I received a quote from a supplier for 2 PA-850s with Wildfire , Partner enabled premium support and GlobalProtect subscription.
Then for the PA - 440 - Wildfire , GlobalProtect , advanced Url filtering , advanced threat protection and premium support.
As far as i can tell they want to run 2 separate networks with the same level of protection on both, i cant find a reason or the PA - 440 though. The employee requesting these devices has made some strange pucrases in the past so my supervisor asked me to look into it.
I'm still a noob at this so any advice and clarification to reason will be appreciated.
I can Provide the full quote if required , it will be in South African Rand though.
PA-850 is older model than 440. 440 provides better throughput so I suggest to compare price and go with 2x 440 instead.
Partner enabled premium support means that you can't open cases directly with Palo Alto and have to turn to partner every time.
Ask Premium support instead.
Just to add on to this a bit more, I'd really want to see some justification for the pair of 850s and the single PA-440. You'll likely have redundancy on the PA-850s, but why don't you need redundancy on the PA-440?
It kind of smells like someone is using the PA-850s for the internal network and potentially using the PA-440 standalone on something not important like a guest wireless network or something like that. I'd personally really want to hear the justification for not doing redundant 440s like @Raido_Rattameister mentioned and running multi-vsys to segment the two networks logically.
There's some instances where you actually need physical hardware isolation, but it's a fairly rare outlier scenario that I'd personally make someone show me where multi-vsys wouldn't satisfy the requirement.
I'll see if I can fish for some info regarding his justification, it might take some time though, I have attached a screenshot of the quote without pricing , The pricing itself seems fair however on the SFPs on the quote its R20246.16 (Around 1 049,34 USD) I figured its a 10gb/s transceiver but unless its a very specific type of SFP , Isn't that very expensive?
I'll get some more info in the meantime, Thanks very much for the insight and the help!
I can't really speak on that; I'm not really sure what currency you're referencing, and even if I was I wouldn't be aware of local market conditions regarding import duties increasing costs or anything like that. It's simply not a dollar to dollar conversion when you import products into another country, so things get fuzzy there real quick.
I will say that a first-party 10Gb+ SFP modules running $1,049.34 isn't exactly shocking. You can use third-party optics on a PAN firewall, but be aware of PANs support policy regarding third-party components. I've used fs.com and Cisco optics extensively without issue, but that compatibility risk is a thing. If you're having a VAR or Palo partner quote this I would 100% expect them to quote first-party optics; whether or not you accept the risk of third-party optics is entirely a risk acceptance conversation of the organization making the purchase.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!