PaloAlto Networks PA-5200 Seriesp Hardware Reference Manual Download Page 37

Page: 37 / 60

Service the PA-5200 Series Firewall

Replace a Drive on a PA-5200 Series Firewall

The PA-5200 Series ﬁrewalls have two solid-state drives (SSDs) used for system ﬁles and system

logs and two hard-disk drives (HDDs) used for network traﬃc log storage. Each drive pair is in a

RAID 1 array so that if a drive fails, you can replace the failed drive (using the same model drive)

without service interrupon. The system drives are labeled SYS 1 and SYS 2 and the log drives are

labeled LOG 1 and LOG 2.

When ordering a replacement drive from Palo Alto Networks or your reseller, you receive

two drives. This ensures that if the replacement drive is not the same model as the failed

drive, you can install two new matching drives. If the replacement drive model is the same

as the failed drive, you need only replace one failed drive and can store the second drive

as a spare. For ﬁrewalls in an HA pair, there is no requirement that the drive sizes match

between the paired systems.

The procedures to replace a system drive (SSD) and a log drive (HDD) are diﬀerent.
•

Replace a Log Drive on a PA-5200 Series Firewall

•

Replace a System Drive on a PA-5200 Series Firewall

Replace a Log Drive on a PA-5200 Series Firewall

The following procedure describes how to replace a failed log drive. There are two scenarios: one

where the replacement drive is the same model as the failed drive and one where the replacement

drive is not the same model.

In a high availability (HA) conﬁguraon, if one log drive fails (or if both log drives fail) in the

acve ﬁrewall, the ﬁrewall enters the non-funconal HA state and fails over. If the ﬁrewall

is not in an HA conﬁguraon and one log drive fails, the ﬁrewall connues to operate. If

both log drives fail in a non-HA conﬁguraon, the ﬁrewall connues to operate but it does

not log network traﬃc and you cannot commit the conﬁguraon unl there is at least one

funconing log drive.

Depending on the size of the drive, it may take several hours for the new disk to be

formaed and synced.

STEP 1 |

Idenfy the failed drive and determine the drive model by running the following operaonal

command to view the

status

and

model

ﬁelds:

admin@PA-5020>

show system raid detail

The following output shows that the

Log1

drive failed and that the model number of that drive

ST2000NX0253

. The system log also shows an error that indicates which drive failed (Log1

or Log2).

Disk Pair Log Available

Status clean, degraded

PA-5200 Series Next-Gen Firewall Hardware Reference

2021 Palo Alto Networks, Inc.

Summary of Contents for PA-5200 Seriesp

Page 1: ...PA 5200 Series Next Gen Firewall Hardware Reference docs paloaltonetworks com...

Page 2: ...tworks com search html Have feedback or ques ons for us Leave a comment on any page in the portal or write to us at documenta on paloaltonetworks com Copyright Palo Alto Networks Inc www paloaltonetwo...

Page 3: ...200 Series Firewall 28 Replace the Air Intake Filters on a PA 5200 Series Firewall 31 Replace a Fan Tray on a PA 5200 Series Firewall 33 Replace a Power Supply on a PA 5200 Series Firewall 34 Replace...

Page 4: ...Table of Contents PA 5200 Series Next Gen Firewall Hardware Reference 4 2021 Palo Alto Networks Inc...

Page 5: ...to Networks next genera on rewall or appliance The following topics apply to all Palo Alto Networks rewalls and appliances except where noted Upgrade Downgrade Considera ons for Firewalls and Applianc...

Page 6: ...terface for the Data Services service route n a Upgrading a PA 7000 Series Firewall with a rst genera on switch management card PA 7050 SMC or PA 7080 SMC PAN OS 8 0 and later Before upgrading the rew...

Page 7: ...ct matches the tracking number that is physically labeled on the box or crate The integrity of the tamper proof tape used to seal the box or crate is not compromised The integrity of the warranty labe...

Page 8: ...arty Component Support Before you consider installing third party hardware read the Palo Alto Networks Third Party Component Support statement PA 5200 Series Next Gen Firewall Hardware Reference 8 202...

Page 9: ...grounded and shielded Ethernet cables to ensure agency compliance with electromagne c compliance EMC regula ons French Transla on Des c bles Ethernet blind s reli s la terre doivent tre u lis s pour...

Page 10: ...ng the en re fan tray This allows the fans to stop spinning and helps you avoid serious injury when removing the fan tray You can replace a fan tray while the rewall is powered on but you must replac...

Page 11: ...le conducteur lectrode de mise la terre du syst me d alimenta on c c est raccord The rewall must be in the same immediate area such as adjacent cabinets as any other equipment that has a connec on bet...

Page 12: ...qu dans la proc dure d installa on de votre pare feu pare feu The rewall permits the connec on of the earthed conductor of the DC supply circuit to the earthing conductor at the equipment as described...

Page 13: ...rity features to help you secure your organiza on through advanced visibility and control of applica ons users and content First Supported PAN OS So ware Release PAN OS 8 0 PA 5220 PA 5250 and PA 5260...

Page 14: ...n the installed transceiver 3 QSFP ports 21 through 24 These ports vary depending on your rewall model PA 5220 rewall Four 40Gbps QSFP ports as de ned by the IEEE 802 3ba standard PA 5250 PA 5260 and...

Page 15: ...that are physically located near each other Palo Alto Networks recommends that you use a 40Gbps QSFP Ac ve Op cal Cable AOC When directly connec ng two PA 5250 PA 5260 or PA 5280 rewalls use either a...

Page 16: ...t Use this port to bootstrap the rewall Bootstrapping enables you to provision the rewall with a speci c PAN OS con gura on and then license it and make it opera onal on your network 9 MGT port Use th...

Page 17: ...nd LOG 2 drives Two hot swappable 2TB hard disk drives HDDs in a RAID 1 pair 2TBs total The drives are used to store network tra c logs 3 Exhaust fans trays Two fan trays that provide ven la on and co...

Page 18: ...PA 5200 Series Firewall Overview PA 5200 Series Next Gen Firewall Hardware Reference 18 2021 Palo Alto Networks Inc...

Page 19: ...on in a two post or four post 19 equipment rack If you install the rewall in a four post rack you can purchase and install the op onal four post rack kit to secure the rewall to the back rack posts fo...

Page 20: ...ws for each bracket and torque to 15 in lbs For a two post rack we recommend you install the front brackets in the mid mount posi on as shown You can also install the brackets in the front mount posi...

Page 21: ...each side of the rewall in the front mount posi on using nine 8 32 x 5 16 screws for each bracket and torque to 15 in lbs STEP 2 A ach one rack mount rail to each side of the rewall using four 8 32 x...

Page 22: ...les STEP 4 Slide one back rack mount bracket onto each of the two previously installed side rack mount rails and secure the brackets to the back rack posts using four screws for each bracket 10 32 x 3...

Page 23: ...rce depending on the type of power supplies installed in the rewall AC or DC For more details on power requirements and power consump on see PA 5200 Series Electrical Speci ca ons The power con gura o...

Page 24: ...lug to the ground studs on the rewall Replace the star washers and nuts and torque to 25 in lbs Connect the other end of the cable to earth ground STEP 3 Connect the AC power cord to power input 1 PWR...

Page 25: ...rewall Replace the star washers and nuts and torque to 25 in lbs Connect the other end of the cable to earth ground STEP 3 Power o the DC power source that you will connect to the rewall STEP 4 A ach...

Page 26: ...e plas c covers over each DC power input 5 Connect the two posi ve and two nega ve DC power cables to your power source ensuring that you observe the correct polarity posi ve to posi ve and nega ve to...

Page 27: ...LEDs and describes how to replace the serviceable components Interpret the LEDs on a PA 5200 Series Firewall Replace the Air Intake Filters on a PA 5200 Series Firewall Replace a Fan Tray on a PA 5200...

Page 28: ...High Availability Green The rewall is the ac ve peer in an ac ve passive con gura on Yellow The rewall is the passive peer in an ac ve passive con gura on O High availability HA is not opera onal on...

Page 29: ...n indicates a network link Blinking green indicates network ac vity Back Panel LEDs PWR 1 and PWR 2 Power While facing the back of the rewall power supply 1 PWR 1 is on the le and power supply 2 PWR 2...

Page 30: ...1 ra o The power supply is at high temperature OK Top AC LED Solid green The power supply is opera ng normally Blinking yellow The power input is present but the power supply is disabled by the system...

Page 31: ...n addi on to replacing them every six months or as needed you need to schedule regular inspec ons and ensure that the lters do not clog sooner than when they are due to be replaced Do not a empt to cl...

Page 32: ...ver cross bars You can install the lter with either side facing up STEP 4 Replace the top lter cover and lter and turn the two thumb screws clockwise to secure the cover to the rewall STEP 5 Repeat th...

Page 33: ...fan tray 1 Turn the two fan tray thumb screws counter clockwise un l the screws stop Earlier models will have four fan tray thumb screws rather than two The procedure for both setups is the same 2 Gr...

Page 34: ...n the hardware read the Product Safety Warnings STEP 1 Iden fy the failed power supply by viewing the power supply LED on the back of the rewall when there is a failure the FAIL LED turns solid yellow...

Page 35: ...s STEP 1 Iden fy the failed power supply by viewing the power supply LED on the back of the rewall when there is a failure the FAIL LED on the failed power supply turns solid yellow For more details o...

Page 36: ...the power supply STEP 6 Reconnect the posi ve and nega ve DC power cables to the new power supply using the DC terminal screws Make sure you establish the correct polarity posi ve to posi ve and nega...

Page 37: ...Replace a Log Drive on a PA 5200 Series Firewall The following procedure describes how to replace a failed log drive There are two scenarios one where the replacement drive is the same model as the fa...

Page 38: ...emove log1 STEP 3 Press the ejector bu on on the drive carrier to release the carrier handle and gently pull the handle toward you to remove the carrier and drive The illustra on shows how to remove a...

Page 39: ...6 Install the carrier with the replacement drive 1 Ensure that the drive carrier lever is in the open posi on if it is not press the ejector bu on on the drive carrier to release the lever and pull i...

Page 40: ...he array the force op on is not required This is because the system will recognize that a drive was missing and it will automa cally reformat the newly inserted drive and will add it to the array 2 Pe...

Page 41: ...ive before you con nue 2 Copy the data from the other drive in the RAID 1 array to the replacement drive In this example run the following command to copy the data from the Log2 drive to the Log1 driv...

Page 42: ...e 1907729 MB status active sync Disk id Log2 Present model ST2000NX0999 size 1907729 MB status active sync Replace a System Drive on a PA 5200 Series Firewall The following procedure describes how to...

Page 43: ...5220 show system raid detail Overall System Drives RAID status degraded Drive status Disk id Sys1 Present MICRON_M510DC_MT Disk id Sys2 Present MICRON_M510DC_MT Partition status panlogs clean degraded...

Page 44: ...an degraded Drive id Sys2 active sync sysroot1 clean degraded Drive id Sys2 active sync pancfg clean degraded Drive id Sys2 active sync panrepo clean degraded Drive id Sys2 active sync swap clean degr...

Page 45: ...e that the drive carrier lever is in the open posi on if it is not press the ejector bu on on the drive carrier to release the lever and pull it out un l it is fully open 2 Slide the replacement drive...

Page 46: ...2 Periodically view the RAID status un l you see that the Overall System Drives RAID status shows Good all par ons show clean and both drives show active sync To view RAID status run the following com...

Page 47: ...lly suspend the rewall that contains the failed drive 3 Reboot the rewall with the failed drive into the MRT by running the following command admin PA 5020 debug system maintenance mode 4 Press Enter...

Page 48: ...ally starts to con gure the new drive to mirror the other drive in the RAID 1 array 10 Periodically view the RAID status un l you see that the Overall System Drives RAID status shows Good all par ons...

Page 49: ...00 Series Firewall Drive id Sys1 active sync Drive id Sys2 active sync swap clean Drive id Sys1 active sync Drive id Sys2 active sync PA 5200 Series Next Gen Firewall Hardware Reference 49 2021 Palo A...

Page 50: ...Service the PA 5200 Series Firewall PA 5200 Series Next Gen Firewall Hardware Reference 50 2021 Palo Alto Networks Inc...

Page 51: ...rewall hardware speci ca ons For feature capacity and performance informa on refer to the PA 5200 Series rewall datasheet PA 5200 Series Physical Speci ca ons PA 5200 Series Electrical Speci ca ons P...

Page 52: ...ies models PA 5220 PA 5250 PA 5260 and PA 5280 rewalls Speci ca on Value Rack units and dimensions Rack units 3U Dimensions 5 25 H X 21 D X 17 25 W 13 33cm X 52 07cm X 43 81cm The depth dimension incl...

Page 53: ...undancy Input voltage AC power supplies 100 240VAC 50 60Hz DC power supplies 40 to 60VDC Power consump on AC or DC 870W Maximum current consump on AC power supplies 8 5A 100VAC 3 6A 240VAC DC power su...

Page 54: ...to 158 F 20 C to 70 C Humidity tolerance 5 to 90 non condensing Air ow Front to back Maximum BTUs hour 2 970 BTUs hour Electromagne c Interference EMI FCC Class A CE Class A VCCI Class A Acous c nois...

Page 55: ...rewall miscellaneous speci ca ons Speci ca on Value Mean me between failures MTBF 9 years Storage Capacity System le storage 240GB Two 240GB solid state drives SSDs in a RAID 1 pair Log storage 2TBs T...

Page 56: ...PA 5200 Series Firewall Speci ca ons PA 5200 Series Next Gen Firewall Hardware Reference 56 2021 Palo Alto Networks Inc...

Page 57: ...h the laws and regula ons in each country where there are requirements applicable to our products Our products meet standards for product safety and electromagne c compa bility when used for their int...

Page 58: ...stening hardware must be compa ble with the materials being joined and must preclude loosening deteriora on and electrochemical corrosion of the hardware and the joined materials The rewall is suitabl...

Page 59: ...d foreign origin CE European Union EU Electromagne c Compa bility Direc ve This device is herewith con rmed to comply with the requirements set out in the Council Direc ve on the Approxima on of the L...

Page 60: ...PA 5200 Series Firewall Compliance Statements Overview PA 5200 Series Next Gen Firewall Hardware Reference 60 2021 Palo Alto Networks Inc...

Search results

Summary of Contents for PA-5200 Seriesp

Reviews:

Related manuals for PA-5200 Seriesp

Brands by name

Popular brands

PaloAlto Networks PA-5200 Seriesp, Hardware Reference Manual

Search results

Summary of Contents for PA-5200 Seriesp

Reviews:

Related manuals for PA-5200 Seriesp

Brands by name

Popular brands