DNS Security
Palo Alto Networks PA-5400 Series PA-5440 – security appliance
Palo Alto Networks PA-5420 – security appliance – with redundant AC power supplies
The Palo Alto Networks PA-5420 is a powerful network security appliance, offering high-level protection and performance for your network infrastructure. This security appliance is engineered to handle demanding network environments, with the capacity to manage up to 6,200,000 sessions and 315,000 new sessions per second. It boasts a threat prevention throughput of up to 28.7 Gbps, ensuring that your network is safeguarded against a wide array of cyber threats.
With a robust suite of encryption algorithms including 128-bit AES, 192-bit AES, 256-bit AES, 256-bit SHA, and more, the PA-5420 secures network traffic against unauthorized access and data breaches. Its versatile connectivity options, including RJ-45, SFP, and QSFP+ connectors, make it a flexible solution for any network architecture. Additionally, the device’s support for numerous networking protocols and features such as High Availability, NAT, VLAN, and anti-malware protection, further enhances its utility and performance in safeguarding your network.
Designed for durability and compliance with stringent standards, the PA-5420 is a reliable choice for ensuring the security and efficiency of your network operations. Its impressive MTBF of 22 years attests to its reliability and longevity, making it a wise investment for any organization looking to bolster its network security.
Technical specifications
Overview
Brand | Palo Alto Networks |
Product Line | Palo Alto Networks |
Model | PA-5420 |
Manufacturer | Palo Alto Networks |
Storage
Hard Drive Capacity | 480 GB |
Hard Drive Type | SSD |
Network&Communication
Compliant Standards | IEEE 802.1Q, IEEE 802.1x, IEEE 802.3ad (LACP) |
Connectivity Technology | Wired |
Data Link Protocols | 10 Gigabit Ethernet, 100 Gigabit Ethernet, 25 Gigabit Ethernet, 40 Gigabit Ethernet, 5 Gigabit Ethernet, Ethernet, Fast Ethernet, Gigabit Ethernet |
Features | Anti-malware protection, Anti-spyware protection, Antivirus analysis, Content filtering, DDos attack prevention, DHCP server, DHCP support, DiffServ support, DoS attack prevention, High Availability, IPv4 support, IPv6 support, LDAP support, Manageable, NAT support, Quality of Service (QoS), Syslog support, VLAN support, Web threat protection |
Form Factor | Rack-mountable |
Network Standard | DHCP, IPSec, IPv4, IPv6, PPPoE |
Product Type | Security appliance |
Routing Protocol | BGP, Bidirectional Forwarding Detection (BFD), IGMP, IGMPv2, IGMPv3, OSPFv2, OSPFv3, PIM-SM, PIM-SSM, Policy-based routing (PBR), RIP, Static IP routing |
Connectivity
Interface Provided | 1 x 1000Base-X (management) - SFP 1 x 40Gb Ethernet (management) - QSFP+ 1 x console - RJ-45 1 x micro-USB 12 x 10Gb Ethernet - SFP+ 2 x 1 Gigabit Ethernet (High Availability) - SFP 4 x 25Gb Ethernet - SFP28 4 x 40Gb Ethernet/100Gb Ethernet - QSFP28 8 x 1/2.5/5/10GBase-T - RJ-45 |
Power
Power Consumption Operational | 630 watt |
Power Provided | 1200 watt |
Power Supplies Installed | 2 |
Power Supplies Supported | 2 |
Required Voltage | AC 100-240 volt |
Technical Information
Encryption | 128-bit AES, 192-bit AES, 256-bit AES, 256-bit SHA, 384-bit SHA-2, 512-bit SHA-2, IKE, IKEv2, MD5, SHA-1, SSL, Triple DES |
Max Operating Temperature | 50 degree Celsius |
Min Operating Temperature | 0 degree Celsius |
MTBF | 22 Year |
Product Information
Airflow Direction | Front to back airflow |
Authentication Method | Secure Shell (SSH) |
Capacity | Maximum number of sessions: 6,200,000 New sessions per second: 315,000 Virtual systems (base): 15 Virtual systems (maximum): 65 |
Device Type | Internal power supply |
Packaged Quantity | 1 |
Service Activation | No |
Network Device | Firewall throughput (appmix): 47.5 Gbps Firewall throughput (HTTP): 53.7 Gbps Threat prevention throughput (appmix): 30.5 Gbps Threat prevention throughput (HTTP): 28.8 Gbps VPN throughput (IPSec): 28.7 Gbps |
Dimensions&Weight
Height | 8.8 centimetre |
Height (Rack Units) | 2 |
Weight | 16 kilogram |
Width | 44 centimetre |
Depth | 57.2 centimetre |
Physical Characteristics
Color Category | Silver |
Certifications&Listings
Compliant Standards | CB, cCSAus, FCC Class A certified, IEC 60950-1, VCCI Class A ITE |
ENERGY STAR Certified | No |
EPEAT Compliant | No |
TCO Certified | No |
Subscriptions
Strata Cloud Manager |
Manage your Palo Alto Networks Next-Generation Firewalls (NGFW) from Strata Cloud Manager. This cloud-delivered, AI-powered security solution allows seamless management of your advanced ML-powered NGFWs, alongside Prisma Access deployments, through a single, streamlined user interface. Strata Cloud Manager has two licensing tiers: Strata Cloud Manager Essentials and Strata Cloud Manager Pro. This unified structure streamlines the deployment of network security offerings, including AIOps for NGFW, Autonomous Digital Experience Management (ADEM), cloud management functionality, and Strata Logging Service.
|
IoT Security |
The IoT Security solution works with next-generation firewalls to dynamically discover and maintain a real-time inventory of the IoT devices on your network. Through AI and machine-learning algorithms, the IoT Security solution achieves a high level of accuracy, even classifying IoT device types encountered for the first time. And because it’s dynamic, your IoT device inventory is always up to date. IoT Security also provides the automatic generation of policy recommendations to control IoT device traffic, as well as the automatic creation of IoT device attributes for use in firewall policies.
|
SD-WAN |
Provides intelligent and dynamic path selection on top of the industry-leading security that PAN-OS software already delivers. Managed by Panorama, the SD-WAN implementation includes:
|
Threat Prevention |
Threat Prevention provides:
|
Advanced Threat Prevention |
In addition to all of the features included with Threat Prevention, the Advanced Threat Prevention subscription provides an inline cloud-based threat detection and prevention engine, leveraging deep learning models trained on high fidelity threat intelligence gathered by Palo Alto Networks, to defend your network from evasive and unknown command-and-control (C2) threats by inspecting all network traffic.
|
DNS Security |
Provides enhanced DNS sinkholing capabilities by querying DNS Security, an extensible cloud-based service capable of generating DNS signatures using advanced predictive analytics and machine learning. This service provides full access to the continuously expanding DNS-based threat intelligence produced by Palo Alto Networks.
To set up DNS Security, you must first purchase and install a Threat Prevention license.
|
Advanced DNS Security |
In addition to all of the features included with DNS Security, the Advanced DNS Security subscription provides access to the Advanced DNS Security cloud, which operates cloud-based domain detection engines that inspect changes to DNS responses. This enables NGFWs to detect and categorize hijacked and misconfigured domains in real-time to block malicious activity.
|
URL Filtering |
Provides the ability to not only control web-access, but how users interact with online content based on dynamic URL categories. You can also prevent credential theft by controlling the sites to which users can submit their corporate credentials.
To set up URL Filtering, you must purchase and install a subscription for the supported URL filtering database, PAN-DB. With PAN-DB, you can set up access to the PAN-DB public cloud or to the PAN-DB private cloud.
URL Filtering is no longer available as a standalone subscription. All URL Filtering features are included with the Advanced URL Filtering subscription.
|
Advanced URL Filtering |
Advanced URL Filtering uses a cloud-based ML-powered web security engine to perform ML-based inspection of web traffic in real-time. This reduces reliance on URL databases and out-of-band web crawling to detect and prevent advanced, file-less web-based attacks including targeted phishing, web-delivered malware and exploits, command-and-control, social engineering, and other types of web attacks.
|
WildFire |
Although basic WildFire® support is included as part of the Threat Prevention license, the WildFire subscription service provides enhanced services for organizations that require immediate coverage for threats, frequent WildFire signature updates, advanced file type forwarding (APK, PDF, Microsoft Office, and Java Applet), as well as the ability to upload files using the WildFire API. A WildFire subscription is also required if your firewalls will be forwarding files to an on-premise WF-500 appliance.
|
Advanced WildFire |
Advanced WildFire is a subscription offering that provides access to Intelligent Run-time Memory Analysis: a cloud-based advanced analysis engine that complements static and dynamic analysis, to detect and prevent evasive malware threats. By leveraging a cloud-based detection infrastructure, Intelligent Run-time Memory Analysis detection engines operate a wide array of detection mechanisms to target these highly-evasive malware.
|
AutoFocus |
Provides a graphical analysis of firewall traffic logs and identifies potential risks to your network using threat intelligence from the AutoFocus portal. With an active license, you can also open an AutoFocus search based on logs recorded on the firewall.
|
Strata Logging Service |
Provides cloud-based, centralized log storage and aggregation. The Strata Logging Service is required or highly-recommended to support several other cloud-delivered services, including Cortex XDR, IoT Security, and Prisma Access, and Traps management service.
|
GlobalProtect Gateway |
Provides mobility solutions and/or large-scale VPN capabilities. By default, you can deploy GlobalProtect portals and gateways (without HIP checks) without a license. If you want to use advanced GlobalProtect features (HIP checks and related content updates, the GlobalProtect Mobile App, IPv6 connections, or a GlobalProtect Clientless VPN) you will need a GlobalProtect Gateway license for each gateway.
|
Virtual Systems |
This is a perpetual license, and is required to enable support for multiple virtual systems on PA-3200 Series firewalls. In addition, you must purchase a Virtual Systems license if you want to increase the number of virtual systems beyond the base number provided by default on PA-400 Series, PA-3400 Series, PA-5200 Series, PA-5400 Series, and PA-7000 Series firewalls (the base number varies by platform). The PA-220 and PA-800 Series firewalls do not support virtual systems.
PAN-OS 11.1.2 and earlier releasesThe multiple virtual systems are not supported on VM- Series firewalls.
PAN-OS 11.1.3 and later releasesThe multiple virtual systems are supported on VM-Series firewalls.
|
Enterprise Data Loss Prevention (DLP)
|
Provides cloud-based protection against unauthorized access, misuse, extraction, and sharing of sensitive information. Enterprise DLP provides a single engine for accurate detection and consistent policy enforcement for sensitive data at rest and in motion using machine learning-based data classification, hundreds of data patterns using regular expressions or keywords, and data profiles using Boolean logic to scan for collective types of data.
|
SaaS Security Inline
|
The SaaS Security solution works with Strata Logging Service to discover all of the SaaS applications in use on your network. SaaS Security Inline can discover thousands of Shadow IT applications and their users and usage details. SaaS Security Inline also enforces SaaS policy rule recommendations seamlessly across your existing Palo Alto Networks firewalls. App-ID Cloud Engine (ACE) also requires SaaS Security Inline.
|
You may also like…
-
WildFire subscriptions
The WildFire subscription enhances Palo Alto Networks devices with advanced threat detection and prevention, utilizing cloud-based analysis to stop malware and zero-day attacks. Flexible terms and renewal options are available for both standard and HA configurations. -
Advanced Threat Prevention
The Advanced Threat Prevention subscription provides an inline cloud-based threat detection and prevention engine, -
DNS Security
The DNS Security subscription enhances Palo Alto Networks devices by blocking malicious domains and preventing DNS-based threats. It offers flexible terms and renewal options, including support for high-availability (HA) configurations. -
Threat Prevention
The Threat Prevention subscription offers advanced protection for Palo Alto Networks devices, safeguarding your network against known and emerging threats. Available in flexible terms with renewal options for standard and HA configurations. -
Partner enabled premium support
Experience peace of mind with Partner Enabled Premium Support for the Palo Alto Networks Firewalls. Whether you need year-round coverage, multi-year prepaid options, or seamless renewals, these plans ensure your system stays optimized and secure. -
Strata Cloud Manager
Manage your Palo Alto Networks Next-Generation Firewalls (NGFW) from Strata Cloud Manager. -
Advanced DNS Security
The Advanced DNS Security subscription provides access to the Advanced DNS Security cloud. -
IoT Security
The IoT Security solution works with next-generation firewalls to dynamically discover and maintain a real-time inventory of the IoT devices on your network. -
GlobalProtect subscriptions
GlobalProtect subscription ensures secure remote access with comprehensive support for Palo Alto Networks devices. Available in yearly or multi-year terms, with renewal options for standard or HA pair configurations.