Feature |
PA-5410 |
PA-5220 |
---|---|---|
Performance* | ||
App-ID firewall throughput | 39 Gbps | 15.6 Gbps |
Threat prevention throughput | 24.8 Gbps | 8.8 Gbps |
IPSec VPN throughput | 21 Gbps | 9.5 Gbps |
Connections per second | 295,000 | 155,000 |
Sessions | ||
Max sessions (IPv4 or IPv6) | 3,600,000 | 4,000,000 |
Policies | ||
Security rules | 30,000 | 30,000 |
Security rule schedules | 256 | 256 |
NAT rules | 6,000 | 6,000 |
Decryption rules | 3,500 | 3,500 |
App override rules | 3,500 | 3,500 |
Tunnel content inspection rules | 2,500 | 2,500 |
SD-WAN rules | 800 | 300 |
Policy based forwarding rules | 2,000 | 2,000 |
Captive portal rules | 8,000 | 8,000 |
DoS protection rules | 2,000 | 2,000 |
Security Zones | ||
Max security zones | 4,000 | 4,000 |
Objects (addresses and services) | ||
Address objects | 80,000 | 80,000 |
Address groups | 40,000 | 40,000 |
Members per address group | 2,500 | 2,500 |
Service objects | 8,000 | 8,000 |
Service groups | 4,000 | 4,000 |
Members per service group | 2,500 | 2,500 |
FQDN address objects | 6,144 | 6,144 |
Max DAG IP addresses* | 500,000 | 500,000 |
Tags per IP address | 64 | 32 |
Security Profiles | ||
Security profiles | 750 | 750 |
App-ID | ||
Custom App-ID signatures | 6,000 | 6,000 |
Shared custom App-IDs | 512 | 512 |
Custom App-IDs (virtual system specific) | 6,416 | 6,416 |
User-ID | ||
IP-User mappings (management plane) | 512,000 | 524,288 |
IP-User mappings (data plane) | 512,000 | 512,000 |
Active and unique groups used in policy* | 10,000 | 10,000 |
Number of User-ID agents | 100 | 100 |
Monitored servers for User-ID | 100 | 100 |
Terminal server agents | 2,500 | 2,500 |
Tags per User* | 64 | 32 |
SSL Decryption | ||
Max SSL inbound certificates | 600 | 600 |
SSL certificate cache (forward proxy) | 16,000 | 16,000 |
Max concurrent decryption sessions | 360,000 | 400,000 |
SSL Port Mirror | Yes | Yes |
SSL Decryption Broker | Yes | Yes |
HSM Supported | Yes | Yes |
URL Filtering | ||
Total entries for allow list, block list and custom categories | 100,000 | 100,000 |
Max custom categories | 2,849 | 2,849 |
Max custom categories (virtual system specific) | 500 | 500 |
Dataplane cache size for URL filtering | 250,000 | 250,000 |
Management plane dynamic cache size | 600,000 | 600,000 |
EDL | ||
Max number of custom lists | 30 | 30 |
Max number of IPs per system | 150,000 | 150,000 |
Max number of DNS Domains per system | 4M | 4,000,000 |
Max number of URL per system | 250,000 | 250,000 |
Shortest check interval (min) | 5 | 5 |
Interfaces | ||
Mgmt – out-of-band | SFP/SFP+, RJ45 console | 10/100/1000, RJ45 console |
Mgmt – 10/100/1000 high availability | NA | NA |
Mgmt – 40Gbps high availability | 1 | 1 |
Mgmt – 10Gbps high availability | NA | NA |
Traffic – 10/100/1000 | NA | NA |
Traffic – 100/1000/10000 | 8 | 4 |
Traffic – 1Gbps SFP | 0/12 | 0/16 |
Traffic – 10Gbps SFP+ | 0/12 | 0/16 |
Traffic – 25Gbps SFP28 | 4 | NA |
Traffic – 40/100Gbps QSFP+/QSFP28 | 4 | 4X40 |
802.1q tags per device | 4,094 | 4,094 |
802.1q tags per physical interface | 4,094 | 4,094 |
Max interfaces (logical and physical) | 4,800 | 4,096 |
Maximum aggregate interfaces | 14 | 16 |
Maximum SD-WAN virtual interfaces | 1,600 | 1,500 |
Virtual Routers | ||
Virtual routers | 20 | 20 |
Virtual Wires | ||
Virtual wires | 2,048 | 2,048 |
Virtual Systems | ||
Base virtual systems | 10 | 10 |
Max virtual systems* | 20 | 20 |
Routing | ||
IPv4 forwarding table size* | 100,000 | 100,000 |
IPv6 forwarding table size* | 100,000 | 100,000 |
System total forwarding table size | 200,000 | 200,000 |
Max route maps per virtual router | 50 | 50 |
Max routing peers (protocol dependent) | 1,000 | 1,000 |
Static entries – DNS proxy | 1,024 | 1,024 |
Bidirectional Forwarding Detection (BFD) Sessions | 1,024 | 1,024 |
L2 Forwarding | ||
ARP table size per device | 128,000 | 128,000 |
IPv6 neighbor table size | 128,000 | 128,000 |
MAC table size per device | 128,000 | 128,000 |
Max ARP entries per broadcast domain | 128,000 | 128,000 |
Max MAC entries per broadcast domain | 128,000 | 128,000 |
NAT | ||
Total NAT rule capacity | 6,000 | 6,000 |
Max NAT rules (static)* | 6,000 | 6,000 |
Max NAT rules (DIP)* | 4,000 | 4,000 |
Max NAT rules (DIPP) | 4,000 | 4,000 |
Max translated IPs (DIP) | 128,000 | 64,000 |
Max translated IPs (DIPP)* | 4,000 | 4,000 |
Default DIPP pool oversubscription* | 8 | 8 |
Address Assignment | ||
DHCP servers | 20 | 20 |
DHCP relays* | 4,096 | 2,048* |
Max number of assigned addresses | 64,000 | 64,000 |
High Availability | ||
Devices supported | 8 | 16 |
Max virtual addresses | 4,096 | 4,096 |
QoS | ||
Number of QoS policies | 4,000 | 4,000 |
Physical interfaces supporting QoS | 12 | 12 |
Clear text nodes per physical interface | 63 | 63 |
DSCP marking by policy | Yes | Yes |
Subinterfaces supported | 2,048 | 2,048 |
IPSec VPN | ||
Max IKE Peers | 4,000 | 3,000 |
Site to site (with proxy id) | 10,000 | 10,000 |
SD-WAN IPSec tunnels | 1,600 | 3,000 |
GlobalProtect Client VPN | ||
Max tunnels (SSL, IPSec, and IKE with XAUTH) | 15,000 | 15,000 |
GlobalProtect Clientless VPN | ||
Max SSL tunnels | 2,500 | 2,500 |
Multicast | ||
Replication (egress interfaces) | 1,000 | 1,000 |
Routes | 4,000 | 4,000 |
Product Notes | ||
End-of-sale | N/A | NA |
Các Doanh nghiệp, tổ chức có nhu cầu liên hệ Công ty Vina Aspire theo thông tin sau:
Email: info@vina-aspire.com | Website: www.vina-aspire.com
Tel: +84 944 004 666 | Fax: +84 28 3535 0668
Vina Aspire – Vững bảo mật, trọn niềm tin