PaloAlto Networks PA-5200 Series Hardware Reference Manual
Hide thumbs
Also See for PA-5200 Series:
- Quick start manual ,
- Hardware reference manual (60 pages) ,
- Quick start manual (2 pages)
Advertisement
Quick Links
Advertisement
Related Manuals for PaloAlto Networks PA-5200 Series
Summary of Contents for PaloAlto Networks PA-5200 Series
- Page 1 PA-5200 Series Firewall Overview PA‐5200 Series Next‐Gen Firewall Hardware Reference...
- Page 2 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 https://www.paloaltonetworks.com/company/contact‐support About this Guide This guide describes the PA‐5200 Series next‐generation firewall hardware, provides instructions on installing the hardware, describes how to perform maintenance procedures, and provides product specifications. This guide is intended for system administrators responsible for installing and maintaining a PA‐5200 Series firewall. All PA‐5200 Series firewalls run PAN‐OS®, a purpose‐built operating system with extensive security and networking functionality. For additional information, refer to the following resources: For information on the additional capabilities and for instructions on configuring the features on the firewall, refer to https://www.paloaltonetworks.com/documentation. For capacity and performance information for all Palo Alto Networks firewalls, refer to https://www.paloaltonetworks.com/products/product‐selection.html. For feature, capacity, and performance information, refer to https://www.paloaltonetworks.com/resources/datasheets.html. For access to the knowledge base, discussion forums, and videos, refer to https://live.paloaltonetworks.com. For information on support programs refer to https://www.paloaltonetworks.com/services/support and for information on how to manage your account or devices, or to open a support case, refer to https://www.paloaltonetworks.com/company/contact‐support. For the most current PAN‐OS and Panorama release notes, refer to the Technical Documentation Portal and select the release version that is installed on your firewall or Panorama server. For information on the supported OS releases by model, refer to https://www.paloaltonetworks.com/documentation/global/compatibility‐matrix. For details on the Palo Alto Networks Return Material Authorization (RMA) process and policy, refer to https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/datasheets/support/rma‐process‐policy.pdf. To provide feedback on the documentation, please write to us at: documentation@paloaltonetworks.com. Palo Alto Networks, Inc. www.paloaltonetworks.com © 2017 Palo Alto Networks, Inc. Palo Alto Networks is a registered trademark of Palo Alto Networks. A list of our trademarks can be found at https://www.paloaltonetworks.com/company/trademarks.html. All other marks mentioned herein may be trademarks of their ...
- Page 3 PA‐5200 Series Firewall Overview ® The Palo Alto Networks PA‐5200 Series next‐generation firewalls are designed for data center and internet gateway deployments. This series is comprised of the PA‐5220, PA‐5250, and PA‐5260 firewalls. These models provide flexibility in performance and throughput levels to help you meet your deployment requirements. All models in this series provide next‐generation security features to help you secure your organization through advanced visibility and control of applications, users, and content. ® First Supported Software Release: PAN‐OS 8.0 The following topics describe the hardware features of the PA‐5200 Series firewalls. To view or compare performance and capacity information, refer to the Product Selection tool. Front Panel Description Back Panel Description © Palo Alto Networks, Inc. PA‐5200 Next‐Gen Firewall Hardware Reference • 9 Copyright © 2007-2017 Palo Alto Networks...
- Page 4 Front Panel Description PA‐5200 Series Firewall Overview Front Panel Description The following image shows the front panel of the PA‐5200 Series firewall and the table describes each front panel component. The only differences between the PA‐5220 (shown), PA‐5250, and PA‐5260 front panels is the model name and the Ethernet port speeds as described in the table. Item Component Description Ethernet ports 1 through 4 Four RJ‐45 100Mbps/1Gbps/10Gbps ports for network traffic. The link speed and link duplex are auto‐negotiate only. SFP ports 5 through 20 Sixteen SFP/SFP+ ports for network traffic. Each port can operate as either SFP (1Gbps) or SFP+ (10Gbps) based on the installed transceiver. QSFP+ ports 21 through 24 These ports vary depending on your firewall model: • PA‐5220 firewall—Four 40Gbps QSFP+ ports as defined by the IEEE 802.3ba standard. • PA‐5250 and PA‐5260 firewalls—Four 40Gbps QSFP+/100Gbps QSFP28 ports as defined by the IEEE 802.3ba standard. The link speed is based on the installed transceiver. 10 • PA‐5200 Next‐Gen Firewall Hardware Reference © Palo Alto Networks, Inc. Copyright © 2007-2017 Palo Alto Networks...
- Page 5 PA‐5200 Series Firewall Overview Front Panel Description Item Component (Continued) Description HSCI port These ports vary depending on your firewall model: • PA‐5220 firewall—One QSFP+ 40Gbps port (supports only a 40Gbps (QSFP+) transceiver or QSFP+ active optical cable). • PA‐5250 and PA‐5260 firewalls—One QSFP28 40/100Gbps port (supports 40Gbps (QSFP+) or 100Gbps transceiver (QSFP28) or equivalent active optical cables). The link speed is based on the installed transceiver. Use this port to connect two PA‐5200 Series firewalls in a high availability (HA) configuration as follows: • In an active/passive configuration, this port is for HA2 (data link). • In an active/active configuration, you can configure this port for HA2 and/or HA3. HA3 is used for packet forwarding for asymmetrically routed sessions that require Layer 7 inspection for App‐ID™ and Content‐ID™. The HSCI ports must be connected directly between the two firewalls in the HA configuration (not between a network switch or router). When directly connecting the HSCI ports between two PA‐5220 firewalls that are physically located near each other, Palo Alto Networks recommends that you use a 40Gbps QSFP+ Active Optical Cable (AOC). When directly connecting two PA‐5250 or two PA‐5260 firewalls, use either a 40Gbps QSFP+ Active Optical Cable (AOC) or a 100Gbps QSFP28 Active Optical Cable (AOC). For installations where the two firewalls are not near each other and you cannot use an AOC cable, use a standard 40Gbps or 100Gbps transceivers and the appropriate cable length. AUX 1 and AUX 2 ports Use these SFP+ ports for HA1, management functions, or log forwarding to Panorama. For information on configuring the port, refer to the on‐device Help content in Device > Setup > Interfaces or refer to the PAN‐OS 8.0 Web Interface ...
- Page 6 Front Panel Description PA‐5200 Series Firewall Overview Item Component (Continued) Description CONSOLE port Use this port to connect a management computer to the firewall using a 9‐pin serial to RJ‐45 cable and terminal emulation software. (RJ‐45) The console connection provides access to firewall boot messages, the Maintenance Recovery Tool (MRT), and the command line interface (CLI). If your management computer does not have a serial port, use a USB‐to‐serial converter. Cable Pin‐outs Signal: DB‐9/RJ45 CTS: 8/8 DSR: 6/7 RXD: 2/6 GND: 5/5,4 TXD: 3/3 DTR: 4/2 RTS: 7/1 Serial Settings Data rate: 9600 Data bits: 8 Parity: none Stop bits: 1 Flow control: None USB port Use this port to bootstrap the firewall. Bootstrapping enables you to provision the firewall with a specific PAN‐OS configuration and then license it and make it operational on your network. MGT port Use this Ethernet 10/100/1000Mbps port to access the management web interface and perform administrative tasks. The firewall also uses this port for management services, such as retrieving licenses and updating the threat and application signatures. LED status indicators Five LEDs that indicate the status of the firewall hardware components (see Interpret the LEDs on a PA‐5200 Series Firewall). Intake air filters Two filters for air entering the firewall.
- Page 7 PA‐5200 Series Firewall Overview Back Panel Description Back Panel Description The following image shows the back panel of PA‐5200 Series firewalls and the table describes each back‐panel component. The only difference between PA‐5200 Series firewall back panels is the power supply type installed—they each can have two AC or two DC power supplies. The image shows a PA‐5220 firewall with AC power supplies. To view an image of the DC power supplies, see Connect DC Power to a PA‐5200 Series Firewall. Item Component Description SYS 1 and SYS 2 drives Two hot‐swappable 240GB solid‐state drives (SSDs) in a RAID‐1 pair (240GBs total). The drives are used to store the PAN‐OS system files and system logs. LOG 1 and LOG 2 drives Two hot‐swappable 2TB hard disk drives (HDDs) in a RAID‐1 pair (2TBs total). The drives are used to store network traffic logs. Exhaust fans trays Two fan trays that provide ventilation and cooling for the firewall. Each fan tray contains four fans and a status LED. While facing the back of the firewall, fan tray 1 is on the left and fan tray 2 is on the right. Do not use the fan tray handles to lift or move the firewall. PWR 1 and PWR2 Use the power supply inputs (either AC or DC) to connect power to the firewall. While facing the back of the firewall, PWR 1 is on the left and PWR 2 is on the right. Ground stud Use the two‐post ground stud to connect the firewall to earth ground. The firewall ships with a 6AWG two‐hole ground lug attached to the ground studs, but does not include a ground cable. © Palo Alto Networks, Inc. PA‐5200 Next‐Gen Firewall Hardware Reference • 13 Copyright © 2007-2017 Palo Alto Networks...
- Page 8 Back Panel Description PA‐5200 Series Firewall Overview 14 • PA‐5200 Next‐Gen Firewall Hardware Reference © Palo Alto Networks, Inc. Copyright © 2007-2017 Palo Alto Networks...