Palo Alto PA-3420 Firewall

Firewall Throughput Specification
Firewall throughput 20.8/16.9 Gbps
Threat Prevention throughput 7.6/8.7 Gbps
IPsec VPN throughput 9.9 Gbps
Max sessions 2M
New sessions per second§ 205,000
Routing PIM-SM, PIM-SSM,
Input Voltage AC: 100–240 VAC (50–60Hz)
IPsec VPN  3DES, AES
VLANs Aggregate interfaces (802.3ad), LACP
High Availability  active/passive
Storage Capacity 480 GB SSD
Category:

Description

Palo Alto PA-3420 Firewall

COMPONENT
DESCRIPTION
Ethernet ports 1 through 12
Twelve RJ-45 10Mbps/100Mbps/1Gbps/2.5Gbps/5Gbps/10Gbps ports for network traffic. The link speed and link duplex are auto-negotiate only.
SFP ports 13 through 22
Ports 13 through 22 are SFP (1Gbps) or SFP+ (10Gbps) based on the installed transceiver.
The SFP ports can be remapped as HA-1 ports via PAN-OS or Panorama. These remapped HA-1 ports offer high availability connectivity over a longer distance than what is permitted by the HA1-A and HA1-B ports listed below.
SFP28 ports 23 through 26
Four SFP28 (25Gbps) ports that also support 1G SFP and 10G SFP+ modules. These ports support RS-FEC.
The FEC setting of the remote endpoint must be set to RS-FEC to ensure that the link remains up.
QSFP28 ports 27 through 36
Two form-factor pluggable (QSFP+/QSFP28) 40Gbps/100Gbps Ethernet ports.
HSCI port
One SFP+ (10Gbps) port (supports only an SFP+ transceiver or passive SFP+ cable).
Use this port to connect two PA-3400 Series firewalls in a high availability (HA) configuration as follows:
  • In an active/passive configuration, this port is for HA2 (data link).
  • In an active/active configuration, you can configure this port for HA2 and HA3. HA3 is used for packet forwarding for asymmetrically routed sessions that require Layer 7 inspection for App-ID and Content-ID.
The HSCI ports must be connected directly between the two firewalls in the HA configuration (without a switch or router between them). When directly connecting the HSCI ports between two PA-3400 Series firewalls that are physically located near each other, Palo Alto Networks recommends that you use a passive SFP+ cable.
For installations where the two firewalls are not near each other and you cannot use a passive SFP+ cable, use a standard SFP+ transceiver and the appropriate cable length.
HA1-A and HA1-B ports
Two RJ-45 10Mbps/100Mbps/1000Mbps ports for high availability (HA) control.
If the firewall dataplane restarts due to a failure or manual restart, the HA1-B link will also restart. If this occurs and the HA1-A link is not connected and configured, then a split brain condition occurs. Therefore, we recommend that you connect and configure the HA1-A ports and the HA1-B ports to provide redundancy and to avoid split brain issues.
MGT port
Use this Ethernet 10Mbps/100Mbps/1000Mbps port to access the management web interface and perform administrative tasks. The firewall also uses this port for management services, such as retrieving licenses and updating threat and application signatures.
CONSOLE port (RJ-45)
Use this port to connect a management computer to the firewall using a 9-pin serial-to-RJ-45 cable and terminal emulation software.
The console connection provides access to firewall boot messages, the Maintenance Recovery Tool (MRT), and the command line interface (CLI).
If your management computer does not have a serial port, use a USB-to-serial converter.

Use the following settings to configure your terminal emulation software to connect to the console port:

  • Data rate: 9600
  • Data bits: 8
  • Parity: None
  • Stop bits: 1
  • Flow control: None
USB port
A USB port that accepts a USB flash drive with a bootstrap bundle (PAN-OS configuration).
Bootstrapping speeds up the process of configuring and licensing the firewall to make it operational on the network with or without internet access.
CONSOLE port (Micro USB)
Use this port to connect a management computer to the firewall using a standard Type-A USB-to-micro USB cable.
The console connection provides access to firewall boot messages, the Maintenance Recovery Tool (MRT), and the command line interface (CLI).
Refer to the Micro USB Console Port page for more information and to download the Windows driver or to learn how to connect from a Mac or Linux computer.
LED status indicators
Nine LEDs that indicate the status of the firewall hardware components (see Interpret the PA-3400 Series Status LEDs).
System Drive Cover
Secures the device SSD.

ML-Powered Next-Generation Firewall
Embeds machine learning (ML) in the core of the firewall to provide inline signatureless attack
prevention for file-based attacks while identifying and immediately stopping never-before-seen
phishing attempts.
• Leverages cloud-based ML processes to push zero-delay signatures and instructions back to the NGFW.
• Uses behavioral analysis to detect IoT devices and make policy recommendations; cloud-delivered and
natively integrated service on the NGFW.
• Automates policy recommendations that save time and reduce the chance of human error.
Identifies and Categorizes All Applications, on All Ports, All the Time, with Full
Layer 7 Inspection
• Identifies the applications traversing your network irrespective of port, protocol, evasive techniques,
or encryption (TLS/SSL). In addition, it automatically discovers and controls new applications to keep
pace with the SaaS explosion with SaaS Security subscription.
• Uses the application, not the port, as the basis for all your safe enablement policy decisions: allow,
deny, schedule, inspect, and apply traffic-shaping.
• Offers the ability to create custom App-ID™ tags for proprietary applications or request App-ID
development for new applications from Palo Alto Networks.
• Identifies all payload data within the application (e.g., files and data patterns) to block malicious files
and thwart data exfiltration attempts.
• Creates standard and customized application usage reports, including software-as-a-service (SaaS)
reports that provide insight into all sanctioned and unsanctioned SaaS traffic on your network.
• Enables safe migration of legacy Layer 4 rule sets to App-ID-based rules with built-in Policy
Optimizer, giving you a rule set that is more secure and easier to manage.
• Check out the App-ID tech brief for more information.

Buy Palo Alto Firewall online from Firewall Firm’s IT Monteur Store

Sales Number : +91 9582 90 7788
Support Number : +91-9654016484
Sales Email : sales@itmonteur.net
Support Email : support@itmonteur.net

Register & Request Quote
Submit Support Ticket