IKE Peer and IPSec Tunnel Capacity Increases
The PA-7000 Series, PA-5000 Series, and PA-3000 Series firewalls now support more IKE peers and IPSec tunnels than in prior releases. The following table provides the capacities:
*The capacities shown for PA-7000 Series firewalls are per chassis, regardless of how many Network Processing Cards (NPCs) are installed in the chassis. If a PA-7000 Series firewall uses only PA-7000-20GXM-NPC or PA-7000-20GQXM-NPC cards in the chassis, the higher capacities apply; otherwise, the lower capacities for the chassis apply.
Use the CLI operational command show vpn ipsec-sa summary to view summary information about IPSec tunnels.
For better throughput and faster commit times, distribute the total number of IKE peers and IPSec tunnels among multiple interfaces.
Networking Features New Networking Features Description Tunnel Content Inspection The firewall can now inspect the traffic content of cleartext tunnel protocols: Generic Routing Encapsulation (GRE) ...
LACP and LLDP Pre-Negotiation for Active/Passive HA
LACP and LLDP Pre-Negotiation for Active/Passive HA If a firewall uses LACP or LLDP, negotiation of those protocols upon failover prevents sub-second failover. However, you ...
Platform Support and Licensing for Virtual Systems
Platform Support and Licensing for Virtual Systems Virtual systems are supported on the PA-3000 Series, PA-5000 Series, PA-5200 Series, and PA-7000 Series firewalls. Each firewall ...
Set Up Site-to-Site VPN
Set Up Site-to-Site VPN To set up site-to-site VPN: Make sure that your Ethernet interfaces, virtual routers, and zones are configured properly. For more information, ...
What Settings Don’t Sync in Active/Active HA?
What Settings Don’t Sync in Active/Active HA? You must configure the following settings on each firewall in an HA pair in an active/active deployment. These ...
Common Building Blocks for Firewall Interfaces
Common Building Blocks for Firewall Interfaces Select Network Interfaces to display and configure the components that are common to most interface types. For a description ...