01-24-2018 01:27 PM
01-25-2018 12:36 PM
I abbreviated New session Per Second as NPS, I'm not that sure why honestly; that's what I meant though. Managing a PA-220 is a heck of a lot better than a PA-500, seaking from experiance here. Commit times are much shorter and the reports generate in a timely manner. The only thing that doesn't really decrease a noticable amount of time is boot time, that still takes a while.
01-24-2018 02:03 PM
Basically the PA220 is at this point super cheap compared to when you purchased your PA-500, it outperforms your PA-500 on basically every level, and the PA-500 is a seven year old platform.
Now lets talk about the actuality of your situation. You aren't pushing the PA-500 even close to it's capabilities and everything is running perfectly fine as is (I imagine). You'd gain additional firewall throughput (which you probably don't need), you'd gain additional threat prevention throughput (which you probably don't need), Your NPS rate actually goes down, your max security zones go down, and the max number of policies go down.
Strictly speaking, unless you start seeing issues there really isn't any need to upgrade away from the PA-500 at this point. Yes, the PA-220 is a much better box in my opinion, yes it's a much better management experiance, yes you'll be supported for a much longer period of time. Truth be told though I don't think, from the requirements that you state here, that you are actually a proper canidate for an upgrade at this time. I would start to think about upgrading to the PA-220; I would start to think about how long you expect your PA-500 to last.
The biggest discussion here for me would be more along the lines of when your subscriptions are up if you have any active. I would not recommend any subscription terms over a year on a PA-500; since I personally like to go for 3 years at a time or more I would toss out that PA-500 for a PA-220 the next time my subscriptions were due.
01-24-2018 02:53 PM
Thanks for your thorough response. What is NPS rate? The security zones and polices are neither an issue.
There are two reasons that I am considering the upgrade option. One, our renewals are up (which are annual) and the cost for renewing all of the same services are actually cheaper on the PA220. Second, and to some might not be a big need but the performance with commits are just brutal and as you mentioned, we are not even utilizing this thing. With the plan to move everything over from our ASA to the PA just adds more concern as more will be on the PA which would cause commits to even be slower than they are now. Even the overall management of the device just feels sluggish. Maybe this is due to being a 7 year platform (although we puchased it 4 years ago). I am hoping that what they say is true and managing the PA220 is a better experience.
01-25-2018 12:36 PM
I abbreviated New session Per Second as NPS, I'm not that sure why honestly; that's what I meant though. Managing a PA-220 is a heck of a lot better than a PA-500, seaking from experiance here. Commit times are much shorter and the reports generate in a timely manner. The only thing that doesn't really decrease a noticable amount of time is boot time, that still takes a while.
01-25-2018 01:19 PM
01-25-2018 03:18 PM
Hello,
The 220 is on version 8.0 or above, so if you are running 7.0 or 7.1 there will be a few new features.
Regards,
01-26-2018 05:49 AM
Can you share the average time a commit takes on your PA-220?
01-26-2018 06:55 AM
I'll take a few quick tests later today; just know that like any commit this will be dependant on how large your configuration file actually is. Should be able to give you a rough idea of the time difference though.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
