Recommended Hardware for BranchOffices (PA-200 vs. PA-500)

cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
We are conducting regularly scheduled maintenance over the weekend, which could cause some downtime on LIVEcommunity. We apologize for any inconvenience.

Recommended Hardware for BranchOffices (PA-200 vs. PA-500)

L4 Transporter

Hi all,

We're evaluating new IT hardware for some small/mid-sized branch offices in Asia. If we compare the PA-200 and PA-500 (Link) we don't see a technical limitation when using PA-200s instead of PA-500s. Most branch offices don't have Internet connections with more than 50 Mbps, but sometimes 100+ users.

Is there a recommendation on the amount of users where a PA-200 would be suitable and when a PA-500 should be considered?

Thanks,

Oliver

1 ACCEPTED SOLUTION

Accepted Solutions

L7 Applicator

Bandwidth and connections per second are the main driver for moving up the platform sizes for a branch.

Bear in mind that your bandwidth for inspection can also include traffic between zones at the same site that transit the firewall and not just the traffic out the internet for the site.

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center

View solution in original post

2 REPLIES 2

L7 Applicator

Bandwidth and connections per second are the main driver for moving up the platform sizes for a branch.

Bear in mind that your bandwidth for inspection can also include traffic between zones at the same site that transit the firewall and not just the traffic out the internet for the site.

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center

Thanks Steven, that helps. However, I was more afraid of the ARP and MAC table size limitations. In an office with 100 employees and a /22 subnet there could be more than 500 ARP/MAC addresses present, especially when the firewall also handles guest WiFi traffic with a lot of SmartPhones in it. But as we lack some real-world experience here I think in such a situation we'll better go with a PA-500.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!