Next-Generation Firewalls

Today’s Next-Generation Firewalls provide advanced protection for physical or virtual public and private cloud networks.

Overview

Stay ahead of the most complex threats with ML-
powered, cloud-based network security

Leverage inline deep learning to stop unknown zero-day attacks. Our latest innovations go beyond signature-based detection to find the most evasive threats and stop them.

Deep learning stops the most evasive threats

With the first Next-Generation Firewalls to introduce inline deep learning, a subset of traditional machine learning, you can move beyond the structured data analysis of machine learning and analyze data more in the way a human would.

Zero-delay signatures provide updates in seconds

With zero-delay signatures, every internet-connected NGFW in a network is updated within single-digit seconds of an analysis, ensuring the first user to see a threat is the only user to see that threat.

ML-powered visibility across IoT and other connected devices

Quickly and accurately profile any IoT device to reveal its type, vendor, model, firmware and more while using cloud scale to compare device usage, validate profiles and fine-tune models so devices don’t go unmanaged.

Maximize security and minimize downtime

Use AIOps to deliver high ROI — improve your security posture without adding staff or buying new equipment, and avoid costly outages by predicting firewall health.

PA-Series

The most trusted Next-Generation Firewalls in the industry

Our flagship hardware firewalls are a foundational part of our network security platform. Automated and driven by machine learning, the world’s first ML-Powered NGFW powers businesses of all sizes to achieve predictable performance and coverage of the most evasive threats.

PA-220R Series

Rugged performance for the harshest environments

Palo Alto Networks PA-220R is a ruggedized ML-Powered Next-Generation Firewall (NGFW) that brings next-generation capabilities to industrial applications in harsh environments. The PA-220R ruggedized appliance secures industrial and defense networks in a range of harsh environments, such as utility substations, power plants, manufacturing plants, oil and gas facilities, building management systems, and healthcare networks.

PA-220R Firewall

535 Mbps firewall throughput (HTTP/appmix)
320 Mbps Threat Prevention throughput (HTTP/appmix)
550 Mbps IPsec VPN throughput
64,000 Max sessions
4,200 New sessions per second

PA-400 Series

Big security. Small footprint

The PA-400 Series protects the enterprise branch with inline, real-time threat prevention. Our two newest boxes in the series, the PA-415-5G and the PA-455, provide optional redundant power for those looking for additional connectivity options, and both are easy to deploy. Most importantly, these ML-powered NGFWs stop known and unknown threats in real time and decrypt branch traffic at high speed.

PA-410 Firewall

1.4 Gbps firewall throughput (HTTP/appmix)
0.65 Gbps IPsec VPN throughput
64,000 Max sessions
11,000 New sessions per second

PA-410R Firewall

1.5 Gbps firewall throughput (HTTP/appmix)
64,000 Max sessions
4,500 New sessions per second

PA-410R-5G Firewall

1.5 Gbps firewall throughput (HTTP/appmix)
64,000 Max sessions
4,500 New sessions per second

PA-415 Firewall

1.5 Gbps firewall throughput (HTTP/appmix)
0.65 Gbps IPsec VPN throughput
64,000 Max sessions
11,000 New sessions per second

PA-415-5G Firewall

1.5 Gbps firewall throughput (HTTP/appmix)
0.65 Gbps IPsec VPN throughput
64,000 Max sessions
11,400 New sessions per second

PA-440 Firewall

2.6 Gbps firewall throughput (HTTP/appmix)
1.1 Gbps IPsec VPN throughput
200,000 Max sessions
34,000 New sessions per second

PA-445 Firewall

2.7 Gbps firewall throughput (HTTP/appmix)
1.1 Gbps IPsec VPN throughput
200,000 Max sessions
34,000 New sessions per second

PA-450 Firewall

3.3 Gbps firewall throughput (HTTP/appmix)
1.7 Gbps IPsec VPN throughput
200,000 Max sessions
34,000 New sessions per second

PA-450R Firewall

3.2 Gbps firewall throughput (HTTP/appmix)
2.2 Gbps IPsec VPN throughput
200,000 Max sessions
10,000 New sessions per second

PA-450R-5G Firewall

2.1 Gbps firewall throughput (HTTP/appmix)
200,000 Max sessions
10,000 New sessions per second

PA-455 Firewall

3.6 Gbps firewall throughput (HTTP/appmix)
1.8 Gbps IPsec VPN throughput
300,000 Max sessions
56,000 New sessions per second

PA-460 Firewall

4.6 Gbps firewall throughput (HTTP/appmix)
2.3 Gbps IPsec VPN throughput
400,000 Max sessions
67,000 New sessions per second

PA-800 Series

Rugged performance for the harshest environments

The PA-800 Series next-generation firewalls prevent cyber threats and safely enable applications. The series includes PA-820 and PA-850, which are based on the same architectural foundation as all of our next-generation firewalls. The PA-800 Series of appliances provide advanced visibility and control of applications, users, and content at throughput speeds of up to 1.9 Gbps and with I/O options of up to four 10 Gigabit SFP+ ports. Redundant power supplies provide hardware resiliency, and the USB port allows rapid deployment of large numbers of firewalls with consistent configuration.

PA-820 Firewall

940 Mbps firewall throughput (App-ID enabled)
610 Mbps threat prevention throughput
400 Mbps IPSec VPN throughput
128,000 max sessions
8,300 new sessions per second
1000 IPSec VPN tunnels/tunnel interfaces
5 virtual routers
30 security zones
1,500 max number of policies

PA-850 Firewall

1.9 Gbps firewall throughput (App-ID enabled)
780 Mbps threat prevention throughput
400 Mbps IPSec VPN throughput
192,000 max sessions
9,500 new sessions per second
1000 IPSec VPN tunnels/tunnel interfaces
5 virtual routers
40 security zones
1,500 max number of policies

PA-1400 Series

Protect large branch locations and small enterprise campuses

The PA-1400 Series supports Power over Ethernet (PoE), virtual systems (VSYS), high-speed 5G copper ports (mGig ports) and fiber ports.

PA-1410 Firewall

8.9/6.8 Gbps firewall throughput (HTTP/appmix)
3.3/3.2 Gbps threat prevention throughput (HTTP/appmix)
4.6 Gbps IPSec VPN throughput
945,000 max sessions
100,000 new sessions per second
1/6 virtual s (base/max)

PA-1420 Firewall

9.9/9.5 Gbps firewall throughput (HTTP/appmix)
5.0/4.8 Gbps threat prevention throughput (HTTP/appmix)
6.5 Gbps IPSec VPN throughput
1,400,000 max sessions
140,000 new sessions per second
1/6 virtual s (base/max)

PA-3400 Series

Maximize performance in a 1 RU design

The PA-3400 Series is designed to pack performance in a small 1 RU design. This power-efficient ML-powered NGFW is the firewall of choice for internet edge and campus environments.

PA-3410 Firewall

11 Gbps firewall throughput (App-ID enabled¹)
5.1 Gbps Threat Prevention throughput²
6.8 Gbps IPsec VPN throughput
1,400,000 sessions
145,000 new sessions per second³
1/11 virtual systems (base/max⁴)

PA-3420 Firewall

16.9 Gbps firewall throughput (App-ID enabled¹)
7.6 Gbps Threat Prevention throughput²
9.9 Gbps IPsec VPN throughput
2,000,000 sessions
205,000 new sessions per second³
1/11 virtual systems (base/max⁴)

PA-3430 Firewall

20.5 Gbps firewall throughput (App-ID enabled¹)
9.2 Gbps Threat Prevention throughput²
12.2 Gbps IPsec VPN throughput
2,500,000 sessions
240,000 new sessions per second³
1/11 virtual systems (base/max⁴)

PA-3440 Firewall

24 Gbps firewall throughput (App-ID enabled¹)
12.8 Gbps Threat Prevention throughput²
14.5 Gbps IPsec VPN throughput
3,000,000 sessions
268,000 new sessions per second³
1/11 virtual systems (base/max⁴)

PA-5400 Series

Compact, high-performing security for data centers and campus locations

The PA-5400 Series are the highest performing ML-powered NGFWs in a 2 RU (rack units) design. The PA-5400 Series includes the recently launched PA-5445 which delivers 2.5X threat performance and 50% higher session capacity compared to the previous generation PA-5260.

PA-5410 Firewall

45.2/36.7 Gbps firewall throughput (HTTP/appmix)
22/23.5 Gbps threat prevention throughput (HTTP/appmix)
21 Gbps IPSec VPN throughput
4.1 M max sessions
246,000 new sessions per second
10/20 virtual systems (base/max)

PA-5420 Firewall

53.7/47.5 Gbps firewall throughput (HTTP/appmix)
28.8/30.5 Gbps Gbps threat prevention throughput (HTTP/appmix)
28.7 Gbps IPSec VPN throughput
6.2 M max sessions
315,000 new sessions per second
15/65 virtual systems (base/max)

PA-5430 Firewall

63/59.4 Gbps firewall throughput (HTTP/appmix)
37.6/40.9 Gbps threat prevention throughput (HTTP/appmix)
42 Gbps IPSec VPN throughput
8.3M max sessions
366,000 new sessions per second
25/125 virtual systems (base/max)

PA-5450 Series

Scalable, high-speed performance in an innovative compact design

The PA-5450 is designed to meet the stringent requirements of hyperscale data centers, internet edges and campus segmentation deployments, delivering 150 Gbps of threat performance with security services enabled.

PA-5450 Firewall

200 Gbps firewall throughput (HTTP/appmix)
125 Gbps Threat Prevention throughput
95 Gbps IPsec VPN throughput
100M Max sessions
4M New sessions per second

PA-7000 Series

Scalable design for high performance

The PA-7000 Series ML-Powered NGFWs provide security for high-speed data centers and service providers. These advanced systems offer features such as reliable performance, threat prevention and high-throughput decryption.

PA-7050 Firewall

120 Gbps firewall throughput (App-ID enabled)
60 Gbps threat prevention throughput
24 Gbps IPSec VPN throughput
24,000,000 max sessions
720,000 new sessions per second
120,000 IPSec VPN tunnels/tunnel interfaces
20,000 SSL VPN Users
225 virtual routers
25/225 virtual systems (base/max)
900 security zones
40,000 max number of policies

PA-7080 Firewall

200 Gbps firewall throughput (App-ID enabled)
100 Gbps threat prevention throughput
80 Gbps IPSec VPN throughput
1,200,000 max sessions
80,000,000 new sessions per second
225 virtual routers
25/225 virtual systems (base/max)
900 security zones

A single platform to see and secure everything

Explore our product families to see which solutions best work together to provide the complete protection your enterprise deserves.

Cloud NGFW for AWS

Best-in-class security offered as a single easy-to-use service

Managed by Palo Alto Networks and easily procured in the AWS Marketplace, our latest Next-Generation Firewall is designed to easily deliver our best-in-class security protections with AWS simplicity and scale.

VM-Series Virtual Firewall

Boost security and safeguard public and private cloud investments

Bring the world's most effective network security to any cloud or virtualized environment for the perfect balance of security, speed and versatility.

CN-Series Container Firewall

Keep cloud-native applications nimble and secure

Protect inbound, outbound and east-west traffic between container trust zones and other workload types in Kubernetes environments – without slowing down the speed of development.

Panorama

Manage network security confidently and effectively with Panorama

Simplify network security oversight with centralized firewall management across different infrastructures and clouds. Panorama saves time and reduces complexity with centralized firewall management for all your Palo Alto Networks Next-Generation Firewalls and Prisma Access.

M-200 Management Appliance

4x 10/100/1000
1x DB9 console serial port
1x USB port
8 TB RAID Certified HDD (4) for 16 TB of RAID storage

M-300 Management Appliance

2x 10/100/1000
1x DB9 console serial port
1x USB port
8 TB RAID Certified HDD (4) for 16 TB of RAID storage

M-600 Management Appliance

4x 10/100/1000
1x DB9 console serial port
1x USB port
2x 10 GigE ports
8 TB RAID Certified HDD (4) for 16 TB of RAID storage

M-700 Management Appliance

2x 10/100/1000
1x DB9 console serial port
1x USB port
2x 10 GigE ports
8 TB RAID Certified HDD (12) for 48 TB of RAID storage

Use Cases

Securing your network requires the right protection in the right place

Our NGFW platform protects your entire business, no matter the size or complexity. With a unified network security architecture and the ability to leverage deep learning in real time, our firewalls can help you see and secure everything.