background image

36

   PA-5400 SERIES NEXT-GEN FIREWALL HARDWARE REFERENCE   |   PA-5400 Series Firewall Installation

©

 2021 Palo Alto Networks, Inc.

Содержание PA-5400 Series

Страница 1: ...PA 5400 Series Next Gen Firewall Hardware Reference paloaltonetworks com documentation...

Страница 2: ...earch for a specific topic go to our search page www paloaltonetworks com documentation document search html Have feedback or questions for us Leave a comment on any page in the portal or write to us...

Страница 3: ...tion 37 Install the PA 5450 Firewall in an Equipment Rack 37 Install the Mandatory PA 5400 Series Firewall Front Slot Cards 44 Install a PA 5400 Series Firewall Management Processor Card MPC 44 Instal...

Страница 4: ...ace a PA 5450 Front Slot Card in a High Availability HA Configuration 77 Install an MPC Logging Drive 79 Replace an MPC System Drive 80 PA 5400 Series Firewall Specifications 83 PA 5400 Series Firewal...

Страница 5: ...o Networks next generation firewall or appliance The following topics apply to all Palo Alto Networks firewalls and appliances except where noted Upgrade Downgrade Considerations for Firewalls and App...

Страница 6: ...6 PA 5400 SERIES NEXT GEN FIREWALL HARDWARE REFERENCE Before You Begin 2021 Palo Alto Networks Inc...

Страница 7: ...port the requirements for the service route We recommend using the dataplane interface for the Data Services service route n a Upgrading a PA 7000 Series Firewall with a first generation switch manage...

Страница 8: ...uct The tracking number provided to you electronically when ordering the product matches the tracking number that is physically labeled on the box or crate The integrity of the tamper proof tape used...

Страница 9: ...FIREWALL HARDWARE REFERENCE Before You Begin 9 2021 Palo Alto Networks Inc Third Party Component Support Before you consider installing third party hardware read the Palo Alto Networks Third Party Com...

Страница 10: ...tromagnetic compliance EMC regulations French Translation Des c bles Ethernet blind s reli s la terre doivent tre utilis s pour garantir la conformit de l organisme aux missions lectromagn tiques CEM...

Страница 11: ...les signal Le blindage et la mise la terre ligne ligne et ligne la terre sont fournis Le dispositif de protection doit tre raccord la terre et un c ble Ethernet blind de cat gorie 5E ou sup rieure doi...

Страница 12: ...patientez au moins 10 secondes avant de retirer compl tement le tiroir de ventilation Cela permet aux ventilateurs d arr ter de tourner et permet d viter des blessures graves lors du retrait du tiroir...

Страница 13: ...ed access areas only A restricted access area is where access is granted only to craft service personnel using a special tool lock and key or other means of security and that is controlled by the auth...

Страница 14: ...14 PA 5400 SERIES NEXT GEN FIREWALL HARDWARE REFERENCE Before You Begin...

Страница 15: ...the PA 5450 you can install up to two NCs and four to five DPCs depending on your front slot configuration These firewalls also feature a replaceable Base Card BC that interfaces with the signal conne...

Страница 16: ...16 PA 5400 SERIES NEXT GEN FIREWALL HARDWARE REFERENCE PA 5400 Series Firewall Overview 2021 Palo Alto Networks Inc...

Страница 17: ...nnectivity An NC must be installed in slot 1 A second optional NC can be installed in slot 2 as shown in the image For more information see PA 5400 Series Firewall Networking Card NC 2 Data Processor...

Страница 18: ...ge The two front mounting flanges are fastened to an equipment rack when mounting the firewall 6 Electrostatic Discharge ESD port Provides a grounding point that you use when removing or installing ap...

Страница 19: ...tion on replacing or installing a fan see Replace a PA 5450 Fan Assembly 3 Electrostatic Discharge ESD port Provides a grounding point that you use when removing or installing appliance components Sec...

Страница 20: ...20 PA 5400 SERIES NEXT GEN FIREWALL HARDWARE REFERENCE PA 5400 Series Firewall Overview...

Страница 21: ...C are interfaced with the BC on the front of the appliance A minimum of one NC and one DPC are required for the system to run Due to the seven front slot arrangement you can install up to two NCs and...

Страница 22: ...22 PA 5400 SERIES NEXT GEN FIREWALL HARDWARE REFERENCE PA 5400 Series Firewall Module and Interface Card Information 2021 Palo Alto Networks Inc...

Страница 23: ...ower bus bars to conduct currents from the power distribution board The BC can only be removed from the system after removing the fan assemblies first The following BC comes installed by default in a...

Страница 24: ...MPC A component descriptions and LED meanings PA 5400 MPC A Component Descriptions Interpret the PA 5400 MPC A LEDs PA 5400 MPC A Component Descriptions The following image shows the PA 5400 MPC A an...

Страница 25: ...l connects directly to HSCI A on the second firewall and HSCI B on the first firewall connects to HSCI B on the second firewall The purpose of HSCI B is to increase the bandwidth for HA2 HA3 processin...

Страница 26: ...llowing table describes the functions and states of the MPC LED dashboard LED State Description Green The card temperature is normal TMP Temperature Yellow The card temperature is outside the temperat...

Страница 27: ...Service LED Slot Description Status s1 PA 5400 NC A On s2 empty Off s3 empty Off s4 empty Off s5 empty Off s6 PA 5400 DPC A On s7 PA 5400 MPC A On Enter the following command to view the status for a...

Страница 28: ...shows ethernet2 2 For information on installing the NC see Install a PA 5400 Series Firewall Networking Card NC On the PA 5450 firewall you can install NCs in slots 1 and 2 but a minimum of one NC is...

Страница 29: ...NC A LEDs Use the following information to learn how to interpret the LED dashboard and port LEDs on the PA 5400 Networking Card NC A The following table describes the functions and states of the NC A...

Страница 30: ...ystem setting service led enable yes Enter the following command to disable the SVC LED admin PA 5450 set system setting service led enable no Enter the following command to enable the SVC LED on the...

Страница 31: ...s On On Off 40Gbps Off Off On 100Gbps Off On Off Identify PA 5400 Series NC Port Activity and Link LEDs The following image shows how to identify the activity and link LEDs for the port types availabl...

Страница 32: ...from a DPC to a corresponding Networking Card NC Certain commands issued to the NC affect or are affected by the status of its corresponding DPC Because the DPC has no front ports or interfaces you mu...

Страница 33: ...ard DPC The following table describes the functions and states of the DPC LED dashboard LED State Description Green The card temperature is normal TMP Temperature Yellow The card temperature is outsid...

Страница 34: ...a specific slot admin PA 5450 show system service led status slot s3 Enter the following command to enable all SVC LEDs admin PA 5450 set system setting service led enable yes Enter the following com...

Страница 35: ...rds After the firewall is installed in the rack with all components installed connect power verify that the front slot cards are functioning and then connect network and management cables Read Before...

Страница 36: ...36 PA 5400 SERIES NEXT GEN FIREWALL HARDWARE REFERENCE PA 5400 Series Firewall Installation 2021 Palo Alto Networks Inc...

Страница 37: ...e to uneven mechanical loading Circuit overloading Ensure that the circuit that supplies power to the firewall is sufficiently rated to avoid circuit overloading or excess load on supply wiring See PA...

Страница 38: ...om edges of the fixed and adjustable brackets to the bottom of the 5 RU rack space reserved for the PA 5450 Align the slotted holes of the fixed mounting bracket to the holes on the front side of the...

Страница 39: ...P 4 Adjust the brackets to fit the depth of the equipment frame then secure the brackets to the equipment frame with mounting screws not provided compatible with your equipment frame Tighten the screw...

Страница 40: ...ARDWARE REFERENCE PA 5400 Series Firewall Installation 2021 Palo Alto Networks Inc STEP 5 Use the provided 6 32 x 5 16 flathead screws to secure the adjustable bracket to the fixed bracket A minimum o...

Страница 41: ...PA 5450 on the brackets that were previously mounted to the equipment frame until the front mounting flanges of the PA 5450 are flush against the mounting surface of the equipment frame STEP 7 Secure...

Страница 42: ...provided 8 32 x 3 8 Phillips panhead screws to secure the back side of the PA 5450 to the previously mounted brackets You may need to loosen the PA 5450 support bracket screws to align the holes in t...

Страница 43: ...PA 5400 SERIES NEXT GEN FIREWALL HARDWARE REFERENCE PA 5400 Series Firewall Installation 43 2021 Palo Alto Networks Inc...

Страница 44: ...C enables the firewall to process network traffic and the Data Processor Card DPC handles data plane processing Install a PA 5400 Series Firewall Management Processor Card MPC Install a PA 5400 Series...

Страница 45: ...1 Attach the provided ESD strap to your wrist and plug the other end in to the ESD port location on the front of the appliance See PA 5450 Front Panel for the location of the ESD port STEP 2 Remove th...

Страница 46: ...te the blank panel upwards until it snaps at the top of the slot Configure Session Distribution on a PA 5400 Series Firewall After the firewall is installed and powered on you can review the available...

Страница 47: ...etworking Card NC When installing a DPC you must install it in the correct slot to pair with the NC STEP 4 Push on both ejector handles until they lock the card into place STEP 5 Optional Repeat Steps...

Страница 48: ...connect the device to the correct port The port s connected will depend on which mode you intend the firewall to run in Standard mode Connect the Ethernet cable from the MGT port on the firewall to th...

Страница 49: ...up the firewall manually if using standard mode If using ZTP mode the device group and template configuration defined on the Panorama management server are automatically pushed to the firewall by the...

Страница 50: ...power input type and then locate the column that coincides with the number of installed DPCs Each power supply requirement in the table accounts for the installation of 1 or 2 NCs To provide full redu...

Страница 51: ...STEP 2 Put the provided ESD wrist strap on your wrist ensuring that the metal contact is touching your skin Then attach snap one end of the ground cable to the wrist strap and remove the alligator cli...

Страница 52: ...t to 50 in lbs Be careful not to strip the nuts and lug studs STEP 7 Connect the power supply to a power source based on whether your power supplies are AC or DC AC Power Supplies only 1 Connect the f...

Страница 53: ...ing the plastic connector into the DC power supply until it clicks into place Ensure that you connect each pair of power supplies to a different circuit breaker When cabling the DC power supply to you...

Страница 54: ...tors This CLI output helps you know how much power is required to prevent the appliance from overloading under extreme conditions STEP 1 Using a terminal emulator such as PuTTY launch an SSH session t...

Страница 55: ...A 5450 FAN Present 160 PS1 PAN PWR 2200W AC OK 2200 PS2 PAN PWR 2200W AC OK 2200 PS3 empty empty PS4 PAN PWR 2200W AC OK 2200 Provided Used Remaining 6600 1565 5035 As indicated in the last row of the...

Страница 56: ...rial connection to the firewall and enables you to view the bootup messages and manage the firewall using the command line interface CLI Both the MGT and console ports are located on the Management Pr...

Страница 57: ...mand admin PA 5450 show chassis status slot slot number For example to view the status of slot 2 run the following command admin PA 5450 show chassis status slot s2 If an NC slot is ready to use the s...

Страница 58: ...s Firewall Installation For example to enable NCs installed in slot 2 of both appliances run the following command admin PA 5450 request chassis power on slot s2 target ha pair For information on inst...

Страница 59: ...es firewall For an overview of the hardware components see PA 5400 Series Firewall Overview Replace a PA 5400 Series Firewall AC or DC Power Supply Replace a PA 5400 Series Base Card BC Replace a PA 5...

Страница 60: ...60 PA 5400 SERIES NEXT GEN FIREWALL HARDWARE REFERENCE Service the PA 5400 Series Firewall Hardware 2021 Palo Alto Networks Inc...

Страница 61: ...only at 12VSB Volts Standby Blinking Green 2Hz Power supply is in redundant state or in sleep mode Solid Yellow Power supply critical failure Off No AC power or AC power cord is unplugged The followi...

Страница 62: ...latch from the appliance With the latch still pushed to the left pull on the metal handle to slide the power supply out STEP 5 Remove the replacement power supply from the packaging STEP 6 Slide the n...

Страница 63: ...D grounding cable Plug the banana clip end into one of the ESD ports located on the back of the appliance before handling ESD sensitive hardware For details on the ESD port location see PA 5450 Back P...

Страница 64: ...64 PA 5400 SERIES NEXT GEN FIREWALL HARDWARE REFERENCE Service the PA 5400 Series Firewall Hardware 2021 Palo Alto Networks Inc Support the BC with one hand while pulling it out from the appliance...

Страница 65: ...or the thermal protection circuit will automatically shut down the firewall STEP 1 Put the provided ESD wrist strap on your wrist ensuring that the metal contact is touching your skin Then attach sna...

Страница 66: ...ERIES NEXT GEN FIREWALL HARDWARE REFERENCE Service the PA 5400 Series Firewall Hardware 2021 Palo Alto Networks Inc STEP 5 While still gripping the fan assembly handle gently pull the fan assembly out...

Страница 67: ...erational by noting the status of the fan assembly LED and the fan LED on the MPC The individual fan assembly LED shows green if it is functioning as expected Similarly the fan LED on the MPC also sho...

Страница 68: ...agement Processor Card MPC Learn how to replace a MPC Replace a PA 5450 Management Processor Card MPC Replace a PA 5450 Management Processor Card MPC STEP 1 Put the provided ESD wrist strap on your wr...

Страница 69: ...reboot and attempt to recover If the card does not recover it will change to a down state If there is only one functioning NC in the appliance and the NC fails after three recovery attempts the firewa...

Страница 70: ...dware For details on the ESD port location see PA 5450 Front Panel STEP 2 Push the front tabs on the NC towards the center prompting a click This will cause ejector handles on the front of the card to...

Страница 71: ...of slot 1 run admin PA 5450 show chassis status slot s1 Temporarily power on and off an NC slot This command gracefully powers off a slot and ends current sessions You can use this command to remove...

Страница 72: ...Data Processor Card DPC Replace a PA 5450 Data Processor Card DPC STEP 1 Put the provided ESD wrist strap on your wrist ensuring that the metal contact is touching your skin Then attach snap one end...

Страница 73: ...lock the card into place PA 5400 Series Front Slot and Card States You can view the slot and card status information on a PA 5400 Series firewall using the web interface or the command line interface...

Страница 74: ...and ready for removal AdminPowerOff An administrator powered down the slot and it will not be available until you power it back on If there is a slot that you want ignored in an HA configuration HA p...

Страница 75: ...ed slot request chassis restart slot request chassis restart slot target ha pair Restart a card in the selected slot request chassis enable slot request chassis enable slot target ha pair Enable a car...

Страница 76: ...4 06 34 critical hw slot po 0 Attempting to power down Slot 1 because the Logically Paired DPC is in a PowerOff state Powering off an NC The state of the logically paired DPC is not affected when the...

Страница 77: ...HA deployment To insert a new pair of NCs or DPCs into an HA pair 1 Insert the card into both devices 2 If the slot is in the Admin power down state then issue the following command on both devices to...

Страница 78: ...e failed card The non failed card on the other device can be left in an AdminPowerOff state until you receive a replacement card To install a replacement of the failed card 1 When you receive the repl...

Страница 79: ...or the location of the ESD port STEP 2 Loosen the retaining screw on the logging drive blank cover while gently pulling on the pull tab Proceed until the logging drive blank cover can be pulled out fr...

Страница 80: ...Back Panel STEP 3 Remove the MPC from card slot 7 of the appliance See Replace a PA 5400 Series Management Processor Card MPC for details on removing the MPC STEP 4 Place the MPC on an ESD work surfa...

Страница 81: ...ceeding a torque of 4 in lbs will damage the equipment STEP 9 Before re installing the MPC plug the banana clip end of your ESD wrist strap into one of the ESD ports located on the back of the applian...

Страница 82: ...82 PA 5400 SERIES NEXT GEN FIREWALL HARDWARE REFERENCE Service the PA 5400 Series Firewall Hardware...

Страница 83: ...mponent specifications for the PA 5400 Series firewalls View the datasheet for information on features performance and capacity numbers PA 5400 Series Firewall Physical Specifications PA 5400 Series F...

Страница 84: ...84 PA 5400 SERIES NEXT GEN FIREWALL HARDWARE REFERENCE PA 5400 Series Firewall Specifications 2021 Palo Alto Networks Inc...

Страница 85: ...5450 firewall 17 4 inches 44 2 cm Appliance weight PA 5450 firewall Appliance 97 lbs 44 kg Appliance with Base Card BC and fan tray installed 108 lbs 49 kg Appliance component weights Base Card BC 10...

Страница 86: ...0 Series Firewall Power Configuration Requirements Component SKU Number Power Specification Power Produced or Rated Consumption Notes PAN PA 5400 BC A 350 Watts PAN PA 5400 MPC A 300 Watts Includes po...

Страница 87: ...N PWR C19 US AC power cord with IEC 60320 C19 and NEMA 6 20P cord ends 3 m PAN PWR C19 US L AC power cord with IEC 60320 C19 and locking NEMA L6 20P cord ends 3 m PAN PWR C19 BR Power Cord Brazil 16A...

Страница 88: ...ewall Environmental Specifications The following table describes PA 5400 Series firewall environmental specifications Specification Value Operating temperature range 0 to 40 C 32 F to 104 F Storage te...

Страница 89: ...with the laws and regulations in each country where there are requirements applicable to our products Our products meet standards for product safety and electromagnetic compatibility when used for the...

Страница 90: ...90 PA 5400 SERIES NEXT GEN FIREWALL HARDWARE REFERENCE PA 5400 Series Firewall Hardware Compliance Statements 2021 Palo Alto Networks Inc...

Страница 91: ...re and the joined materials The firewall is suitable for connection to the Central Office or Customer Premise Equipment CPE The DC battery return wiring on the firewall must be connected as an isolate...

Страница 92: ...If this equipment does cause harmful interference to radio or television reception which can be determined by turning the equipment off and on the user is encouraged to try to correct the interference...

Отзывы: