| Feature |
PA-5410 |
PA-5220 |
|---|---|---|
| Performance* | ||
| App-ID firewall throughput | 39 Gbps | 15.6 Gbps |
| Threat prevention throughput | 24.8 Gbps | 8.8 Gbps |
| IPSec VPN throughput | 21 Gbps | 9.5 Gbps |
| Connections per second | 295,000 | 155,000 |
| Sessions | ||
| Max sessions (IPv4 or IPv6) | 3,600,000 | 4,000,000 |
| Policies | ||
| Security rules | 30,000 | 30,000 |
| Security rule schedules | 256 | 256 |
| NAT rules | 6,000 | 6,000 |
| Decryption rules | 3,500 | 3,500 |
| App override rules | 3,500 | 3,500 |
| Tunnel content inspection rules | 2,500 | 2,500 |
| SD-WAN rules | 800 | 300 |
| Policy based forwarding rules | 2,000 | 2,000 |
| Captive portal rules | 8,000 | 8,000 |
| DoS protection rules | 2,000 | 2,000 |
| Security Zones | ||
| Max security zones | 4,000 | 4,000 |
| Objects (addresses and services) | ||
| Address objects | 80,000 | 80,000 |
| Address groups | 40,000 | 40,000 |
| Members per address group | 2,500 | 2,500 |
| Service objects | 8,000 | 8,000 |
| Service groups | 4,000 | 4,000 |
| Members per service group | 2,500 | 2,500 |
| FQDN address objects | 6,144 | 6,144 |
| Max DAG IP addresses* | 500,000 | 500,000 |
| Tags per IP address | 64 | 32 |
| Security Profiles | ||
| Security profiles | 750 | 750 |
| App-ID | ||
| Custom App-ID signatures | 6,000 | 6,000 |
| Shared custom App-IDs | 512 | 512 |
| Custom App-IDs (virtual system specific) | 6,416 | 6,416 |
| User-ID | ||
| IP-User mappings (management plane) | 512,000 | 524,288 |
| IP-User mappings (data plane) | 512,000 | 512,000 |
| Active and unique groups used in policy* | 10,000 | 10,000 |
| Number of User-ID agents | 100 | 100 |
| Monitored servers for User-ID | 100 | 100 |
| Terminal server agents | 2,500 | 2,500 |
| Tags per User* | 64 | 32 |
| SSL Decryption | ||
| Max SSL inbound certificates | 600 | 600 |
| SSL certificate cache (forward proxy) | 16,000 | 16,000 |
| Max concurrent decryption sessions | 360,000 | 400,000 |
| SSL Port Mirror | Yes | Yes |
| SSL Decryption Broker | Yes | Yes |
| HSM Supported | Yes | Yes |
| URL Filtering | ||
| Total entries for allow list, block list and custom categories | 100,000 | 100,000 |
| Max custom categories | 2,849 | 2,849 |
| Max custom categories (virtual system specific) | 500 | 500 |
| Dataplane cache size for URL filtering | 250,000 | 250,000 |
| Management plane dynamic cache size | 600,000 | 600,000 |
| EDL | ||
| Max number of custom lists | 30 | 30 |
| Max number of IPs per system | 150,000 | 150,000 |
| Max number of DNS Domains per system | 4M | 4,000,000 |
| Max number of URL per system | 250,000 | 250,000 |
| Shortest check interval (min) | 5 | 5 |
| Interfaces | ||
| Mgmt – out-of-band | SFP/SFP+, RJ45 console | 10/100/1000, RJ45 console |
| Mgmt – 10/100/1000 high availability | NA | NA |
| Mgmt – 40Gbps high availability | 1 | 1 |
| Mgmt – 10Gbps high availability | NA | NA |
| Traffic – 10/100/1000 | NA | NA |
| Traffic – 100/1000/10000 | 8 | 4 |
| Traffic – 1Gbps SFP | 0/12 | 0/16 |
| Traffic – 10Gbps SFP+ | 0/12 | 0/16 |
| Traffic – 25Gbps SFP28 | 4 | NA |
| Traffic – 40/100Gbps QSFP+/QSFP28 | 4 | 4X40 |
| 802.1q tags per device | 4,094 | 4,094 |
| 802.1q tags per physical interface | 4,094 | 4,094 |
| Max interfaces (logical and physical) | 4,800 | 4,096 |
| Maximum aggregate interfaces | 14 | 16 |
| Maximum SD-WAN virtual interfaces | 1,600 | 1,500 |
| Virtual Routers | ||
| Virtual routers | 20 | 20 |
| Virtual Wires | ||
| Virtual wires | 2,048 | 2,048 |
| Virtual Systems | ||
| Base virtual systems | 10 | 10 |
| Max virtual systems* | 20 | 20 |
| Routing | ||
| IPv4 forwarding table size* | 100,000 | 100,000 |
| IPv6 forwarding table size* | 100,000 | 100,000 |
| System total forwarding table size | 200,000 | 200,000 |
| Max route maps per virtual router | 50 | 50 |
| Max routing peers (protocol dependent) | 1,000 | 1,000 |
| Static entries – DNS proxy | 1,024 | 1,024 |
| Bidirectional Forwarding Detection (BFD) Sessions | 1,024 | 1,024 |
| L2 Forwarding | ||
| ARP table size per device | 128,000 | 128,000 |
| IPv6 neighbor table size | 128,000 | 128,000 |
| MAC table size per device | 128,000 | 128,000 |
| Max ARP entries per broadcast domain | 128,000 | 128,000 |
| Max MAC entries per broadcast domain | 128,000 | 128,000 |
| NAT | ||
| Total NAT rule capacity | 6,000 | 6,000 |
| Max NAT rules (static)* | 6,000 | 6,000 |
| Max NAT rules (DIP)* | 4,000 | 4,000 |
| Max NAT rules (DIPP) | 4,000 | 4,000 |
| Max translated IPs (DIP) | 128,000 | 64,000 |
| Max translated IPs (DIPP)* | 4,000 | 4,000 |
| Default DIPP pool oversubscription* | 8 | 8 |
| Address Assignment | ||
| DHCP servers | 20 | 20 |
| DHCP relays* | 4,096 | 2,048* |
| Max number of assigned addresses | 64,000 | 64,000 |
| High Availability | ||
| Devices supported | 8 | 16 |
| Max virtual addresses | 4,096 | 4,096 |
| QoS | ||
| Number of QoS policies | 4,000 | 4,000 |
| Physical interfaces supporting QoS | 12 | 12 |
| Clear text nodes per physical interface | 63 | 63 |
| DSCP marking by policy | Yes | Yes |
| Subinterfaces supported | 2,048 | 2,048 |
| IPSec VPN | ||
| Max IKE Peers | 4,000 | 3,000 |
| Site to site (with proxy id) | 10,000 | 10,000 |
| SD-WAN IPSec tunnels | 1,600 | 3,000 |
| GlobalProtect Client VPN | ||
| Max tunnels (SSL, IPSec, and IKE with XAUTH) | 15,000 | 15,000 |
| GlobalProtect Clientless VPN | ||
| Max SSL tunnels | 2,500 | 2,500 |
| Multicast | ||
| Replication (egress interfaces) | 1,000 | 1,000 |
| Routes | 4,000 | 4,000 |
| Product Notes | ||
| End-of-sale | N/A | NA |
Vina Aspire là Công ty tư vấn, cung cấp các giải pháp, dịch vụ CNTT, An ninh mạng, bảo mật & an toàn thông tin tại Việt Nam. Đội ngũ của Vina Aspire gồm những chuyên gia, cộng tác viên giỏi, có trình độ, kinh nghiệm và uy tín cùng các nhà đầu tư, đối tác lớn trong và ngoài nước chung tay xây dựng.
Các Doanh nghiệp, tổ chức có nhu cầu liên hệ Công ty Vina Aspire theo thông tin sau:
Email: info@vina-aspire.com | Website: www.vina-aspire.com
Tel: +84 944 004 666 | Fax: +84 28 3535 0668
Vina Aspire – Vững bảo mật, trọn niềm tin
