PaloAlto Networks PA-7000 Series Hardware Reference Manual Download Page 101

Page: 101 / 220

PA-7000 Series Firewall Installation

chassis status slot s3

If the cards are functioning properly, the status will show an output similar to the following:

Slot...Component........Card Status.....Config Status

3 .....PA-7000-20G-NPC .Up..............Success

STEP 5 |

Connect the network cables and the NPCs are ready to process network traffic.

Configure a Log Card Port on a PA-7000 Series Firewall

A log card port is required if you configure the firewall to forward logs to an external system or

if you configure a WildFire

™

forwarding profile. You configure the log card port on one available

port on a Network Processing Card (NPC) using the type Log Card. This is required because the

traffic processing and logging capabilities of a PA-7000 Series firewall exceeds the capabilities of

the management port, which is the port used for these services on other firewall models.

A log card port is not required if the firewall has a Log Forwarding Card (LFC) installed. See

PA-7000 Series Firewall Log Forwarding Card (LFC)

When configuring an LFC interface for HA, ensure that you configure different IP

addresses on the peers.

This special port is used by the firewall for the following log forwarding functions: syslog, emails

generated by the firewall, SNMP, WildFire file forwarding, and Panorama log forwarding. Log

forwarding to Panorama requires PAN-OS 8.0 or later. In PAN-OS 7.1 and earlier releases,

Panorama queries logs stored on the PA-7000 Series firewall.

You can set only one NPC port on the firewall to the type Log Card. If you enable log

forwarding and this port is not configured, a commit error occurs. Also ensure that this

port can reach the servers that will receive content from the firewall. For example, if you

configure a log forwarding profile for a syslog server, this port must be able to reach the

syslog server. As another example, if you enable WildFire file forwarding, the interface

must be able to reach the WildFire cloud server or if applicable, a private WF-500

appliance.

When selecting the NPC port to use as the log card port, you must use a 1 Gbps port

connection or higher to ensure that the firewall can maintain log forwarding rates.

STEP 1 |

Select

Network

Interfaces

and click the

Ethernet

tab.

STEP 2 |

Select the

Slot

and

Interface Name

. For example, to configure ethernet2/1, expand Slot 2

and click on ethernet2/1.

STEP 3 |

Select the

Interface Type

drop-down and select

Log Card

STEP 4 |

If multiple virtual systems are enabled, select the desired virtual system in the

Config

tab.

For details on the LPC and virtual systems, refer to

Configure a PA-7000 Series Firewall for

Logging Per Virtual System

PA-7000 Series Firewall Hardware Reference

101

2023 Palo Alto Networks, Inc.

Summary of Contents for PA-7000 Series

Page 1: ...PA 7000 Series Firewall Hardware Reference docs paloaltonetworks com ...

Page 2: ...altonetworks com search html Have feedback or questions for us Leave a comment on any page in the portal or write to us at documentation paloaltonetworks com Copyright Palo Alto Networks Inc www paloaltonetworks com 2018 2023 Palo Alto Networks Inc Palo Alto Networks is a registered trademark of Palo Alto Networks A list of our trademarks can be found at www paloaltonetworks com company trademarks...

Page 3: ...SMCs 34 PA 7000 Series Firewall SMC Component Descriptions 34 PA 7000 Series Firewall SMC B Component Descriptions 38 PA 7000 Series Firewall SMC B Requirements 41 Interpret the PA 7000 Series Firewall SMC LEDs 41 PA 7000 Series Firewall Log Cards 46 PA 7000 Series Firewall Log Processing Card LPC 46 PA 7000 Series Firewall Log Forwarding Card LFC 48 PA 7000 Series Firewall Network Processing Card...

Page 4: ...Power to a PA 7080 Firewall 116 View PA 7000 Series Firewall Power Statistics 119 Connect Cables to a PA 7000 Series Firewall 122 Verify the PA 7000 Series Firewall LPC and NPC Configuration 124 Verify the PA 7000 Series Firewall LPC Configuration 124 Verify the PA 7000 Series Firewall NPC Configuration 125 Install the PA 7080 Firewall EMI Filter 127 Service the PA 7000 Series Firewall Hardware 12...

Page 5: ... PA 7000 Series Firewall Physical Specifications 210 PA 7000 Series Firewall Electrical Specifications 213 PA 7000 Series Firewall Component Electrical Specifications 213 PA 7000 Series Firewall Power Cord Types 214 PA 7000 Series Firewall Environmental Specifications 216 PA 7000 Series Firewall Hardware Compliance Statements 217 PA 7000 Series Firewall Compliance Statements 218 PA 7000 Series Fir...

Page 6: ...Table of Contents PA 7000 Series Firewall Hardware Reference 6 2023 Palo Alto Networks Inc ...

Page 7: ... Networks next generation firewall or appliance The following topics apply to all Palo Alto Networks firewalls and appliances except where noted Upgrade Downgrade Considerations for Firewalls and Appliances Tamper Proof Statement Third Party Component Support Product Safety Warnings 7 ...

Page 8: ...e interface for the Data Services service route n a Upgrading a PA 7000 Series Firewall with a first generation switch management card PA 7050 SMC or PA 7080 SMC PAN OS 8 0 and later Before upgrading the firewall run the following CLI command to check the flash drive s status debug system disk smart info disk 1 If the value for attribute ID 232 Available_Reservd_Space 0x0000 is greater than 20 the...

Page 9: ...duct matches the tracking number that is physically labeled on the box or crate The integrity of the tamper proof tape used to seal the box or crate is not compromised The integrity of the warranty label on the firewall or appliance is not compromised PA 7000 Series firewalls only PA 7000 Series firewalls are modular systems and therefore do not include a warranty label on the firewall PA 7000 Ser...

Page 10: ...ird Party Component Support Before you consider installing third party hardware read the Palo Alto Networks Third Party Component Support statement PA 7000 Series Firewall Hardware Reference 10 2023 Palo Alto Networks Inc ...

Page 11: ... when applicable to ensure agency compliance with electromagnetic compliance EMC regulations French Translation Des câbles Ethernet blindés reliés à la terre doivent être utilisés pour garantir la conformité de l organisme aux émissions électromagnétiques CEM PA 3200 PA 5200 PA 5400 PA 7050 and PA 7080 firewalls only At least two people are recommended for unpacking handling and relocating the hea...

Page 12: ...ing conductor is connected to the provided ground lug on the rear side of the firewall PA 7000 Series firewalls only When removing a fan tray from a PA 7000 Series firewall first pull the fan tray out about 1 inch 2 5cm and then wait a minimum of 10 seconds before extracting the entire fan tray This allows the fans to stop spinning and helps you avoid serious injury when removing the fan tray You ...

Page 13: ...e feu doit être raccordé en tant que retour c c isolé CC I The firewall must be connected either directly to the DC supply system earthing electrode conductor or to a bonding jumper from an earthing terminal bar or bus to which the DC supply system earthing electrode conductor is connected French Translation Ce pare feu doit être branché directement sur le conducteur à électrode de mise à la terre...

Page 14: ... to the torque value specified in the installation procedure for your firewall French Translation Installez le câble de mise à la terre c c du pare feu comme indiqué dans la procédure de raccordement à l alimentation pour le pare feu que vous installez Utilisez le câble American wire gauge AWG indiqué et serrez les écrous au couple indiqué dans la procédure d installation de votre pare feu pare fe...

Page 15: ...sive or active active configuration Additionally to improve logging performance the firewalls use a dedicated log card to handle all log processing tasks First Supported PAN OS Software Release PAN OS 6 0 PA 7050 firewall PAN OS 7 0 PA 7080 firewall The minimum supported PAN OS software also varies based on the installed components For example if you install a PA 7000 20GQXM NPC the firewall must ...

Page 16: ...PA 7050 firewall with AC power supplies installed and the table describes each front panel component Item Component Description 1 Exhaust and intake fan trays first generation fan tray shown Provides ventilation and cooling for the chassis While facing the front of the firewall air enters from the left and exits to the right There are two PA 7050 fan tray models PA 7000 Series Firewall Hardware Re...

Page 17: ... and the Fault LED is off If an individual fan fails on the fan tray the Power LED turns off and the Fault LED turns red For information on replacing a fan tray see Replace a PA 7050 Fan Tray 2 Switch Management Card SMC first generation SMC shown Provides management access to the chassis using a serial console cable connected to the Console port or an RJ 45 cable connected to the management MGT p...

Page 18: ... 5 Log card LPC shown There are two log card models that you can install LFC PAN OS 9 0 or later High speed log forwarding card that forwards all dataplane logs to an external log collection system such as Panorama or a syslog server The only logs that are stored locally are the Alarm Configuration and System logs these logs are stored on the SMC LPC Manages and stores all dataplane logs generated...

Page 19: ...nd into one of the ESD ports PA 7050 Back Panel AC The following image shows the back panel of the PA 7050 firewall with AC power supplies installed and the table describes each back panel component Item Component Description 1 Ground stud Two post stud used to ground the chassis to earth ground Use the provided 6 AWG two post ground lug to connect a grounded cable not included to the two post stu...

Page 20: ...nnect Power to a PA 7000 Series Firewall The AC PEMs are not field serviceable 3 Power Entry Module PEM AC power switches Provides switches to power on or off the AC power supplies Each switch has a circuit breaker that will trip if the load reaches 25 amps PA 7050 Front Panel DC The following image shows the front panel of the PA 7050 firewall with DC power supplies installed The only difference ...

Page 21: ...n covered using the provided cover plate The only differences between the back panel of the AC model and the back panel of the DC model is that the DC model does not have a Power Entry Modules PEM the DC power source connects directly to the front of the power supplies For descriptions of the back panel components see PA 7050 Back Panel AC PA 7000 Series Firewall Hardware Reference 21 2023 Palo Al...

Page 22: ...PA 7000 Series Firewall Overview PA 7000 Series Firewall Hardware Reference 22 2023 Palo Alto Networks Inc ...

Page 23: ... Back Panel AC PA 7080 Front Panel DC PA 7080 Back Panel DC PA 7080 Front Panel AC The following image shows the front panel of the PA 7080 firewall with AC power supplies installed and the table describes each front panel component PA 7000 Series Firewall Hardware Reference 23 2023 Palo Alto Networks Inc ...

Page 24: ...PA 7000 Series Firewall Overview PA 7000 Series Firewall Hardware Reference 24 2023 Palo Alto Networks Inc ...

Page 25: ...ors that provide information on various chassis components The SMC also stores PAN OS the configuration and management logs Alarm Configuration and System IMPORTANT The SMC is required to operate the chassis and a PA 7080 firewall it must be installed in slot 6 The SMC B is shipped with four copper 1G transceivers for use in the MGT A MGT B HA1 A and HA1 B ports You can use these or replace them w...

Page 26: ...Cs 6 Lower cable guide Optional Provides cable management to route fiber optic cables This item ships with the chassis but is not preinstalled 7 Air intake fan tray Provides ventilation and cooling for the chassis The fan tray is interchangeable so you can install it in either fan tray slot During normal operation the Power LED is green and the Fault LED is off If an individual fan fail on the fan...

Page 27: ...ides power to the chassis using an AC power source For information on connecting power see Connect Power to a PA 7000 Series Firewall PA 7080 Back Panel AC The following image shows the back panel of the PA 7080 firewall with AC power supplies installed and the table describes each back panel component PA 7000 Series Firewall Hardware Reference 27 2023 Palo Alto Networks Inc ...

Page 28: ...eries Firewall Overview Item Component Description 1 Exhaust vent Provides air circulation for chassis cooling Do not obstruct this vent PA 7000 Series Firewall Hardware Reference 28 2023 Palo Alto Networks Inc ...

Page 29: ...es power to the power supply on the far right side when facing the front of the chassis The AC PEMs are not field serviceable 4 Power Entry Module PEM AC power switches Provides switches to power on or off the AC power supplies Each switch has a circuit breaker that will trip if the load reaches 25 amps PA 7080 Front Panel DC The following image shows the front panel of the PA 7080 firewall with D...

Page 30: ...the PA 7080 firewall with DC power supplies installed The only differences between the back panel AC model and the back panel DC model is that the DC model has two DC Power Entry Modules PEMs instead of two AC PEMs Each DC PEM PA 7000 Series Firewall Hardware Reference 30 2023 Palo Alto Networks Inc ...

Page 31: ...s 4 red positive and 4 black negative The DC PEMs are field replaceable For information on replacing a DC PEM see Replace a PA 7080 DC PEM and for descriptions of the back panel components see PA 7080 Back Panel AC PA 7000 Series Firewall Hardware Reference 31 2023 Palo Alto Networks Inc ...

Page 32: ...PA 7000 Series Firewall Overview PA 7000 Series Firewall Hardware Reference 32 2023 Palo Alto Networks Inc ...

Page 33: ... a total of six NPCs in the PA 7050 firewall and ten NPCs in the PA 7080 firewall For details on installing front slot cards see Install the Mandatory PA 7000 Series Firewall Front Slot Cards Although all front slot cards have protection to prevent damage if they are installed or removed when the chassis is powered on only the NPCs and DPCs are intended to be hot swapped PA 7000 Series Firewall Sw...

Page 34: ...second generation SMC PA 7050 SMC B or PA 7080 SMC B must be paired with a second generation logging card PA 7000 LFC A When using PA 7000 Series firewalls in a High Availability HA pair both firewalls must have SMCs of the same generation installed Use the following topics to learn about requirements descriptions of the SMC components and how to interpret the LEDs PA 7000 Series Firewall SMC Comp...

Page 35: ...ization Connect this port directly from HA1 A port on the first firewall in an HA pair to the HA1 A port on the second firewall in the pair or connect these two ports to each other through a switch or router You cannot configure HA1 control on NPC data ports or the MGT port 2 HA1 B Ethernet 10 100 1000Mbps port for high availability HA control and synchronization Use this port as a backup to HA1 A...

Page 36: ...SB to serial converter Use the following settings to configure your terminal emulation software to connect to the console port Data rate 9600Data bits 8Parity NoneStop bits 1Flow control None 5 HSCI A High Speed Chassis Interconnect Quad SFP QSFP interface used to connect two PA 7000 Series firewalls for a high availability HA configuration Each port is comprised of four 10Gbps links internally fo...

Page 37: ...this port is disabled For information on bootstrapping refer to Bootstrap the Firewall in the PAN OS Administrator s Guide Version 7 1 8 LED Indicators Eight LEDs that indicate the status of various hardware components For details on the LEDs see Interpret the PA 7000 Series Firewall SMC LEDs 9 Mounting Screws One screw on each side of the SMC to secure the SMC to the chassis 10 SMC installation a...

Page 38: ...o the secondary port Configure the ports in Device Setup Interfaces To manage the firewall during the initial configuration change your management computer IP address to 192 168 1 2 connect an RJ 45 cable from your computer to the MGT port and browse to https 192 168 1 1 The default login name is admin and the default password is admin 2 HA1 A and HA1 B Two enhanced SFP SFP ports for high availabi...

Page 39: ... cannot configure an HSCI port as HA2 Backup as it will cause a commit failure HA2 and HA2 Backup links can be configured to use a dataplane interface instead of the HSCI ports However if configured this way both the HA2 and HA2 Backup links need to use dataplane interfaces A mix of a dataplane port and an HSCI port for either HA2 or HA2 Backup will result in a commit failure The HSCI ports must b...

Page 40: ...ou insert your micro USB cable in the correct orientation to avoid damaging the connector The image above the port shows the correct orientation 6 USB port One USB port that accepts a USB flash drive that contains a bootstrap bundle PAN OS configuration that enables you to bootstrap the firewall Bootstrapping enables you to provision the firewall with a specific configuration license it and make i...

Page 41: ... EMI filter You do not have to install these components if the last five digits of the firewall serial number is 10 000 or greater because the PA 7050 will have the second generation fan trays installed and the PA 7080 will have a built in EMI filter PAN OS 9 0 or later Install the PA 7000 Series Firewall Log Forwarding Card LFC PA 7050 only Install the second generation fan tray to increase cooli...

Page 42: ...led on this firewall HA The above LED status descriptions are for an active passive configuration In an active active configuration the HA LED only indicates HA status for the local firewall and does not indicate HA connectivity of the peer If HA is active on the given firewall the LED is green if HA is not active the LED is off See the ALM Alarm LED information in this table for information on ho...

Page 43: ...ewall is operating normally Green The fan trays and all fans are operating normally FAN Red One or more fans have failed on one or both of the fan trays To determine which fan tray has a fan failure check the fan tray LEDs Green All power supplies AC or DC are operating normally PS Power Supply Red One or more power supplies AC or DC has failed Red There is a drive failure on the LPC temperature i...

Page 44: ... command to view the status for a card in a specific slot admin PA 7080 show system service led status slot s3 Enter the following command to enable all SVC LEDs admin PA 7080 set system setting service led enable ye s Enter the following command to disable the SVC LED admin PA 7080 set system setting service led enable n o Enter the following command to enable the SVC LED on the card in a specifi...

Page 45: ...ED blinks green if there is network activity The following table describes the functions and states of the SMC HSCI A and HSCI B port LEDs LED Description Left The LED is solid green if there is a network link Because this interface is comprised of four 10Gbps links the LED uses an AND operation for all four link states Right The LED blinks green if there is network activity Because this interface...

Page 46: ...ll to forward logs from the LPC to an external log collection system that you define The LPC contains four disk drives used to store dataplane logs The disk drives are contained in Advanced Mezzanine Cards AMCs that enables you to hot swap a drive if it fails The management logs Configuration System and Alarms are stored on an internal SSD located on the SMC There is one LPC model used for both th...

Page 47: ...rive 3 Advanced Mezzanine Card AMC release handle Handle used to remove the AMC and disk drive from the LPC card Pull the handle toward you to unlock and remove the AMC After installing an AMC into the LPC push the handle in to lock the AMC to the LPC 4 AMC disk drive LED panel Three LEDs that indicate drive activity drive failure and drive power Top left is activity bottom left is fault and top r...

Page 48: ...all to one or more external logging systems such as Panorama or a syslog server Because the dataplane logs are no longer available on the local firewall the ACC tab is removed from the management web interface and Monitor Logs contain only management logs Configuration System and Alarms There is one LFC model used for both the PA 7050 and PA 7080 firewalls On the PA 7050 firewall you must install ...

Page 49: ...face and auto configures ports 5 8 in the second interface for up to eight usable 10G ports You can use any number of the eight ports for your configuration If four ports one ethernet interface is used the LFC provides a maximum transfer rate of 40Gbps If all eight ports both ethernet interfaces are used then the LFC provides a maximum transfer rate of 80Gbps To properly breakout the QSFP ports yo...

Page 50: ... 9 operates the first interface as port 9 at 40G Yellow LED The second interface is not used in either configuration The LFC does not support LAG and LACP 2 LED dashboard Five LEDs that provide LFC status For details on the LEDs see Interpret the PA 7000 Series Firewall Log Forwarding Card LFC LEDs 3 LFC installation and removal hardware Screws and levers used to install and remove the LFC There a...

Page 51: ...tional state any active or passive state the LED turns off If you intentionally suspend HA the LED will not turn red If the firewall is suspended due to a failure loop the firewall will go into a suspended state to end the loop In this case the LED turns red ALM Alarm Green The chassis temperature is normal TMP Temperature Yellow The LFC temperature is outside the temperature tolerance Off The LFC...

Page 52: ...in PA 7080 set system setting service led enable ye s Enter the following command to disable the SVC LED admin PA 7080 set system setting service led enable n o Enter the following command to enable the SVC LED on the card in a specific slot admin PA 7080 set system setting service led enable s lot s3 yes Off LED is off SVC Continued On LED is solid blue The following table describes functions and...

Page 53: ...you install these cards in a PA 7080 firewall you must also install the electromagnetic interference EMI filter You do not have to install these components if the last five digits of the firewall serial number is 10 000 or greater because the PA 7050 will have the second generation fan trays installed and the PA 7080 will have a built in EMI filter PAN OS 9 0 or later Remove the Log Processing Car...

Page 54: ...ows ethernet1 1 and port 2 shows ethernet1 2 The first port on an NPC installed in slot 2 shows ethernet2 1 and port 2 shows ethernet2 2 For information on installing the NPCs see Replace a PA 7000 Series Network Processing Card NPC On the PA 7050 firewall you install NPCs in slots 1 2 3 5 6 and 7 and on the PA 7080 firewall you install NPCs in slots 1 2 3 4 5 8 9 10 11 and 12 You must install at ...

Page 55: ...e above Figure 7 PA 7000 20G NPC Version 2 see above Item Component Description 1 Ethernet ports 12 RJ 45 10 100 1000Mbps ports 2 SFP ports Eight small form factor pluggable SFP ports for network traffic 3 SFP ports Four enhanced SFP SFP ports for network traffic 4 LED dashboard Four LEDs that provide NPC status For details on the LEDs see Interpreting the PA 7000 20G NPC LEDs 5 Mounting Screws On...

Page 56: ...s version there are thumb screws and double lever release latches on each side of the card Each inner lever contains a micro switch and when you simultaneously pull both inner levers outward to release the outer ejector levers the NPC will power off Only move these levers if you intend to remove the card Interpret the PA 7000 20G NPC LEDs Use the following information to learn how to interpret the...

Page 57: ...ity To learn about the orientation of the LED indicators see Identify PA 7000 Series NPC Port Activity and Link LEDs PA 7000 20GXM NPC The only difference between this NPC and the PA 7000 20G NPC is that the PA 7000 20G NPC supports up to 4 million sessions and the PA 7000 20GXM NPC supports up to 8 million sessions As of PAN OS 9 0 and later the PA 7000 20G NPC supports 3 2 million sessions The P...

Page 58: ...tion 1 SFP ports 12 enhanced small form factor pluggable ports with SFP and SFP transceiver compatibility You can use either 1Gbps or 10Gbps in each port 2 QSFP ports Two quad small form factor pluggable QSFP 40Gbps Ethernet ports as defined by the IEEE 802 3ba standard 3 LED dashboard Four LEDs that provide NPC status For details on the LEDs see Interpret the PA 7000 20GQ NPC LEDs 4 Mounting Scre...

Page 59: ...mally STS STATUS Yellow The card is booting up Red The card hardware failed ALM Alarm Off The card is operating normally Green The card temperature is normal TMP Temperature Yellow The card temperature is outside the temperature tolerance The following table describes functions and states of the QSFP and SFP Port LEDs LED Description Left The LED shows green if there is a network link Right Blinks...

Page 60: ... Use the following topics to learn about requirements descriptions of the NPC components and how to interpret the LEDs PA 7000 100G NPC Component Descriptions Interpret the PA 7000 100G NPC LEDs PA 7000 100G NPC Requirements PA 7000 100G NPC Component Descriptions The following images show the PA 7000 100G NPCs and the table describes the NPC components Item Component Description 1 SFP ports Eight...

Page 61: ...latches on each side of the card Each inner lever contains a micro switch and when you simultaneously pull both inner levers outward to release the outer ejector Interpret the PA 7000 100G NPC LEDs Use the following information to learn how to interpret the LED dashboard and port LEDs on the PA 7000 100G Network Processing Card NPC The following table describes the functions and states of the NPC ...

Page 62: ...s3 PA 7000 100G NPC Off s4 empty Off s5 empty Off s6 PA 7080 SMC B On s7 PA 7000 LFC On s8 empty Off s9 empty Off s10 empty Off s11 empty Off s12 empty Off Enter the following command to view the status for a card in a specific slot admin PA 7080 show system service led status slot s3 Enter the following command to enable all SVC LEDs admin PA 7080 set system setting service led enable yes Enter t...

Page 63: ... Requirements The following information describes the system and hardware requirements for the PA 7000 100G Network Processing Card NPC If you install the Switch Management Card SMC B Log Forwarding Card LFC or PA 7000 100G NPC in a PA 7050 firewall you must install the second generation fan trays PA 7050 FANTRAY L A and PA 7050 FANTRAY R A If you install these cards in a PA 7080 firewall you must...

Page 64: ...following image shows how to identify the activity and link LEDs for the port types available on PA 7000 Series firewall NPCs The image shows the port orientation if the NPC is in a horizontal position For details on the functions and states of the LEDS see PA 7000 Series Firewall Network Processing Cards NPCs for the NPC that you are using PA 7000 Series Firewall Hardware Reference 64 2023 Palo A...

Page 65: ... fan tray models PA 7050 FANTRAY L A and PA 7050 FANTRAY R A as well as the air filter PA 7050 FLTR A to use the DPC To discern which generation fan trays your PA 7050 has check the firewall serial number If the last five digits of the serial number are numerically greater than 10 000 the PA 7050 was manufactured with the new fan trays and is compatible with the DPC If the last five digits of the ...

Page 66: ...ice led status Service LED Slot Description Status s1 empty Off s2 empty Off s3 PA 7000 100G NPC Off s4 empty Off s5 empty Off s6 PA 7080 SMC B On s7 PA 7000 LFC On s8 empty Off s9 empty Off s10 empty Off s11 empty Off s12 empty Off SVC Continued Enter the following command to view the status for a card in a specific slot admin PA 7080 show system service led status slot s3 Enter the following com...

Page 67: ...le and Interface Card Information LED State Description admin PA 7080 set system setting service led enable slo t s3 yes Off LED is off On LED is solid blue PA 7000 Series Firewall Hardware Reference 67 2023 Palo Alto Networks Inc ...

Page 68: ...PA 7000 Series Firewall Module and Interface Card Information PA 7000 Series Firewall Hardware Reference 68 2023 Palo Alto Networks Inc ...

Page 69: ...the firewall is installed in the rack with all components installed connect power verify that the front slot cards are functioning and then connect network and management cables Read Before You Begin before starting the installation PA 7000 Series Firewall Equipment Rack Installation Install the Mandatory PA 7000 Series Firewall Front Slot Cards Connect Power to a PA 7000 Series Firewall Verify th...

Page 70: ...uired for safe operation is not compromised by the rack installation Mechanical loading Ensure that the rack mounted firewall does not cause hazardous conditions due to uneven mechanical loading Circuit overloading Ensure that the circuit that supplies power to the firewall is sufficiently rated to avoid circuit overloading or excess load on supply wiring See PA 7000 Series Firewall Electrical Spe...

Page 71: ...bracket STEP 3 Position the chassis into the rack using two or more people and if available use a mechanical equipment lift STEP 4 Align the rack mount bracket mounting holes on each side of the chassis with the holes on the rack rail ensuring that the chassis is level PA 7000 Series Firewall Hardware Reference 71 2023 Palo Alto Networks Inc ...

Page 72: ...he mid mount position so you will need to move the brackets to the front mount position as described The PA 7050 chassis and the front slot cards SMC LPC or LFC NPC ship in separate boxes and it is recommended that you install the cards after you rack mount the chassis This will prevent any damage to the cards that could occur during rack mounting and will reduce the chassis weight To further redu...

Page 73: ...each side of the chassis where the two brackets come together in the mid mount position and then remove 25 screws to remove each of the four brackets two brackets on each side There is a total of 112 bracket screws 56 on each side Remove the front brackets A and B and back brackets C and D from the chassis The back brackets C and D are not needed in this configuration PA 7000 Series Firewall Hardw...

Page 74: ...e front of the chassis Use 25 screws to attach each bracket to the chassis in the front position When swapping the brackets rotate them 180 degrees so the screw holes line up and the rack mount holes are on the front of the chassis PA 7000 Series Firewall Hardware Reference 74 2023 Palo Alto Networks Inc ...

Page 75: ...sed to mount the chassis to the rack so it is recommended that you install the cable management bracket before installing the chassis into the rack STEP 4 Position the chassis into the rack using two or more people and if available use a mechanical equipment lift STEP 5 Align the mounting holes on the side of the chassis with holes in the rack rail ensuring that the chassis is level PA 7000 Series...

Page 76: ...oth rack mount bracket types mid mount and front mount are preinstalled For a mid mount install you must remove the front mount brackets The PA 7080 chassis and the front slot cards SMC LPC or LFC NPC ship in separate boxes and it is recommended that you install the cards after the chassis is rack mounted This will prevent any damage to the cards that could occur during rack mounting and will redu...

Page 77: ...ts STEP 3 Optional Install the upper and lower cable management brackets using the provided screws 8 upper bracket screws and 4 lower bracket screws The upper bracket is designed for Ethernet cables and the console cable and the lower bracket is designed for fiber optic PA 7000 Series Firewall Hardware Reference 77 2023 Palo Alto Networks Inc ...

Page 78: ...EP 4 Position the chassis into the rack using two or more people and if available use a mechanical equipment lift STEP 5 Align the rack mount bracket mounting holes on each side of the chassis with the holes on the rack rail ensuring that the chassis is level Secure the chassis to the rack using eight PA 7000 Series Firewall Hardware Reference 78 2023 Palo Alto Networks Inc ...

Page 79: ... and front mount are preinstalled For a front mount install you must remove the mid mount brackets The PA 7080 chassis and the front slot cards SMC LPC or LFC NPC ship in separate boxes and it is recommended that you install the cards after the chassis is rack mounted This will prevent any damage to the cards that could occur during rack mounting and will reduce the weight of the chassis STEP 1 Re...

Page 80: ... STEP 3 Optional Install the upper and lower cable management brackets using the provided screws 8 upper bracket screws and 4 lower bracket screws The upper bracket is designed for Ethernet cables and the console cable and the lower bracket is designed for fiber optic PA 7000 Series Firewall Hardware Reference 80 2023 Palo Alto Networks Inc ...

Page 81: ...ition the chassis into the rack using two or more people and if available use a mechanical equipment lift STEP 5 Align the rack mount bracket mounting holes on each side of the chassis with the holes on the rack rail ensuring that the chassis is level Secure the chassis to the rack using eight PA 7000 Series Firewall Hardware Reference 81 2023 Palo Alto Networks Inc ...

Page 82: ...0 Series Firewall Installation rack mount screws not included on each side of the chassis and tighten with a Phillips head screwdriver PA 7000 Series Firewall Hardware Reference 82 2023 Palo Alto Networks Inc ...

Page 83: ...wall Switch Management Card SMC B Install the PA 7000 Series Firewall Switch Management Card SMC A Switch Management Card SMC is required for chassis operation On a PA 7050 firewall you must install the SMC in slot 4 and on the PA 7080 firewall you must install the SMC in slot 6 There are two versions of the PA 7050 SMC version 1 and version 2 The PA 7050 firewall must be running PAN OS 6 1 or a l...

Page 84: ...tic bag and slide it into the front slot slot 4 on a PA 7050 firewall or slot 6 on a PA 7080 firewall until it is about 1 4 inch from being fully inserted Ensure that the handles are in the open position PA 7000 Series Firewall Hardware Reference 84 2023 Palo Alto Networks Inc ...

Page 85: ...st be running PAN OS 6 1 or a later release to recognize a version 2 SMC The version 2 SMC uses the same install and release levers as the LPC the version 1 SMC does not For more details see PA 7000 Series Firewall SMC Component Descriptions The PA 7050 SMC and PA 7080 SMC are not interchangeable Although both cards have the same ports and LEDs the back connectors and the software is different The...

Page 86: ...ont of the chassis before handling ESD sensitive hardware For details on the ESD port location see PA 7050 Front Panel AC or PA 7080 Front Panel AC STEP 2 Ensure that the chassis is powered off and disconnect the power cords PA 7000 Series Firewall Hardware Reference 86 2023 Palo Alto Networks Inc ...

Page 87: ...50 firewall or slot 6 on a PA 7080 firewall until it is about 1 4 inch from being fully inserted Ensure that the handles are in the open position The following images show the first generation SMC the install procedure for the second generation SMC B is the same PA 7000 Series Firewall Hardware Reference 87 2023 Palo Alto Networks Inc ...

Page 88: ...log card installed to operate You can install a Log Processing Card LPC or a Log Forwarding Card LFC To learn about the available log cards to help you determine which card to install see PA 7000 Series Firewall Log Cards The firewall must be running PAN OS 9 0 or later to use the LFC and you must install only one log card type LPC or LFC Install the PA 7000 Series Firewall Log Processing Card LPC...

Page 89: ...l boot software and system logs are stored on the embedded SSD on the Switch Management Card SMC and all other logs dataplane logs threat logs and User ID logs for example are stored on the LPC Also the auto commit function requires the LPC so do not perform an upgrade of PAN OS until the LPC is ready For information about verifying the drive status see Verify the PA 7000 Series Firewall LPC Confi...

Page 90: ...ing the thumb screws you must pull the inner lever toward you to unlock the outer lever from the chassis and then pull the outer lever to release the card from the chassis When installing the card when you push the outer lever in it will lock the inner lever The left and right inner levers have a micro switch that will power off the card as soon as they are pulled to unlock the outer lever PA 7000...

Page 91: ...e it to the chassis Use a Phillips head screwdriver if necessary STEP 5 Ensure that the handle on the front of each AMC is pulled out to the unlocked position and then install each of the four AMCs into the four slots on the LPC PA 7000 Series Firewall Hardware Reference 91 2023 Palo Alto Networks Inc ...

Page 92: ...s Firewall Network Processing Card NPC Install the PA 7000 Series Firewall Log Forwarding Card LFC The Log Forwarding Card LFC is required for chassis operation and the same LFC model is used in both the PA 7050 and PA 7080 firewalls On a PA 7050 firewall you must install the LFC in slot 8 and on the PA 7080 firewall you must install the LPC in slot 7 STEP 1 Read PA 7000 Series Firewall Log Forwar...

Page 93: ...ove the LFC from the antistatic bag and slide it into the log card slot slot 8 on a PA 7050 firewall or slot 7 on a PA 7080 firewall ensuring that the handles are in the open PA 7000 Series Firewall Hardware Reference 93 2023 Palo Alto Networks Inc ...

Page 94: ...ing the thumb screws you must pull the inner lever toward you to unlock the outer lever from the chassis and then pull the outer lever to release the card from the chassis When installing the card when you push the outer lever in it will lock the inner lever The left and right inner levers have a micro switch that will power off the card as soon as they are pulled to unlock the outer lever PA 7000...

Page 95: ...hput On a PA 7050 firewall you install NPCs in slots 1 2 3 5 6 and or 7 and on a PA 7080 firewall you install NPCs in slots 1 2 3 4 5 8 9 10 11 and or 12 If you install two or more NPCs review Configure Session Distribution on a PA 7000 Series Firewall to understand how the firewall distributes sessions and to determine the best policy to use based on your environment If you install an NPC in slot...

Page 96: ...ure a Log Card Port on a PA 7000 Series Firewall Configure Session Distribution on a PA 7000 Series Firewall Install a PA 7000 Series Firewall NPC in a Single Chassis STEP 1 Put the provided ESD wrist strap on your wrist ensuring that the metal contact is touching your skin Then attach snap one end of the ground cable to the wrist strap and remove the alligator clip from the banana clip on the oth...

Page 97: ...rom being fully inserted adjust the levers to align with the chassis and then close the levers to seat the card in place The following images show how to install NPCs PA 7000 Series Firewall Hardware Reference 97 2023 Palo Alto Networks Inc ...

Page 98: ...PA 7000 Series Firewall Installation PA 7000 Series Firewall Hardware Reference 98 2023 Palo Alto Networks Inc ...

Page 99: ...cables and the NPCs are ready to process data traffic STEP 6 Proceed to Connect Power to a PA 7000 Series Firewall After the chassis is powered on view the status of the NPCs by going to Verify the PA 7000 Series Firewall NPC Configuration Install a PA 7000 Series Firewall NPC in a High Availability HA Configuration With all Palo Alto Networks firewalls the hardware must match when configuring two...

Page 100: ...card in place STEP 4 Install the second NPC of the same model in the other chassis in the HA pair in the same slot you installed the NPC in the first chassis For example if you installed the first NPC in slot 3 of the first chassis install the second NPC in slot 3 of the second chassis After you install the firewall in the rack and power it on as described in Connect Power to a PA 7000 Series Fire...

Page 101: ...le forwarding and Panorama log forwarding Log forwarding to Panorama requires PAN OS 8 0 or later In PAN OS 7 1 and earlier releases Panorama queries logs stored on the PA 7000 Series firewall You can set only one NPC port on the firewall to the type Log Card If you enable log forwarding and this port is not configured a commit error occurs Also ensure that this port can reach the servers that wil...

Page 102: ...formance On a PA 7050 firewall you can install DPCs in slots 1 2 3 5 6 and 7 and on a PA 7080 firewall you can install DPCs in slots 1 2 3 4 5 8 9 10 11 and 12 The procedures to install DPCs in a single chassis and the procedure to install DPCs in a pair of chassis in high availability HA are slightly different Install a PA 7000 Series Firewall DPC in a Single Chassis Install a PA 7000 Series Fire...

Page 103: ...om being fully inserted adjust the levers to align with the chassis and then close the levers to seat the card in place The following images show how to install DPCs PA 7000 Series Firewall Hardware Reference 103 2023 Palo Alto Networks Inc ...

Page 104: ...nning the following command using slot 3 as an example admin PA 7050 request chassis enable slot s3 It is recommended that you observe the enabled card for about two minutes to check for internal path monitoring failures If there is no failure proceed to the next step Check the status of the card in slot 3 on the chassis by running admin PA 7050 show chassis status slot s3 If the card is functioni...

Page 105: ...estart In an HA clustering configuration it is recommended that you activate the DPCs in both chassis simultaneously in order to limit downtime STEP 1 Put the provided ESD wrist strap on your wrist ensuring that the metal contact is touching your skin Then attach snap one end of the ground cable to the wrist strap and remove the alligator clip from the banana clip on the other end of the ESD groun...

Page 106: ...dmin PA 7050 request chassis enable slot s3 target ha pair It is recommended that you observe the enabled cards for about two minutes to check for internal path monitoring failures If there is no failure proceed to the next step Check the status of the card in slot 3 on either chassis by running admin PA 7050 show chassis status slot s3 If the cards are functioning properly the status will show an...

Page 107: ...nd powered on you can review the available session distribution policies to determine if it make sense for you to change the default policy to better fit your environment For details refer to Session Distribution Policies in the PAN OS Administrator s Guide PA 7000 Series Firewall Hardware Reference 107 2023 Palo Alto Networks Inc ...

Page 108: ...s is not field serviceable DC The DC power connections are located at the front of the DC power supplies DC power cables are provided The back AC power inlets and switches are disabled You must cover the back inlets and switches using the cover plate provided as shown in PA 7050 Back Panel DC PA 7080 firewall Ships with either four AC or four DC power supplies preinstalled in the front power suppl...

Page 109: ...mber of power supplies specified in the table A fully redundant power configuration means that half of the installed power supplies can fail and the chassis and installed NPCs will still function If you connect 120VAC power and you install five or six NPCs in a PA 7050 firewall or ten NPCs in a PA 7080 firewall you can configure only partial redundancy Full redundancy is not possible because the c...

Page 110: ...umption of all hardware components You can find power information for hardware components in PA 7000 Series Firewall Component Electrical Specifications To view power statistics on an active firewall see View PA 7000 Series Firewall Power Statistics After you determine the power requirements for your firewall see Connect Power to a PA 7000 Series Firewall and select the topic for your model and po...

Page 111: ...ies to a 120VAC 15 amp circuit breaker or 240VAC 20 amp circuit breaker using the provided power cords and then connect the second two power supplies to a second independent 120VAC 15 amp circuit breaker or 240VAC 20 amp circuit breaker If you connect 120VAC power and you install five or six NPCs in a PA 7050 firewall or ten NPCs in a PA 7080 firewall you can configure only partial redundancy Full...

Page 112: ...e on the input to the DC power The power cables used to connect DC power are provided with the PA 7050 firewall but not the PA 7080 firewall STEP 1 Read Product Safety Warnings STEP 2 Put the provided ESD wrist strap on your wrist ensuring that the metal contact is touching your skin Then attach snap one end of the ground cable to the wrist strap and remove the alligator clip from the banana clip ...

Page 113: ...he positive terminal Do this for each of the four power supplies ensuring that the first two power supplies on the left are connected to one power circuit breaker and the second pair on the right is connected to a different circuit breaker This ensures power redundancy and allows for planned electrical circuit maintenance 2 Connect the other ends of the DC cables to the front of the DC power suppl...

Page 114: ...t is touching your skin Then attach snap one end of the ground cable to the wrist strap and remove the alligator clip from the banana clip on the other end of the ESD grounding cable Plug the banana clip end into one of the ESD ports located on the front of the chassis before handling ESD sensitive hardware For details on the ESD port location see PA 7080 Front Panel AC STEP 3 Ensure that all AC p...

Page 115: ...provided power cords and then connect the second two power supplies PEM B power inlets 1 and 2 to a second appropriate and independent 120VAC 15 amp circuit breaker or 240VAC 20 amp circuit breaker If you connect 120VAC power and you install five or six NPCs in a PA 7050 firewall or ten NPCs in a PA 7080 firewall you can configure only partial redundancy Full redundancy is not possible because the...

Page 116: ...upplies require 40VDC to 60VDC power input For details on power requirements see Determine PA 7000 Series Firewall Power Configuration Requirements You must connect each of the eight DC power connections four on each PEM to separate 60 amp protected circuit breakers minimum 48VDC and a double pole on the input to the DC power Due to the various DC cable lengths required in your environment DC powe...

Page 117: ...t location see PA 7080 Front Panel AC STEP 3 Remove the two nuts and star washers from the ground studs located on the back of the chassis on the upper left side STEP 4 Crimp a 6 AWG wire to the grounding lug and connect the other end to your earth ground point STEP 5 Connect the two post lug connector to the two post studs on the chassis using the provided star washers and nuts and then torque th...

Page 118: ...nnect the cables to the live power source at this point STEP 9 Power off your DC power feed STEP 10 Connect a positive cable red from your power source to the two post RTN studs for PEM A 1 and then connect a negative cable black from your power source to the two post studs for PEM A 1 48VDC studs Do the same for PEM A 2 ensuring that you connect each connection using the correct polarity and that...

Page 119: ...wall Power Configuration Requirements The power numbers provided by the show chassis power command represent power calculated by the chassis power management software and does not represent the exact measured power The difference allows margin for thermal conditions and component aging factors For example although an NPC shows that it is using 350 watts under normal conditions it may use only 290 ...

Page 120: ... component and the amount of power produced by each power supply The power supplies are labeled PSA1 to PSA4 and PSB1 to PSB4 Example Chassis Power Output from a PA 7080 Firewall Slot Component Card Status Power w 1 PA 7000 20GQ NPC Up 350 2 PA 7000 20GQ NPC Up 350 3 PA 7000 20G NPC Up 350 4 PA 7000 20G NPC Up 350 5 PA 7000 20G NPC Up 350 6 PA 7080 SMC Up 300 7 PA 7000 LPC Up 300 8 empty 9 PA 7000...

Page 121: ...3 empty PSB4 empty Provided Used Remaining 10000 3740 6260 As indicated in the last row of the table the four 2500 watt power supplies provide 10000 watts and the installed hardware components SMC LPC or LFC and NPCs use 3740 watts If you subtract 3740 from 10000 there is 6260 watts of power remaining PA 7000 Series Firewall Hardware Reference 121 2023 Palo Alto Networks Inc ...

Page 122: ... firewall using the command line interface CLI Both the MGT and console ports are located on the Switch Management Card SMC You then configure the Network Processing Card NPC ports and then connect these ports to your switch or router If you install two matching firewalls in a high availability configuration you will also connect HA cables between the two chassis see HA Links and Backup Links The ...

Page 123: ...PA 7000 Series Firewall Installation PA 7000 Series Firewall Hardware Reference 123 2023 Palo Alto Networks Inc ...

Page 124: ...l capacity is 4TBs The initial formating and RAID 1 configuration will take approximately 3 minutes The chassis will not operate without a functioning LPC with at least one drive configured During normal operation all four drives should be installed and configured in two RAID 1 pairs To view the status of the RAID configuration run the following command admin PA 7050 show system raid detail Confir...

Page 125: ...rify the PA 7000 Series Firewall NPC Configuration When you first set up a PA 7000 Series firewall all NPC slots are ready to use If you are working with a firewall that is already deployed you should check slot status before adding a new NPC to ensure that the NPC slot is ready If the firewall is in a high availability HA configuration a newly installed NPC stays in a disabled state until a match...

Page 126: ...number and model of NPCs in each chassis and the slot numbers must match After you install the NPCs in each chassis the firewall keeps them in a disabled state until you enable them This allows the firewall to start HA monitoring on both NPCs Use the following command to bring up a pair of NPCs in an HA configuration admin PA 7050 request chassis power on slot slot number target ha pair For exampl...

Page 127: ...r the PA 7080 was manufactured after March 2019 the built in internal EMI filter is already installed and this external EMI filter is not required Inspect the back vents to determine if the internal filter is installed STEP 1 Slide the top tabs of the EMI filter into the top row of air vents on the back of the firewall and then lower the filter until it is flush with the chassis STEP 2 Secure the ...

Page 128: ...PA 7000 Series Firewall Installation PA 7000 Series Firewall Hardware Reference 128 2023 Palo Alto Networks Inc ...

Page 129: ...onents see PA 7000 Series Firewall Overview Replace a PA 7000 Series Firewall AC or DC Power Supply Replace a PA 7000 Series SMC Boot Drive Replace a PA 7000 Series Firewall LPC Drive Increase the PA 7000 Series Firewall LPC Log Storage Capacity Replace a PA 7000 Series Firewall Fan Tray Replace a PA 7000 Series Firewall Air Filter Replace a PA 7000 Series Firewall Front Slot Card 129 ...

Page 130: ...s no power input DC Output Green indicates that the power supply DC output to the chassis components are within normal limits blinking indicates power overload and off indicates no DC output power FLT Fault Red indicates a power supply failure blinking indicates that the management plane cannot communicate with the power supply and off indicates no issues The following table describes the PA 7050 ...

Page 131: ... is exceeded blinking indicates that the power supply needs service and should be replaced and off indicates no warning Fault Red indicates a power supply failure blinking indicates that the management plane cannot communicate with the power supply and off indicates no issues The following table describes the PA 7080 DC power supply LEDs LEDs Description Input Green indicates that the power supply...

Page 132: ...rewall Power Supply LEDs STEP 3 Power off the failed power supply the switch is on the back of the chassis Then unplug and remove the power cord leaving the cord in place can cause arcing inside the chassis The front power supplies correspond directly to the power connection on the back of the chassis For example if you are facing the front of a PA 7050 chassis the power supply on the far left cor...

Page 133: ...details on the ESD port location see PA 7080 Front Panel AC STEP 2 Locate the failed power supply by viewing the system logs or by viewing the LED on the front of the power supply A red LED indicates a failed power supply For details on the power supply LEDs see Interpret the PA 7000 Series Firewall Power Supply LEDs STEP 3 Power off the failed power supply the switch is on the back of the chassis...

Page 134: ... front ejector door until it is fully open Remember to push the metal clip located on the bottom left to release the ejector door STEP 6 Slide the new power supply into the empty power supply slot until it is almost fully seated Ensure that the notch near the hinged part of the ejector door inserts into the chassis so that when you close the door it properly seats the power supply PA 7000 Series F...

Page 135: ...e banana clip end into one of the ESD ports located on the front of the chassis before handling ESD sensitive hardware For details on the ESD port location see PA 7050 Front Panel AC STEP 2 Locate the failed power supply by viewing the system logs or by viewing the LED on the front of the power supply A red LED indicates a failed power supply For details on the power supply LEDs see Interpret the ...

Page 136: ... the power supply to disengage it from the chassis and then slide the power supply out of the chassis using the power supply handle STEP 7 Remove the replacement power supply from the packaging and open the front ejector handle until it is fully open PA 7000 Series Firewall Hardware Reference 136 2023 Palo Alto Networks Inc ...

Page 137: ...ront of the power supply It is best to route and secure the cable first and then plug the cable into the power supply STEP 11 Turn on the DC power feed Replace a PA 7080 DC Power Supply The following procedures describe how to replace a PA 7080 DC power supply located on the front of the chassis For information on replacing the Power Entry Module PEM located on the back of the chassis see Replace ...

Page 138: ...LED on the PEM turns off to ensure that you powered off the correct circuit breaker There are two rows of power supplies on the front of the chassis and two rows of Power Entry Modules PEMs on the back which are numbered For example while facing the front of the chassis the two far left power supplies are 1A and 1B which connect to the power connections on the far right while facing the back of th...

Page 139: ...he bottom left to release the door STEP 6 Slide the new power supply into the empty power supply slot until it almost fully seated Ensure that the notch near the hinged part of the ejector door inserts into the chassis so when you close the door it pulls the power supply inward and seats it into place STEP 7 Plug the power cable into the corresponding AC power module on the back of the chassis and...

Page 140: ...ed ESD wrist strap on your wrist ensuring that the metal contact is touching your skin Then attach snap one end of the ground cable to the wrist strap and remove the alligator clip from the banana clip on the other end of the ESD grounding cable Plug the banana clip end into one of the ESD ports located on the front of the chassis before handling ESD sensitive hardware For details on the ESD port ...

Page 141: ... slide the replacement PEM into the PEM slot and secure it with the eight screws STEP 7 Reconnect the DC power cables ensuring that you install them in the correct polarity Secure each DC lug to the DC studs with the star washers and nuts and torque to 50 in lbs Be careful not to strip the nuts and lug studs STEP 8 Turn on the DC power feed PA 7000 Series Firewall Hardware Reference 141 2023 Palo ...

Page 142: ...powered on however you must replace it within 45 seconds and you can only replace one fan tray at a time two total or the thermal protection circuit will automatically shut down the firewall The second generation fan trays provide more cooling capacity than the first generation fan trays and are required if you install certain hardware components For details see the system and hardware requirement...

Page 143: ... move the latches to the open position in preparation for the fan tray removal If you replace the PA 7050 FANTRAY R A fan tray remove the air filter that is part of the fan tray You will install the air filter after you install the replacement fan tray Figure 9 PA 7050 FAN PA 7000 Series Firewall Hardware Reference 143 2023 Palo Alto Networks Inc ...

Page 144: ...ing remove the fan tray from the chassis The fan tray is heavy so be prepared to support the weight of the tray when removing it STEP 6 Install the new fan tray by sliding the tray into the chassis and ensure it seats properly If you replaced the PA 7050 FANTRAY R A fan tray install the air filter that you removed from the failed fan tray PA 7000 Series Firewall Hardware Reference 144 2023 Palo Al...

Page 145: ... powers off the chassis due to over heating or failed fans you will need to turn the power off to the chassis and then restore power before the chassis will power on again On an AC model you can turn off the power switches located on the back of the chassis and then turn them back on or you can disconnect the power cords and plug them back in On a DC model shut down the DC circuit to the chassis a...

Page 146: ...inates green and the fan LED on the SMC changes from red to green You can view the status of the fan trays by entering the following command admin PA 7050 show system environmentals fan tray To view the status of each fan on a fan tray run the following command admin PA 7050 show system environmentals fans The fan tray status is managed by the SMC in slot 4 so the above output will show that both ...

Page 147: ...hat the metal contact is touching your skin Then attach snap one end of the ground cable to the wrist strap and remove the alligator clip from the banana clip on the other end of the ESD grounding cable Plug the banana clip end into one of the ESD ports located on the front of the chassis before handling ESD sensitive hardware For details on the ESD port location see PA 7080 Front Panel AC When re...

Page 148: ...s until it stops You can do this by pushing on the handles or by pushing on the front panel of the fan tray As you fully seat the tray into place the handles will click indicating that the tray is locked in place The fan will then power on If the thermal protection circuit powers off the chassis due to over heating or failed fans you will need to turn the power off to the chassis and then restore ...

Page 149: ...command admin PA 7080 show system environmentals fan tray To view the status of each fan on a fan tray run the following command admin PA 7080 show system environmentals fans The fan tray status is managed by the SMC in slot 6 so the output from the above command will show that both fan trays are in slot S6 PA 7000 Series Firewall Hardware Reference 149 2023 Palo Alto Networks Inc ...

Page 150: ... filter order numbers PA 7050 air filter PAN PA 7050 FLTR two pull handles PA 7050 FANTRAY R A air filter PAN PA 7050 FLTR A two screws PA 7080 air filter PAN PA 7080 FLTR one pull handle STEP 1 Remove the air filter The PA 7080 firewall has one type of air filter and the PA 7050 firewall has two types of air filters as follows PA 7050 chassis air filter Installed in the chassis on the right while...

Page 151: ...ter in until the rear ball joint s snap into place If you are installing a PA 7050 FANTRAY R A air filter turn the air filter screws clockwise until tight Figure 13 PA 7050 Chassis Air Filter PA 7000 Series Firewall Hardware Reference 151 2023 Palo Alto Networks Inc ...

Page 152: ...Service the PA 7000 Series Firewall Hardware Figure 14 PA 7050 FANTRAY R A Air Filter PA 7000 Series Firewall Hardware Reference 152 2023 Palo Alto Networks Inc ...

Page 153: ...Service the PA 7000 Series Firewall Hardware Figure 15 PA 7080 Air Filter PA 7000 Series Firewall Hardware Reference 153 2023 Palo Alto Networks Inc ...

Page 154: ...e boot drive from the original SMC if the drive is not the cause of the card failure See Replace a PA 7000 Series SMC Boot Drive to learn how to replace the SSD in a first generation PA 7050 SMC and PA 7080 SMC For details on replacing an SMC B drive see Replace a PA 7050 SMC B or PA 7080 SMC B Drive There are four SMC versions the PA 7050 SMC version 1 and version 2 the PA 7050 SMC B and the PA 7...

Page 155: ...P 4 Remove the failed SMC from the chassis If you are replacing a failed PA 7050 SMC B or PA 7080 SMB also remove the SSD drives and label the drives Sys 1 and Sys2 to ensure PA 7000 Series Firewall Hardware Reference 155 2023 Palo Alto Networks Inc ...

Page 156: ... Series Firewall Hardware that you install them in the same SSD slots on the replacement SMC B See Replace a PA 7050 SMC B or PA 7080 SMC B Drive PA 7000 Series Firewall Hardware Reference 156 2023 Palo Alto Networks Inc ...

Page 157: ...ard into the back connector of the slot To prevent damage ensure that the notches line up with the chassis so that when you close the levers the levers fully seat the card into the backplane connectors STEP 7 Tighten the screws on each side of the SMC with a Phillips head screwdriver to secure it to the chassis STEP 8 Reconnect power and power on the chassis The session distribution policy configu...

Page 158: ...LPC and the same for each of the other three AMCs After you replace an LPC you will need to re index the drives as described in Re Index the LPC Drives There is one LPC model used for both the PA 7050 and PA 7080 firewall and the procedure is the same except that on the PA 7050 firewall you must install the LPC in slot 8 while on the PA 7080 firewall you must install the LPC in slot 7 STEP 1 Power...

Page 159: ...PC out of the chassis The LPC has a double lever on each side of the card After loosening the thumb screws you must pull the inner lever toward you to unlock the outer lever from the chassis and then pull the outer lever to release the card When installing the card push the outer lever in to lock the inner lever PA 7000 Series Firewall Hardware Reference 159 2023 Palo Alto Networks Inc ...

Page 160: ...the card levers are used to fully seat the card into the back connector of the slot To prevent damage ensure that the notches line up with the chassis so that when you close the levers the levers fully seat the card into the backplane connectors STEP 7 Tighten the thumb screws on each side of the LPC to secure it to the chassis STEP 8 Install the drives that you removed earlier in the same slots f...

Page 161: ...7050 firewall you must install the LFC in slot 8 while on the PA 7080 firewall you must install the LFC in slot 7 STEP 1 Power off the chassis and disconnect the power source to the chassis STEP 2 Put the provided ESD wrist strap on your wrist ensuring that the metal contact is touching your skin Then attach snap one end of the ground cable to the wrist strap and remove the alligator clip from the...

Page 162: ...he chassis The LFC has a double lever on each side of the card After loosening the thumb screws you must pull the inner lever toward you to unlock the outer lever from the chassis and then pull the outer lever to release the card When installing the card push the outer lever in to lock the inner lever Figure 16 PA 7050 LFC PA 7000 Series Firewall Hardware Reference 162 2023 Palo Alto Networks Inc ...

Page 163: ...o fully seat the card into the back connector of the slot To prevent damage ensure that the notches line up with the chassis so that when you close the levers the levers fully seat the card into the backplane connectors STEP 6 Tighten the thumb screws on each side of the LFC to secure it to the chassis Replace a PA 7000 Series Network Processing Card NPC If a Network Processing Card NPC fails the ...

Page 164: ...le Chassis STEP 1 Check the status of the NPC that is having a problem You can do this from the web interface or from the CLI In the web interface navigate to Network Interfaces to view status of each NPC slot If the NPC failed due to a hardware problem the status shows Failure The NPC may also have a configuration problem in which case you can run the commit force command to try and force a commi...

Page 165: ...ejector lever to remove the NPC The PA 7000 20GQ NPC uses the double lever design Removing a version 1 PA 7000 20G NPC Turn the card screws on each side of the card counterclockwise until loose and then slide the black lever release switch upward on both sides to unlock the release levers and then wait for the green power LED to turn off After the power LED is off pull the outer ejector release le...

Page 166: ...D to go off and then pull the release lever toward you to pull the card out of the chassis The following images show the two versions of the PA 7000 20G NPCs Figure 18 Install or Remove a PA 7000 20G Version 1 NPC PA 7000 Series Firewall Hardware Reference 166 2023 Palo Alto Networks Inc ...

Page 167: ...e chassis and then close the levers to seat the card in place The small notches located near the hinge of the card levers are used to fully seat the card into the back connector of the slot To prevent damage ensure that the notches line up with the chassis so that when you close the levers the levers fully seat the card into the backplane connectors STEP 6 Tighten the screws on each side of the NP...

Page 168: ...replaced and enabled the chassis comes up as passive in active passive configuration or as active secondary in an active active configuration To identify the failed NPC check the LEDs on the NPC or check the system logs For example if slot 3 has a failed NPC in one of the chassis the following error is displayed in the log Slot3 failure moving to failure state In the following procedure the first ...

Page 169: ...en position When the card is about 1 4 inch from being fully inserted adjust the levers to align with the chassis and then close the levers to seat the card The small notches located near the hinge of the card levers are used to fully seat the card into the back connector of the slot To prevent damage ensure that the notches line up with the chassis so that when you close the levers the levers ful...

Page 170: ...ewall Network Processing Card NPC Troubleshooting Commands State Description Empty The slot is empty and is ready to use Up The card is powered on and has a valid software configuration Disabled HA only The slot is not enabled In a high availability HA configuration the NPC slots stay in a disabled state until you enable the slot This is by design so you can install new NPCs without causing a fail...

Page 171: ...mmand Show NPC slot status Run the following to view all of the slots admin PA 7080 show chassis status To view the status of one slot run admin PA 7080 show chassis status slot slot number For example to check the status of slot 3 run admin PA 7080 show chassis status slot s3 Temporarily power on and off an NPC slot This command gracefully powers off a slot and ends current sessions You can use t...

Page 172: ...ommand admin PA 7080 request chassis power on slot slot number target h a pair For example to enable NPCs installed in slot 3 of both chassis run the following command admin PA 7080 request chassis power on slot 3 target ha pair You can use the ha pair option in an HA configuration for many of the slot control commands Replace a PA 7000 Series Data Processing Card DPC You do not have to power off ...

Page 173: ...n the other end of the ESD grounding cable Plug the banana clip end into one of the ESD ports located on the front of the chassis before handling ESD sensitive hardware For details on the ESD port location see PA 7050 Front Panel AC or PA 7080 Front Panel AC STEP 3 Turn the card screws on each side of the card counterclockwise until loose and then gently pull the inner release lever to release the...

Page 174: ...Series Firewall Hardware from being fully inserted adjust the levers to align with the chassis and then close the levers to seat the card in place PA 7000 Series Firewall Hardware Reference 174 2023 Palo Alto Networks Inc ...

Page 175: ...s3 It is recommended that you observe the enabled card for about two minutes to check for internal path monitoring failures If there is no failure proceed to the next step Check the status of the card in slot 3 on the chassis by running admin PA 7050 show chassis status slot s3 If the card is functioning properly the status will show an output similar to the following Slot Component Card Status Co...

Page 176: ...ed in the log Slot3 failure moving to failure state STEP 1 Check the status of the DPC that is having a problem You can do this from the web interface or from the CLI In the web interface navigate to Device Setup Interfaces to view status of each DPC slot If the DPC failed due to a hardware problem the status shows Failure STEP 2 Put the provided ESD wrist strap on your wrist ensuring that the met...

Page 177: ...Series Firewall Hardware from being fully inserted adjust the levers to align with the chassis and then close the levers to seat the card in place PA 7000 Series Firewall Hardware Reference 177 2023 Palo Alto Networks Inc ...

Page 178: ...hassis and the DPC that you just replaced admin PA 7050 request chassis enable slot slot number For example run the following command to enable slot 3 on the firewall admin PA 7050 request chassis enable slot s3 It is recommended that you observe the enabled card for about two minutes to check for internal path monitoring failures If there is no failure proceed to the next step PA 7000 Series Fire...

Page 179: ... by running admin PA 7050 show chassis status slot s3 If the cards are functioning properly the status will show an output similar to the following Slot Component Card Status Config Status 3 PA 7000 DPC Up Success STEP 9 Ensure that the DPCs session distribution policy is set to session load 1 Run the following command to check the DPCs current distribution policy admin PA 7050 show session distri...

Page 180: ...o one of the ESD ports located on the front of the chassis before handling ESD sensitive hardware For details on the ESD port location see PA 7050 Front Panel AC or PA 7080 Front Panel AC Before you power off the chassis in the following step ensure that you have created a backup of your PAN OS configuration See Save and Export Firewall Configurations STEP 2 Power off the chassis Disconnect the ca...

Page 181: ...y both clips STEP 8 Detach your wrist strap s ground cable from the ESD surface and plug the banana clip back into one of the ESD ports on the front of the chassis While the card ejector levers are ajar gently slide the SMC back into the appropriate slot in the chassis Ensure that the SMC faceplate aligns with the faceplates of the other cards STEP 9 Lock the card ejector levers and screw the SMC ...

Page 182: ... with the new mSATA installed When prompted log in and reset the firewall to factory default settings After the reset operation is complete load your preferred version and configuration of PAN OS PA 7000 Series Firewall Hardware Reference 182 2023 Palo Alto Networks Inc ...

Page 183: ...3 STEP 1 Identify the failed drive and note the drive model by running the following operational command and viewing the status and model fields admin PA 7080 show system raid detail For example the following output shows that drive A2 failed and the drive model is ST91000640NS Disk Pair S7A Available Status clean degraded Disk id A1 Present model ST91000640NS size 953869 MB status active sync car...

Page 184: ... PA 7080 firewall where the LPC is installed in slot s7 If you are working on a PA 7050 firewall the LPC is installed in slot s8 For a PA 7050 firewall replace slots7 with slot s8 in those commands that specify the LPC slot number PA 7000 Series Firewall Hardware Reference 184 2023 Palo Alto Networks Inc ...

Page 185: ...elease handle of the failed drive toward you until it stops to unlock the AMC from the chassis and then completely remove the AMC The FAULT LED on the AMC that contains the failed drive will show red PA 7000 Series Firewall Hardware Reference 185 2023 Palo Alto Networks Inc ...

Page 186: ...ve model of the failed drive Proceed as follows based on your findings If the replacement drive is the same model number of the failed drive that you removed then continue to 6 If the replacement drive is a different model number than the drive that you removed then continue to 7 PA 7000 Series Firewall Hardware Reference 186 2023 Palo Alto Networks Inc ...

Page 187: ... drive A2 to the array admin PA 7080 request system raid slot s7 add A2 The system will automatically configure the new drive to mirror the other drive in the RAID 1 array 4 View the RAID status until you see that the disk pair S7A in this example shows Available and both disks show the status active sync To view RAID status run the following command admin PA 7080 show system raid detail 5 The fol...

Page 188: ...ward until it stops to lock the AMC to the LPC 3 Copy the data from the existing drive in the RAID 1 array to the replacement drive In this example run the following command to copy the data from the A1 drive to the A2 drive admin PA 7080 request system raid slot s7 copy from A1 to A2 4 Run the following CLI command to view the status of the copy admin PA 7080 show system raid detail 5 Continue ru...

Page 189: ...utomatically configure the new drive to mirror the other drive in the RAID 1 array 8 Continue to view the RAID status until you see that the drive array S7A in this example shows Available and both drives show the status active sync admin PA 7080 show system raid detail The following output shows that the RAID 1 array is functioning properly Disk Pair S7A Available Status clean Disk id A1 Present ...

Page 190: ...cribed in Replace a PA 7000 Series Log Processing Card LPC power on the chassis STEP 2 If the firewall is in a high availability HA configuration run the following commands to ensure that the firewall with the replacement LPC is in the suspend state admin PA 7050 show high availability state If the firewall is active suspend it by running the following CLI command admin PA 7050 request high availa...

Page 191: ...ndexing progress This process may take several hours depending on the amount of data on the drives Run the following commands to view the progress log for the first logical RAID pair On a PA 7080 firewall in the following commands replace S8lp log with S7lp log This is required because the LPC on a PA 7080 firewall is installed in slot 7 admin PA 7050 less s8lp log vld 0 0 log Periodically view th...

Page 192: ...ble slot slot number For example if there is an NPC in slot 3 run the following command admin PA 7050 request chassis enable slot s3 Do the same for each installed NPC until all NPCs are in the Up state STEP 8 If the firewall is in an HA configuration and you suspended it set the state to functional by running the following command admin PA 7050 request high availability state functional STEP 9 Us...

Page 193: ...sys5 Sec Pol 2 allow EDM Vwire Vsys5 135 10 5 40 161 aged out 2015 01 18 08 06 39 incomplete EDM Vwire Vsys5 40706 10 43 5 17 EDM Vsys5 Sec Pol 2 allow EDM Vwire Vsys5 135 10 5 40 161 aged out You can also use the web interface to view logs For example to view the traffic logs select Monitor Logs Traffic PA 7000 Series Firewall Hardware Reference 193 2023 Palo Alto Networks Inc ...

Page 194: ...h Management Card SMC STEP 1 Identify the failed drive and note the drive model by running the following operational command and viewing the status and model fields admin PA 7080 show system raid detail For example the following output shows that the Sys 2 partitions are degraded which indicates that the Sys 2 drive failed and the drive model is MICRON_M510DC_MT Overall RAID status degraded Drive ...

Page 195: ...wall the SMC B is located in slot 4 on the PA 7080 firewall the SMC B is located in slot 6 STEP 4 Put the provided ESD wrist strap on your wrist ensuring that the metal contact is touching your skin Then attach snap one end of the ground cable to the wrist strap and remove the alligator clip from the banana clip on the other end of the ESD grounding cable Plug the banana clip end into one of the E...

Page 196: ...ware STEP 5 Remove the failed SMC B from the chassis The following images show the first generation SMCs the procedure is the same for the second generation SMCs SMC B PA 7000 Series Firewall Hardware Reference 196 2023 Palo Alto Networks Inc ...

Page 197: ...en remove the door Pull the failed drive out of the SSD drive slot Note the model number and compare it to the replacement drive If the model number is different you will replace both drives The following image show the PA 7050 SMC B the procedure to replace a PA 7080 SMC B SSD is the same PA 7000 Series Firewall Hardware Reference 197 2023 Palo Alto Networks Inc ...

Page 198: ...new drive to the array ignoring the model mismatch In this case the drives are compatible but are different models The drive is added to the array and you are prompted to reboot Upon reboot the system behavior is the same as if an identical drive was replaced Migrate from one drive to the other In this case the firewall formats the new drive to maximum capacity copies all contents from the old dri...

Page 199: ...ives in the A1 A2 array can both be model ST91000640NS and the drives in the B1 B2 array can both be model ST1000NX0423 STEP 1 Put the provided ESD wrist strap on your wrist ensuring that the metal contact is touching your skin Then attach snap one end of the ground cable to the wrist strap and remove the alligator clip from the banana clip on the other end of the ESD grounding cable Plug the bana...

Page 200: ... the failed drives in the problem array before you proceed A RAID 1 array can contain only one drive In this case you will see that the RAID details show Available and clean degraded For details see Replace a PA 7000 Series Firewall LPC Drive STEP 3 Upgrade the drives based on the PAN OS version running on the firewall If the firewall is running a PAN OS 7 0 8 or later release continue to 4 If the...

Page 201: ...g on a PA 7050 firewall the LPC is installed in slot s8 For a PA 7050 firewall replace slot s7 with slot s8 in those commands that specify the LPC slot number 2 Gently pull the AMC release handle on drive A1 toward you until it stops to unlock the AMC from the chassis and then completely remove the AMC PA 7000 Series Firewall Hardware Reference 201 2023 Palo Alto Networks Inc ...

Page 202: ...drive slot A1 in this example and then push in the release handle on the AMC to lock it to the chassis 4 Copy the data from the 1TB A2 drive to the newly installed 2TB A1 drive admin PA 7080 request system raid slot s7 copy from A2 to A1 To view the status of the copy process run the following command admin PA 7080 show PA 7000 Series Firewall Hardware Reference 202 2023 Palo Alto Networks Inc ...

Page 203: ...TB drive in the A2 slot 6 Add drive A2 to the RAID 1 array admin PA 7080 request system raid slot s7 add A2 The system will copy the data from A1 to A2 to mirror the drives To view the status of the copy process run the following command admin PA 7080 show system raid detail Continue to view the RAID detail output until you see that the array S7A in this example shows Available and both drives sho...

Page 204: ...es will not be available after the upgrade We recommend that you perform this upgrade during a maintenance window To retain logs you must upgrade to PAN OS 7 0 8 and follow the procedure described in Upgrade the firewall from 1TB to 2TB drives if the firewall is running PAN OS 7 0 8 or later 1 To remove the first two 1TB drives A1 and A2 in this example from the RAID 1 array run the following comm...

Page 205: ...a PA 7050 firewall the LPC would be installed in slot s8 For a PA 7050 firewall replace slot s7 with slot s8 in those commands that specify the LPC slot number 2 Gently pull the AMC release handle on drive A1 toward you until it stops to unlock the AMC from the chassis and then completely remove the AMC Do the same for drive A2 PA 7000 Series Firewall Hardware Reference 205 2023 Palo Alto Networks...

Page 206: ... and A2 and then push in the release handle on each AMC to lock the AMCs to the chassis 4 Create a new RAID 1 array for the 2TB drives using A1 in this example by running the following command admin PA 7080 request system raid slot s7 add A1 5 View the status of the array configuration to confirm that the new array was created admin PA 7080 show PA 7000 Series Firewall Hardware Reference 206 2023 ...

Page 207: ...38 MB status not in use card serial 002901000064 6 Add the second drive to the new array A2 is this example admin PA 7080 request system raid slot s7 add A2 The system will copy the data from A1 to A2 to mirror the drives Continue running the show system raid detail command to view the RAID output until the disk pair status shows clean and both disks show active sync 7 To upgrade the B1 B2 drive a...

Page 208: ...Service the PA 7000 Series Firewall Hardware PA 7000 Series Firewall Hardware Reference 208 2023 Palo Alto Networks Inc ...

Page 209: ...ll them in a PA 7050 or PA 7080 firewall Components that are not universal such as power supplies the Switch Management Card SMC fan trays and the air filter are listed separately for each model View the Datasheet for information on features performance and capacity numbers PA 7000 Series Firewall Physical Specifications PA 7000 Series Firewall Electrical Specifications PA 7000 Series Firewall Env...

Page 210: ...ewall 17 5 inches 44 45 cm Including the mounting ears on each side the width is 19 inches 48 26 cm PA 7080 firewall 17 5 inches 44 45 cm Including the mounting ears on each side the width is 19 inches 48 26 cm Chassis weight PA 7050 firewall Chassis AC 111 2 lbs 50 kg Includes the chassis two fan trays air filter and four power supplies Does not include the blank slot covers SMC NPCs LFC or LPC T...

Page 211: ...g Includes the chassis weight above plus the SMC LPC ten NPCs and a total of eight DC power supplies Chassis component weights Switch Management Card SMC PA 7050 SMC 11 lbs 4 kg 989 52 g PA 7080 SMC 12 5 lbs 5 kg 669 90 g PA 7050 SMC B 14 5 lbs 6 kg 577 09 g PA 7080 SMC B 14 5 lbs 6 kg 577 09 g Network Processing Card NPC 9 4 lbs 4 kg 263 77 g PA 7000 100G NPC A 12 5 lbs 5 kg 669 91 g Log Card Log...

Page 212: ...1 kg 905 09 g PA 7080 firewall 4 lbs 1 kg 814 37 g Rack mount size PA 7050 firewall 9U 19 standard rack 15 75 H x 19 W x 24 D PA 7080 Firewall 19U 19 standard rack 32 22 H x 19 W x 24 66 D Power supply configurations PA 7050 firewall Four AC or DC power supplies The AC and DC power supplies are hot swappable PA 7080 firewall Up to eight AC or DC supplies The AC and DC power supplies are hot swappa...

Page 213: ...ies Firewall Power Configuration Requirements Component SKU Number Power Specification Power Produced or Rated Consumption Notes PA 7000 20G NPC 350 Watts Includes power allocation for optics PA 7000 20GQ NPC 350 Watts Includes power allocation for optics PA 7000 20GXM NPC 350 Watts Includes power allocation for optics PA 7000 20GQXM NPC 350 Watts Includes power allocation for optics PA 7000 100G ...

Page 214: ...2500 Watts 208 240VAC or 1200 Watts 100 120VAC PA 7050 PWR25 DC Input Voltage 40 to 60VDC Output Power 2500 Watts PA 7080 SMC 300 Watts PA 7080 SMC B 500 Watts PA 7080 FAN 520 Watts PA 7080 PWR25 AC Input Voltage 90 264VAC 50 60 Hz Single phase Output Power 2500 Watts 208 240VAC or 1200 Watts 100 120VAC PA 7080 PWR25 DC Input Voltage 40 to 60VDC Output Power 2500 Watts PA 7000 Series Firewall Powe...

Page 215: ...C19 JP AC power cord with IEC 60320 C19 and NEMA L6 20P cord ends 3 m PAN PWR C19 TW AC power cord with IEC 60320 C19 and CNS 10917 3 cord ends 3 m PAN PWR C19 UK AC power cord with IEC 60320 C19 and BS 1363 UK13 cord ends 3 m PAN PWR C19 US AC power cord with IEC 60320 C19 and NEMA 6 20P cord ends 3 m PAN PWR C19 US L AC power cord with IEC 60320 C19 and locking NEMA L6 20P cord ends 3 m PAN PWR ...

Page 216: ...erature range 20 to 70 C 4 F to 158 F Humidity 5 to 90 non condensing Chassis airflow PA 7050 Side to side While facing the front of the chassis the air enters from the right and exits on the left You can change the chassis airflow from side to side to front to back by installing the PAN AIRDUCT kit Contact your reseller or Palo Alto Networks for ordering information PA 7080 Front to back PA 7000 ...

Page 217: ...h the laws and regulations in each country where there are requirements applicable to our products Our products meet standards for product safety and electromagnetic compatibility when used for their intended purpose To view compliance statements for the PA 7000 Series firewalls see PA 7000 Series Firewall Compliance Statements 217 ...

Page 218: ...sh and then coated with an antioxidant before they are connected Fastening hardware must be compatible with the materials being joined and must preclude loosening deterioration and electrochemical corrosion of the hardware and the joined materials The firewall is suitable for connection to the Central Office or Customer Premise Equipment CPE The DC battery return wiring on the firewall must be con...

Page 219: ...equency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communications However there is no guarantee that interference will not occur in a particular installation If this equipment does cause harmful interference to radio or television reception which can be determined by turning the equipment off and on the user is encouraged to try...

Page 220: ...PA 7000 Series Firewall Hardware Compliance Statements PA 7000 Series Firewall Hardware Reference 220 2023 Palo Alto Networks Inc ...

Search results

Summary of Contents for PA-7000 Series

Reviews:

Brands by name

Popular brands

PaloAlto Networks PA-7000 Series, Hardware Reference Manual

Search results

Summary of Contents for PA-7000 Series

Reviews:

Brands by name

Popular brands