My employer is starting to use PAs, and as a networking person I want to get much more comfortable with them, I wanted to buy an small one off ebay to use as my home router. I won't need global protect, OR wildfire as I just want to run the PA as a router in a "less critical" environment. If I do get one off ebay are there license fees that I'm going to be surprised by or those all additionals rather than required?
Yes with PA all the licenses are required.
But you can work without the licenses also
You can buy one line 500 or PA 220.
PA 220 does support PAN OS 9.0
You don't need to buy the licenses if you dont use them. All you need is supportsubscriptionto be able to update the firewall.
Anyway don't make the mistake and buy a PA-500. This one is end of sale and will not support anything newer than PAN-OS 8.1. In addition you cannot buy a support subscription for this one except there is still a not expired one on the box, so there might be a chance to renew it. I strongly recommend to buy a PA-220. If you buy that one as LAB/not-for-resale firewall it will cost almost nothing and you will have already all licenses included - just in case you need them once.
I agree with @vsys_remo PA-500's are 8 port PA-200's and you do not what to learn on these devices. they are miserable, commits take forever. a PA-220 is slow compared to a PA-5250. but it's a lot faster than a PA-500/200.
I have 2 PA-220's in HA at my house.
What I did for my org was to purchase PA-220-Lab units for the employees to take home and use. I think only 5 of 20 are actively used. They are half the price of a normal PA-220 and come with all the licenses. You do have to renew the licenses but that is only a fraction of the cost.
I think you can buy lab units from Palo alto re-sellers. if your company will not support the cost of this, You could personally contract your company reseller and ask them if you can purchase a lab unit. Everyone has different prices.
looks like CDW will sell you one. I would think that the base price listed (no warranty) still covers the normal 1-year subscription and Palo alto support for hardware\software. you should call CDW and see what their warranty covers. if the unit has Palo Alto support for 1 year, don't buy the CDW warranty.
If the company you work for already has a relationship with Palo Alto, you can buy a LAB unit for your house at a fraction of hte cost and it comes fully licensed. I would stay away from ebay for this as there could be lots of licensing issues. The PA220 lab is just under $500.
Maybe a different recommendation is to download a VM version of a PANW FW, and use it like a "lab in a box", with VMWare Player.
Gets you used to the gui, basic policies, etc. BUT... still unlicensed, you will not get many sessions (like only 10 or so), but the point to become familar with the FW GUI. Again, just a 2cent idea. :P
$500 seems a bit overkill for home use to me.
We do have a VM Lab unit in the office that we can play with, but once you have spent a couple of hours with a PA your more or less done with learning the basics.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!