PaloAlto Networks PA-7050 PAN-AIRDUCT Hardware Reference Manual

Brand: PaloAlto Networks

Model: PA-7050 PAN-AIRDUCT

Type: Hardware Reference Manual

PA-7050 

Hardware Reference Guide

Contact Information

http://www.paloaltonetworks.com/contact/contact/

About this Guide

This guide describes the PA-7050 firewall hardware, provides instructions on installing the hardware,

describes how to perform maintenance procedures, and provides product specifications. This guide is

intended for system administrators responsible for installing and maintaining the PA-7050 firewall.

All PA-7050 devices run PAN-OS, a purpose-built operating system with extensive functionality. For

additional information, refer to the following resources:

• For information on the additional capabilities and for instructions on configuring the features on

the firewall, refer to

https://www.paloaltonetworks.com/documentation.

• For access to the knowledge base, complete documentation set, discussion forums, and videos,

refer to

https://live.paloaltonetworks.com.

• For contacting support, for information on the support programs, or to manage your account or

devices, refer to

https://support.paloaltonetworks.com.

• For the latest release notes, go to the software downloads page at

https://support.paloaltonetworks.com/Updates/SoftwareUpdates.

To provide feedback on the documentation, please write to us at:

documentation@paloaltonetworks.com.

Palo Alto Networks, Inc.

www.paloaltonetworks.com

Palo Alto Networks and PAN-OS are trademarks of Palo Alto Networks, Inc.

Palo Alto Networks Table of Contents • 3

Chapter 1 

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Front Panel (AC) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Back Panel (AC) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Front Panel (DC) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Back Panel (DC) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Chapter 2 

PA-7050 Modules and Interface Card Overview . . . . . . . . . . . . . . . . . . 13

Switch Management Card (SMC) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

SMC Component Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Interpreting the SMC LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

Network Processing Card (NPC). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

NPC Component Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Interpreting the NPC LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Log Processing Card (LPC) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

LPC and AMC Component Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Interpreting the AMC/Disk Drive LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Chapter 3 

Installing the Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Tamper Proof Statement. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Equipment Rack Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

2-Post Rack Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

4-Post Rack Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Install the Mandatory Front Slot Cards. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

Install the Switch Management Card (SMC) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

Install the Log Processing Card (LPC) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

Install a Network Processing Card (NPC) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

Connect Power . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

Connect AC Power . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

Connect DC Power . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

Connect Cables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

Verify the LPC and NPC Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

Verify the LPC Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

Verify the NPC configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

Chapter 4 

Maintaining the Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Cautions and Warnings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

General Cautions/Warnings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

DC Power Related Cautions/Warnings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

Replace an AC or DC Power Supply . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

Replace an AC Power Supply . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

Table of Contents

4 • Table of Contents Palo Alto Networks

Replace a DC Power Supply . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

Replace an AMC/Disk Drive. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

Replace a Fan Tray . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

Replace the Air Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

Replace Front Slot Cards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

Replace a Switch Management Card (SMC) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56

Replace a Log Processing Card (LPC) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

Replace a Network Processing Card (NPC) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

Front Card Slot States . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

NPC Troubleshooting Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

Chapter 5 

Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

Physical Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

Interface Specifications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

Electrical Specifications and Power Cords . . . . . . . . . . . . . . . . . . . . . . . . . . 65

Electrical Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

Power Cord Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

Environmental Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66

Chapter 6 

Compliance Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

NEBS Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

VCCI Statement. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68

BSMI EMC Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68

Palo Alto Networks Overview • 5

Chapter 1 

Overview

The PA-7050 firewall is a high performance modular firewall designed for large enterprise and carrier

class environments. The multi-blade chassis has hot-swappable line cards to enable expandability as

needs grow and can provide up to 120 Gbps of throughput when fully loaded with six Network

Processing Cards (NPCs). Dedicated High Availability HA1 (control) ports are available as well as

dedicated 80 gigabit (when both HSCI ports are connected) QSFP HA ports used for HA2 (data link)

and HA3 (packet forwarding) to provide full hardware redundancy in an active/passive or active/active

configurations. A dedicated log card handles all log processing and uses two pairs of drives, each pair in

a RAID 1 configuration, to provide two terabytes of log storage. The chassis can use either AC or DC

power supplies that are installed in the front of the chassis.

This chapter describes the features of the front and back panel of the PA-7050 firewall. For details on

the cards that can be installed in the front slots of the chassis, see “PA-7050 Modules and Interface Card

Overview” on page 13.

See the following topics:

• “Front Panel (AC)” on page 6

• “Back Panel (AC)” on page 9

• “Front Panel (DC)” on page 10

• “Back Panel (DC)” on page 12

Front Panel (AC)

6 • Overview Palo Alto Networks

Front Panel (AC)

Figure 1 shows the front panel of the PA-7050 (AC) platform and Table 1 describes the front panel

features.

Figure 1. PA-7050 Front Panel (AC)

ACTIVITY

FAULT

PA-7000-20G-NPC

PA-7000-BLANK

PA-7050-SMC

PA-7000-BLANK

PA-7000-AMC-1TB

POWER ACTIVITY

FAULT

1 3 5 7 9 11

2 4 6 8 10 12 14 16 18 20 22 24

13 15 17 19 21 23

PA-7000-AMC-1TB

POWER ACTIVITY

FAULT

PA-7000-AMC-1TB

POWER ACTIVITY

FAULT

PWR

STS

ALM

TMP

PWR

STS

TMP

HA1-A HA1-B MGT

CONSOLE HSCI-A HSCI-B

USB

ALM

FAN

LOG

POWER

PA-7050-FAN

FAULT

POWER

PA-7050-FAN

FAULT

PA-7000-AMC-1TB

POWER

PA-7050

SMC

Palo Alto Networks Overview • 7

Front Panel (AC)

Table 1. PA-7050 (AC) Front Panel Features

Item Description

1. Exhaust Fan Tray

Hot-swappable exhaust fan tray that provides ventilation and cooling for

the chassis. The fan tray is interchangeable and can be installed on either

side of the chassis to perform exhaust or air intake functionality.

During normal operation, the top fan tray LED is green. If one or more fans

fail on the fan tray, the green LED will go out and the red LED will

illuminate.

2. Air Intake Fan Tray

Hot-swappable air intake fan tray that provides ventilation and cooling for

the chassis. The fan tray is interchangeable and can be installed on either

side of the chassis to perform exhaust or air intake functionality.

During normal operation, the top fan tray LED is green. If one or more fans

fail on the fan tray, the green LED will go out and the red LED will

illuminate.

3. Switch Management

Card (SMC)

The SMC provides management access to the chassis using a serial console

cable connected to the Console port or an RJ-45 cable connected to the

MGT port. The card also contains HA ports that provide high availability

(HA) connectivity between two chassis. LED indicators provide

information on various chassis components.

IMPORTANT: The SMC must be installed in slot 4 and is required to

operate the chassis.

For more information on the management interface, see “Switch

Management Card (SMC)” on page 14.

NOTE: The PAN-OS software preinstalled on the embedded Solid State

Drive (SSD) on the SMC. The SSD is not serviceable.

4. Air Filter

Replaceable air filter that provides filtering of air entering the chassis. The

filter tray should be inspected periodically for cleanliness. The filter is not

designed to be cleaned and it is recommended that you replace the filter

every six months.

5. Network Processing

Card (NPC)

Provides data traffic connectivity.

IMPORTANT: NPCs can be installed in slots 1,2,3,5,6, and/or 7. You

must have at least one NPC installed before the firewall can process data

traffic.

For more information on the NPC, see “Network Processing Card (NPC)”

on page 17.

6. Log Processing Card

(LPC)

The LPC manages all of the logs generated by the firewall. It contains four

disk drives that are configured in two separate RAID 1 pairs to provide

redundancy. Each drive is installed in an Advanced Mezzanine Card

(AMC), which connects the drive to the LPC. When replacing a drive, the

AMC/Drive is ordered and installed as one unit and is hot-swappable.

IMPORTANT: The LPC is required to operate the chassis and must be

installed in slot 8.

For more information on the LPC, see “Log Processing Card (LPC)” on

page 19.

Front Panel (AC)

8 • Overview Palo Alto Networks

7. AC Power Supplies

Provides AC power to the chassis. The chassis should always have all four

power supplies operational at all times.

DC power supplies are also available for the PA-7050 and are installed in

the same power supply slots as the AC power supplies. When DC power

supplies are installed, the back panel AC inlets and switches are not

functional and must be covered with the provided cover plate. For more

information, see “Electrical Specifications and Power Cords” on page 65.

8. Electrostatic Discharge

(ESD) ports

Three ESD ports to be used when removing/installing any of the chassis

hardware components. You can use any of the three ports and an ESD strap

is provided.

Table 1. PA-7050 (AC) Front Panel Features (Continued)

Item Description

Palo Alto Networks Overview • 9

Back Panel (AC)

Figure 2 shows the back panel of the PA-7050 (AC) platform and Table 2 describes the back panel

features.

Figure 2. Back Panel (AC)

Front Panel (DC)

10 • Overview Palo Alto Networks

Table 2. Back Panel Features (AC)

Front Panel (DC)

Figure 3 shows the front panel of the PA-7050 (DC) platform. The only difference between the front

panel AC platform and the front panel DC platform is that the DC platform uses four DC power

supplies instead of four AC power supplies. The same power supply slots are used for the AC and DC

power supplies.

When DC power supplies are installed, the back panel AC inlets and switches are not functional

and must be covered with the provided cover plate. For more information, see “Electrical Specifications and Power

Cords” on page 65.

Item Description

1. Grounding Lugs

To ground the system, use a grounding wire of at least 6 American Wire

Gauge (AWG). The 6 AWG wire must be attached to the provided copper

grounding lug and crimped with the proper crimping tool. Attach one end

of the grounding cable to building ground and attach the other end to the

grounding lug bolts on the chassis using the provided star washers and

nuts.

2. AC power inlets

Four 20 amp AC power inlets. Each power inlet provides AC power to the

power supplies located on the front of the chassis. Each inlet/switch

corresponds to the power supply on the front of the chassis. For example, if

you are facing the back of the device, the switch on the far left side

provides power to the power supply on the front far right side when facing

the front of the chassis.

For information on connecting AC power, see “Connect AC Power” on

page 37.

Note: The AC power module that contains the inlets and power switches is

not field serviceable.

3. AC power switches

Four AC on/off power switches. Each switch has a circuit breaker that will

trip if the amperage reaches 25 amps.

Palo Alto Networks Overview • 11

Front Panel (DC)

Figure 3. Front Panel (DC)

ACTIVITY

FAULT

PA-7000-20G-NPC

PA-7000-BLANK

PA-7050-SMC

PA-7000-BLANK

PA-7000-AMC-1TB

POWER ACTIVITY

FAULT

1 3 5 7 9 11

2 4 6 8 10 12 14 16 18 20 22 24

13 15 17 19 21 23

PA-7000-AMC-1TB

POWER ACTIVITY

FAULT

PA-7000-AMC-1TB

POWER ACTIVITY

FAULT

PWR

STS

ALM

TMP

PWR

STS

TMP

HA1-A HA1-B MGT

CONSOLE HSCI-A HSCI-B

USB

ALM

FAN

LOG

POWER

PA-7050-FAN

FAULT

POWER

PA-7050-FAN

FAULT

PA-7000-AMC-1TB

POWER

PA-7050

SMC

Four DC Power Supplies

Back Panel (DC)

12 • Overview Palo Alto Networks

Back Panel (DC)

Figure 4 shows the back panel of the PA-7050 (DC) platform. The only differences between the back

panel AC platform and the back panel DC platform is that the DC platform will have a cover plate over

the AC inlets and power switches. When using DC power supplies, the AC power cord inlets and

switches are not functional. The grounding lug is utilized for both AC and DC installations. For

information on connecting power, see

“Connect Power” on page 37.

Figure 4. Back Panel (DC)

Grounding Lugs

AC Inlet and Power Switch Cover Plate

(Only used when DC power supplies are installed)

Palo Alto Networks PA-7050 Modules and Interface Card Overview • 13

Chapter 2 

PA-7050 Modules and Interface Card

Overview

This chapter describes the PA-7050 firewall modules and the interface cards that can be installed and

are serviceable. The minimum cards that must be installed to operate the PA-7050 firewall is one

Switch Management Card (SMC), one Network Processing Card (NPC), and one Log Processing Card

(LPC). You can install up to five additional NPC cards to expand port density and processing.

Important: The left black slide latch that slides up to unlock the release lever on the NPC contains a

micro-switch that is used to power down the card for removal. Both latches (left/right) need to slide up

to remove the card, but only the left side contains the micro-switch. Do not slide the left latch up unless

you intend to power down and remove the card.

Although all front slot cards have protection to prevent damage if they are installed or removed when

the chassis is powered, only the NPC is intended to be hot-swapped during normal operation. The SMC

and LPC should only be installed/replaced when the chassis is powered off. For details on replacing

PA-7050 hardware components, see “Maintaining the Hardware” on page 43.

• “Switch Management Card (SMC)” on page 14

• “Network Processing Card (NPC)” on page 17

• “Log Processing Card (LPC)” on page 19

Note: The SMC must be installed in slot 4, the LPC in slot 8, and NPCs can be

installed in slots 1,2,3,5, 6, and/or 7.

Switch Management Card (SMC)

14 • PA-7050 Modules and Interface Card Overview Palo Alto Networks

Switch Management Card (SMC)

The Switch Management Card (SMC) provides switch fabric and system management access to the

chassis using a serial console cable connected to the Console port or an Ethernet cable connected to the

MGT port. The SMC also provides high availability (HA) connectivity between two chassis. LED

indicators provide information on various components of the chassis.

IMPORTANT: The SMC must be installed in slot 4 and is required to operate the device.

• “SMC Component Descriptions” on page 14

• “Interpreting the SMC LEDs” on page 16

SMC Component Descriptions

Figure 5 shows the Switch Management Card (SMC) and Table 3 describes the SMC components.

Figure 5. Switch Management Card (SMC)

Table 3. Switch Management Card Features

Item Description

1. HA1-A

Ethernet 10/100/1000 port for High Availability (HA) control and

synchronization. Connect this port directly from HA1-A port the first

device in the pair to the HA1-A on the second device in the pair, or connect

them together through a switch or router.

HA1 cannot be configured on NPC data ports or the MGT port.

2. HA1-B

Ethernet 10/100/1000 port for high-availability (HA) control and

synchronization used as a backup for HA1-A. Connect this port directly

from HA1-B port the first device in the pair to the HA1-B on the second

device in the pair, or connect them together through a switch or router.

HA1 cannot be configured on NPC data ports or the MGT port.

3. MGT

Ethernet 10/100/1000 port to access the device management interfaces

through an Ethernet interface. The default URL for the MGT port is https:/

/192.168.1.1. For example, change the management computer IP address to

192.168.1.2, connect directly to the MGT port and browse to the MGT IP

address. You can also SSH to 192.168.1.1. The default login name and

password is admin/admin.

PA-7050-SMC

PWR

STS

TMP

HA1-A HA1-B MGT

CONSOLE HSCI-A HSCI-B

USB

ALM

FAN

LOG

Lever Release Latch

Palo Alto Networks PA-7050 Modules and Interface Card Overview • 15

Switch Management Card (SMC)

4. Console

One RJ-45 port for connecting a serial console for device management

using the CLI.

The console connection is a standard RS-232 type. The following shows

the pin-outs:

Signal-------- DB-9-----RJ45

CTS-------_----8-----------8

DSR-----_------6------_---7

RXD------------2-----------6

GND-----_-----5-----------5,4

TXD------------3-----------3

DTR------------4-----------2

RTS------_-----7-----------1

Note: If the management computer does not have a serial port, a USB to

serial converter can be used.

5. HSCI-A

(High Speed Chassis

Interconnect)

Quad Port SFP (QSFP) interfaces used to connect two PA-7050s for a

High Availability (HA) configuration. Each port is comprised of four 10

gigabit links internally for a combined speed of 40 gigabits and is used for

HA2 data link in an active/passive configuration. When in active/active

mode, the port is also used for HA3 packet forwarding for asymmetrically

routed sessions that require Layer 7 inspection for App-ID and Content-ID.

In a typical installation, HSCI-A on the first chassis connects directly to

HSCI-A on the second chassis and HSCI-B on the first chassis connects to

HSCI-B on the second chassis. This will provide full 80 gigabit transfer

rates. In software, both ports (HSCI-A and HSCI-B) are treated as one HA

interface.

The HSCI ports are not routable and must be connected directly to each

other.

HA2 (data link) can be configured on the HSCI ports or on NPC data ports.

6. HSCI-B

(High Speed Chassis

Interconnect)

See the HSCI-A description above. The HSCI-B port is used to increase

the bandwidth for HA2/HA3 purposes.

The HSCI ports are not routable and must be connected directly to each

other.

HA2 (data link) can be configured on the HSCI ports or on NPC data ports.

7. USB

USB port for future use.

8. LED Indicators

Eight LEDs that indicate status for various hardware components. For

details on the LEDs, see “Interpreting the SMC LEDs” on page 16.

9. SMC card release

hardware

Levers, screws, and lever release latches used to install and remove the

SMC card. The lever release on each side slides upward to release the

lever.

Table 3. Switch Management Card Features (Continued)

Item Description

Switch Management Card (SMC)

16 • PA-7050 Modules and Interface Card Overview Palo Alto Networks

Interpreting the SMC LEDs

Figure 6 shows the LED dashboard that is located on the Switch Management Card (SMC). Table 4

describes the LED functions and states of the LED dashboard, Table 5 describes the SMC SFP and Port

LEDs, Table 6 describes the SMC HA port LEDs, and Table 7 describes the HSCI ports.

Figure 6. SMC LEDs

Table 4. Functions and States of the SMC LED Dashboard

LED State Description

PWR

(POWER)

Green The device is powered.

Off Power is off.

STS

(STATUS)

Green Device is operating normally.

Yellow Device is booting up.

HA Green Device is the current active device.

Yellow Device is the current passive device.

Off High availability (HA) is not enabled on this device.

Note The above LED status descriptions are for an Active/Passive

configuration. In an Active/Active configuration, the HA LED only

indicates HA status for the local device and does not indicate HA

connectivity of the peer. If HA is active on the given device the LED is

green; if HA is not active the LED is off.

TMP

(Temp)

Green Chassis temperature is normal.

Yellow Chassis temperature is outside the normal tolerance for one or more of

the installed cards.

ALM

(Alarm)

Red There is a hardware failure, which may include a voltage issue, power

supply/module detected (but not working), fan failure, hard drive failure,

HA failover, or temperature above high temperature threshold.

Off Device is operating normally.

FAN Green All fans are operating normally.

Red One or more fans have failed on one or both of the fan trays. To find out

which fan tray has a fan failure, check the fan tray LEDs. A red LED on

the fan tray will indicate that one or more fans have failed.

(Power

Supply)

Green All AC or DC power supplies are operating normally.

Red One or more AC or DC power supplies has failed.

PWR

STS

TMP

ALM

FAN

LOG

Palo Alto Networks PA-7050 Modules and Interface Card Overview • 17

Network Processing Card (NPC)

The Network Processing Card (NPC) provides data traffic connectivity for the PA-7050 firewall. You

can install up to six NPCs to expand system capacity. When viewing the NPC cards from the web

interface at Network > Interfaces, the NPCs will be organized by slot and will then have an icon to

expand the slot to show all ports on the NPC. In the CLI, the first number in the interface name indicates

the slot and the second number indicates the port. For example, slot 1 Ethernet port 1 will show

ethernet1/1, port 2 will show ethernet1/2, slot 2 port 1 is ethernet 2/1, port 2 is

ethernet 2/2, and so on.

IMPORTANT: NPC cards can be installed in slots 1,2,3,5,6, and/or 7. You must have at least one NPC

installed before the firewall can process data traffic.

• “NPC Component Descriptions” on page 18

• “Interpreting the NPC LEDs” on page 18

LOG Red LED will change to red if there is a drive failure, temperature issue, or

other issue with the Log Processing Card (LPC). To determine which

drive has failed, check the LEDs on each AMC/Disk drive.

Off There are no alarms present on the Log Processing Card (LPC) and the

card and drives are operating normally.

Table 5. Functions and States of the SMC MGT Port LEDs

LED Description

Left Shows solid green if there is a network link.

Right Blinks green if there is network activity.

Table 6. Functions and States of the SMC HA1-A and HA1-B Port LEDs

LED Description

Left Shows green if there is a network link.

Right Blinks green if there is network activity.

Table 7. Functions and States of the SMC HSCI-A and HSCI-B Port LEDs

LED Description

Left Shows green if there is a network link. Because this interface is comprised

of four 10 gigabit links, the LED is an AND operation of all four link

states.

Right Blinks green if there is network activity. Because this interface is

comprised of four 10 gigabit links, the LED is an OR operation of all four

activity states.

Table 4. Functions and States of the SMC LED Dashboard (Continued)

LED State Description

Network Processing Card (NPC)

18 • PA-7050 Modules and Interface Card Overview Palo Alto Networks

NPC Component Descriptions

Figure 7 shows the Network Processing Card (NPC) and Table 8 describes the NPC components.

Figure 7. Network Processing Card (NPC)

Interpreting the NPC LEDs

Figure 8 shows the LED dashboard that is located on the Network Processing Card (NPC). Table 9

describes the LED functions and states for the LED dashboard, Table 10 describes the Ethernet and SFP

LEDs, and Table 11 describes the SFP+ LEDs.

Figure 8. NPC LEDs

Table 8. Network Processing Card (NPC) Features

Item Description

1. Ethernet ports

12 RJ-45 10/100/1000 ports for network traffic.

2. SFP ports

Eight Small Form-Factor Pluggable (SFP) ports for network traffic.

3. SFP+ ports

Four SFP+ ports for network traffic.

4. LED dashboard

Four LEDs indicating NPC status. For details on the LEDs, see

“Interpreting the NPC LEDs” on page 18.

5. NPC release hardware

Levers, screws, and lever release latches used to install/remove the NPC

card. The lever release latches on each side slides upward to release the

levers. The left release latch also has a micro-switch that will power off the

card as soon as it is moved upward to unlock the lever. Only move this

latch if you intend to remove the card.

PA-7000-20G-NPC

1 3 5 7 9 11

2 4 6 8 10 12 14 16 18 20 22 24

13 15 17 19 21 23

PWR

STS

ALM

TMP

Lever Release Latch

Table 9. Functions and States of the NPC LED Dashboard

LED State Description

PWR Green Card is powered.

Off Power is off.

STS

(STATUS)

Green Card is operating normally.

Yellow Card is booting up.

PWR

STS

TMP

ALM

Palo Alto Networks PA-7050 Modules and Interface Card Overview • 19

Log Processing Card (LPC)

The Log Processing Card (LPC) is a dedicated card with a processor, memory, and storage drives used

to handle all logging for the PA-7050 firewall. The LPC contains four Advanced Mezzanine Cards

(AMCs) used as a carrier for each drive.

When replacing a drive, the AMC/Disk drive is ordered and installed

as one unit and is hot-swappable.

There is no special configuration needed for the chassis to use this card for logging.

IMPORTANT: The LPC must be installed in slot 8 and is required to operate the chassis. The LPC

must also contain at least one formated AMC/drive. During normal operation, all four AMC/drives

should be installed in two RAID 1 pairs.

• “LPC and AMC Component Descriptions” on page 20

• “Interpreting the AMC/Disk Drive LEDs” on page 20

ALM

(Alarm)

Red There is a hardware failure on the card.

Off The card is operating normally.

TMP

(Temp)

Green The NPC temperature is normal.

Yellow The NPC temperature is outside the normal tolerance.

Table 10. Functions and States of the Ethernet and SFP Port LEDs

LED Description

Left Shows green if there is a network link.

Right Blinks green if there is network activity.

Table 11. Functions and States of the SFP+ Port LEDs

LED Description

Left Shows green if there is a network link.

Right Blinks green if there is received (RX) network activity.

Table 9. Functions and States of the NPC LED Dashboard (Continued)

LED State Description

Log Processing Card (LPC)

20 • PA-7050 Modules and Interface Card Overview Palo Alto Networks

LPC and AMC Component Descriptions

Figure 9 shows the Log Processing Card (LPC) and Advanced Mezzanine Cards (AMCs) and Table 12

describes the LPC and AMC features.

Figure 9. Log Processing Card (LPC)

Interpreting the AMC/Disk Drive LEDs

The LPC itself does not have LEDs; the AMCs inserted into the LPC that holds the disk drives has

LEDs used for drive activity, drive failures, and power. If there is a hardware issue with the LPC, the

LOG LED on the Switch Management Card (SMC) will change to red and the system logs can also be

checked for status.

Table 12. LPC and AMC features

Item Description

1. LPC

Log Processing Card (LPC) that processes all logs and then stores the logs

on the four Advanced Mezzanine Cards (AMCs) that contain one disk

drive each.

2. AMC

Four Advanced Mezzanine Cards (AMCs) and drives used to store all logs

generated by the chassis. The AMC is a Printed Circuit Board (PCB) card

that holds a disk drive and connects the drive to the LPC.

Each AMC contains one 2.5” SATA disk drive with a 1 terabyte capacity.

The first two drives on the left (Drives A1 and A2) are a RAID 1 pair and

the next two drives on the right (B1 and B2) are also a RAID 1 pair for a

total of 2 terabytes of log storage.

Important: Do not attempt to replace the drive on an AMC. If a drive

failure occurs, contact Palo Alto Networks or your reseller for a

replacement AMC that will contain the AMC and the drive as one unit.

3. Advanced Mezzanine

Card (AMC) release

handle.

Handle used to remove the AMC/Disk drive from the LPC card. Pull the

handle toward you to unlock and remove the AMC/Disk drive.

4. AMC/Disk drive LED

panel

Three LEDs that indicate drive activity, failure, and power. Top left is

activity, bottom left is fault, and top right is power.

5. LPC Card release

hardware

Release levers and screws used to install and remove the LPC card. The

main lever has a similar smaller lever as part of the release mechanism that

must be pulled toward you before the main lever will release the card from

the slot. The left and right inner lever also has a micro-switch that will

power down the card as soon as the levers are both moved to release the

outer lever.

ACTIVITY

FAULT

PA-7000-AMC-1TB

POWER ACTIVITY

FAULT

PA-7000-AMC-1TB

POWER ACTIVITY

FAULT

PA-7000-AMC-1TB

POWER ACTIVITY

FAULT

PA-7000-AMC-1TB

POWER

Page is loading ...

PaloAlto Networks PA-7050 PAN-AIRDUCT Hardware Reference Manual

Brand: PaloAlto Networks

Model: PA-7050 PAN-AIRDUCT

Type: Hardware Reference Manual

Download PDF

report

PaloAlto Networks PA-7050 PAN-AIRDUCT Hardware Reference Manual

PaloAlto Networks PA-7050 PAN-AIRDUCT Hardware Reference Manual

Related papers

Other documents