I agree with @vsys_remo PA-500's are 8 port PA-200's and you do not what to learn on these devices. they are miserable, commits take forever. a PA-220 is slow compared to a PA-5250. but it's a lot faster than a PA-500/200. I have 2 PA-220's in HA at my house. What I did for my org was to purchase PA-220-Lab units for the employees to take home and use. I think only 5 of 20 are actively used. They are half the price of a normal PA-220 and come with all the licenses. You do have to renew the licenses but that is only a fraction of the cost. I think you can buy lab units from Palo alto re-sellers. if your company will not support the cost of this, You could personally contract your company reseller and ask them if you can purchase a lab unit. Everyone has different prices. looks like CDW will sell you one. I would think that the base price listed (no warranty) still covers the normal 1-year subscription and Palo alto support for hardware\software. you should call CDW and see what their warranty covers. if the unit has Palo Alto support for 1 year, don't buy the CDW warranty. CDW link
... View more
maybe this is too simple. but you could download the config. used a text editor to remove everything you didn't want and then re-upload the config. once you apply it you will get errors if you missed something.
... View more