Product Description
Overview:
The PA-7050 protects datacenters and high-speed networks with firewall throughput of up to 120 Gbps and fullthreat prevention at speeds of up to 100 Gbps. To address the computationally intensive nature of full-stack classification and analysis at speeds of 120 Gbps more than 400 processors are distributed across networking security switch managementand logging functions. The result is that the PA-7050 allows you to deploy next-generation security in your datacenters without compromising performance.
Classify all applications on all port all the time with App-ID.
- Identify the application regardless of port encryption (SSL or SSH) or evasive technique employed.
- Use the application not the port as the basis for all safe enablement policy decisions: allow deny schedule inspect apply traffic shaping.
- Categorize unidentified applications for policy control threat forensics custom App-ID creation or packet capture for App-ID development.
Extend safe application enablement policies to any user at any location with User-ID and GlobalProtect.
- Agentless integration with Active Directory LDAP eDirectory Citrix and Microsoft Terminal Services.
- Easily integrate firewall policies with NAC 802.1X wireless Proxies and NAC solutions.
- Deploy consistent policies to local and remote users running Microsoft Windows Mac OS X Linux Android or iOS platforms.
Protect against all threat&mdashboth known and unknown&mdashwith Content-ID and Wildfire
- Block a range of known threats including exploits malware and spyware across all ports regardless of common threat evasion tactics employed.
- Limit unauthorized transfer of files and sensitive data and control non-workrelated web surfing.
- Identify unknown malware analyze for more than 100 malicious behaviors automatically create and deliver a signature in the next available update.
Delivering Linear Scalability and Performance
The PA-7050 achieves predictable datacenter level protection and performance by applying more than 400 function-specific processors distributed across the following chassis subsystems:
- Network Processing Card (NPC): Each NPC delivers 20 Gbps of firewall performance using multi-core security optimized processors along with dedicated high-speed networking and content inspection processors. Up to six NPCs each with 24 traffic interfaces are supported in the PA-7050.
- Switch Management Card (SMC): The SMC is comprised of three elements that are key to delivering predictable datacenter protection and performance: the First Packet Processor the 1.2 Tbps switch fabric and the management subsystem.
- First Packet Processor (FPP): The FPP utilizes dedicated processing to apply intelligence to the incoming traffic directing it to the appropriate processing resource to maximize throughput efficiency.
- High Speed Switch Fabric: The 1.2 Tbps switch fabric means that each NPC has access to approximately 100 Gbps of traffic capacity ensuring that performance and capacity will scale in a linear manner as NPCs are added to the PA-7050.
- Management Subsystem: Unified point of contact for managing all aspects of the PA-7050.
- Log Processing Card (LPC): The LPC uses multi-core processors and 2TB of RAID 1 storage to offload the logging related activities without impacting the processing required for other management related tasks. The LPC allows you to generate on-system queries and reports from the most recent logs collected or forward them to a syslog server for archiving or additional analysis.
The PA-7050 delivers performance and scalability by intelligently applying all available networking and security processing power to application layer traffic classification and threat protection tasks. Orchestrating this ballet of session management tasks is the First Packet Processor which constantly tracks the shared pool of processing and I/O resources across all of the NPCs. When the FPP determines that additional processing resources are available traffic is intelligently directed across the high-speed switch fabric to that location even if it resides on a separate NPC. The FPP is the key to delivering linear scalability to the PA-7050 working in conjunction with each of the network processors on the NPCs to utilize all of the available computing resources as a single cohesive system. This means that as NPCs are added no traffic engineering changes are required in order to utilize the added capacity.
The controlling element of the PA-7050 is PAN-OSTM a securityspecific operating system that natively classifies all traffic inclusive of applications threats and content then ties that traffic to the user regardless of location or device type. The application content and user&mdashthe elements that run your business&mdashare then used as the basis of your security policies resulting in an improved security posture and a reduction in incident response time. All traffic classification content inspection policy lookup and execution are performed in a single pass. The single pass software architecture when combined with the processing power of the PA-7050 ensures that you achieve predictable throughput.
 
Features:
Security Features
- Application Visibility
Port numbers protocols and IP addresses are useful for network devices but they tell you nothing about what is on your network. Detailed information about the applications users and content traversing your network empowers you to quickly determine any risks they pose and quickly respond. Leveraging the rich context provided by Palo Alto Networks firewalls our visualization analysis and reporting tools let you quickly learn more about activity on your network and analyze incidents from a current or comparative perspective. - User Visibility - An integral component for secure application enablement policies.
Traditionally security policies were applied based on IP addresses but the increasingly dynamic nature of users and applications mean that IP addresses alone have become ineffective as a policy control element for safe application enablement. Our next-generation firewalls integrate with a wide range of enterprise directories and terminal services offerings allowing you to:- See who is using the applications on your network
- Set policy based on users
- Perform forensic analysis and generate reports on user activities
- AntiVirus - Network-based Malware Protection.
The broadening use of social media messaging and other non-work related applications introduce a variety of vectors for viruses spyware worms and other types of malware. Palo Alto Networks next-generation firewalls allow you to block unwanted applications with App-ID and then scan allowed applications for malware. - IPS
Today's attacks on your network use a combination of application vectors and exploits. Palo Alto Networks next-generation firewalls arm you with a two-pronged approach to stopping these attacks. Unwanted applications are blocked through App-ID and the applications you choose to allow through are scanned for vulnerability exploits by our NSS-approved IPS engine. - Data Filtering & File Blocking
The application function level control file blocking by type and data filtering features of our next-generation firewalls allow you to implement a range of policies that help balance permitting the use of personal or non-work related applications with the business and security risks of unauthorized file and data transfer. - Modern Malware Protection - WildFire: Protection from targeted and unknown threats.
Modern attackers are increasingly using targeted and new unknown variants of malware to sneak past traditional security solutions. To address this Palo Alto Networks developed WildFire which identifies new malware in minutes. By executing suspect files in a virtual environment and observing their behavior Palo Alto Networks identifies malware quickly and accurately even if the malware sample has never been seen before. Once a file is deemed malicious WildFire automatically generates protections that are delivered to all WildFire subscribers within an hour of detection. A WildFire license provides your IT team with a wealth of forensics to see exactly who was targeted the application used in the delivery and any URLs that were part of the attack. - URL Filtering - Control Web Activity with URL Filtering.
The perfect complement to the policy-based application control provided by App-ID is our on-box URL filtering database which gives you total control over related web activity. By addressing your lack of visibility and control from both an application and web perspective App-ID and URL Filtering together protect you from a full spectrum of legal regulatory productivity and resource utilization risks. - Mobile Security
Mobile computing is one of the most disruptive forces in information technology. It is revolutionizing how and where employees work as well as the tools they use to perform their jobs. Mobile devices are not just ways to access existing applications such as corporate email but the platform for opening up entirely new ways of doing business. Make sure that you have the proper security to extend your business applications and data to smartphones tablets and laptops. Learn how to safely enable mobile devices by using GlobalProtect from Palo Alto Networks.
Networking Features
- Decryption - Identify & Control Encrypted Traffic.
Take control of your SSL and SSH encrypted traffic and ensure it is not being used to conceal unwanted activity or dangerous content. Using policy-based decryption and inspection you can confirm that SSL and SSH are being used for business purposes only instead of to spread threats or unauthorized data transfer. - IPv6 - Safely enabling applications users and content in IPv6 environments.
Our next-generation firewalls allow you to deploy consistent safe application enablement policies across IPv6 IPv4 and mixed environments. - Networking
Our flexible networking architecture includes dynamic routing switching and VPN connectivity which enables you to easily deploy Palo Alto Networks next-generation firewalls into nearly any networking environment. - VPN - Standards-based VPN Connectivity.
Secure site-to-site and remote user connectivity is a critical infrastructure component. Every Palo Alto Networks next-generation firewall platform allows you to easily and securely communicate between sites using standards-based IPSec VPN connections. Remote user communications are protected through a rich set of VPN features. - Virtualization Security
The VM-Series supports the exact same next-generation firewall and advanced threat prevention features available in our physical form factor appliances allowing you to safely enable applications flowing into and across your private public and hybrid cloud computing environments. Automation features and an API enable you to dynamically update security policies as your VM environment changes eliminating potential security lag. The VM-Series supports the following hypervisors: VMWare ESXi and NSX Citrix SDX KVM (Centos/RHEL) Ubuntu Amazon Web Services.
Management Features
- Centralized Management
The centralized management features in Panorama will minimize the administrative efforts and operational costs associated with your deployment of our next-generation firewalls in multiple locations &ndash either internally or globally. Panorama allows your team to centrally manage all device aspects including configuration and policy deployment visibility into applications users and content as well as logging and reporting. - Device Management
Our firewall management philosophy is to make administrative tasks such as report generation log queries policy creation and ACC browsing easy to execute and consistent no matter which mechanism - web interface Panorama CLI or API - you use. - Policy Control - Secure Application Enablement.
The increased visibility into applications users and content delivered by Palo Alto Networks simplifies figuring out which applications are traversing your network who is using them and the potential security risks. Armed with this data you can apply secure enablement policies with a range of responses that are more finely tuned than the traditional 'allow or deny' approach. - Redundancy
Palo Alto Networks next-generation firewalls support a series of redundancy and resiliency features that ensure your firewall will continue to provide the secure application enablement you need to keep your business running. - Virtual Systems - Scalable Firewall Services With Virtual Systems.
Virtual systems are unique and distinct next-generation firewall instances within a single Palo Alto Networks firewall. Instead of deploying many individual firewalls security service providers and enterprises can deploy a single pair of firewalls (high availability) and enable a series of virtual firewall instances (virtual systems). Each virtual system is an independent (virtual) firewall within your firewall that is managed separately and cannot be accessed or viewed by other users.
Technical Specifications:
Model | PA-7050 System | PA-7000-20G-NPC |
---|---|---|
  | ||
Performance and Capacities Specifications | ||
Firewall throughput (App-ID enabled) | 120 Gbps | 20 Gbps |
Threat prevention throughput (DSRI Enabled2) | 100 Gbps | 16 Gbps |
Threat prevention throughput | 60 Gbps | 10 Gbps |
IPSec VPN throughput | 24 Gbps | 4 Gbps |
New sessions per second | 720000 | 120000 |
Max sessions | 24000000 | 4000000 |
Virtual routers | 225 | 225 |
Virtual systems (base/max3) | 25/225 | N/A |
Security zones | 900 | 900 |
Max. number of policies | 40000 | 40000 |
Hardware Specifications | ||
I/O | (72) 10/100/1000 (48) Gigabit SFP (24) 10 Gigabit SFP+ | (12) 10/100/1000 (8) Gigabit SFP (4) 10 Gigabit SFP+ (Each PA-7050 supports up to six NPCs) |
Management I/O | ((2) 10/100/1000+(2) 40Gbps high availability (1) 10/100/1000 out-of-band management (1) RJ45 console port | |
Storage Options | 80GB SSD System Drive + 4x1TB HDD on Log Processing Card | |
Storage Capacity | 2TB RAID1 | |
Power supply (Avg/max power consumption) | 4x2500W AC (2400W / 2700W) | 4x2500W AC (2400W / 2700W) |
Max BTU/HR | 9213 | 9213 |
Input Voltage (Input Frequency) | 200-240VAC (50-60Hz) | |
Max Current Consumption | 12A@240VAC | |
Max Inrush Current | 200A | |
Dimensions | 15.75"H x 19"W x 24"D | |
Weight (Stand alone device/as shipped) | 184Lbs | |
Safety | UL CUL CB | |
EMI | FCC Class A CE Class A VCCI Class A | |
Certifications | NEBS Level 3 (pending) | |
Environment | ||
Operating temperature | 32° to 122° F 0° to 50° C | |
Non-operating temperature | -4° to 158° F -20° to 70° C |
Networking Specifications:
Interface Modes
Routing
IPV6
IPSEC VPN
| VLANS
Network Address Translation (NAT):
|