Palo Alto PA220

Firewall Palo Alto Networks PA-220

CODE: PA-220

Call for Pricing!
Get a Quote


Palo Alto Networks Enterprise Firewall PA-220; Next-Generation Firewall in a Small Footprint

Over view:

Classifies all applications, on all ports, all the time

  • Identifies the application, regardless of port, encryption (SSL or SSH), or evasive technique employed
  • Uses the application, not the port, as the basis for all of your safe enablement policy decisions: allow, deny, schedule, inspect and apply traffic-shaping
  • Categorizes unidentified applications for policy control, threat forensics or App-ID™ application identification technology development

Enforces security policies for any user, at any location

  • Deploys consistent policies to local and remote users running on the Windows®, Mac® OS X®, Linux®, Android®, or Apple® iOS platforms
  • Enables agentless integration with Microsoft® Active Directory® and Terminal Services, LDAP, Novell® eDirectory™ and Citrix®
  • Easily integrates your firewall policies with 802.1X wireless, proxies, NAC solutions, and any other source of user identity information

Prevents known and unknown threats

  • Blocks a range of known threats, including exploits, malware and spyware, across all ports, regardless of common threat-evasion tactics employed
  • Limits the unauthorized transfer of files and sensitive data, and safely enables non-work-related web surfing
  • Identifies unknown malware, analyzes it based on hundreds of malicious behaviors, and then automatically creates and delivers protection

The controlling element of the Palo Alto Networks® PA-220 is PAN-OS® security operating system, which natively classifies all traffic, inclusive of applications, threats and content, and then ties that traffic to the user, regardless of location or device type. The application, content and user – in other words, the business elements that run your business – are then used as the basis of your security policies, resulting in an improved security posture and a reduction in incident response time.


  • High availability with active/active and active/passive modes
  • Redundant power input for increased reliability
  • Fan-less design
  • Simplified deployments of large numbers of firewalls through USB
Performance and Capacities 1 PA-220
Firewall throughput (App-ID enabled) 2, 4 500 Mbps
Threat prevention throughput 3, 4 150 Mbps
IPsec VPN throughput 2, 4 100 Mbps
New sessions per second 5 4,200
Max sessions 64,000
1 Performance and capacities are measured under ideal testing conditions
2 Firewall throughput measured with App-ID and User-ID features enabled utilizing 64K HTTP transactions
3 Threat prevention throughput measured with App-ID, User-ID, IPS, AntiVirus and Anti-Spyware features enabled utilizing 64K HTTP transactions
4 New sessions per second is measured with 4K HTTP transactions
5 Adding virtual systems base quantity requires a separately purchased license
Networking Features:
The PA-220 supports a wide range of networking features that enable you to more easily integrate our security features into your existing network.
Interface Modes
  • L2, L3, Tap, Virtual wire (transparent mode)
  • OSPFv2/v3 with graceful restart, BGP with graceful restart, RIP, Static routing
  • Policy-based forwarding
  • Point-to-Point Protocol over Ethernet (PPPoE)
  • Multicast: PIM-SM, PIM-SSM, IGMP v1, v2, and v3
  • Bidirectional Forwarding Detection (BFD)
  • L2, L3, Tap, Virtual wire (transparent mode)
  • Features: App-ID, User-ID™, Content-ID™, WildFire™ and SSL
  • Key exchange: Manual key, IKEv1 and IKEv2 (pre-shared key, certificate-based authentication)
  • Encryption: 3DES, AES (128-bit, 192-bit, 256-bit)
  • Authentication: MD5, SHA-1, SHA-256, SHA-384, SHA-512
  • 802.1q VLAN tags per device/per interface: 4,094/4,094
Network Address Translation (NAT)
  • NAT modes (IPv4): Static IP, dynamic IP, dynamic IP and port (port address translation)
  • NAT64, NPTv6
  • Additional NAT features: Dynamic IP reservation, tunable dynamic IP and port oversubscription
High Availability
  • Modes: Active/Active, Active/Passive
  • Failure detection: path monitoring, interface monitoring
Technical Specifications:
  • I/O: (8) 10/100/1000
  • Management I/O: (1) 10/100/1000 out-of-band management port, (1) RJ-45 console port (1) USB port (1) Micro USB console port
  • Storage Capacity: 32GB SSD
  • Power Supply (Avg/Max Power Consumption): Dual redundant 40W (21W/25W)
  • Max BTU/hr: 102 BTU
  • Input Voltage (Input Frequency): 100-240VAC (50-60Hz)
  • Max Current Consumption: Firewall—1.75A @ 12VDC Power supply (AC side)—0.5A @ 100VAC, 0.2A @ 240VAC
  • Weight (Stand-Alone Device/As Shipped): 3.0 lbs / 5.4 lbs
Part number Descriptions
PAN-PA-220 Palo Alto Networks PA-220 Hardware
PA-220 - 3 Year Bundle
Includes Palo Alto Networks PA-220 (PAN-PA-220)
Threat Prevention Subscription (PAN-PA-220-TP-3YR)
PANDB URL Filtering Subscription (PAN-PA-220-URL4-3YR)
WildFire Subscription (PAN-PA-220-WF-3YR),
Partner Enabled Premium Support (PAN-SVC-BKLN-220-3YR)
and DNS Security subscription (PAN-PA-220-DNS-3YR)
PAN-PA-220-TP Threat prevention subscription year 1, PA-220
PAN-PA-220-TP-3YR Threat prevention subscription 3-year prepaid, PA-220
PAN-PA-220-TP-5YR Threat prevention subscription 5-year prepaid, PA-220
PAN-PA-220-URL4 PANDB URL filtering subscription year 1, PA-220
PAN-PA-220-WF WildFire subscription year 1, PA-220
PAN-SVC-BKLN-220 Partner enabled premium support year 1, PA-220
PAN-SVC-BKLN-220-3YR Partner enabled premium support 3-year prepaid, PA-220

Vì sao nên chọn chúng tôi ?

  • Hàng chính hãng bảo hành 1-5 năm.
  • Hỗ trợ kỹ thuật Miễn phí.
  • Giao hàng nhanh trên Toàn quốc.
  • Cho mượn hàng tương đương chạy tạm nếu cần chờ đặt hàng hoặc đổi hàng bảo hành.

Liên hệThỏa thuận sử dụng | Chính sách bảo mật