Palo Alto PA-220R

Ruggedized for industrial applications.

The PA-220R is a next-generation firewall appliance in a ruggedized form factor, providing rock-solid network security for severe environments, such as utility substations, power plants, manufacturing plants, oil and gas facilities, building management systems and healthcare networks.

Palo Alto Networks PA220R

Protection, visibility and control where you need it most

The ruggedized PA-220R next-generation firewall brings you the same PAN-OS® features that protect your largest data centers, offers an extended temperature range and is certified to IEEE 1613 and IEC 61850-3 standards for vibration, temperature and immunity to electromagnetic interference. It provides interactive visibility and control of industrial protocols and applications such as Modbus, DNP3, IEC 60870-5-104, Siemens S7, OSIsoft® PI and more.

Combines simplicity and unparalleled reliability

 The PA-220R provides dual DC power inputs and high availability configuration for increased reliability, a fanless design and solid-state storage for quiet operation, and no moving parts for increased reliability. It simplifies the deployment of large numbers of firewalls through its bootstrapping feature and USB port.

The PA-220R

  • 500 Mbps firewall throughput (1)
  • 150 Mbps Threat Prevention throughput (2)
  • 100 Mbps IPsec VPN throughput
  • 64,000 max sessions
  • 4,200 new sessions per second (3)
  • 1,000 IPsec VPN tunnels/tunnel interfaces
  • 3 virtual routers
  • 15 security zones
  • 250 max number of policies

1. Firewall throughput measured with App-ID and logging enabled, utilizing 64KB HTTP transactions
2. Threat Prevention throughput measured with App-ID, IPS, antivirus, anti-spyware, WildFire and logging-enabled, utilizing 64KB HTTP transactions
3. New sessions per second measured with application-override, utilizing 1-byte HTTP transactions 


Talk with an Expert

Speak with a solutions expert or architect. Give us a call or leave a message. Our team is ready for your business.

PA-220R Benefits

Classifies all applications, on all ports, all the time

The PA-220R identifies any application, regardless of port, encryption (SSL or SSH) or evasive technique employed, and uses the application – not the port – as the basis for all your safe enablement policy decisions: allow, deny, schedule, inspect and apply traffic-shaping. It also categorizes unidentified applications for policy control, threat forensics or custom App-ID development.

Enforces security policies for any user, at any location

The PA-220R lets you deploy consistent policies to local and remote users running on Windows®, macOS®, Linux, Android® or Apple® iOS platforms. You get agentless integration with Microsoft® Active Directory® and Terminal Services, LDAP, Novell® eDirectory™ and Citrix®, and you can integrate your firewall policies easily with 802.1X wireless, proxies, network access control and other sources of user identity.

Prevents known and unknown threats

The PA-220R blocks a range of threats, including exploits, malware and spyware, across all ports, regardless of common threat-evasion tactics employed. It limits the unauthorized transfer of files and sensitive data to safely enable non-work-related web surfing. It also identifies unknown malware, analyzes it based on hundreds of malicious behaviors, and then automatically creates and delivers protection.

Ready to talk?

Get in touch with us today.

Give us a call or leave a message. Our team is ready for your business.

Leave message Call now Request Quote

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Find out more here.