Professional Documents
Culture Documents
PA-5200 Series
Series Next-Generation Firewalls—
comprising the PA-5280, PA-5260,
PA-5250, and PA-5220—are ideal
for high-speed data c
enter, internet
gateway, and service provider
deployments. The PA-5200 Series PA-5260
Firewall throughput (HTTP/appmix)1 56/64 Gbps 56/64 Gbps 38/40 Gbps 15.6/20 Gbps
Threat Prevention throughput (HTTP/appmix)2 26/31.5 Gbps 26/31.5 Gbps 17/21 Gbps 7.2/8.9 Gbps
1. Firewall throughput is measured with App-ID and logging enabled, utilizing 64 KB HTTP/appmix transactions.
2. Threat Prevention throughput is measured with App-ID, IPS, antivirus, anti-spyware, WildFire, file blocking, and logging enabled, utilizing 64 KB HTTP/appmix transactions.
3. IPsec VPN throughput is measured with 64 KB HTTP transactions and logging enabled.
4. New sessions per second is measured with application-override, utilizing 1 byte HTTP transactions.
5. Adding virtual systems over base quantity requires a separately purchased license.
Table 2: PA-5200 Series Networking Features Table 3: PA-5200 Series Hardware Specifications
L2, L3, tap, virtual wire (transparent mode) PA-5280 / PA-5260 / PA-5250: 100/1000/10G Cu (4), 1G/10G
SFP/ SFP+ (16), 40G/100G QSFP28 (4)
Routing
PA-5220: 100/1000/10G Cu (4), 1G/10G SFP/SFP+ (16), 40G
OSPFv2/v3 with graceful restart, BGP with graceful restart, QSFP+ (4)
RIP, static routing
Management I/O
Policy-based forwarding
PA-5280 / PA-5260 / PA-5250: (2) 10/100/1000, (1)
Point-to-point protocol over Ethernet (PPPoE) and DHCP
40G/100G QSFP28 HA, (1) 10/100/1000 out-of-band
supported for dynamic address assignment
management, (1) RJ45 console port
Multicast: PIM-SM, PIM-SSM, IGMP v1, v2, and v3 PA-5220: (2) 10/100/1000, (1) 40G QSFP+ HA, (1) 10/100/1000
out-of-band management, (1) RJ45 console port
Bidirectional Forwarding Detection (BFD)
Path quality measurement (jitter, packet loss, latency) Power Supply (Avg/Max Power Consumption)
571/685 W
Initial path selection (PBF)
Max BTU/hr
Dynamic path change
2,340
IPv6
Power Supplies (Base/Max)
L2, L3, tap, virtual wire (transparent mode) 1:1 fully redundant (2/2)
Features: App-ID, User-ID, Content-ID, WildFire, and SSL AC Input Voltage (Input Hz)
Decryption
100–240 VAC (50–60 Hz)
SLAAC AC Power Supply Output
IPsec VPN 1,200 watts/power supply
Key exchange: manual key, IKEv1 and IKEv2 (pre-shared Max Current Consumption
key, certificate-based authentication)
AC: 8.5 A @ 100 VAC, 3.6 A @ 240 VAC
Encryption: 3DES, AES (128-bit, 192-bit, 256-bit) DC: 19 A @ -40 VDC, 12.7 A @ -60 VDC
3000 Tannery Way © 2020 Palo Alto Networks, Inc. Palo Alto Networks is a registered
Santa Clara, CA 95054 trademark of Palo Alto Networks. A list of our trademarks can be found at
https://www.paloaltonetworks.com/company/trademarks.html. All other
Main: +1.408.753.4000 marks mentioned herein may be trademarks of their respective companies.
Sales: +1.866.320.4788 strata-pa-5200-series-ds-021120
Support: +1.866.898.9087
www.paloaltonetworks.com