[shortdesc] ML-powered NGFW, 1RU rack-mountable, 2.8 Gbps firewall, 1.8 Gbps threat prevention, 1.5 Gbps IPsec VPN, 8× 1G RJ45 [/shortdesc]
[properties]
| Model |
Palo Alto Networks PA-520 |
| Product Type |
Next-Generation Firewall (Security Appliance |
| Firewall Throughput (appmix |
2.8 Gbps |
| Threat Prevention Throughput (appmix |
1.8 Gbps |
| IPsec VPN Throughput |
1.5 Gbps |
| Max Concurrent Sessions |
148,000 |
| New Sessions per Second |
25,000 |
| Virtual Systems (base / max |
1/2 |
| I/O (Data |
8 × 1G RJ45 |
| Management I/O |
1 × 10/100/1000 (OOB mgmt, 1 × USB, 1 × RJ45 console, 1 × USB-C console |
| Storage Capacity |
120 GB |
| Trusted Platform Module |
Integrated TPM (secure boot, hardware root of trust |
| Max Power Consumption |
30 W |
| Input Voltage / Frequency |
100–240 VAC, 50–60 Hz |
| Max Heat (BTU/hr |
102 |
| Dimensions (H × D × W |
1.74 in × 10.4 in × 8.0 in (43.9 mm × 265 mm × 203 mm |
| Weight |
5.8 lb (Standalone Device |
| Operating Temperature |
32 °F to 104 °F (0 °C to 40 °C |
| Nonoperating Temperature |
−4 °F to 158 °F (−20 °C to 70 °C |
| Cooling |
Passive |
| EMI |
FCC Class A, CE Class A, VCCI Class A |
| Safety |
cTUVus, CB |
| Form Factor |
1RU, rack-mountable |
[/properties]
[specifications]
| Interface Modes |
L2, L3, Tap, Virtual Wire (transparent |
| Routing |
OSPFv2/v3, MP-BGP, RIP, Static; Policy-based forwarding |
| SD-WAN |
Path quality measurement (jitter, loss, latency, bandwidth monitoring |
| IPv6 Features |
Dual-stack & IPv6-only; IPv6 inspection; OSPFv3, MP-BGP; NAT64, NPTv6; DHCPv6 PD; SLAAC server |
| VPN (IPsec / SSL |
IKEv1/v2 (PSK & cert, Manual key; Encryption 3DES, AES-128/192/256; Auth MD5, SHA-1/256/384/512 |
| VLANs & LAG |
802.1Q (4094 per device / 4094 per interface; 802.3ad, LACP |
| Decryption / TLS Support |
Inbound & outbound SSL/TLS decryption; SSLv3, TLS 1.1/1.2/1.3; classic RSA/ECDHE/DHE and PQC key exchanges (ML-KEM, HQC |
| AI/Management |
Strata™ Cloud Manager; Zero Touch Provisioning (ZTP; single-pass architecture |
| Security Services (Platform |
Advanced Threat Prevention, Advanced WildFire®, Advanced URL Filtering, Advanced DNS Security, Device/SaaS/AI Access Security (service-dependent |
| Storage / Logging |
Onboard SSD 120 GB |
| Compliance/Certs |
See vendor compliance list (EMI/Safety as above |
[/specifications]
[accesories]
| Power Adapters |
PAN-PWR-150W-12V-AC-A - 150W spare AC power adapter (compatible with PA-520 |
| Rack Mounts |
PAN-1RU-4POST-RACK-11 - 1RU 4-post rack (supports two PA-520 units & four adapters |
[/accesories]
Advanced Security for Distributed Enterprises
The Palo Alto Networks PA-520 is part of the next-generation PA-500 Series, purpose-built for distributed enterprise branches and midsize organizations that require high-performance security in a compact, rack-mountable form. Powered by Precision AI® and PAN-OS® 12.1, the PA-520 delivers a proven 2.8 Gbps firewall throughput and 1.8 Gbps threat prevention, blending machine learning with deep Layer 7 visibility. Designed for zero-touch deployment and centralized management via Strata™ Cloud Manager, it gives network teams complete control with minimal complexity.
Key Benefits & Features
Engineered with Palo Alto’s single-pass architecture and inline ML-driven analysis, the PA-520 protects against advanced threats while maintaining predictable performance even with full security services enabled.
AI-Driven Threat Prevention
With Precision AI®, the PA-520 analyzes and prevents threats in real time, blocking zero-day malware, ransomware, and phishing attacks before they reach users. Inline ML and Advanced WildFire® deliver proactive defense across all traffic.
Cloud-Managed Simplicity
Through Strata Cloud Manager, the PA-520 provides unified visibility and lifecycle management across firewalls, SASE, and SD-WAN environments. Built-in analytics help detect and resolve policy gaps, latency issues, and vulnerabilities rapidly.
High-Performance Single-Pass Architecture
The single-pass architecture processes networking, policy lookup, and threat inspection in one flow, reducing latency and ensuring predictable throughput even under heavy load. This approach enables consistent App-ID™ and User-ID™ enforcement across all traffic.
Quantum-Ready Encryption Support
The PA-520 supports post-quantum cryptography (PQC options for decryption and VPN, helping future-proof data in transit as cryptographic standards evolve.
Ideal Use Cases
-
Enterprise branch offices needing high-throughput NGFW protection in a compact form factor.
-
Retail and healthcare sites requiring quiet, energy-efficient security devices (Passive Cooling.
-
Service providers and managed networks that depend on centralized cloud management.
-
Organizations pursuing Zero Trust with user- and application-aware security policies.
Technical Specifications
-
Firewall Throughput (AppMix: 2.8 Gbps
-
Threat Prevention Throughput: 1.8 Gbps
-
IPsec VPN Throughput: 1.5 Gbps
-
Max Concurrent Sessions: 148,000
-
New Sessions per Second: 25,000
-
Interfaces: 8 × 1 GbE RJ-45, 1 × Mgmt RJ-45, USB-C console, USB
-
Storage: 120 GB SSD
-
Power Consumption: 30 W max
-
Cooling: Passive (fanless
-
Form Factor: 1U rack-mountable (1.74 in H × 10.4 in D × 8 in W
-
Operating Temperature: 32 °F – 104 °F (0 °C – 40 °C
-
Certifications: FCC Class A, CE Class A, VCCI Class A
Secure Your Branch with Confidence
Empower your network edge with AI-powered, cloud-managed defense. The Palo Alto Networks PA-520 delivers enterprise-class performance, Precision AI security, and simplified operations in one compact platform.
