if you're a partner you can use 'popsicle' from the NextWave portal https://www.paloaltonetworks.com/partners/nextwave-partner-portal/cyberforce/cyberforce-members-only
to get a decent sizing you'll need to estimate how much ipsec, app-id and ssl throughput you will expect, and then guesstimate how much l7 scanning you're going to apply
1gbps app-ID sizes to pa-820,
1gbps threat-ID sizes to pa-3220,
1gbps ssl decryption + threat-ID sizes to pa-5220
Here is a link to the comparison sheet:
Then select the devices you think might work. In your case, start with the 3410 and 5410 as a comparison.
I always look a the smallest number and go from there, even if I'm not using it. This way if in the future you need that feature, you have it sized correctly, if nothing else changes. Also dont skimp on the licenses and features. They help you more than you know.
I'm only guessing but I bet a 3410 would work for you (but dont go by my advice only since I dont know your environment). Stay with the models that have the 4 as the second number, they are the newest architecture.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!