Palo Alto Next-Generation Firewall PA 3220

Palo Alto Next-Generation Firewall PA 3220

From
$31,536.70
compare favorite favorite
  • Home
  • Palo Alto Next-Generation Firewall PA 3220
See all specs
Palo Alto Next-Generation Firewall PA 3220
Have questions about this purchase?
Chat with Uvation Assistant
Rewards Banner

Palo Alto Next-Generation Firewall PA 3220

MFG.PART: PAN-PA-3220

Earn 31,536 points when you buy me!

Hurry! Other 11 people are watching this product
SKU
Palo-Alto-Next-Generation-Firewall-PA-3220
$31,536.70
In stock
Free shipping
could be yours in 1 - 5 days
favorite
Hurry! Other 11 people are watching this product

Palo Alto Networks PA-3200 Series next-generation firewalls—comprising the PA-3260, PA-3250, and PA-3220—are targeted at high-speed internet gateway deployments. PA-3200 Series appliances secure all traffic, including encrypted traffic, using dedicated processing and memory for networking, security, threat prevention, and management.

Details

Features

PA-3220 Architecture

The PA-3220 is powered by a scalable architecture for the purpose of applying the appropriate type and volume of processing power to the key functional tasks of networking, security, and management. The PA-3220 chassis intelligently distributes processing demands across three subsystems, each with massive amounts of computing power and dedicated memory.

ML-Powered Next-Generation Firewall
• Embeds machine learning (ML) in the core of the firewall to provide inline signatureless attack
prevention for file-based attacks while identifying and immediately stopping never-before-seen
phishing attempts.
• Leverages cloud-based ML processes to push zero-delay signatures and instructions back to the NGFW.
• Uses behavioral analysis to detect IoT devices and make policy recommendations; cloud-delivered
and natively integrated service on the NGFW.
• Automates policy recommendations that save time and reduce the chance of human error.

Identifies and Categorizes All Applications, on All Ports, All the Time, with
Full Layer 7 Inspection
• Identifies the applications traversing your network irrespective of port, protocol, evasive techniques,
or encryption (TLS/SSL). In addition, it automatically discovers and controls new applications to
keep pace with the SaaS explosion with SaaS Security subscription.
• Uses the application, not the port, as the basis for all your safe enablement policy decisions: allow,
deny, schedule, inspect, and apply traffic-shaping.
• Offers the ability to create custom App-ID™ tags for proprietary applications or request App-ID
development for new applications from Palo Alto Networks.
• Identifies all payload data within the application (e.g., files and data patterns) to block malicious
files and thwart data exfiltration attempts.

PA-3220
PA-3220
PA-3220

Delivers a Unique Approach to Packet Processing with Single-Pass
Architecture
• Performs networking, policy lookup, application and decoding, and signature matching—for all
threats and content—in a single pass. This significantly reduces the amount of processing overhead
required to perform multiple functions in one security device.
• Avoids introducing latency by scanning traffic for all signatures in a single pass, using stream-based,
uniform signature matching.
• Enables consistent and predictable performance when security subscriptions are enabled.

Enables SD-WAN Functionality
• Allows you to easily adopt SD-WAN by simply enabling it on your existing firewalls.
• Enables you to safely implement SD-WAN, which is natively integrated with our industry-leading
security.
• Delivers an exceptional end-user experience by minimizing latency, jitter, and packet loss

Tech Specs

Tech specs

PA-3220 Performance and Capacities

Firewall throughput (HTTP/appmix) 4 Gbps
Threat Prevention throughput (HTTP/appmix) 2.2 Gbps
IPsec VPN throughput 2.4 Gbps
Max sessions 1M
New sessions per second 46,000
Virtual systems (base/max) 1/6

Manufacturing Number

MFG Part Number PAN-PA-3220

PA-3220 Networking Features

Interface Modes L2, L3, tap, virtual wire (transparent mode)
Routing OSPFv2/v3 with graceful restart, BGP with graceful
Policy-based forwarding
Point-to-point protocol over Ethernet (PPPoE) and DHCP supported for dynamic address assignment
Multicast: PIM-SM, PIM-SSM, IGMP v1, v2, and v3
Bidirectional Forwarding Detection (BFD)
SD-WAN Path quality measurement (jitter, packet loss, latency)
Initial path selection (PBF)
Dynamic path change
IPv6 L2, L3, tap, virtual wire (transparent mode)
Features: App-ID, User-ID, Content-ID, WildFire, and SSL Decryption
SLAAC
IPsec VPN Key exchange: manual key, IKEv1, and IKEv2 (pre-shared key,certificate-based authentication
Encryption: 3DES, AES (128-bit, 192-bit, 256-bit)
Authentication: MD5, SHA-1, SHA-256, SHA-384, SHA-512
VLANs 802.1Q VLAN tags per device/per interface: 4,094/4,094
Aggregate interfaces (802.3ad), LACP
Network Address Translation NAT modes (IPv4): static IP, dynamic IP, dynamic IP and port (port address translation)
NAT64, NPTv6
Additional NAT features: dynamic IP reservation, tunable dynamic IP and port oversubscription
High Availability Modes: active/active, active/passive
Failure detection: path monitoring, interface monitoring

PA-3220 Hardware Specifications

I/O (12) 10/100/1000, (4) 1G SFP, (4) 1G/10G SFP/SFP+
Management I/O (1) 10/100/1000 out-of-band management port, (2) 10/100/1000 high availability, (1) 10G SFP+ high availability, (1) RJ-45 console port, (1) Micro USB
Storage Capacity 240 GB SSD
Power Supply (Avg/Max Power Consumption) Redundant 650-watt AC or DC (180/240)
Max BTU/hr 819
Input Voltage (Input Frequency) AC: 100–240 VAC (50–60 Hz)
DC: -48 V @ 4.7 A, -60 V @ 3.8 A
Max Current Consumption AC: 2.3 A @ 100 VAC, 1.0 A @ 240 VAC
DC: -48 V @ 4.7 A, -60 V @ 3.8 A
Mean Time Between Failure (MTBF) 14 years
Rack Mount (Dimensions) 2U, 19” standard rack (3.5” H x 20.53” D x 17.34” W)
Weight (Stand-Alone Device/As Shipped) 29 lbs / 41.5 lbs
Safety TUV CB report and TUV NRTL
EMI FCC Class A, CE Class A, VCCI Class A
Environment Operating temperature: 32° to 122° F, 0° to 50° C
Non-operating temperature: -4° to 158° F, -20° to 70° C
Humidity tolerance: 10% to 90%
Maximum altitude: 10,000 ft / 3,048 m
Airflow: front to back
Models
OS Features

PAN-OS

What’s New

Our latest release continues the tradition of delivering integrated innovations. New features will help you extend security into branch offices, apply security dynamically to users, and provide better visibility for mobile users connecting to your network.

Integrated SD-WAN, dynamic user policy enforcement, enhanced visibility into mobile user activity

Secure SD-WAN

Natively integrated connectivity and security on a single intuitive interface.

Dynamic User Groups

Automated security actions that adapt to changing business needs.

GlobalProtect Enhancements

Full visibility with comprehensive logging and reports to simplify troubleshooting.

World-Class Security + High-Performance Connectivity

With industry-leading security natively integrated into our SD-WAN solution, you get all the security features from our Next-Generation Firewalls – powered by PAN-OS® 9.1 – together with Zero Touch Provisioning (ZTP) and the SD-WAN functionality from a single vendor.

Consume our secure Prisma™ Access SD-WAN hub as a service, or build the hub and interconnect infrastructure yourself using our Next-Generation Firewalls.

Regardless of the deployment model, this tight integration allows you to manage security and SD-WAN on a single intuitive interface.

Dynamic Security Actions with Automated Enforcements

User access policies based on static directory information are simply not enough in today’s dynamic environment.

Network and security teams are tasked with providing correct access to users. But creating ad hoc rules to provide time-bound access to workers – and then ensuring these rules are removed once the business need is over – is manual, time-consuming and poses a security risk if the rules become over-provisioned.

In addition, the inability to dynamically change a user's access based on information about their behavior results in tedious operations and increased security risks.

With PAN-OS 9.1, you can enable Dynamic User Groups (DUG) and reap these benefits:

• Automatically include users as members without manually creating and committing policy or group changes.
• Still maintain user-to-data correlation at the device level before the firewall even scans the traffic.
• Configure and manage a single security policy to auto-remediate anomalous behavior and malicious activity while maintaining user visibility.

Enhanced Visibility and Troubleshooting for GlobalProtect Deployments

PAN-OS 9.1 provides greater visibility, rapid troubleshooting, and enhanced logging enhancements to help you monitor and rectify connection failures with your GlobalProtect™ deployments.

The logging enhancements are available for any Palo Alto Networks Next-Generation Firewall deployed as a GlobalProtect gateway or portal or in a Prisma Access mobile user deployment.

• Throughput is measured with App-ID and logging enabled, with 64 KB HTTP/appmix transactions.
• Disable Server Response Inspection (DSRI) throughput is measured with App-ID, IPS, antivirus, anti-spyware, WildFire, file blocking, and logging enabled, utilizing 64 KB HTTP transactions.
• Threat Prevention throughput measured with App-ID, IPS, antivirus, anti-spyware, WildFire, and logging enabled, utilizing 64 KB HTTP/appmix transactions.
• IPsec VPN throughput is measured with 64 KB HTTP transactions and logging enabled.
• New sessions per second is measured with application override, utilizing 1 byte HTTP transactions.
• Adding virtual systems to the base quantity requires a separately purchased license.

Works Best Together With

^Top