PA-5200 Series Next-Gen Firewall Hardware Reference
    : PA-5200 Front Panel
    Focus
    Download PDF
    Focus
    1. Home
    2. Firewalls & Appliances
    3. PA-5200 Series Next-Gen Firewall Hardware Reference
    4. PA-5200 Series Firewall Overview
    5. PA-5200 Front Panel
    Download PDF

    PA-5200 Series Next-Gen Firewall Hardware Reference

    PA-5200 Front Panel

    Table of Contents

    PA-5200 Front Panel

    Learn about the PA-5200 firewall front-panel components.
    The following image shows the front panel of the PA-5200 Series firewall and the table describes each front panel component. The only differences between the PA-5220 (shown), PA-5250, PA-5260, and PA-5280 panels is the model name and the Ethernet port speeds as described in the table.
    ItemComponentDescription
    1
    Ethernet ports 1 through 4
    Four RJ-45 100Mbps/1Gbps/10Gbps ports for network traffic.
    The link speed and link duplex are auto-negotiate only.
    2
    SFP ports 5 through 20
    Sixteen SFP/SFP+ ports for network traffic.
    Each port can operate as either SFP (1Gbps) or SFP+ (10Gbps) based on the installed transceiver.
    3
    QSFP+ ports 21 through 24
    These ports vary depending on your firewall model:
    • PA-5220 firewall—Four 40Gbps QSFP+ ports as defined by the IEEE 802.3ba standard.
    • PA-5250, PA-5260, and PA-5280 firewalls—Four 40Gbps QSFP+/100Gbps QSFP28 ports as defined by the IEEE 802.3ba standard. The link speed is based on the installed transceiver.
    4
    HSCI port
    These ports vary depending on your firewall model:
    • PA-5220 firewall—One QSFP+ 40Gbps port (supports only a 40Gbps (QSFP+) transceiver or QSFP+ active optical cable).
    • PA-5250, PA-5260, and PA-5280 firewalls—One QSFP28 40/100Gbps port (supports QSFP28 transceiver or equivalent active optical cables). The link speed is based on the installed transceiver. Use this port to connect two PA-5200 Series firewalls in a high availability (HA) configuration as follows:
      • In an active/passive configuration, this port is for HA2 (data link).
      • In an active/active configuration, you can configure this port for HA2 and/or HA3. HA3 is used for packet forwarding for asymmetrically routed sessions that require Layer 7 inspection for App-ID™ and Content-ID™.
        The HSCI ports must be connected directly between the two firewalls in the HA configuration (not between a network switch or router). When directly connecting the HSCI ports between two PA-5220 firewalls that are physically located near each other, Palo Alto Networks recommends that you use a 40Gbps QSFP+ Active Optical Cable (AOC). When directly connecting two PA-5250, PA-5260, or PA-5280 firewalls, use a QSFP28 Active Optical Cable (AOC).
        For installations where the two firewalls are not near each other and you cannot use an AOC cable, use a standard 40Gbps or 100Gbps transceivers and the appropriate cable length.
    5
    AUX 1 and AUX 2 ports
    Use these SFP+ ports for HA1, management functions, or log forwarding to Panorama.
    For information on configuring the port, refer to the on-device Help content in DeviceSetupInterfaces or refer to the PAN-OS 9.0 Web Interface Reference.
    6
    HA1-A and HA1-B
    Two RJ-45 10/100/1000Mbps ports for high-availability control (HA1).
    7
    		CONSOLE port
    (RJ-45)
    Use this port to connect a management computer to the firewall using a 9-pin serial to RJ-45 cable and terminal emulation software.
    The console connection provides access to firewall boot messages, the Maintenance Recovery Tool (MRT), and the command line interface (CLI).
    If your management computer does not have a serial port, use a USB-to-serial converter.
    Serial Settings
    Data rate: 9600
    Data bits: 8
    Parity: none
    Stop bits: 1
    Flow control: None
    8
    USB port
    Use this port to bootstrap the firewall.
    Bootstrapping enables you to provision the firewall with a specific PAN-OS configuration and then license it and make it operational on your network.
    9
    MGT port
    Use this Ethernet 10/100/1000Mbps port to access the management web interface and perform administrative tasks. The firewall also uses this port for management services, such as retrieving licenses and updating the threat and application signatures.
    10
    LED status indicators
    Five LEDs that indicate the status of the firewall hardware components (see Interpret the LEDs on a PA-5200 Series Firewall).
    11
    Intake air filters
    Two filters for air entering the firewall.
    Replace the Air Intake Filters on a PA-5200 Series Firewall every six months.

    © 2024 Palo Alto Networks, Inc. All rights reserved.