Among our user base ( Indeni ), the majority of PANW devices deployed globally are the PA-5000 series, mostly PA-5060, PA-5050 and some PA-5220. Anyone knows why?
I would guess they are similar traffic and interface counts. Hopefully the devices sold are matching the needs for processing traffic in their respective networks.
Across most enterprises that would be large enough to purchase something like Indeni or Firemon you would be within that 5000 or 5200 series range for most enterprises. I'm guessing that you don't see a lot of the 3200/3000 series or lower.
@BPry I would generally agree with you, but then we went to look at the breakdown of Check Point devices we cover across similarly-sized organizations, and found a different break down.
For example, we looked at one customer that has both CHKP and PANW devices (431 firewalls total).
Of the PANW devices they have this is the breakdown by percentage:
So three quarters in the 5000 series.
Whereas, the CHKP devices have the following breakdown:
Check Point 12200 7.73%
Check Point 12400 3.86%
Check Point 13500 20.77%
Check Point 21600 11.59%
Check Point 2200 4.83%
Check Point 4200 1.93%
Check Point 4600 12.56%
Check Point 5400 1.45%
IBM System x3650 M4 16.91%
IBM System x3650 M3 6.76%
IBM System x3650 M4 3.38%
IBM System x3650 M4 0.97%
IBM System x3650 M4 0.48%
ProLiant DL360 Gen9 6.76%
While this is just one customer, the sample that brought us to the original conclusion is hundreds of customers in size. The behavior of preferring the 5000 series vs a wider range of products with other vendors is fairly consistent.
We picked CHKP as a sample comparative because of the two companies' history.
I think one reason is the one mentionned by @BPry and another one is because palo hasn't had a lot of different platforms some years ago. So about 5 years ago before the 3000 series were released a company had to choose between pa2000, pa4000 and pa5000 series. Even back then pa2000 and pa4000 were already "old" hardware platforms and probably did not have enough throughput (pa2000) so there was only pa5000 series left. With the release of pa3000 this may changed a little with "modern" hardware and 4Gig throughput, but if a requirement was a redundant power supply the only option again was the pa5000 series. With last years release of the pa5200 series I think the overall distribution my change as more and more of the existing pa5000 will be ready for lifecycle, but the pa3200 is likely also going to change something but with the increasing demands on throughput probably all stay the same, except that more and more of the pa5000 will be changed to pa5200...
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!