PA-5400 Series Front Panel (2024)

PA-5400 Series Next-Gen Firewall Hardware Reference

: PA-5400 Series Front Panel

Updated on

Feb 7, 2024

Focus

Download PDF

Updated on

Feb 7, 2024

Focus

Home
PA-5400 Series Next-Gen Firewall Hardware Reference
PA-5400 Series Firewall Overview
PA-5400 Series Front and Back Panel Descriptions
PA-5400 Series Front Panel

Download PDF

PA-5400 Series Front Panel

Table of Contents

Learn about the components located on the front of thePA-5400 Series firewall.

The following image shows the front panel of the PA-5410, PA-5420, PA-5430, PA-5440

, and PA-5445

firewalls. The table describes each front panel component.

Item	Component	Description
1	Ethernet ports 1 through 8	Eight RJ-45 10Mbps/100Mbps/1Gbps/2.5Gbps/5Gbps/10Gbpsports for network traffic. Port 1 is a Zero Touch Provisioning (ZTP) port. The ZTP port can be used to automate the on-boarding of new firewalls to a Panorama management server. To use the ZTP port, read how to boot the firewall in ZTP mode.
2	SFP+ ports 9 through 20	Ports 9 through 20 are SFP (1Gbps) or SFP+ (10Gbps)based on the installed transceiver. The SFP ports canbe remapped as HA-1 ports via PAN-OS or Panorama. These remappedHA-1 ports offer high availability connectivity over a longer distancethan what is permitted by the HA1-A and HA1-B ports listed below.
3	SFP28 ports 21 through 24	Four SFP28 (25Gbps) ports that also support 1Gbps/SFP and 10Gbps/SFP+ modules. The FEC setting of the remote endpointmust be set to RS-FEC to ensure that the link remains up.
4	QSFP28 ports 25 through 44	Four form-factor pluggable (QSFP+/QSFP28) 40Gbps/100Gbps Ethernet ports. Each interface supports breakout mode to create four 10Gbps or four 25Gbps ports each. Ports 25, 26, 27, and 28 break out from port 41 Ports 29, 30, 31, and 32 break out from port 42 Ports 33, 34, 35, and 36 break out from port 43 Ports 37, 38, 39, and 40 break out from port 44 Refer to Interpret the PA-5400 Series LEDs to view the LED behavior of these ports. Setting the interface speed to auto defaults the ports to breakout mode. Manually setting the interface speed allows you to use each individual port.
5	HSCI port	One 40Gbps port that can be used to connecttwo PA-5400 Series firewalls in a high availability (HA) configurationas follows: In an active/passive configuration, thisport is for HA2 (data link). In an active/active configuration, you can configure thisport for HA2 and HA3. HA3 is used for packet forwarding for asymmetricallyrouted sessions that require Layer 7 inspection for App-ID and Content-ID. TheHSCI ports must be connected directly between the two firewallsin the HA configuration (without a switch or router between them).When directly connecting the HSCI ports between two PA-5400 Seriesfirewalls that are physically located near each other, Palo Alto Networksrecommends that you use an active or passive QSFP+ cable. Forinstallations where the two firewalls are not near each other andyou cannot use an active or passive QSFP+ cable, use a standardQSFP+ transceiver and the appropriate cable length.
6	HA1-A and HA1-B ports	Two SFP+ 1Gbps/10Gbps ports for high availability (HA)control. If the firewall dataplane restarts due to afailure or manual restart, the HA1-B link will also restart. Ifthis occurs and the HA1-A link is not connected and configured,then a split brain condition occurs. Therefore, we recommend thatyou connect and configure the HA1-A ports and the HA1-B ports toprovide redundancy and to avoid split brain issues.
7	MGT port	Use this SFP+ 1Gbps/10Gbps port to accessthe management web interface and perform administrative tasks. Thefirewall also uses this port for management services, such as retrievinglicenses and updating threat and application signatures. The management port supports copper and fiber SFP/SFP+ transceivers for 1G connectivity. For 10G connectivity, the management port only supports fiber SFP/SFP+ transceivers. The Management port cannot be used to configure HA1 or HA1 backup. You must use the dedicated HA1-A and HA1-B ports.
8	CONSOLE port (RJ-45)	Use this port to connect a management computerto the firewall using a 9-pin serial-to-RJ-45 cable and terminal emulationsoftware. The console connection provides access to firewall bootmessages, the Maintenance Recovery Tool (MRT), and the command lineinterface (CLI). If your management computer does nothave a serial port, use a USB-to-serial converter. Usethe following settings to configure your terminal emulation softwareto connect to the console port: Data rate: 9600 Data bits: 8 Parity: None Stop bits: 1 Flow control: None
9	USB port	A USB port that accepts a USB flash drivewith a bootstrap bundle (PAN-OS configuration). Bootstrappingspeeds up the process of configuring and licensing the firewallto make it operational on the network with or without internet access.
10	CONSOLE port (Micro USB)	Use this port to connect a management computerto the firewall using a standard Type-A USB-to-micro USB cable. Theconsole connection provides access to firewall boot messages, theMaintenance Recovery Tool (MRT), and the command line interface(CLI). Refer to the Micro USB Console Port page for more information and to download the Windows driver or to learn how to connect from a Mac or Linux computer.
11	LED status indicators	Eight LEDs that indicate the status of thefirewall hardware components (see Interpret the PA-5400 Series LEDs).
12	System Drive Cover	Secures the device SSD.

"); adBlockNotification.append($("Thanks for visiting https://docs.paloaltonetworks.com. To improve your experience when accessing content across our site, please add the domain to the allow list on your ad blocker application.")); let adBlockNotificationClose = $("x"); adBlockNotification.prepend(adBlockNotificationClose) $('body').append(adBlockNotification); setTimeout(function(e) { adBlockNotification.addClass('open'); }, 10); adBlockNotificationClose.on('click', function(e) { adBlockNotification.removeClass('open'); }) } }, 5000)

Previous PA-5400 Series Front and Back Panel Descriptions

Next PA-5400 Series Back Panel

Recommended For You

{{ if(( raw.pantechdoctype != "techdocsAuthoredContentPage" && raw.objecttype != "Knowledge" && raw.pancommonsourcename != "TD pan.dev Docs")) { }} {{ if (raw.panbooktype) { }} {{ if (raw.panbooktype.indexOf('PANW Yellow Theme') != -1){ }}

{{ } else if (raw.panbooktype.indexOf('PANW Green Theme') != -1){ }}

{{ } else if (raw.panbooktype.indexOf('PANW Blue Theme') != -1){ }}

{{ } else { }}

{{ } }} {{ } else { }}

{{ } }} {{ } else { }} {{ if (raw.pantechdoctype == "pdf"){ }}

{{ } else if (raw.objecttype == "Knowledge") { }}

{{ } else if (raw.pancommonsourcename == "TD pan.dev Docs") { }}

{{ } else if (raw.pancommonsourcename == "LIVEcommunity Public") { }}

{{ } else { }}

{{ } }} {{ } }}

{{ if (raw.pancommonsourcename == "LIVEcommunity Public") { }}

{{ if (raw.pantechdoctype == "pdf"){ }}

{{ } }}

{{ } else { }}

{{ if (raw.pantechdoctype == "pdf"){ }}

{{ } }}

{{ if (raw.pancommonsourcename != "TD pan.dev Docs"){ }} {{ if (raw.pandevdocsosversion){ }} {{ } else { }} {{ if ((_.size(raw.panosversion)>0) && !(_.isNull(raw.panconversationid )) && (!(_.isEmpty(raw.panconversationid ))) && !(_.isNull(raw.otherversions ))) { }} (See other versions) {{ } }} {{ } }} {{ } }}

{{ } }}{{ if (raw.pantechdoctype == "bookDetailPage"){ }}

{{ } }}{{ if (raw.pantechdoctype == "bookLandingPage"){ }}

{{ } }}{{ if (raw.pantechdoctype == "productLanding"){ }}

{{ } }}{{ if (raw.pantechdoctype == "techdocsAuthoredContentPage"){ }}

{{ } }}{{ if (raw.pantechdoctype == "pdf"){ }}

{{ } }}