PA-4000 Series
Hardware Reference Guide
4/7/14 Final Review Draft - Palo Alto Networks
COMPANY CONFIDENTIAL
Palo Alto Networks, Inc.
www.paloaltonetworks.com
© 2011 Palo Alto Networks. All rights reserved.
Palo Alto Networks and PAN-OS are trademarks of Palo Alto Networks, Inc. All other trademarks are the property
of their respective owners.
Part number: 810-000002-00H
April 7, 2014 - Palo Alto Networks COMPANY CONFIDENTIAL
Table of Contents
Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
About This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Organization. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Typographical Conventions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Notes, Cautions, and Warnings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Related Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Obtaining More Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Chapter 1
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Front Panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Back Panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Chapter 2
Installing the Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Equipment Rack Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Connecting Cables to the Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Connecting Power . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Chapter 3
Maintaining the Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Cautions and Warnings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Replacing a Power Supply . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Interpreting the Device LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Interpreting the Port LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
9
13
17
Chapter 4
Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Physical Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Palo Alto Networks Table of Contents • 3
21
Interface Specifications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Electrical Specifications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Environmental Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Chapter 5
Compliance Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
25
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
4 • Table of Contents Palo Alto Networks
April 7, 2014 - Palo Alto Networks COMPANY CONFIDENTIAL
Preface
This preface contains the following sections:
• “About This Guide” in the next section
• “Organization” on page 5
• “Typographical Conventions” on page 6
• “Notes, Cautions, and Warnings” on page 6
• “Related Documentation” on page 7
• “Obtaining More Information” on page 7
• “T echnical Support” on page 7
About This Guide
This guide describes the PA-4000 Series firewall hardware, provides instructions on installing the
hardware and performing maintenance procedures, and provides product specifications. This guide is
intended for system administrators responsible for installing and maintaining the PA-4000 Series.
All PA-4000 Series run PAN-OS, a purpose-built operating system with extensive functionality. Please
refer to the PAN-OS Command Line Interface Reference Guide and Palo Alto Networks Administrator’s
Guide for information on using PAN-OS.
Organization
This guide is organized as follows:
• Chapter 1, “Overview”—Describes the features of the front and back panel of the
PA-4000 Series.
• Chapter 2, “Installing the Hardware”—Describes how to install the PA-4000 Series hardware.
• Chapter 3, “Maintaining the Hardware”—Describes how to replace power supplies, interpret
LEDs, and troubleshoot hardware problems.
• Chapter 4, “Specifications”—Provides specifications for the PA-4000 Series.
• Chapter 5, “Compliance Statement”—Presents the compliance statement for the Voluntary Control
Council for Interference by Information Technology Equipment (VCCI).
Palo Alto Networks Preface • 5
Typographical Conventions
Typographical Conventions
This guide uses the following typographical conventions for special terms and instructions.
Convention Meaning Example
boldface Names of commands,
keywords, and
selectable items in the
web interface
italics Name of variables,
files, configuration
elements, directories,
or Uniform Resource
Locators (URLs)
courier
font
courier
bold font
Command syntax, code
examples, and screen
output
Text that you enter at
the command prompt
Use the configure command to enter Configuration mode.
The address of the Palo Alto Networks home page is
http://www.paloaltonetworks.com.
element2 is a required variable for the move command.
The show ntp command yields this output:
admin@PA-HDF> show ntp
NTP state:
NTP synched to 10.44.2.10
NTP server 10.43.2.10 connected: True
NTP server 10.44.2.10 connected: True
Enter the following command to exit from the current PAN-OS
CLI level:
# exit
Notes, Cautions, and Warnings
This guide uses the following symbols for notes, cautions, and warnings.
Symbol Description
NOTE
Indicates helpful suggestions or supplementary information.
CAUTION
Indicates information about which the reader should be careful to avoid data loss or
equipment failure.
WARNING
Indicates potential danger that could involve bodily injury.
6 • Preface Palo Alto Networks
Related Documentation
The following additional documentation is provided with the firewall:
• PA-4000 Series Quick Start
• Palo Alto Networks License and Warranty
• You can find other related documentation in the Technical Documentation section at
http://support.paloaltonetworks.com.
Obtaining More Information
To obtain more information about the PA-4000 Series, refer to:
• Palo Alto Networks website—Go to http://www.paloaltonetworks.com.
• Online help—Click Help in the upper right corner of the GUI to access the online help system.
Related Documentation
Technical Support
For technical support, use the following methods:
• Go to http://support.paloaltonetworks.com.
• Call 1-866-898-9087 (U.S, Canada, and Mexico).
• Email us at: support@paloaltonetworks.com
Palo Alto Networks Preface • 7
Technical Support
8 • Preface Palo Alto Networks
April 7, 2014 - Palo Alto Networks COMPANY CONFIDENTIAL
Chapter 1
Overview
This chapter describes the features of the front and back panel of the PA-4000 Series firewall. For more
information, refer to the following topics:
• “Front Panel” in the next section
• “Back Panel” on page 12
Palo Alto Networks Overview • 9
Front Panel
1357 9111315 17192123
2 4 6 8 10 12 14 16 18 20 22 24 HA2
POWER
STATUS
HA
TEMP
ALARM
FANS
PWR 1
PWR 2
HA1MGTCONSOLEUSB 1/2
USB
ports
Ethernet
ports
Management
console port
Management
port
SFP
portsHAport 2
HA
port 1
LEDs
Front Panel
Figure 1 shows the front panel of the PA-4050 and PA-402 0 and Table 1 descri bes the front panel
features.
Figure 1. PA-4050 and PA-4020 Front Panel
Table 1. PA-4050 and PA-4020 Front Panel Features
Item Description
Ethernet ports 16 RJ-45 10/100/1000 ports for network traffic.
SFP ports Eight Small Form-Factor Pluggable (SFP) ports for network traffic.
Management ports One RJ-45 port to access the device management interfaces through an
Ethernet interface.
Management console port One DB-9 port for connecting a serial console.
High-availability (HA) ports Two RJ-45 ports for high-availability (HA) control and synchronization.
USB ports Two USB ports for future use.
LED dashboard Eight LEDs indicating system status. Refer to “Interpreting the Device
LEDs” on page 18 for LED definitions.
10 • Overview Palo Alto Networks
Front Panel
57
68
POWER
STATUS
HA
TEMP
ALARM
FANS
PWR 1
PWR 2
HA1MGTCONSOLEUSB 1/2
HA2
1234
USB
ports
XFP
ports
Management
console port
Management
port
SFP
ports
HA
port 2
HA
port 1
LEDs
Figure 2 shows the front panel of the PA-4060 Series and Table 2 describes the front panel features.
Figure 2. PA-4060 Front Panel
Table 2. PA-4060 Front Panel Features
Item Description
SFP ports Four Small Form-Factor Pluggable (SFP) ports for network traffic.
XFP ports Four 10 Gigabit Small Form-Factor Pluggable (XFP) ports for network traffic.
Management ports One RJ-45 port to access the device management interfaces through an
Ethernet interface.
Management console port One DB-9 port for connecting a serial console.
High-availability (HA) ports Two RJ-45 ports for high-availability (HA) control and synchronization.
USB ports Two USB ports for future use.
LED dashboard Eight LEDs indicating system status. Refer to “Interpreting the Device LEDs”
on page 18 for LED definitions.
Palo Alto Networks Overview • 11
Back Panel
Power
supplies
Fans
Back Panel
Figure 3 shows the back panel of the PA-4000 Series and Table 3 describes the back panel features.
Figure 3. Back Panel
Table 3. Back Panel Features
Item Description
Fans 3 fans for cooling the device.
Power supplies 2 redundant, hot-swappable power supplies.
The PA-4000 Series does not have a power button. The device is powered by plugging power cords into
the power supplies. Refer to “Replacing a Power Supply” on page 17 for instructions on replacing the
power supplies.
12 • Overview Palo Alto Networks
April 7, 2014 - Palo Alto Networks COMPANY CONFIDENTIAL
Chapter 2
Installing the Hardware
This chapter describes how to install the PA-4000 Series firewall. For more information, refer to the
following topics:
• “Before You Begin” in the next section
• “Equipment Rack Installation” on page 14
• “Connecting Cables to the Device” on page 15
• “Connecting Power” on page 16
Before You Begin
• It is recommended that two people be available to mount the PA-4000 Series in a 19-inch rack.
• Have a Phillips head screwdriver available.
• Verify that the intended location has adequate air circulation and meets the temperature
requirements. Refer to
• Allow clear space at the front and back of the device.
• Unpack the device.
• Verify that power is not connected to the device.
“Environmental Specifications” on page 23.
Palo Alto Networks Installing the Hardware • 13
Equipment Rack Installation
Equipment Rack Installation
Figure 4 illustrates how rack mounting brackets are attached to the PA-4000 Series. You can attach the
brackets using the holes at the front or the midpoint of the unit.
Figure 4. Attaching Rack Mounting Brackets
The following safety guidelines apply to rack installation:
• Elevated ambient operating temperature—If the PA-4000 Series is installed in a closed or
multi-unit rack assembly, the ambient operating temperature of the rack environment may be
greater than the ambient room temperature. Verify that the ambient temperature of the rack
assembly meets the maximum rated ambient temperature requirements listed in
Specifications” on page 23.
“Environmental
• Reduced air flow—Ensure that the airflow required for safe device operation is not compromised
by the rack installation.
• Mechanical loading—Ensure that the rack-mounted device does not cause hazardous conditions
due to uneven mechanical loading.
• Circuit overloading—Ensure that the circuit that supplies power to the device is sufficiently rated
to avoid circuit overloading or excess load on supply wiring. Refer to
on page 22.
“Electrical Specifications”
• Reliable earthing—Maintain reliable earthing of rack mounted equipment. Pay special attention
to supply connections other than direct connections to the branch circuit (such as use of power
strips).
14 • Installing the Hardware Palo Alto Networks
To install the PA-4000 Series in a grounded 19-inch rack:
1. Screw the rack mounting brackets onto the front or midpoint of the unit using a Phillips head
screwdriver.
2. Lift the device and position it in the rack. It is recommended that two people perform this function.
3. Align the mou nting holes on the side of the device with holes in the rack rail. Make sure that rack
rail holes are selected so that the PA-4000 Series is level.
4. Insert mounting screws into the aligned holes. Tighten with a Phillips screwdriver.
Connecting Cables to the Device
Figure 5 shows the cable connections of the PA-4050 and PA-4020. Refer to Table 1 for descriptions of
the front panel interfaces.
CAUTION: Fiber Transceivers that are installed by the user shall be Class I and CDRH
certified.
Connecting Cables to the Device
Network
HA1Serial
Management
SFP HA2
Figure 5. Cable Connections for the PA-4050 and PA-4020
Palo Alto Networks Installing the Hardware • 15
Connecting Power
57
68
POWER
STATUS
HA
TEMP
ALARM
FANS
PWR 1
PWR 2
HA1MGTCONSOLEUSB 1/2
HA2
SFP
HA2HA1
Serial
Management
XFP
1234
Figure 6 shows the cable connections of the PA-4060. Refer to Table 2 for descriptions of the front
panel interfaces.
Figure 6. Cable Connections for the PA-4060
Connecting Power
Figure 7 shows the power connections for the PA-4000 Series.
Figure 7. Power Connection for the PA-4000 Series
To power up the PA-4000 Series, attach a power cable to each of the power supplies, and plug each into
a grounded wall outlet. The device has no power switch, and is automatically powered when one or
more power cables are connected to the device and to an AC power source.
16 • Installing the Hardware Palo Alto Networks
April 7, 2014 - Palo Alto Networks COMPANY CONFIDENTIAL
Chapter 3
Maintaining the Hardware
This chapter describes how to replace power supplies, interpret LEDs, and troubleshoot hardware
problems. For more information, refer to the following topics:
• “Cautions and Warnings” in the next section
• “Replacing a Power Supply” on page 17
• “Interpreting the Device LEDs” on page 18
• “Interpreting the Port LEDs” on page 19
Cautions and Warnings
CAUTION: Disconnect all power cords before servicing.
WARNING: Risk of explosion if battery is replaced by an incorrect type. Dispose of used batteries
according to the battery manufacturer’s instructions.
WARNING: Removal of equipment top cover is to be done only by trained service person(s).
Replacing a Power Supply
The PA-4000 Series firewall has two hot-swappable power supplies. Both power supplies should be
connected during normal operations. If the system detects a loss of power, either due to loss of power
connection or failure of the power supply, the power supply LED located above the power plug and the
front panel PWR LED both turn red, and a continuous audible alert is generated.
To replace the PWR1 or PWR2 power supply:
1. While th e PA-4000 Series is running, unplug the power cord from the power supply that you need
to replace, and unscrew the screw knob.
2. Use the handle to slide the power supply out of the device, as shown in Figure 8.
3. Slide a replacement power supply into the device, and attach with the screw knob. Tighten the
screws more with a tool after initial and subsequent access to the power supply.
4. Connect the power cable to the pow er suppl y and to an AC power source.
Palo Alto Networks Maintaining the Hardware • 17
Interpreting the Device LEDs
POWER
STATUS
HA
TEMP
ALARM
FANS
PWR 1
PWR 2
Note: The audible alert continues to be generated until two power supplies are
installed and operational.
Figure 8. Power Supply Replacement
Interpreting the Device LEDs
Figure 9 shows the LED dashboard on the front panel, and Table 4 describes the LED functions and
states.
Figure 9. Front Panel LEDs
18 • Maintaining the Hardware Palo Alto Networks
Interpreting the Port LEDs
Table 4. Functions and States of the LED Dashboard
Interface State Description
POWER Green The device is powered.
Off Power is off.
STATUS Green The device is operating normally.
Yellow The device is booting up.
HA Green This device is the current active device.
Yellow This device is the current passive device.
Off High availability (HA) is not enabled on this device.
TEMP Green The temperature is normal.
Yellow The temperature is outside the normal tolerance.
ALARM Red There is a hardware failure, which may include power supply detected
but not working, fan failure, HA failover, or temperature above high
temperature threshold.
Off The device is operating normally.
FANS Green All fans are operating normally.
Red One or more fans have failed.
PWR1 Green The top power supply is powered and active.
Red The top power supply is not detected or is detected but not working.
PWR2 Green The bottom power supply is powered and active.
Red The bottom power supply is not detected or is detected but not working.
Interpreting the Port LEDs
Table 5 describes the LEDs for the PA-4050 and PA-4020 Ethernet ports. Refer to Figure 1.
Table 5. PA-4050 and PA-4020 Port LEDs
LED Description
Left Shows green if there is a network link.
Right Blinks if there is network activity.
Table 6 describes the LEDs for the PA-4060 Gigabit Small Form-Factor Pluggable (XFP) ports.
Refer to Figure 2.
Table 6. PA-4060 Port LEDs
LED Description
Top Shows green if there is a network link.
Bottom Blinks if there is network activity.
Palo Alto Networks Maintaining the Hardware • 19
Interpreting the Port LEDs
Table 7 describes the LEDs for the PA-4000 Series Management port. Refer to Figure 1 and Figure 2.
Table 7. PA-4000 Series Management Port LEDs
LED Description
Left
Right Blinks orange if there is network activity.
Shows green when a 100 Mbps link is connected or amber when a 1 Gbps
link is connected.
20 • Maintaining the Hardware Palo Alto Networks
April 7, 2014 - Palo Alto Networks COMPANY CONFIDENTIAL
Chapter 4
Specifications
This chapter provides specifications for the PA-4000 Series firewall. For more information, refer to the
following topics:
• “Physical Specifications” in the next section
• “Interface Specifications” on page 22
• “Electrical Specifications” on page 22
• “Environmental Specifications” on page 23
Physical Specifications
Table 8 lists physical specifications for the PA-4000 Series.
Table 8. Physical Specifications
Specification Description
Height 3.5 inches (2 RU).
Depth 16.5 inches.
Width 17.5 inches.
Mounting Standard 19-inch rack.
Fans Three fans.
Power supplies Two self-contained hot-swappable.
Palo Alto Networks Specifications • 21
Interface Specifications
Interface Specifications
Table 9 lists the interfaces for the PA-4000 Series.
Table 9. Interface Specifications
Specification Description
Ethernet ports PA-4050/PA-4020: 16 RJ-45 10/100/1000 ports for network traffic.
SFP ports PA-4050/PA-4020: Eight Small Form-Factor Pluggable (SFP) ports for
XFP ports PA-4060: Four 10 Gigabit Small Form-Factor Pluggable (XFP) ports for
Management ports One RJ-45 port to access the device CLI through an Ethernet interface.
Management console port One DB-9 port for connecting a serial console. Use these settings:
High-availability (HA) port Two RJ-45 ports for high-availability control and synchronization.
network traffic.
PA-4060: Four SFP ports for network traffic.
network traffic.
– Data rate: 9600
– Data bits: 8
– Parity: none
– Stop bits: 1
– Flow control: None
USB ports Two USB ports for future use.
Electrical Specifications
Table 10 lists electrical specifications for the PA-4000 Series.
Table 10. Electrical Specifications
Specification Description
Maximum internal power dissipation 400W.
AC voltage 100-240 VAC.
22 • Specifications Palo Alto Networks
Environmental Specifications
Table 11 lists environmental specifications for the PA-4000 Series.
Table 11. Environmental Specifications
Specification Description
Operating temperature range 0° to 50° C.
Storage temperature range -20° to 70° C.
System air flow Front to back.
Environmental Specifications
Palo Alto Networks Specifications • 23
Environmental Specifications
24 • Specifications Palo Alto Networks
April 7, 2014 - Palo Alto Networks COMPANY CONFIDENTIAL
Chapter 5
Compliance Statement
This chapter provides the compliance statement for the Voluntary Control Council for Interference by
Information Technology Equipment (VCCI), which governs radio frequency emissions in Japan.
The following information is in accordance to VCCI Class A requirements
Translation: This is a Class A product. In a domestic environment this product may cause radio
interference, in which case the user may be required to take corrective actions.
Palo Alto Networks Compliance Statement • 25
26 • Compliance Statement Palo Alto Networks
April 7, 2014 - Palo Alto Networks COMPANY CONFIDENTIAL
Index
B
back panel
fans 12
interfaces 12
overview 12
power supplies 12
C
compliance statements 25
connecting cables 15, 16
conventions, typographical 6
E
electrical specifications 22
environmental specifications 23
F
front panel
Ethernet ports 10
high-availability (HA) ports 10, 11
interfaces 10, 11
LED dashboard 10, 11
management console port 10, 11
management ports 10, 11
overview 10, 11
SFP ports 10, 11
USB ports 10, 11
XFP ports 11
L
LEDs
functions and states 19
interpreting 18
P
physical specifications 21
power
connecting 16
powering the device 16
specifications 22
power supplies, replacing 17
R
rack mounting
instructions 14
safety guidelines 14
replacing power supplies 17
S
specifications
electrical 22
environmental 23
interface 22
physical 21
T
typographical conventions 6
I
installation
before you begin 13
connecting cables 15, 16
connecting power 16
rack mounting 14
interface specifications 22
interfaces
back panel 12
front panel 10, 11
27 • Index Palo Alto Networks
V
VCCI 25
28 • Index Palo Alto Networks
Loading...