Call a Specialist Today! 844-294-0778

Compare Firewall Products

 

Branch Offices and Medium-Sized Enterprises:


  PA-200 PA-500 PA-3020 PA-3050 PA-3060
  PA-200 PA-500 PA-3020 PA-3050 PA-3060
Performance
App-ID firewall throughput 100 Mbps 250 Mbps 2 Gbps 4 Gbps 4 Gbps
Threat prevention throughput 50 Mbps 100 Mbps 1 Gbps 2 Gbps 2 Gbps
IPSec VPN throughput 50 Mbps 50 Mbps 500 Mbps 500 Mbps 500 Mbps
Connections per second 1,000 7,500 50,000 50,000 50,000
Sessions
Max sessions (IPv4 or IPv6) 64,000 64,000 250,000 500,000 500,000
Policies
Security rules 250 1,000 2,500 5,000 5,000
Security rule schedules 256 256 256 256 256
NAT rules 160 160 3,000 5,000 5,000
Decryption rules 100 100 250 500 500
App override rules 100 100 250 500 500
QoS rules 100 100 1,000 1,000 1,000
Policy based forwarding rules 100 100 500 500 500
Captive portal rules 10 10 1,000 1,000 1,000
DoS protection rules 100 100 1,000 1,000 1,000
Security Zones
Max security zones 10 20 40 40 40
Objects (addresses and services)
Address objects 2,500 2,500 5,000 10,000 10,000
Address groups 125 250 500 1,000 1,000
Members per address group 500 500 500 500 500
Service objects 1,000 1,000 1,000 1,000 1,000
Service groups 250 250 250 250 250
Members per service group 500 500 500 500 500
FQDN address objects 1,000 1,000 1,000 1,000 1,000
Max IP addresses registered per system 1,000 1,000 5,000 5,000 5,000
Security Profiles
Security profiles 25 50 100 250 100
App-ID
Custom App-ID signatures 6,000 6,000 6,000 6,000 6,000
Shared custom App-ID signatures 512 512 512 512 512
Custom App-IDs (virtual system specific) 6,416 6,416 6,416 6,416 6,416
User-ID
User-IP mappings (management plane) 512,000 512,000 512,000 512,000 512,000
User-IP mappings (data plane) 64,000 64,000 64,000 64,000 64,000
Active and unique groups used in policy 640 640 640 640 640
Number of agents 100 100 100 100 100
Monitored servers per agent 100 100 100 100 100
Maximum terminal services agents 400 400 400 400 400
SSL Decryption
Max SSL inbound certificates 25 25 25 25 25
SSL certificate cache (forward proxy) 128 128 128 128 128
Max concurrent decryption sessions 1,024 1,024 7,936 15,360 15,360
URL Filtering
Total entries for allow list, block list and custom categories 25,000 25,000 25,000 25,000 25,000
Max custom categories 50 50 50 50 50
Dataplane cache size for URL filtering 5,000 10,000 20,000 20,000 20,000
Management plane dynamic cache size 1,000,000 1,000,000 1,000,000 1,000,000 1,000,000
Interfaces
802.1q tags per device 4,094 4,094 4,094 4,094 4,094
802.1q tags per physical interface 4,094 4,094 4,094 4,094 4,094
Max interfaces (logical and physical) 100 288 1,024 1,024 2,048
Maximum aggregate interfaces NA 4 8 8 8
Virtual Routers and Wires
Virtual routers 3 3 10 10 10
Virtual wires 50 144 512 1,024 1,024
Virtual Systems
Base virtual systems 1 1 1 1 1
Max virtual systems NA NA 6 6 6
Routing
IPv4 forwarding table size 500 625 1,250 2,500 2,500
IPv6 forwarding table size 500 625 1,250 2,500 2,500
Max route maps per virtual router 50 50 50 50 50
Max routing peers (protocol dependent) 500 500 500 500 500
Static entries - DNS proxy 1,024 1,024 1,024 1,024 1,024
L2 Forwarding
ARP table size per device 500 1,000 1,500 2,500 5,000
IPv6 neighbor table size 500 1,000 1,500 2,500 5,000
MAC table size per device 500 1,000 1,500 2,500 5,000
Max ARP entries per broadcast domain 500 1,000 1,500 2,500 5,000
Max MAC entries per broadcast domain 500 1,000 1,500 2,500 5,000
NAT
Total NAT rule capacity 160 160 3,000 5,000 5,000
Max NAT rules (static) 160 160 3,000 5,000 5,000
Max NAT rules (DIP) 160 160 2,000 3,000 3,000
Max NAT rules (DIPP) 160 160 400 600 800
DIPP pool oversubscription 8 8 8 8 8
Address Assignment
DHCP servers 3 3 10 10 10
Max number of assigned addresses 64,000 64,000 64,000 64,000 64,000
High Availability
Devices per cluster 2 2 2 2 2
Max virtual addresses NA 32 64 64 64
QoS
Number of QoS policies 100 100 1,000 1,000 1,000
Physical interfaces supporting QoS 4 6 6 6 6
Clear text nodes per physical interface 32 32 32 32 32
DSCP marking by policy
Subinterfaces supported NA NA NA NA NA
IPSec VPN
Site to site and IKE with XAUTH tunnels (security associations) 25 250 1,000 2,000 2,000
Max IKE Peers 25 250 1,000 1,000 1,000
GlobalProtect Client VPN
Max tunnels (SSL and IPSec) 25 100 1,000 2,000 2,000
Multicast
Replication (egress interfaces) 100 100 100 100 100
Routes 500 1,000 2,000 2,000 2,000

Enterprise Environments:


  PA-5020 PA-5050 PA-5060 PA-7000-20G-NPC PA-7050 PA-7080
  PA-5020 PA-5050 PA-5060 PA-7000-20G-NPC PA-7050 PA-7050
Performance
App-ID firewall throughput 5 Gbps 10 Gbps 20 Gbps 20 Gbps 120 Gbps 200 Gbps
Threat prevention throughput 2 Gbps 5 Gbps 10 Gbps 10 Gbps 60 Gbps 100 Gbps
IPSec VPN throughput 2 Gbps 4 Gbps 4 Gbps 4 Gbps 24 Gbps 80 Gbps
Connections per second 120,000 120,000 120,000 120,000 720,000 1,200,000
Sessions
Max sessions (IPv4 or IPv6) 1,000,000 2,000,000 4,000,000 4,000,000 24,000,000 80,000,000
Policies
Security rules 10,000 20,000 40,000 40,000 40,000 40,000
Security rule schedules 256 256 256 256 256 256
NAT rules 6,000 8,000 16,000 16,000 16,000 16,000
Decryption rules 1,000 2,000 5,000 5,000 5,000 5,000
App override rules 1,000 2,000 4,000 4,000 4,000 4,000
QoS rules 1,000 2,000 4,000 8,000 8,000 8,000
Policy based forwarding rules 500 2,000 2,000 2,000 2,000 2,000
Captive portal rules 1,000 2,000 4,000 4,000 4,000 4,000
DoS protection rules 1,000 1,000 2,000 2,000 2,000 2,000
Security Zones
Max security zones 50 500 900 900 900 900
Objects (addresses and services)
Address objects 10,000 40,000 80,000 80,000 80,000 80,000
Address groups 1,000 2,500 4,000 8,000 8,000 8,000
Members per address group 500 500 500 500 500 2500
Service objects 1,000 2,000 4,000 8,000 8,000 4,000
Service groups 250 250 250 250 250 250
Members per service group 500 500 500 500 500 500
FQDN address objects 1,000 1,000 1,000 8,000 8,000 6,000
Max IP addresses registered per system 25,000 50,000 100,000 100,000 100,000 100,000
Security Profiles
Security profiles 250 500 500 500 500 750
App-ID
Custom App-ID signatures 6,000 6,000 6,000 6,000 6,000 6,000
Shared custom App-ID signatures 512 512 512 512 512 512
Custom App-IDs (virtual system specific) 6,416 6,416 6,416 6,416 6,416 6,416
User-ID
User-IP mappings (management plane) 512,000 512,000 512,000 512,000 512,000 512,000
User-IP mappings (data plane) 128,000 128,000 256,000 256,000 256,000 256,000
Active and unique groups used in policy 640 640 640 640 640 10000
Number of agents 100 100 100 100 100 100
Monitored servers per agent 100 100 100 100 100 100
Maximum terminal services agents 1,000 1,000 1,000 1,000 1,000 1,000
SSL Decryption
Max SSL inbound certificates 100 300 1,000 4,000 4,000 4,000
SSL certificate cache (forward proxy) 1,024 1,024 1,024 1,024 1,024 1,024
Max concurrent decryption sessions 15,872 47,616 90,112 131,072 786,432 1,310,720
URL Filtering
Total entries for allow list, block list and custom categories 25,000 50,000 100,000 200,000 200,000 200,000
Max custom categories 50 50 50 50 50 2,849
Dataplane cache size for URL filtering 40,000 100,000 100,000 100,000 100,000 100,000
Management plane dynamic cache size 1,000,000 1,000,000 1,000,000 1,000,000 1,000,000 1,000,000
Interfaces
802.1q tags per device 4,094 4,094 4,094 4,094 4,094 4,094
802.1q tags per physical interface 4,094 4,094 4,094 4,094 4,094 4,094
Max interfaces (logical and physical) 2,048 4,096 4,096 4,096 4,096 4,096
Maximum aggregate interfaces 8 8 8 8 8 8
Virtual Routers and Wires
Virtual routers 20 125 225 225 225 225
Virtual wires 1,024 2,048 2,048 2,048 2,048 2,048
Virtual Systems
Base virtual systems 10 25 25 25 25 25
Max virtual systems 20 125 225 225 225 225
Routing
IPv4 forwarding table size 32,000 32,000 32,000 32,000 32,000 32,000
IPv6 forwarding table size 32,000 32,000 32,000 32,000 32,000 32,000
Max route maps per virtual router 50 50 50 50 50 50
Max routing peers (protocol dependent) 500 500 500 500 500 500
Static entries - DNS proxy 1,024 1,024 1,024 1,024 1,024 1,024
L2 Forwarding
ARP table size per device 20,000 32,000 32,000 32,000 32,000 32,000
IPv6 neighbor table size 20,000 32000 32000 32000 32000 32000
MAC table size per device 20,000 32,000 32,000 32,000 32,000 32,000
Max ARP entries per broadcast domain 20,000 32,000 32,000 32,000 32,000 32,000
Max MAC entries per broadcast domain 20,000 32,000 32,000 32,000 32,000 32,000
NAT
Total NAT rule capacity 6,000 8,000 16,000 16,000 16,000 16,000
Max NAT rules (static) 6,000 8,000 16,000 16,000 16,000 16,000
Max NAT rules (DIP) 4,000 8,000 16,000 16,000 16,000 16,000
Max NAT rules (DIPP) 800 2,000 4,000 4,000 4,000 4,000
DIPP pool oversubscription 8 8 8 8 8 8
Address Assignment
DHCP servers 20 125 225 2,000 2,000 225
Max number of assigned addresses 64,000 64,000 64,000 640,000 640,000 640,000
High Availability
Devices per cluster 2 2 2 2 2 2
Max virtual addresses 128 1,024 1,024 1,024 1,024 1,024
QoS
Number of QoS policies 1,000 2,000 4,000 8,000 8,000 8,000
Physical interfaces supporting QoS 12 12 12 12 72 72
Clear text nodes per physical interface 64 64 64 64 64 63
DSCP marking by policy  
Subinterfaces supported NA NA NA 2,048 2,048 2,048
IPSec VPN
Site to site and IKE with XAUTH tunnels (security associations) 2,000 4,000 8,000 8,000 8,000 8,000
Max IKE Peers 1,000 1,000 1,000 1,000 1,000 2000 / 4000
GlobalProtect Client VPN
Max tunnels (SSL and IPSec) 5,000 10,000 20,000 20,000 120,000 30,000
Multicast
Replication (egress interfaces) 100 100 100 100 100 100
Routes 4,000 4,000 4,000 4,000 4,000 4,000

Virtualized Firewalls:


  VM-100 VM-200 VM-300 VM-1000-HV
  VM-100 VM-200 VM-300 VM-1000-HV
Performance
App-ID firewall throughput 1 Gbps 1 Gbps 1 Gbps 1 Gbps
Threat prevention throughput 600 Mbps 600 Mbps 600 Mbps 600 Mbps
IPSec VPN throughput 250 Mbps 250 Mbps 250 Mbps 250 Mbps
Connections per second 8,000 8,000 8,000 8,000
Sessions
Max sessions (IPv4 or IPv6) 50,000 100,000 250,000 250,000
Policies
Security rules 250 2,000 5,000 10,000
Security rule schedules 256 256 256 256
NAT rules 125 1,000 1,000 1,000
Decryption rules 100 100 500 1,000
App override rules 100 100 500 1,000
QoS rules 100 100 1,000 1,000
Policy based forwarding rules 100 100 100 100
Captive portal rules 100 100 100 1,000
DoS protection rules 100 100 100 1,000
Security Zones
Max security zones 10 20 40 40
Objects (addresses and services)
Address objects 2,500 4,000 10,000 10,000
Address groups 125 250 1,000 1,000
Members per address group 500 500 500 500
Service objects 1,000 1,000 1,000 2,000
Service groups 250 250 250 500
Members per service group 500 500 500 500
FQDN address objects 1,000 1,000 1,000 1,000
Max IP addresses registered per system 1,000 1,000 1,000 100,000
Security Profiles
Security profiles 25 50 250 250
App-ID
Custom App-ID signatures 6,000 6,000 6,000 6,000
Shared custom App-ID signatures 512 512 512 512
Custom App-IDs (virtual system specific) 6,416 6,416 6,416 6,416
User-ID
User-IP mappings (management plane) 512,000 512,000 512,000 512,000
User-IP mappings (data plane) 64000 64000 64000 64000
Active and unique groups used in policy 640 640 640 640
Number of agents 100 100 100 100
Monitored servers per agent 100 100 100 100
Maximum terminal services agents 400 400 400 400
SSL Decryption
Max SSL inbound certificates 25 25 25 1,000
SSL certificate cache (forward proxy) 128 128 128 256
Max concurrent decryption sessions 1,024 1,024 1,024 12,500
URL Filtering
Total entries for allow list, block list and custom categories 25,000 25,000 25,000 25,000
Max custom categories 50 50 50 50
Dataplane cache size for URL filtering 10,000 10,000 10,000 10,000
Management plane dynamic cache size 1,000,000 1,000,000 1,000,000 1,000,000
Interfaces
802.1q tags per device 4,094 4,094 4,094 4,094
802.1q tags per physical interface 4,094 4,094 4,094 4,094
Max interfaces (logical and physical) 100 100 2,000 2,000
Maximum aggregate interfaces NA NA NA NA
Virtual Routers and Wires
Virtual routers 3 3 3 3
Virtual wires 50 250 250 1,000
Virtual Systems
Base virtual systems 1 1 1 1
Max virtual systems NA NA NA NA
Routing
IPv4 forwarding table size 1,000 1,250 5,000 5,000
IPv6 forwarding table size 1,000 1,250 5,000 5,000
Max route maps per virtual router 50 50 50 50
Max routing peers (protocol dependent) 500 500 500 500
Static entries - DNS proxy 1,024 1,024 1,024 1,024
L2 Forwarding
ARP table size per device 500 500 2,500 2,500
IPv6 neighbor table size 500 500 1,000 1,000
MAC table size per device 500 500 2,500 2,500
Max ARP entries per broadcast domain 500 500 2,500 2,500
Max MAC entries per broadcast domain 500 500 2,500 2,500
NAT
Total NAT rule capacity 125 1,000 1,000 1,000
Max NAT rules (static) 125 1,000 1,000 1,000
Max NAT rules (DIP) 125 1,000 1,000 1,000
Max NAT rules (DIPP) 120 200 200 200
DIPP pool oversubscription 8 8 8 8
Address Assignment
DHCP servers 3 3 3 3
Max number of assigned addresses 64,000 64,000 64,000 64,000
High Availability
Devices per cluster 2 2 2 2
Max virtual addresses NA NA NA NA
QoS
Number of QoS policies 100 100 1,000 1,000
Physical interfaces supporting QoS 4 6 6 6
Clear text nodes per physical interface 32 32 32 32
DSCP marking by policy
Subinterfaces supported NA NA NA NA
IPSec VPN
Site to site and IKE with XAUTH tunnels (security associations) 25 500 2,000 2,000
Max IKE Peers 25 500 1,000 1,000
GlobalProtect Client VPN
Max tunnels (SSL and IPSec) 25 200 500 500
Multicast
Replication (egress interfaces) 100 100 100 100
Routes 500 1,000 2,000 2,000