Content translations are temporarily unavailable due to site maintenance. We apologize for any inconvenience. Visit our blog to learn more.
10-03-2018 07:59 AM
Hi,
I am in the process to purchase a new pair of firewalls (in active/passive setup), but I am stuck in selecting PA-3020 or PA-850.
While the tech specifications are similar, the cost is not.
Additionally, the PA-3020 is around since a while, so I am more oriented to purchase the PA-850.
This is going to serve a 350-people office, and I will need to use virtual-routers, PAN-DB, Threat Prevention and WildFire.
Any suggestion ?
Thanks.
AM
10-04-2018 04:19 AM - edited 10-04-2018 04:30 AM
We are in the same situation. So if you had no issues with the PA-3020 and the performance limitations (like max sessions and througput) it can be an option to look at the PA-850. But the PA-850 is weaker in some points:
New Connections per second: 50.000 (3020) vs. 9.500 (850) - huge difference if you ask me
Maximum session: 250.000 (3020) vs. 197.000 (850) - big difference if you ask me
Security Rules: 2.500 (3020) vs. 1.500 (850) - big difference if you ask me, i mean 1000 rules more at the PA-3020
And it goes down the hole datasheet. The only points the PA-850 is better, in my opinion, is USER-ID Mapping in the Dataplane and SSL Decryption Performance (except for HSM Support).
If you didn't made it yet, take a look: https://www.paloaltonetworks.com/products/product-comparison.html?chosen=pa-3020,pa-850
So if your envirement is in this performance area maybe a PA-850 can work. But as i say, we are in the same situation right now and we are going for the PA-3220. But this is because we need more performance now.
10-04-2018 04:19 AM - edited 10-04-2018 04:30 AM
We are in the same situation. So if you had no issues with the PA-3020 and the performance limitations (like max sessions and througput) it can be an option to look at the PA-850. But the PA-850 is weaker in some points:
New Connections per second: 50.000 (3020) vs. 9.500 (850) - huge difference if you ask me
Maximum session: 250.000 (3020) vs. 197.000 (850) - big difference if you ask me
Security Rules: 2.500 (3020) vs. 1.500 (850) - big difference if you ask me, i mean 1000 rules more at the PA-3020
And it goes down the hole datasheet. The only points the PA-850 is better, in my opinion, is USER-ID Mapping in the Dataplane and SSL Decryption Performance (except for HSM Support).
If you didn't made it yet, take a look: https://www.paloaltonetworks.com/products/product-comparison.html?chosen=pa-3020,pa-850
So if your envirement is in this performance area maybe a PA-850 can work. But as i say, we are in the same situation right now and we are going for the PA-3220. But this is because we need more performance now.
10-04-2018 08:43 AM
Hello,
If you are doing ssl decrypt, i would say compare the 850 to the 3220, its the newer model that replaces the 3020. I had a similar debate a while ago between those two, 3020 and 850, and onky chose the 3020 since it had more ethernet ports and didnt require gbics.
Just my thoughts.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
