PaloAlto Networks PA-5400 Series Hardware Reference Manual page 22

Next-gen firewall

Hide thumbs Also See for PA-5400 Series:

Hardware reference manual (128 pages)

Quick start manual (2 pages)

Hardware reference manual (50 pages)

Table Of Contents

Table of Contents

PA-5400 Series Firewall Module and Interface Card Informaon

Item

Component

USB Port

Console Port

HSCI-A and HSCI-B

(High Speed Chassis

Interconnect) Ports

Logging Ports

PA-5400 Series Next-Gen Firewall Hardware Reference

Descripon

about installing a logging drive, see

Drive.

One USB port that accepts a USB ﬂash drive that contains

a bootstrap bundle (PAN-OS conﬁguraon) that enables

you to bootstrap the ﬁrewall. Bootstrapping enables you

to provision the ﬁrewall with a speciﬁc conﬁguraon,

license it, and make it operaonal on the network.

Use this port to connect a management computer to the

ﬁrewall using a 9-pin serial-to-RJ-45 cable and terminal

emulaon soware.

The console connecon provides access to ﬁrewall boot

messages, the Maintenance Recovery Tool (MRT), and the

command line interface (CLI).

If your management computer does not have a

serial port, use a USB-to-serial converter.

Quad-SFP+ (QSFP+/QSFP28) interfaces used to connect

two PA-5400 Series ﬁrewalls for a high availability (HA)

conﬁguraon. Each port oﬀers 80GE (two 40Gbps links)

or 200GE (two 100Gbps links) connecvity and is used for

HA2 data link in an acve/passive conﬁguraon. When in

acve/acve mode, the port is also used for HA3 packet

forwarding for asymmetrically routed sessions that require

Layer 7 inspecon for App-ID

In a typical installaon, HSCI-A on the ﬁrst ﬁrewall

connects directly to HSCI-A on the second ﬁrewall and

HSCI-B on the ﬁrst ﬁrewall connects to HSCI-B on the

second ﬁrewall. The purpose of HSCI-B is to increase the

bandwidth for HA2/HA3 processing. This provides full

80-200Gbps transfer rates. In soware, both ports (HSCI-

A and HSCI-B) are treated as one HA interface.

The HSCI ports are not routable and must be connected

directly to each other, not through a switch.

You can conﬁgure HA2 (data link) on the HSCI ports or on

NC data ports. When conﬁguring on dataplane ports, you

must ensure that both the HA2 and HA2-Backup links are

conﬁgured on dataplane interfaces. A mix of a dataplane

port and an HSCI port for either HA2 or HA2-Backup will

result in a commit failure.

Two SFP/SFP+ logging ports that oﬀer 1/10GE

connecvity.

Install an MPC Logging

and Content#ID

™

2021 Palo Alto Networks, Inc.

Table of Contents

Show Quick Links

Quick Links:
Pa-5400 Series Firewall Data Processor Card...

Hide quick links:

Table of Contents

PaloAlto Networks PA-5400 Series Hardware Reference Manual page 22

Hide quick links:

Related Manuals for PaloAlto Networks PA-5400 Series

Related Products for PaloAlto Networks PA-5400 Series

Table of Contents