Pa 220r
Pa 220r
Pa 220r
Prevents known and unknown threats • Certified to IEC 61850-3 and IEEE 1613
• Blocks a range of known general and ICS-specific threats— environmental and testing standards for vibration,
including exploits, malware, and spyware—across all ports, temperature, and immunity to electromagnetic
regardless of common evasion tactics employed. interference.
• Limits the unauthorized transfer of files and sensitive data. • Dual DC power (12–48V).
• Identifies unknown malware, analyzes it based on hundreds • High availability firewall configuration (active/active
of malicious behaviors, and then automatically creates and and active/passive).
delivers protection. • Fanless design with no moving parts.
Enables SD-WAN functionality • Flexible I/O with support for both copper and optical
via SFP ports.
• Easily adopt SD-WAN by simply enabling it on your existing
firewalls. • Flexible mounting options, including DIN rail, rack,
• Enables you to safely implement SD-WAN, natively integrated and wall mount.
with our industry-leading security. • Simplified remote site deployment via USB-based
• Delivers an exceptional end user experience by minimizing bootstrapping.
latency, jitter, and packet loss.
Firewall throughput (HTTP/appmix)1 500/580 Mbps NAT modes (IPv4): static IP, dynamic IP, dynamic IP and port
(port address translation)
Threat Prevention throughput
240/280 Mbps NAT64, NPTv6
(HTTP/appmix)2
IPsec VPN throughput3 500 Mbps Additional NAT features: dynamic IP reservation, tunable dynamic
IP and port oversubscription
Max sessions 64,000
High Availability
New sessions per second 4
4,200
Modes: active/active, active/passive
1. Firewall throughput is measured with App-ID and logging enabled, using Failure detection: path monitoring, interface monitoring
64 KB HTTP/appmix transactions.
2. Threat Prevention throughput is measured with App-ID, IPS, antivirus, Industrial Protocols and Applications
anti-spyware, WildFire, file blocking, and logging enabled, utilizing 64 KB
https://www.paloaltonetworks.com/resources/whitepapers/
HTTP/appmix transactions.
app-ids-industrial-control-systems-scada-networks
3. IPsec VPN throughput is measured with 64 KB HTTP transactions and
logging enabled.
4. New sessions per second is measured with application-override utilizing Table 3: PA-220R Hardware Specifications
1 byte HTTP transactions.
I/O
The PA-220R supports a wide range of networking features (6) 10/100/1000, (2) SFP
that enable you to more easily integrate our security features Management I/O
into your existing network.
(1) 10/100/1000 out-of-band management port, (1) RJ-45 console port,
(1) USB port, (1) Micro USB console port
Table 2: PA-220R Networking Features
Storage Capacity
Interface Modes
32 GB EMMC
L2, L3, tap, virtual wire (transparent mode)
Power Supply (Avg/Max Power Consumption)
Routing
Optional: dual redundant DC power feeds (13 W/16 W)
OSPFv2/v3 with graceful restart, BGP with graceful restart, RIP,
static routing Max BTU/hr
Policy-based forwarding 55
Multicast: PIM-SM, PIM-SSM, IGMP v1, v2, and v3 12–48 VDC 1.4 A
Path quality measurement (jitter, packet loss, latency) Firewall – 1.4 A @ 12 VDC
Max inrush current 4.9 A @ 12 VDC
Initial path selection (PBF)
Rack Mount (Dimensions)
Dynamic path change
IPv6 2.0” H x 8.66” D x 9.25” W
Flexible mounting options, including DIN rail, rack and wall mount
L2, L3, tap, virtual wire (transparent mode)
Weight (Stand-Alone Device/As Shipped)
Features: App-ID, User-ID, Content-ID, WildFire, and SSL
Decryption 4.5 lbs / 6.0 lbs
SLAAC Safety
IPsec VPN TUV CB report and TUV NRTL
Key exchange: manual key, IKEv1, and IKEv2 (pre-shared key, EMI
certificate-based authentication)
FCC Class A, CE Class A, VCCI Class A
Encryption: 3DES, AES (128-bit, 192-bit, 256-bit)
Certifications
Authentication: MD5, SHA-1, SHA-256, SHA-384, SHA-512
IEC 61850-3 and IEEE 1613 environmental and testing standards.
VLANs
For more certifications, see:
802.1 Q VLAN tags per device/per interface: 4,094/4,094 https://www.paloaltonetworks.com/company/certifications.html
Environment
To learn more about the features and associated capacities
of the PA-220R, please visit www.paloaltonetworks.com/ Operating temperature: -40° to 158° F, -40° to 70° C
products. Non-operating temperature: -40° to 167° F, -40° to 75° C
Passive cooling
3000 Tannery Way © 2019 Palo Alto Networks, Inc. Palo Alto Networks is a registered
Santa Clara, CA 95054 trademark of Palo Alto Networks. A list of our trademarks can be found
Main: +1.408.753.4000 at https://www.paloaltonetworks.com/company/trademarks.html. All other
Sales: +1.866.320.4788 marks mentioned herein may be trademarks of their respective companies.
Support: +1.866.898.9087 pa-220r-ds-112619
www.paloaltonetworks.com