Sự so sánh PaloAlto PA-5410 và PA-5220

Feature

PA-5410

PA-5220

Performance*
App-ID firewall throughput 39 Gbps 15.6 Gbps
Threat prevention throughput 24.8 Gbps 8.8 Gbps
IPSec VPN throughput 21 Gbps 9.5 Gbps
Connections per second 295,000 155,000
Sessions
Max sessions (IPv4 or IPv6) 3,600,000 4,000,000
Policies
Security rules 30,000 30,000
Security rule schedules 256 256
NAT rules 6,000 6,000
Decryption rules 3,500 3,500
App override rules 3,500 3,500
Tunnel content inspection rules 2,500 2,500
SD-WAN rules 800 300
Policy based forwarding rules 2,000 2,000
Captive portal rules 8,000 8,000
DoS protection rules 2,000 2,000
Security Zones
Max security zones 4,000 4,000
Objects (addresses and services)
Address objects 80,000 80,000
Address groups 40,000 40,000
Members per address group 2,500 2,500
Service objects 8,000 8,000
Service groups 4,000 4,000
Members per service group 2,500 2,500
FQDN address objects 6,144 6,144
Max DAG IP addresses* 500,000 500,000
Tags per IP address 64 32
Security Profiles
Security profiles 750 750
App-ID
Custom App-ID signatures 6,000 6,000
Shared custom App-IDs 512 512
Custom App-IDs (virtual system specific) 6,416 6,416
User-ID
IP-User mappings (management plane) 512,000 524,288
IP-User mappings (data plane) 512,000 512,000
Active and unique groups used in policy* 10,000 10,000
Number of User-ID agents 100 100
Monitored servers for User-ID 100 100
Terminal server agents 2,500 2,500
Tags per User* 64 32
SSL Decryption
Max SSL inbound certificates 600 600
SSL certificate cache (forward proxy) 16,000 16,000
Max concurrent decryption sessions 360,000 400,000
SSL Port Mirror Yes Yes
SSL Decryption Broker Yes Yes
HSM Supported Yes Yes
URL Filtering
Total entries for allow list, block list and custom categories 100,000 100,000
Max custom categories 2,849 2,849
Max custom categories (virtual system specific) 500 500
Dataplane cache size for URL filtering 250,000 250,000
Management plane dynamic cache size 600,000 600,000
EDL
Max number of custom lists 30 30
Max number of IPs per system 150,000 150,000
Max number of DNS Domains per system 4M 4,000,000
Max number of URL per system 250,000 250,000
Shortest check interval (min) 5 5
Interfaces
Mgmt – out-of-band SFP/SFP+, RJ45 console 10/100/1000, RJ45 console
Mgmt – 10/100/1000 high availability NA NA
Mgmt – 40Gbps high availability 1 1
Mgmt – 10Gbps high availability NA NA
Traffic – 10/100/1000 NA NA
Traffic – 100/1000/10000 8 4
Traffic – 1Gbps SFP 0/12 0/16
Traffic – 10Gbps SFP+ 0/12 0/16
Traffic – 25Gbps SFP28 4 NA
Traffic – 40/100Gbps QSFP+/QSFP28 4 4X40
802.1q tags per device 4,094 4,094
802.1q tags per physical interface 4,094 4,094
Max interfaces (logical and physical) 4,800 4,096
Maximum aggregate interfaces 14 16
Maximum SD-WAN virtual interfaces 1,600 1,500
Virtual Routers
Virtual routers 20 20
Virtual Wires
Virtual wires 2,048 2,048
Virtual Systems
Base virtual systems 10 10
Max virtual systems* 20 20
Routing
IPv4 forwarding table size* 100,000 100,000
IPv6 forwarding table size* 100,000 100,000
System total forwarding table size 200,000 200,000
Max route maps per virtual router 50 50
Max routing peers (protocol dependent) 1,000 1,000
Static entries – DNS proxy 1,024 1,024
Bidirectional Forwarding Detection (BFD) Sessions 1,024 1,024
L2 Forwarding
ARP table size per device 128,000 128,000
IPv6 neighbor table size 128,000 128,000
MAC table size per device 128,000 128,000
Max ARP entries per broadcast domain 128,000 128,000
Max MAC entries per broadcast domain 128,000 128,000
NAT
Total NAT rule capacity 6,000 6,000
Max NAT rules (static)* 6,000 6,000
Max NAT rules (DIP)* 4,000 4,000
Max NAT rules (DIPP) 4,000 4,000
Max translated IPs (DIP) 128,000 64,000
Max translated IPs (DIPP)* 4,000 4,000
Default DIPP pool oversubscription* 8 8
Address Assignment
DHCP servers 20 20
DHCP relays* 4,096 2,048*
Max number of assigned addresses 64,000 64,000
High Availability
Devices supported 8 16
Max virtual addresses 4,096 4,096
QoS
Number of QoS policies 4,000 4,000
Physical interfaces supporting QoS 12 12
Clear text nodes per physical interface 63 63
DSCP marking by policy Yes Yes
Subinterfaces supported 2,048 2,048
IPSec VPN
Max IKE Peers 4,000 3,000
Site to site (with proxy id) 10,000 10,000
SD-WAN IPSec tunnels 1,600 3,000
GlobalProtect Client VPN
Max tunnels (SSL, IPSec, and IKE with XAUTH) 15,000 15,000
GlobalProtect Clientless VPN
Max SSL tunnels 2,500 2,500
Multicast
Replication (egress interfaces) 1,000 1,000
Routes 4,000 4,000
Product Notes
End-of-sale N/A NA

Vina Aspire là Công ty tư vấn, cung cấp các giải pháp, dịch vụ CNTT, An ninh mạng, bảo mật & an toàn thông tin tại Việt Nam. Đội ngũ của Vina Aspire gồm những chuyên gia, cộng tác viên giỏi, có trình độ, kinh nghiệm và uy tín cùng các nhà đầu tư, đối tác lớn trong và ngoài nước chung tay xây dựng.

Các Doanh nghiệp, tổ chức có nhu cầu liên hệ Công ty Vina Aspire theo thông tin sau:

Email: info@vina-aspire.com | Website: www.vina-aspire.com
Tel: +84 944 004 666 | Fax: +84 28 3535 0668


Vina Aspire – Vững bảo mật, trọn niềm tin


Bài viết liên quan

About Us

Learn More

Vina Aspire is a leading Cyber Security & IT solution and service provider in Vietnam. Vina Aspire is built up by our excellent experts, collaborators with high-qualification and experiences and our international investors and partners. We have intellectual, ambitious people who are putting great effort to provide high quality products and services as well as creating values for customers and society.

may ao thun Kem sữa chua May o thun May o thun đồng phục Định cư Canada Dịch vụ kế ton trọn gi sản xuất đồ bộ
Translate »