PA-5000 Series
Hardware Reference Guide
11/30/10 Third/Final Review Draft - Palo Alto Networks
COMPANY CONFIDENTIAL
Palo Alto Networks, Inc.
www.paloaltonetworks.com
© 2014 Palo Alto Networks. All rights reserved.
Palo Alto Networks and PAN-OS are trademarks of Palo Alto Networks, Inc. All other trademarks are the property
of their respective owners.
Part number: 810-000056-00E
April 7, 2014 - Palo Alto Networks COMPANY CONFIDENTIAL
Table of Contents
Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
About This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Organization. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Typographical Conventions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Notes, Cautions, and Warnings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Related Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Obtaining More Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Chapter 1
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Front Panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Back Panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Chapter 2
Installing the Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Equipment Rack Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Connecting Cables to the Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Connecting Power . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Connecting a DC Power Supply . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Chapter 3
Maintaining the Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Cautions and Warnings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Replacing a Power Supply . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Replacing an AC Power Supply . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Replacing a DC Power Supply . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Replacing a Hard Disk or Solid State Drive . . . . . . . . . . . . . . . . . . . . . . . . . 24
Choosing System Options for the Drive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Replacing the Fan Tray and Air Filter. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Replacing the Air Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Interpreting the Device LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
11
15
21
Palo Alto Networks Table of Contents • 5
Interpreting the Port LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Chapter 4
Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Physical Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Interface Specifications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Electrical Specifications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Environmental Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
31
Chapter 5
Compliance Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
NEBS Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
VCCI Statement. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
BSMI EMC Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
35
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
6 • Table of Contents Palo Alto Networks
April 7, 2014 - Palo Alto Networks COMPANY CONFIDENTIAL
Preface
This preface contains the following sections:
• “About This Guide” in the next section
• “Organization” on page 7
• “Typographical Conventions” on page 8
• “Notes, Cautions, and Warnings” on page 8
• “Related Documentation” on page 9
• “Obtaining More Information” on page 9
• “T echnical Support” on page 9
About This Guide
This guide describes the PA-5000 Series firewall hardware, provides instructions on installing the
hardware and performing maintenance procedures, and provides product specifications. This guide is
intended for system administrators responsible for installing and maintaining the PA-5000 Series.
All PA-5000 Series run PAN-OS, a purpose-built operating system with extensive functionality. Please
refer to the PAN-OS Command Line Interface Reference Guide and Palo Alto Networks Administrator’s
Guide for information on using PAN-OS.
Organization
This guide is organized as follows:
• Chapter 1, “Overview”—Describes the features of the front and back panel of the
PA-5000 Series.
• Chapter 2, “Installing the Hardware”—Describes how to install the PA-5000 Series hardware.
• Chapter 3, “Maintaining the Hardware”—Describes how to replace power supplies, fan tray, and
air filter. This chapter also describes how to interpret the device and port LEDs.
• Chapter 4, “Specifications”—Provides specifications for the PA-5000 Series.
• Chapter 5, “Compliance Statement”—Presents the compliance statement for the Voluntary Control
Council for Interference by Information Technology Equipment (VCCI).
Palo Alto Networks Preface • 7
Typographical Conventions
Typographical Conventions
This guide uses the following typographical conventions for special terms and instructions.
Convention Meaning Example
boldface Names of commands,
keywords, and
selectable items in the
web interface
italics Name of variables,
files, configuration
elements, directories,
or Uniform Resource
Locators (URLs)
courier
font
courier
bold font
Command syntax, code
examples, and screen
output
Text that you enter at
the command prompt
Use the configure command to enter Configuration mode.
The address of the Palo Alto Networks home page is
http://www.paloaltonetworks.com.
element2 is a required variable for the move command.
The show ntp command yields this output:
admin@PA-HDF> show ntp
NTP state:
NTP synched to 10.44.2.10
NTP server 10.43.2.10 connected: True
NTP server 10.44.2.10 connected: True
Enter the following command to exit from the current PAN-OS
CLI level:
# exit
Notes, Cautions, and Warnings
This guide uses the following symbols for notes, cautions, and warnings.
Symbol Description
NOTE
Indicates helpful suggestions or supplementary information.
CAUTION
Indicates information about which the reader should be careful to avoid data loss or
equipment failure.
WARNING
Indicates potential danger that could involve bodily injury.
8 • Preface Palo Alto Networks
Related Documentation
The following additional documentation is provided with the firewall:
• PA-5000 Series Quick Start
• Palo Alto Networks License and Warranty
You can find other related documentation in the Technical Documentation section at
http://support.paloaltonetworks.com.
Obtaining More Information
To obtain more information about the PA-5000 Series:
• Palo Alto Networks website—Go to http://www.paloaltonetworks.com.
• Online help—Click Help in the upper right corner of the GUI to access the online help system.
Related Documentation
Technical Support
For technical support, use the following methods:
• Go to the KnowledgePoint online support community at http://live.paloaltonetworks.com
• Go to http://support.paloaltonetworks.com.
• Call 1-866-898-9087 (U.S, Canada, and Mexico), +1.408.738.7799 (outside North America)
• Email us at: support@paloaltonetworks.com.
Palo Alto Networks Preface • 9
Technical Support
10 • Preface Palo Alto Networks
April 7, 2014 - Palo Alto Networks COMPANY CONFIDENTIAL
Chapter 1
Overview
This chapter describes the features of the front and back panel of the PA-5000 Series firewall. For more
information, refer to the following topics:
• “Front Panel” on page 12
• “Back Panel” on page 14
Palo Alto Networks Overview • 11
Front Panel
1357
2468
911
10 12
13 15 17 19
14 16 18 20
21 23
22 24
HA2
PWR
STS
HA
TEMP
ALARM
FANS
PWR 1
PWR 2
HA1MGT CONSOLE
USB
PA-5060
Ethernet
ports
Management
console port
Management
port
SFP
ports
HA
port 2
HA
port 1
LEDs
USB
ports
SFP+
ports
Front Panel
Figure 1 shows the front panel of the PA-5060 and PA-505 0 and Table 1 descri bes the front panel
features.
Figure 1. PA-5060 and PA-5050 Front Panel
Table 1. PA-5060 and PA-5050 Front Panel Features
Item Description
Ethernet ports 12 RJ-45 10/100/1000 ports for network traffic.
SFP ports Eight Small Form-Factor Pluggable (SFP) ports for network traffic.
SFP+ ports Four SFP+ ports for network traffic.
Management port One RJ-45 port to access the device management interfaces through an
Ethernet interface.
Management console port One RJ-45 port for connecting a serial console.
High-availability (HA) ports Two RJ-45 ports for high-availability (HA) control and synchronization.
USB ports Two USB ports for future use.
LED dashboard Eight LEDs indicating system status. Refer to “Interpreting the Device
LEDs” on page 28 for LED definitions.
12 • Overview Palo Alto Networks
Front Panel
1357
2468
911
10 12
13 15 17 19
14 16 18 20
HA2
PWR
STS
HA
TEMP
ALARM
FANS
PWR 1
PWR 2
HA1MGT CONSOLE
USB
PA-5060
Ethernet
ports
Management
console port
Management
port
SFP
ports
HA
port 2
HA
port 1
LEDs
USB
ports
Figure 2 shows the front panel of the PA-5020 Series and Table 2 describes the front panel features.
Figure 2. PA-5020 Front Panel
Table 2. PA-5020 Front Panel Features
Item Description
Ethernet ports 12 RJ-45 10/100/1000 ports for network traffic.
SFP ports Eight Small Form-Factor Pluggable (SFP) ports for network traffic.
Management ports One RJ-45 port to access the device management interfaces through an
Ethernet interface.
Management console port One RJ-45 port for connecting a serial console.
High-availability (HA) ports Two RJ-45 ports for high-availability (HA) control and synchronization.
USB ports Two USB ports for future use.
LED dashboard Eight LEDs indicating system status. Refer to “Interpreting the Device
LEDs” on page 28 for LED definitions.
Palo Alto Networks Overview • 13
Back Panel
Power
supplies
Hard drive bayFan tray
Back Panel
Figure 3 shows the back panel of the PA-5000 Series and Table 3 describes the back panel features.
Figure 3. Back Panel
Table 3. Back Panel Features
Item Description
Power supplies 2 redundant, hot-swappable power supplies.
Fan tray Removable fan tray and filter.
Hard disk drive bay Hard drive bay for 2 x 2.5-inch hard disk drives.
The PA-5000 Series does not have a power button. The device is powered by plugging power cords into
the power supplies. Refer to “Replacing a Power Supply” on page 21 for instructions on replacing the
power supplies.
14 • Overview Palo Alto Networks
April 7, 2014 - Palo Alto Networks COMPANY CONFIDENTIAL
Chapter 2
Installing the Hardware
This chapter describes how to install the PA-5000 Series firewall. For more information, refer to the
following topics:
• “Before You Begin” in the next section
• “Equipment Rack Installation” on page 16
• “Connecting Cables to the Device” on page 17
• “Connecting Power” on page 19
Before You Begin
• It is recommended that two people be available to mount the PA-5000 Series in a 19-inch rack.
• Have a Phillips head screwdriver available.
• Verify that the intended location has adequate air circulation and meets the temperature
requirements. Refer to
• Allow clear space on both sides of the device.
• Unpack the device.
• Verify that power is not connected to the device.
“Environmental Specifications” on page 33.
Palo Alto Networks Installing the Hardware • 15
Equipment Rack Installation
1 3 5 7 9 11
2 4 6 8 10 12
13 15 17 19
21 23
14 16 18 20
22 24
Equipment Rack Installation
CAUTION: Equipment may be affected by electrostatic discharge. ESD reduction
procedures (wearing a wrist strap) shall be implemented during the installation and
maintenance of equipment.
CAUTION: Shielded interface cables which are grounded shall be used to ensure
agency compliance with electromagnetic emissions (EMC).
WARNING: Laser radiation exposure should be avoided. Cover any unused fiber
optical ports. Do not look directly at exposed fiber optical transmitters or cables.
Figure 4 illustrates how rack mounting brackets are attached to the PA-5000 Series. You can attach the
brackets using the holes at the front or the midpoint of the unit.
Figure 4. Attaching Rack Mounting Brackets
The following safety guidelines apply to rack installation:
• Elevated ambient operating temperature—If the PA-5000 Series is installed in a closed or
multi-unit rack assembly, the ambient operating temperature of the rack environment may be
greater than the ambient room temperature. Verify that the ambient temperature of the rack
assembly meets the maximum rated ambient temperature requirements listed in
Specifications” on page 33.
• Reduced air flow—Ensure that the airflow required for safe device operation is not compromised
by the rack installation.
• Mechanical loading—Ensure that the rack-mounted device does not cause hazardous conditions
due to uneven mechanical loading.
16 • Installing the Hardware Palo Alto Networks
“Environmental
• Circuit overloading—Ensure that the circuit that supplies power to the device is sufficiently rated
1 3 5 7 9 11 13 15 17 19 21 23
2 4 6 8 10 12 14 16 18 20 22 24
USB
SFP
HA2
HA1
Console
Management
Network
to avoid circuit overloading or excess load on supply wiring. Refer to
on page 32.
• Reliable earthing—Maintain reliable earthing of rack mounted equipment. Pay special attention
to supply connections other than direct connections to the branch circuit (such as use of power
strips).
To install the PA-5000 Series in a grounded 19-inch rack:
1. Screw the rack mounting brackets onto the front or midpoint of the unit using a Phillips head
screwdriver.
2. Lift the device and position it in the rack. It is recommended that two people perform this function.
3. Align the mounting holes on the side of the device with holes in the rack rail. Make sure that rack
rail holes are selected so that the PA-5000 Series is level.
4. Insert mounting screws into the aligned holes. Tighten with a Phillips head screwdriver.
Connecting Cables to the Device
Connecting Cables to the Device
“Electrical Specifications”
Figure 5 shows the cable connections of the PA-5060 and PA-5050. Refer to Table 1 for descriptions of
the front panel interfaces.
Figure 5. Cable Connections for the PA-5060 and PA-5050
Palo Alto Networks Installing the Hardware • 17
Connecting Cables to the Device
1 3 5 7 9 11 13 15 17 19
2 4 6 8 10 12 14 16 18 20
USB
SFP
HA2
HA1
Console
Management
Network
Figure 6 shows the cable connections of the PA-5020. Refer to Table 2 for descriptions of the front
panel interfaces.
Figure 6. Cable Connections for the PA-5020
LASER PRODUCT WARNING:
PRODUCT COMPLIES WITH FDA RULE 21 CFR SUBCHAPTER J IN EFFECT AT DATE OF
MANUFACTURE
CLASS 1: (Cl. 5.2 of IEC 60825-1)
CLASS 1 LASER PRODUCT
18 • Installing the Hardware Palo Alto Networks
Connecting Power
Figure 7 shows the AC power connections for the PA-5000 Series.
Figure 7. Power Connection for the PA-5000 Series
Connecting Power
To power up the PA-5000 Series, attach a power cable to each of the power supplies and plug each into
a grounded wall outlet. The device has no power switch and is automatically powered when one or more
power cables are connected to the device and to an AC power source.
Connecting a DC Power Supply
DC Power Safety
WARNING: You must shut off the electric current to the DC feed wires before
connecting or disconnecting the wires to the power supplies.
DC Power Safety
CAUTION: All devices with DC power supplies are intended for installation in
restricted access areas only. A restricted access area is where access can be gained
only by service personnel through the use of a special tool, lock and key, or other
means of security, and is controlled by the authority responsible for the location.
CAUTION: For the DC input circuit, make sure there is a 15 amp circuit
breaker, minimum 48Vdc, double pole, on the input to the power supply. The input
wiring for connection to the product should be Listed copper wire, 14 American
Wire Gauge (AWG), marked VW-1, and rated minimum 90 C.
CAUTION: For a DC system, use a grounding wire of at least 14 American Wire
Gauge (AWG). The 14 AWG wire should be attached to an agency-approved crimp
connector (Tyco 34120 or certified Lug), crimped with the proper crimping tool and
attached to the protective grounding lug, using a size #8-32 nut and a star washer
(supplied), on the chassis with the other end connected to the building ground.
Torque the nut to 15 in.-lbs. Do not over tighten.
Figure 8 shows the DC power connections for the PA-5000 Series.
Palo Alto Networks Installing the Hardware • 19
Connecting Power
Wind the power wires around the screws and tighten to secure. The -48VDC connection is on the left
and the 0VDC connection is on the right, as labeled when facing the power supply. Turn on the electric
current to the DC feed.
Figure 8. DC Power Supply - Attachment
Important notes on connecting the DC power supply
• This equipment is designed to permit the connection of the earthed conductor of the DC power
supply circuit to the earthing conductor at the equipment.
• If this connection is made, all of the following conditions must be met:
– This equipment shall be connected directly to the DC supply system earthin g electrode
conductor or to a bonding jumper from an earthing terminal bar or bus to which the DC supply
system earthing electrode conductor is connected.
– This equipment shall be located in the same immediate area (such as adjacent cabinets) as any
other equipment that has a connection between the earthed conductor of the same DC supply
circuit and the earthing conductor, and also the point of earthing of the DC system.
– The DC system shall not be earthed elsewhere.
– The DC supply source shall be located within the same premises as this equipment.
– Switching or disconnecting devices shall not be in the earthed circuit conductor between the DC
source and the point of connection of the earthing electrode conductor.
20 • Installing the Hardware Palo Alto Networks
April 7, 2014 - Palo Alto Networks COMPANY CONFIDENTIAL
Chapter 3
Maintaining the Hardware
This chapter describes how to replace power supplies, interpret LEDs, and troubleshoot hardware
problems. For more information, refer to the following topics:
• “Cautions and Warnings” in the next section
• “Replacing a Power Supply” on page 21
• “Replacing a Hard Disk or Solid State Drive” on page 24
• “Replacing the Fan Tray and Air Filter” on page 26
• “Interpreting the Device LEDs” on page 28
• “Interpreting the Port LEDs” on page 30
Cautions and Warnings
WARNING: To reduce the risk of electric shock, disconnect all power supply cords
before servicing the system (the system might have more than one).
WARNING: Risk of explosion if battery is replaced by an incorrect type. Dispose of used
batteries according to the battery manufacturer’s instructions.
Replacing a Power Supply
The PA-5000 Series firewall has two hot-swappable AC or DC power supplies. Both power supplies
should be connected during normal operations. If the system detects a loss of power, either due to loss
of power connection, failure of the power supply, or incorrect input voltage being supplied, the power
supply LED located above the power plug will go off and the front panel PWR LED and ALARM LED
turn red. If enabled, an audible alert will be sound until both power supplies are operational. The audible
alert is disabled by default and can be enabled by running set system setting power-
supply audible-alarm enable yes.
Palo Alto Networks Maintaining the Hardware • 21
Replacing a Power Supply
Replacing an AC Power Supply
To replace the AC PWR1 or PWR2 power supply:
1. While the PA-5000 Series is running, unplug the power cord from the power supply that you need
to replace.
2. Push the lever to the right and use the handle to slide the power supply out of the device, as shown
in
Figure 9.
3. Slide a replacement power supply into the device.
4. Connect the power cable to the power supply and to an AC power source.
Note: If enabled, an audible alert will be sound until two power supplies are
installed and operational. The audible alert is disabled by default and can be
enabled by running set system setting power-supply audible-
alarm enable yes.
Figure 9. AC Power Supply Replacement
22 • Maintaining the Hardware Palo Alto Networks
Replacing a DC Power Supply
WARNING: You must shut off the electric current to the DC feed wires before
connecting or disconnecting the wires to the power supplies.
To replace the DC PWR1 or PWR2 power supply:
1. While the P A-5000 Series is running, loosen the screws that secure the power wires and remove the
wires from the power supply that you need to replace, as shown in
Replacing a Power Supply
Figure 10.
Figure 10. DC Power Supply - Wire Removal and Attachment
2. Use the handle to slide the power supply out of the device, as shown in Figure 11.
3. Slide a replacement power supply into the device.
4. Wind the power wires around the screws and tighten to secure. The -48VDC connection is on the
left and the 0VDC connection is on the right, as labeled when facing the power supply.
5. Turn on the electric current to the DC feed.
Note: If enabled, an audible alert will be sound until two power supplies are
installed and operational. The audible alert is disabled by default and can be
enabled by running set system setting power-supply audible-
alarm enable yes.
Figure 11. DC Power Supply Replacement
Palo Alto Networks Maintaining the Hardware • 23
Replacing a Hard Disk or Solid State Drive
Replacing a Hard Disk or Solid State Drive
The PA-5000 Series firewall has a bay that contains two 2.5-inch Serial Advanced Technology
Attachment (SATA) hard disk drives or solid state drives (SSD). You must power down the firewall to
replace either of the drives.
To replace a drive:
1. Identify the failed drive using the system log. The drive LED indicates if a drive is failed, but does
not indicate which drive.
2. Power down the firewall.
3. Loosen the thumbnail screws for the disk drive bay using a flat or Phillips head screw driver, if
necessary.
Figure 12. Loosening the Thumbnail Screws for the Drive Bay
4. Remove the metal plate that covers the disk drive bay.
5. Push the button to the right of the drive to disengage the lever and release the drive.
Figure 13. Releasing a Drive
24 • Maintaining the Hardware Palo Alto Networks
Replacing a Hard Disk or Solid State Drive
6. Gently pull the lever open to partially eject the drive, and then slide the drive out from the
enclosure.
Figure 14. Removing a Drive
7. Slide the replacement drive in, label side up, gently pushing it in until the lever begins to clos e.
8. Gently close the lever until it clicks into place.
Figure 15. Replacing a Drive
9. Replace the metal plate and secure the thumb screws using a flat or Phillips head screw driver.
10. Power on the firewall.
Choosing System Options for the Drive
When the system boots, you are presented with the following options:
• Adding blank but identical drive
This is the expected case when a drive fails and a new drive is shipped. In this case, the part
numbers of the existing and new hard drives match and the new drive is completely blank. The
system powers up normally, the new drive is added to the RAID partition without any user
interaction, and background RAID syncing starts. Until the RAID sync is completed the alarm
LED is RED, indicating that there is a single point of failure in the system. When the RAID sync
completes, the alarm becomes GREEN. This process could take up to an hour or so with non SDD
drives.
Palo Alto Networks Maintaining the Hardware • 25
Replacing the Fan Tray and Air Filter
• Adding blank but different drive
In this scenario, the new drive is blank but has a different part number. This is the expected case
when migrating from standard to SSD drives. The system will start to boot, it will determine that
the drives are different, and then it will boot into maintenance mode with the reason “Drive model
mismatch.” You are then presented with the following options:
– Add the new drive to the array, ignoring the model mismatch. This is the expected case if hard
drive models are changed. In this case the drives will be compatible, but have different model
numbers. The drive will be added to the array and you will be given an option to reboot. Upon
reboot, the system behavior will be the same as if an identical drive was replaced.
– Migrate from one drive to the other. This will format the new drive to maximum capacity, copy
all contents from the old drive to the new drive, and add the new drive to the array. After the
migration process is completed, a message is displayed to power down the system, remove the
old drive, insert the new drive (if any), and power the system back on. If you are migrating from
a larger drive to a smaller drive, you are warned that all saved logs are removed because there is
no guaranteed that they will be fully copied.
• Adding old drive back into system
If two synced and running drives ever become unsynced, for example, because one drive was
removed for some time, the system will determine that two valid drives paired to the serial number
or the system are present and will boot into maintenance mode. In maintenance mode, you will be
required to select which drive is primary and then given the option to reboot. Upon rebooting, the
system will add the secondary drive to the primary drive’s RAID array and then the system
behavior will be the same as if an identical drive was replaced. Note that it may require one extra
automatic reboot to correctly set up the system (due to how automatic RAID selection works).
Replacing the Fan Tray and Air Filter
Note: You can replace the fan tray while the firewall is powered on; however, you
must replace it within 20 seconds, or the thermal protection circuit will
automatically shut down the firewall.
To replace the fan tray and air filter:
1. Identify the fan failure using the system log or fan LED.
2. Make sure the new fan tray is unpacked and ready to slide into the chassis.
26 • Maintaining the Hardware Palo Alto Networks
Replacing the Fan Tray and Air Filter
3. Loosen the thumbnail screws for the fan tray bay using a flat or Phillips head screw driver, if
necessary.
Figure 16. Loosening the Thumbnail Screws for the Fan Tray and Air Filter
4. Remove the metal plate that covers the fan tray.
5. Hold the fan tray handle and slide the tray out. The air filter slides out along with the fan tray.
Figure 17. Removing the Fan Tray and Air Filter
6. Slide the replacement fan tray in until it engages. You must slide the new tray in within 20 seconds
or the firewall will power down automatically.
7. Replace the metal plate and secure the thumb screws using a flat or Phillips head screw driver.
Palo Alto Networks Maintaining the Hardware • 27
Interpreting the Device LEDs
PWR
STS
HA
TEMP
ALARM
FAN S
PWR 1
PWR 2
Replacing the Air Filter
Inspect the air filter on a periodic basis. A dirty air filter restricts airflow in the unit, reducing the
ventilation and effective cooling of the system. To maintain optimum system operation, Palo Alto
Networks recommends that you replace the filter every 6 months. Discard used filters; do not attempt to
clean and reuse them. You can purchase replacement air filters from Palo Alto Networks or an
authorized reseller.
You can replace the air filter without replacing the full fan tray. It is not necessary to power down the
firewall to replace the air filter.
To replace the air filter.
1. Remove the fan tray metal cover, as described in “Replacing the Fan Tray and Air Filter” on
page 26.
2. Gently lift the plastic tab and slide the air filter out.
Figure 18. Removing the Air Filter
3. Slide the new filter in, making sure that the plastic tab on the new filter faces out with the screw
that secures the plastic tab at the top.
4. Replace the metal plate and secure the thumb screws, using a flat or Phillips head screw driver.
Interpreting the Device LEDs
Figure 19 shows the LED dashboard on the front panel of the P A-5000 Series, and Table 4 describes the
LED functions and states.
Figure 19. Front Panel LEDs
28 • Maintaining the Hardware Palo Alto Networks
Table 4. Functions and States of the LED Dashboard
LED State Description
Interpreting the Device LEDs
PWR
(POWER)
STS
(STATUS)
HA Green This device is the current active device.
TEMP Green The temperature is normal.
ALARM Red There is a hardware failure, which may include power supply detected
FANS Green All fans are operating normally.
PWR 1 Green The left power supply (facing the back of the firewall) is powered and
Green The device is powered.
Off Power is off.
Green The device is operating normally.
Yellow The device is booting up.
Yellow This device is the current passive device.
Off High availability (HA) is not enabled on this device.
Yellow The temperature is outside the normal tolerance.
but not working, fan failure, Hard drive failure, HA failover, or
temperature above high temperature threshold.
Off The device is operating normally.
Red One or more fans have failed.
active, or is not installed.
Red The left power supply (facing the back of the firewall) is detected but not
working.
The power supply also has an LED, which will go off if there is a failure.
PWR 2 Green The right power supply (facing the back of the firewall) is powered and
active, or is not installed.
Red The right power supply (facing the back of the firewall) is detected but
not working.
The power supply also has an LED, which will go off if there is a failure.
Palo Alto Networks Maintaining the Hardware • 29
Interpreting the Port LEDs
Interpreting the Port LEDs
Table 5 describes the LEDs for the PA-5000 Series Ethernet ports. Refer to Figure 1.
Table 5. Ethernet and SFP Port LEDs
LED Description
Left Shows green if there is a network link.
Right Blinks green if there is network activity.
Table 6 describes the LEDs for the PA-5060/PA-5050 Gigabit Small Form-Factor Pluggable (SFP+)
ports. Refer to Figure 2.
Table 6. SFP+ Port LEDs
LED Description
Left Shows green if there is a network link.
Right Blinks green if there is received (RX) network activity.
Table 7 describes the LEDs for the PA-5000 Series Management port. Refer to Figure 1 and Figure 2.
Table 7. PA-5000 Series Management and HA1 Port LEDs
LED Description
Left
Right
Shows solid amber if there is a network link and blinks amber if there is
network activity.
• Shows green if link is 100 Mbps
• Shows amber if link is 1 Gbps
• Shows the off state if link is 10 Mbps
30 • Maintaining the Hardware Palo Alto Networks
April 7, 2014 - Palo Alto Networks COMPANY CONFIDENTIAL
Chapter 4
Specifications
This chapter provides specifications for the PA-5000 Series firewall. For more information, refer to the
following topics:
• “Physical Specifications” in the next section
• “Interface Specifications” on page 32
• “Electrical Specifications” on page 32
• “Environmental Specifications” on page 33
Physical Specifications
Table 8 lists physical specifications for the PA-5000 Series.
Table 8. Physical Specifications
Specification Description
Height 3.5 inches (2 RU).
Depth 20.5 inches.
Width 17.5 inches.
Weight 41 lb (Shipping weight 55 lb)
Mounting Standard 19-inch rack.
Power supplies Two self-contained hot-swappable.
Palo Alto Networks Specifications • 31
Interface Specifications
Interface Specifications
Table 9 lists the interfaces for the PA-5000 Series.
Table 9. Interface Specifications
Specification Description
Ethernet ports 12 RJ-45 10/100/1000 ports for network traffic.
SFP ports Eight Small Form-Factor Pluggable (SFP) ports for network traffic.
SFP+ ports PA-5060/PA-5050 only: Four 10 Gigabit Small Form-Factor Pluggable
Management ports One RJ-45 port to access the device CLI through an Ethernet interface.
Management console port One RJ-45 port for connecting a serial console. Use these settings:
(SFP+) ports for network traffic.
– Data rate: 9600
– Data bits: 8
– Parity: none
– Stop bits: 1
– Flow control: None
High-availability (HA) port Two RJ-45 ports for high-availability control and synchronization.
USB ports Two USB ports for future use.
Electrical Specifications
Table 10 lists electrical specifications for the PA-5000 Series.
Table 10. Electrical Specifications
Specification Description
Maximum internal power dissipation 450W.
AC voltage 100-240 VAC, 8-4A, 50-60 Hz.
DC voltage -40 to -72 VDC, 15A.
32 • Specifications Palo Alto Networks
Environmental Specifications
Table 11 lists environmental specifications for the PA-5000 Series.
Table 11. Environmental Specifications
Specification Description
Operating temperature range 0° to 40° C.
Storage temperature range -20° to 70° C.
Humidity 5% to 90% non-condensing.
System air flow Side to side.
Environmental Specifications
Palo Alto Networks Specifications • 33
Environmental Specifications
34 • Specifications Palo Alto Networks
April 7, 2014 - Palo Alto Networks COMPANY CONFIDENTIAL
Chapter 5
Compliance Statement
NEBS Requirements
This section describes the Network Equipment Building System (NEBS) requirements for the PA-5000
Series.
• The PA-5000 Series is intended to be installed in a Network Telecommunication Facilities (Central
Office) as part of a Common Bonding Network (CNB).
• The battery return (BR) input terminals are considered to be an Isolated DC return (DC-1).
• Bare conductors must be coated with an appropriate antioxidant compound before crimp
connections are made. All un-plated connectors, braided strap, and buss bars must be brought to a
bright finish and then coated with an antioxidant before they are connected.
• Fastening hardware shall be compatible with he materials being joined ad shall preclude loosening,
deterioration, and electrochemical corrosion of the hardware and the joined materials.
WARNING: The intra-building ports of this equipment or subassembly is suitable for
connection to intra-building or unexposed wiring or cabling only. The intra-building ports
of equipment or subassembly must not be metallically connected to interface that connect
to the OSP or it’s wiring. These interfaces are designed for use as intra-building interfaces
only (Type 2 or 4 ports as described in GR-1089-CORE, issue 5) and require isolation
from the exposed OSP cabling. The addition of primary protectors is not sufficient
protection in order to connect these interfaces metallically to OSP wiring. INtra-building
cabling must be shielded and grounded at both ends.
Palo Alto Networks Compliance Statement • 35
VCCI Statement
VCCI Statement
This section provides the compliance statement for the Voluntary Control Council for Interference by
Information Technology Equipment (V CCI), which governs radio frequency emissions in Japan.
The following information is in accordance to VCCI Class A requirements
Translation: This is a Class A product. In a domestic environment this product may cause radio
interference, in which case the user may be required to take corrective actions.
BSMI EMC Statement
User warning: This is a Class A product, when used in a residential environment it may cause radio
interference. In this case, the user will be required to take adequate measures.
Manufacturer: Flextronics International
Country of Origin: Made in the USA with parts of domestic and foreign origin.
Input Frequency: 50-60 Hertz (Hz)
Input Voltage (AC): 100 to 240 Volts
BSMI EMC 聲明
警告使用者 :
這是甲類的資訊產品 , 在居住的環境中使用時 , 可能會造成射頻干擾 ,
在這種情況下 , 使用者會被要求採取某些適當的對策
製造商:偉創力國際
原產地:美國 / 部份零組件產地為美國及其它國家。
輸入頻率:50-60 赫茲(Hz)
輸入電壓(AC):100 〜 240 伏特
36 • Compliance Statement Palo Alto Networks
April 7, 2014 - Palo Alto Networks COMPANY CONFIDENTIAL
Index
A
air filter, replacing 28
B
back panel
fan tray 14
hard disk drive bay 14
interfaces 14
overview 14
power supplies 14
C
compliance statements 36
connecting cables 17, 18
conventions, typographical 8
E
electrical specifications 32
environmental specifications 33
F
fan tray and filter, replacing 26
filter, repl aci ng 28
front panel
Ethernet ports 12, 13
high-availability (HA) ports 12, 13
interfaces 12, 13
LED dashboard 12, 13
management console port 12, 13
management ports 12, 13
overview 12, 13
SFP ports 12, 13
SFP+ ports 12
USB ports 12, 13
H
hard disk drive bay 24
hard disk drive, replacing 24
connecting cables 17, 18
connecting power 19
rack mounting 16
interface specifications 32
interfaces
back panel 14
front panel 12, 13
L
LEDs
functions and states 29
interpreting 28
N
NEBS Requirements 35
P
physical specifications 31
power
connecting 19
powering the device 19
specifications 32
power supplies, replacing 21
R
rack mounting
instructions 16
safety guidelines 16
replacing
fan tray and filter 26
hard disk drive 24
power supplies 21
S
specifications
electrical 32
environmental 33
interface 32
physical 31
I
installation
before you begin 15
37 • Index Palo Alto Networks
T
typographical conventions 8
V
VCCI 36
38 • Index Palo Alto Networks
Loading...