Engineer Security Technologies Group, Cisco Systems LABSEC-2339

Yamaha Router Configuration Training ~ Web GUI ~

Paloalto Networks Exam PCNSE6 Palo Alto Networks Certified Network Security Engineer 6.0 Version: 6.1 [ Total Questions: 153 ]

Configuring Interfaces

Junos Security Bundle, JSEC & AJSEC

Juniper Exam JN0-696 Security Support, Professional (JNCSP-SEC) Version: 9.0 [ Total Questions: 71 ]

Gigabit Managed Ethernet Switch

AWS Reference Architecture - CloudGen Firewall Auto Scaling Cluster

Recommended Configuration Maximums

Cisco RV180 VPN Router

DATASHEET. Advanced 6-Port Gigabit VPN Network Router. Model: ER-6. Sophisticated Routing Features. Advanced Security, Monitoring, and Management

HySecure Quick Start Guide. HySecure 5.0

NSG50/100/200 Nebula Cloud Managed Security Gateway

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Licensing the Firepower System

PRODUCT LINE MATRIX: Mobility Controllers

Cisco 921J Gigabit Ethernet security router with external power supply for Japan only

45 10.C. 1 The switch should have The switch should have G SFP+ Ports from Day1, populated with all

Cisco - ASA Lab Camp v9.0

Junos Security (JSEC)

Stonesoft Next Generation Firewall. Release Notes Revision B

Recommended Configuration Maximums. NSX for vsphere Updated on August 08, 2018

Junos Security. Chapter 3: Zones Juniper Networks, Inc. All rights reserved. Worldwide Education Services

NSG100 Nebula Cloud Managed Security Gateway

Ordering and deleting Single-node Trial for VMware vcenter Server on IBM Cloud instances

Example - Configuring a Site-to-Site IPsec VPN Tunnel

MOC 6420A: Fundamentals of Windows Server 2008 Network and Applications Infrastructure

Recommended Configuration Maximums

Next-Generation Firewall Series Datasheet

ActualTorrent. Professional company engaging Providing Valid Actual Torrent file for qualification exams.

vcenter Operations Management Pack for NSX-vSphere

Stonesoft Next Generation Firewall. Release Notes Revision C

CCNA Security. 2.0 Secure Access. 1.0 Security Concepts

Wireless Controller DWC-1000

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL II. VERSION 2.0

DPX8000 Series Deep Service Switching Gateway User Configuration Guide BRAS Service Board Module v1.0

Cisco Exam Implementing Cisco Network Security Version: 12.0 [ Total Questions: 186 ]

Clientless SSL VPN Overview

High Availability Options

Palo-Alto PCNSE7. Palo Alto Networks Certified Network Security Engineer.

Gigabit Managed Ethernet Switch

Gigabit Managed Ethernet Switch

Cradlepoint COR IBR350 Specifications

Transcription:

PA-820 PA-500 Feature Performance *Performance and capacities are measured under ideal testing conditions using PAN-OS.0. Additionally, for VM models please refer to hypervisor, cloud specific data sheet for associated performance App-ID firewall throughput 940 Mbps 250 Mbps Threat prevention throughput 610 Mbps 100 Mbps IPSec VPN throughput 400 Mbps 50 Mbps Connections per second 8,300 7,500 Sessions Max sessions (IPv4 or IPv6) 130,000 64,000 Policies Security rules 1,500 1,000 Security rule schedules 256 256 NAT rules 3,000 160 Decryption rules 100 100 App override rules 100 100 QoS rules 100 100 Tunnel content inspection rules 100 100 Policy based forwarding rules 100 100 Captive portal rules 100 100 DoS protection rules 100 100 Security Zones Max security zones 30 20 Objects (addresses and services) Address objects 2,500 2,500 Address groups 250 250 Members per address group 2,500 2,500 Service objects 1,000 1,000 Service groups 250 250

Members per service group 500 500 FQDN address objects 2,000 2,000 Max IP addresses registered per system *Applies to IP addresses registered to dynamic address groups 1,000 1,000 Tags per IP address 32 32 Security Profiles Security profiles 100 75 App-ID Custom App-ID signatures 6,000 6,000 Shared custom App-IDs 512 512 Custom App-IDs (virtual system specific) 6,416 6,416 User-ID User-IP mappings (management plane) 512,000 512,000 User-IP mappings (data plane) 128,000 64,000 Active and unique groups used in policy 1,000 1,000 Number of agents 100 100 Monitored servers per agent 100 100 Maximum terminal services agents 400 400 SSL Decryption Max SSL inbound certificates 25 25 SSL certificate cache (forward proxy) 128 128 Max concurrent decryption sessions 12,800 1,024 URL Filtering Total entries for allow list, block list and custom categories 25,000 25,000 Max custom categories 2,849 2,849 Max custom categories (virtual system specific) 500 500 Dataplane cache size for URL filtering 10,000 10,000 Management plane dynamic cache size 1,000,000 1,000,000 Interfaces Mgmt - out-of-band null 10/100/ 1000, RJ45 console Mgmt - 10/100/1000 high availability 2 NA

Mgmt - 40Gbps high availability NA NA Traffic - 10/100/1000 4 8 Traffic - 100/1000/10000 NA NA Traffic - 1Gbps SFP 8 NA Traffic - 10Gbps SFP+ NA NA Traffic - 10Gbps XFP NA NA Traffic - 40Gbps QSFP NA NA 802.1q tags per device 4,094 4,094 802.1q tags per physical interface 4,094 4,094 Max interfaces (logical and physical) 1,024 288 Maximum aggregate interfaces 6 4 Virtual Routers Virtual routers 5 3 Virtual Wires Virtual wires 512 144 Virtual Systems Base virtual systems 1 1 Max virtual systems *Additional licenses are required for virtual system capacities above the base virtual systems capacity Routing IPv4 forwarding table size *Entries shared across virtual routers IPv6 forwarding table size *Entries shared across virtual routers NA NA 5,000 625 5,000 625 System total forwarding table size 10,000 1,250 Max route maps per virtual router 50 50 Max routing peers (protocol dependent) 1,000 500 Static entries - DNS proxy 1,024 1,024 Bidirectional Forwarding Detection (BFD) Sessions NA NA L2 Forwarding ARP table size per device 3,000 2,000 IPv6 neighbor table size 3,000 2,000 MAC table size per device 3,000 2,000 Max ARP entries per broadcast domain 3,000 2,000

Max MAC entries per broadcast domain 3,000 2,000 NAT Total NAT rule capacity 3,000 160 Max NAT rules (static) *Configuring static NAT rules to full capacity requires that no other NAT rule types are used. Max NAT rules (DIP) *Configuring DIP NAT rules to full capacity requires that no other NAT rule types are used. 3,000 160 3,000 160 Max NAT rules (DIPP) 3,000 160 Max translated IPs (DIP) 3,000 16,000 Max translated IPs (DIPP) *DIPP translated IP capacity is proportional to the DIPP pool oversubscription value. The capacity shown here is based on an oversubscription value of 1x. Default DIPP pool oversubscription *Source IP and source port reuse across concurrent sessions Address Assignment 400 160 2 1 DHCP servers 5 3 Max number of assigned addresses 64,000 64,000 High Availability Devices per cluster 2 2 Max virtual addresses 48 32 QoS Number of QoS policies 250 100 Physical interfaces supporting QoS 12 6 Clear text nodes per physical interface 31 31 DSCP marking by policy Yes Yes Subinterfaces supported IPSec VPN System Limit System limit Site to site 2,000 250 Max IKE Peers 1,000 1,000 GlobalProtect Client VPN Max tunnels (SSL, IPSec, and IKE with XAUTH) 1,000 100

GlobalProtect Clientless VPN Max SSL tunnels 250 25 Multicast Replication (egress interfaces) 200 100 Routes 1,500 1,000 Product Notes End-of-sale NA NA

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback