Palo Alto Networks ConsultingPalo Alto Networks is the leading provider of next-generation firewalls. Powered by the PAN operating system and managed by Panorama control software, all products in the extensive line of Palo Alto Networks PA-Series firewalls perform full-stack, in-line inspection across all ports and allow you to enforce security policies based on applications, content, and user identity. PA-Series firewalls use a Zero-Trust model for cybersecurity to protect against threats both outside and within the network perimeter. Tight integration with Palo Alto Networks' VM-Series virtual firewalls allows you to create a centrally managed security solution that protects datacenter, branch, private-cloud and public-cloud deployments accessed by users located anywhere with any endpoint device. Advanced technologies and services combine static, dynamic and bare metal analysis with machine learning to block known and unknown threats including ransomware.

Progent's Palo Alto Networks firewall experts and certified cybersecurity consultants can help you modernize your legacy port-based firewall environment by providing a range of services including system architecture design, migration planning, policy creation, configuration, management, tuning and troubleshooting. Progent can help you protect on-premises, cloud or hybrid deployments and consolidate diverse firewall management tools into a simple, integrated solution based on the Panorama management platform. Progent can provide online or onsite support and is available for engagements ranging from as-needed guidance to comprehensive project management. Progent's team of network infrastructure experts includes Cisco CCIE-certified consultants and can help you integrate Palo Alto Networks firewalls seamlessly with other components of your IT ecosystem.

Palo Alto Networks PA-Series Firewalls Supported by Progent
The PA-Series of firewalls from Palo Alto Networks includes appliances designed and priced to meet the needs of environments ranging from retail locations and branch offices to large enterprises and service providers. All PA-Series firewalls support a common set of next-generation features that include:

  • PAN-OS operating system for management and automatic traffic classification including user, group, content, and applications to drive security policies
  • User-ID technology to identify users in all locations and with any device or OS
  • App-ID traffic classification system for application-based (not port or protocol based) policy decisions and traffic shaping
  • Consistent policy deployment for onsite and offsite users running Windows, macOS, Linux, Android, and iOS
  • Agent-free integration with Active Directory, LDAP, Citrix, and Terminal Services
  • Defense against known exploits, spyware, and malware
  • Protection against unknown threats based on behavior analysis
  • Protection against data leakage and unauthorized file transfers
  • Granular inbound and outbound SSL decryption
  • Dynamic routing, route redistribution, and tunnel content inspection
  • For QoS, policy-driven traffic shaping per application, user, or tunnel
  • Denial of Service (DoS) protection against flooding of new sessions
Palo Alto Networks offers a variety of subscription services to update and monitor firewall security features and simplify management. Subscription services available from Palo Alto Networks for PA-Series firewalls include:
  • Threat Prevention including in-line malware prevention, protection against evasive techniques on network and application layers including port scans and packet fragmentation, and DNS sinkholing to identify infected hosts
  • URL Filtering to block web-based attacks like phishing, HTTP-based command-and-control (CC), and pages with exploit kits
  • WildFire fast-response malware prevention for zero-day protection across networks, clouds and endpoints based on globally aggregated threat intelligence
  • DNS Security to use machine learning for detecting CC and data theft exploits based on DNS tunneling
  • File and Data Filtering to block unauthorized inbound and outbound transfer of specific file types, Social Security and credit card numbers, plus user-defined data patterns
  • SSL, IPsec, and clientless VPN for remote access
  • Panorama unified network security management platform for managing multiple firewalls
Palo Alto Networks PA-220 Firewalls
Palo Alto Networks PA-220 Firewall ConsultingPalo Alto Networks PA-220 Series Firewalls offer the security and manageability of other PA-Series devices but deliver entry-level performance. The PA-220 is intended for moderate traffic environments such as branch officers, retail stores, and small organizations. The firewall features active/passive and active/active high availability (HA), quiet operation and low power consumption with fanless cooling, a small form factor, eight Ethernet ports, and redundant power supplies. Management I/O includes a 10/100/1000 out-of-band management port, an RJ-45 console port, a USB port, and a Micro USB console port. The PA-220 delivers up to 580 Mbps firewall throughput, 280 Mbps Threat Prevention throughput, and 500 Mbps IPsec VPN throughput. The device supports a maximum of 64,000 sessions and 4,200 new sessions per second.

Palo Alto Networks PA-220R Firewall ConsultingPalo Alto Networks PA-220R firewall is a ruggedized appliance that delivers the same performance and capacity as the PA-220 firewall and is certified to comply with IEC 61850-3 and IEEE 1613 standards for operation in the harsh conditions of industrial networks like power plants, factories, refineries, and utility substations. For App-IDs, PA-220R firewalls work with major industrial protocols and applications like DNP3, IEC 60870-5-104, Modbus, and Siemens S7. The PA-220R firewall includes six 10/100/1000 ports and two SFP optical ports and runs off dual 12-48V DC power. Mounting options include DIN rail, rack, and wall mount.

Palo Alto Networks PA-800 Firewalls
Palo Alto Networks PA-800 Firewall ConsultingPalo Alto Networks PA-800 Series Firewalls are 1U standard rack security appliances intended for mid-size organizations and branch offices. These firewalls include 240 GB SSD storage. Management I/O includes one 10/100/1000 out-of-band management port, two 10/100/1000 high availability ports, one RJ-45 console, one USB port, and one Micro USB console interface. The PA-820 firewall has four 10/100/1000 and eight SFP interfaces and delivers firewall throughput of 1.7 Gbps, Threat Prevention throughput of 800 Mbps, and IPsec VPN throughput of 1.2 Gbps. The PA-820 supports 8,300 new sessions per second and a maximum of 128,000 sessions.

The PA-850 firewall has four 10/100/1000 interfaces, four SFP ports, and 10 SFP+ ports. The appliance delivers firewall throughput of 2 Gbps, Threat Prevention throughput of 1 Gbps, and IPsec VPN throughput of 1.6 Gbps. The PA-850 supports 13,00 new sessions per second and a maximum of 192,000 sessions. The PA-850 also includes two 500W power supplies (one is redundant).

Palo Alto Networks PA-3000 Firewalls
Palo Alto Networks PA-3000 Firewall ConsultingPalo Alto Networks PA-3000 Series Firewalls are designed to provide security for high-speed Internet gateways and include one 10/100/1000 out-of-band management port, two 10/100/1000 high availability ports, and one RJ-45 console port. They also include 120 GB of SSD storage. The 1U rack mount PA-3020 and PA-3050 firewalls come with 12 10/100/1000 interfaces and eight SFP Gigabit ports plus a single 250 W power supply. The 1.5U rack mount PA-3060 firewall has eight 10/100/1000 ports, eight Gigabit SFP ports, and 10 Gigabit SFP+ ports as well as redundant 400 W power supplies. The PA-3020 delivers 2 Gbps firewall throughput and 1 Gbps Threat Prevention throughput. The PA-3050 and PA-3060 both deliver 4 Gbps firewall throughput and 2 Gbps Threat Prevention throughput. All PA-3000 Series firewalls support 500 Mbps IPsec throughput and allow 50,000 new sessions per second with a maximum of 500,000 sessions.

Palo Alto Networks PA-3200 Firewalls
Palo Alto Networks PA-3200 Firewall ConsultingPalo Alto Networks PA-3200 Series Firewalls are intended for high-speed Internet gateway deployments and provide better performance than PA-3000 Series firewalls. These 2U rack mount appliances include one 10/100/1000 out-of-band management port, two 10/100/1000 high availability ports, one 10G SFP+ high availability port, one RJ-45 console port, and a Micro USB port. They also include 240 GB of SSD storage. The PA-3220 firewall comes with 12 10/100/1000 interfaces, four 1G/10G SFP ports, and four 1G/10G SFP/SFP+ ports. The PA-3220 delivers 5.0 Gbps firewall throughput, 2.4 Gbps Threat Prevention throughput, and 2.7 Gbps IPsec VPN performance. The firewall allows a max of 1M sessions and supports 57,000 new sessions per second.

The PA-3250 firewall includes 12 10/100/1000 ports and eight 1G/10G SFP/SFP+ ports. The firewall provides 6.6 Gbps firewall throughput, 3.0 Gbps Threat Prevention throughput, and 3.2 Gbps IPsec VPN performance. The PA-3250 supports a maximum of 2M sessions and supports 82,000 new sessions per second. The PA-3260 firewall includes 12 10/100/1000 ports, eight 1G/10G SFP/SFP+ ports, and four 40G QSFP+ ports. The PA-3260 provides 10 Gbps firewall throughput, 4.4 Gbps Threat Prevention performance, and 4.8 Gbps IPsec VPN throughput. The PA-3260 can handle 3M sessions and 114,000 new sessions per second.

Palo Alto Networks PA-5200 Firewalls
Palo Alto Networks PA-5200 Firewall ConsultingPalo Alto Networks PA-5200 Series Firewalls are designed for deployment in high-traffic data centers, service providers, and Internet gateways. These 3U rack mount appliances include 240 GB SSD system storage and 2 TB HDD log storage, and fully redundant power. The PA-5220 firewall includes a 40G QSFP+ HA management port, four 100/1000/10G Cu ports, 16 1G/10G SFP/SFP+ ports, and four 40G QSFP+ ports. The PA-5220 delivers 20 Gbps firewall throughput, 8.9 Gbps Threat Prevention throughput, and 10 Gbps IPsec VPN throughput. The PA-5220 also supports up to 4M sessions and 133,000 new sessions per second.

For management I/O, PA-5250, PA-5260 and PA-5280 firewalls from Palo Alto Networks include two 10/100/1000 Cu ports, a 10/100/1000 out-of-band management port, an RJ45 console, and a 40G/100G QSFP28 HA port. Interfaces include four 100/1000/10G Cu ports, 16 1G/10G SFP/SFP+ ports, and four 40G/100G QSFP28 ports. The PA-5250 firewall offers 40 Gbps firewall throughput, 21 Gbps Threat Prevention throughput, and 18 Gbps IPsec VPN throughput. The PA-5250 also allows 8M sessions and 297,000 new sessions per second. The PA-5260 firewall offers 64 Gbps firewall throughput, 31.5 Gbps Threat Prevention throughput, and 27 Gbps IPsec VPN throughput. The PA-5260 also allows 32M sessions and 450,000 new sessions per second. The high-end PA-5280 firewall delivers 64 Gbps firewall throughput, 31.5 Gbps Threat Prevention throughput, and 27 Gbps IPsec VPN performance. The PA-5280 supports 64M sessions and 450,000 new sessions per second.

Palo Alto Networks PA-7000 Firewalls
Palo Alto Networks PA-7000 Firewall ConsultingPalo Alto Networks PA-7000 Series Firewalls are modular, chassis-based appliances designed for large enterprises and service providers who need the highest levels of security and performance at the network perimeter. The scalable architecture of the PA-7000 Series future proofs your firewall investment and allows you to configure the appropriate type and volume of processing power for networking, security, and management. Network Processing Cards (NPCs) handle network processing tasks, deliver up to 70 Gbps each, and can be combined for up to 700 Gbps throughput with the top-of-the-line PA-7080. The Switch Management Card (SMC) handles management functions and coordinates all traffic, and a Logging Card or Log Forwarding Card offload logging activities for reports and queries. Management I/O includes two SFP/SFP+ MGT ports, two SFP/SFP+ HA1 ports, two HSCI HA2/HA3 QSFP+/QSFP28 ports, one RJ45 serial console, and one micro-USB serial console.

The 9U rackmount PA-7050 firewall supports up to 72 10/100/1000 ports, 48 SFP/ SFP+ ports, and 24 QSFP+/QSFP28 ports. The PA-7050 fully loaded can deliver up to 420 Gbps firewall throughput, 366 Gbps Threat Prevention throughput, and 168 Gbps IPsec VPN throughput. The device supports a maximum of 192M sessions and 2.73M new sessions per second.

The 19U rackmount PA-7080 firewall supports up to 120 10/100/1000 ports, 80 SFP/ SFP+ ports, and 40 QSFP+/QSFP28 ports. The PA-7080 fully loaded can deliver up to 700 Gbps firewall throughput, 610 Gbps Threat Prevention throughput, and 280 Gbps IPsec VPN throughput. The firewall supports up to 320M sessions and 4.56M new sessions per second.

How Progent Can Help with Palo Alto Networks Firewall Solutions
Progent's Palo Alto Networks consultants can assist you to plan and deploy Palo Alto Networks PA Series firewalls and manage them from a single pane of glass using Panorama. Progent can help you configure a firewall solution that provides consistent integrated security and visibility for data centers and branch offices as well as private and public cloud solutions and that protects any device, anywhere, running any OS. Progent can help you migrate efficiently to Palo Alto Networks firewalls from outdated port-based and protocol-based security appliances and can help you with policy creation and enforcement based on industry best practices. Progent's certified cybersecurity experts offer security vulnerability assessments and stealth penetration testing consultants to determine or validate your network's current security profile.

Progent can save you time and money by providing online consulting and debugging services for Palo Alto Networks technology, eliminating travel delays and expenses and maximizing network availability. Progent has successfully delivered remote support to businesses in every state in the United States (see Progent's customer testimonials).

Find out how to contact a Progent security consultant.