PA-3020 vs PA-850

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

PA-3020 vs PA-850

L1 Bithead

Hi,

I am in the process to purchase a new pair of firewalls (in active/passive setup), but I am stuck in selecting PA-3020 or PA-850.

While the tech specifications are similar, the cost is not.

Additionally, the PA-3020 is around since a while, so I am more oriented to purchase the PA-850.

This is going to serve a 350-people office, and I will need to use virtual-routers, PAN-DB, Threat Prevention and WildFire.

Any suggestion ?

Thanks.

AM

1 accepted solution

Accepted Solutions

L2 Linker

We are in the same situation. So if you had no issues with the PA-3020 and the performance limitations (like max sessions and througput) it can be an option to look at the PA-850. But the PA-850 is weaker in some points:

 

New Connections per second: 50.000 (3020) vs. 9.500 (850) - huge difference if you ask me
Maximum session: 250.000 (3020) vs. 197.000 (850) - big difference if you ask me

Security Rules: 2.500 (3020) vs. 1.500 (850) - big difference if you ask me, i mean 1000 rules more at the PA-3020

And it goes down the hole datasheet. The only points the PA-850 is better, in my opinion, is USER-ID Mapping in the Dataplane and SSL Decryption Performance (except for HSM Support).

 

If you didn't made it yet, take a look: https://www.paloaltonetworks.com/products/product-comparison.html?chosen=pa-3020,pa-850

 

So if your envirement is in this performance area maybe a PA-850 can work. But as i say, we are in the same situation right now and we are going for the PA-3220. But this is because we need more performance now.

View solution in original post

4 REPLIES 4

L2 Linker

We are in the same situation. So if you had no issues with the PA-3020 and the performance limitations (like max sessions and througput) it can be an option to look at the PA-850. But the PA-850 is weaker in some points:

 

New Connections per second: 50.000 (3020) vs. 9.500 (850) - huge difference if you ask me
Maximum session: 250.000 (3020) vs. 197.000 (850) - big difference if you ask me

Security Rules: 2.500 (3020) vs. 1.500 (850) - big difference if you ask me, i mean 1000 rules more at the PA-3020

And it goes down the hole datasheet. The only points the PA-850 is better, in my opinion, is USER-ID Mapping in the Dataplane and SSL Decryption Performance (except for HSM Support).

 

If you didn't made it yet, take a look: https://www.paloaltonetworks.com/products/product-comparison.html?chosen=pa-3020,pa-850

 

So if your envirement is in this performance area maybe a PA-850 can work. But as i say, we are in the same situation right now and we are going for the PA-3220. But this is because we need more performance now.

Hello,

If you are doing ssl decrypt, i would say compare the 850 to the 3220, its the newer model that replaces the 3020. I had a similar debate a while ago between those two, 3020 and 850, and onky chose the 3020 since it had more ethernet ports and didnt require gbics.

 

Just my thoughts.

Thanks Markus !

Thanks Otakar !

  • 1 accepted solution
  • 6594 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!