PA-SERIES
Next-Generation Firewalls
Your security starts with Palo Alto Networks firewalls
Our new, industry-leading ML-Powered Next-Generation Firewall is here. Driven by innovation, our award-winning hardware firewalls secure every size network in every industry so you get protection in one place and everywhere all at once.
The latest ML-Powered NGFWs bring industry-leading performance and
security to emerging use cases
These new platforms dramatically increase performance from prior generations. This ensures you’re able to stop highly evasive threats and protect every part of your organization — from the smallest branch offices to the largest campuses, data centers and 5G service provider networks.
PA-220R Series
Rugged performance for the harshest environments
Palo Alto Networks PA-220R is a ruggedized ML-Powered Next-Generation Firewall (NGFW) that brings next-generation capabilities to industrial applications in harsh environments. The PA-220R ruggedized appliance secures industrial and defense networks in a range of harsh environments, such as utility substations, power plants, manufacturing plants, oil and gas facilities, building management systems, and healthcare networks.
PA-400 Series
Big security. Small footprint
The PA-400 Series protects the enterprise branch with inline, real-time threat prevention. Our two newest boxes in the series, the PA-415-5G and the PA-455, provide optional redundant power for those looking for additional connectivity options, and both are easy to deploy. Most importantly, these ML-powered NGFWs stop known and unknown threats in real time and decrypt branch traffic at high speed.
PA-800 Series
Rugged performance for the harshest environments
The PA-800 Series next-generation firewalls prevent cyber threats and safely enable applications. The series includes PA-820 and PA-850, which are based on the same architectural foundation as all of our next-generation firewalls. The PA-800 Series of appliances provide advanced visibility and control of applications, users, and content at throughput speeds of up to 1.9 Gbps and with I/O options of up to four 10 Gigabit SFP+ ports. Redundant power supplies provide hardware resiliency, and the USB port allows rapid deployment of large numbers of firewalls with consistent configuration.
PA-1400 Series
Protect large branch locations and small enterprise campuses
The PA-1400 Series supports Power over Ethernet (PoE), virtual systems (VSYS), high-speed 5G copper ports (mGig ports) and fiber ports.
PA-3400 Series
Maximize performance in a 1 RU design
The PA-3400 Series is designed to pack performance in a small 1 RU design. This power-efficient ML-powered NGFW is the firewall of choice for internet edge and campus environments.
PA-5400 Series
Compact, high-performing security for data centers and campus locations
The PA-5400 Series are the highest performing ML-powered NGFWs in a 2 RU (rack units) design. The PA-5400 Series includes the recently launched PA-5445 which delivers 2.5X threat performance and 50% higher session capacity compared to the previous generation PA-5260.
PA-5450 Series
Scalable, high-speed performance in an innovative compact design
The PA-5450 is designed to meet the stringent requirements of hyperscale data centers, internet edges and campus segmentation deployments, delivering 150 Gbps of threat performance with security services enabled.
PA-7000 Series
Scalable design for high performance
The PA-7000 Series ML-Powered NGFWs provide security for high-speed data centers and service providers. These advanced systems offer features such as reliable performance, threat prevention and high-throughput decryption.
PA-7500 Series
The platinum standard: our fastest and most scalable firewall
The PA-7500 includes the new FE400 ASIC, custom silicon developed by Palo Alto Networks. This enables over 1.5 Tbps App-ID™, low latency performance and over 400M concurrent Layer 7 sessions. This flexible, scalable design supports up to seven data processing cards or up to seven networking cards for maximum processing or throughput.
Maximize your security ROI and reduce downtime
Get intelligent security and proven return on investment over three years with our ML-Powered NGFW platform.
$14.11
MILLION BENEFITS REALIZED
50%
BREACH REDUCTION
$5.2
MILLION END-USER PRODUCTIVITY GAIN
Unique architecture offers world-class security and high performance
Palo Alto Networks single-pass architecture employs a unique single-pass approach to packet processing, delivering better performance and security.
PA-Series appliances for every application
From the largest data centers and service providers to remote branches and retail locations,
Palo Alto Networks Next-Generation Firewalls cover the complete spectrum of use cases.
Ensure complete and consistent protection
With flexible deployment options that include modular and scalable designs to meet specific deployment needs, you get complete and consistent protection across your business.
Full Layer 7 security protection
A comprehensive approach to Layer 7 security starts by identifying your applications regardless of port, protocol, evasive techniques or encryption (TLS/SSL).
Our Palo Alto Networks firewalls classify network traffic by the application’s identity in order to grant access to users and provide visibility and control of all types of applications to admins, including web applications, software-as-a-service (SaaS) applications and legacy applications. Our approach uses the application, not the port, as the basis for all your safe enablement policy decisions so you can allow, deny, schedule, inspect and apply traffic-shaping. When needed, you can create custom App-ID™ tags for proprietary applications or request App-ID development for new applications.
- Block malicious files and thwart data exfiltration attempts.
- Identify and categorize all applications, on all ports, all the time.
- Enable safe migration of legacy Layer 4 rule sets.
Stop malicious files with inline prevention
Attackers frequently bypass traditional signature-based security, modifying existing threats that then show up as unknown signatures. This leaves security professionals struggling to keep up since manually adding signatures cannot be done fast enough to prevent attacks in real time. Plus, using solutions that pull files offline for inspection creates bottlenecks, hinders productivity and can’t scale.
Our ML-Powered NGFWs use embedded ML algorithms to enable line-speed classification, inspecting files at download and blocking malicious files before they can cause harm. With inline prevention, the PA-Series automatically prevents initial infections from never-before-seen threats without requiring cloud-based or offline analysis for the majority of malware variant threats, reducing the time between visibility and prevention to near zero.
Our inline deep learning system analyzes live traffic, detecting and preventing today’s most sophisticated attacks, including portable executables, phishing, malicious JavaScript and fileless attacks. Finely tuned models avoid false positives, and a unique feedback loop ensures fast and accurate threat prevention as attacks happen – all without sacrificing performance.
- Find malicious files in real time right when they enter the network.
- Maintain security performance through inline single-pass inspection.
- Reduce the time to identify and block unknown threats to almost zero.
Simplify Zero Trust with easy-to-deploy user identity and access
Identity is a critical component of a Zero Trust approach to network security. With enterprises increasingly migrating from on-premises to cloud identity providers, and users connecting from anywhere, it is difficult to keep security and identity information connected and in sync across the network. Networks are designed for a single source of identity, and this can lead to inconsistent security between data centers, campus networks, public clouds and hybrid environments.
Palo Alto Networks Cloud Identity Engine is a cloud-based architecture for identity-based security that can consistently authenticate and authorize your users, regardless of location and where user identity stores live – on-premises, in the cloud, or hybrid. As a result, security teams can effortlessly allow all users access to applications and data everywhere and quickly move toward a Zero Trust security posture.
Cloud Identity Engine saves you time and hassle in deploying and managing identity-based controls on your network security infrastructure, using a point-and-click configuration with real-time identity synchronization.
- Consistently authenticate and authorize your users, regardless of location.
- Accurately enforce security decisions for all your users at all times.
- Save time in the deployment and management of identity-based controls.
Safeguard 5G transformation and multi-access edge computing (MEC)
5G is a vital component of the digital backbone of tomorrow’s economy. From consumers to enterprises, governments and critical industries, society will depend on 5G. For this reason, organizations transitioning to 5G infrastructures must adopt security that can withstand sophisticated and evasive attacks as the speed and scale of threats on 5G networks rise.
Palo Alto Networks 5G-Native Security allows service providers to safeguard their networks, users and clouds as well as back their customers with enterprise-grade security they need for tomorrow’s 5G economy. 5G-Native Security allows organizations to extend Zero Trust to their 5G environments to help protect their business-critical 5G users, devices and applications. 5G-Native Security offers a comprehensive approach to protecting all facets of 5G networks.
Service providers can deploy a Zero Trust architecture for their 5G network infrastructure and the business-critical enterprise, government and consumer traffic it carries. Enterprises and organizations can protect their 5G users, applications and infrastructure with the same Zero Trust approach they use in their other network segments.
- Extend Zero Trust strategies to 5G environments.
- Get enterprise-grade security for tomorrow’s 5G economy.
- Protect your 5G users, applications, and infrastructure.
Web Proxy
Over the past two decades, web proxies have become a security mainstay for organizations. As corporate networks expand, the demand for consistent, location-independent security is growing. This means many organizations are adopting converged, cloud-centric architectures. However, many organizations migrating from on-premises to cloud struggle with large structural changes that can hinder business productivity and services.
We simplify security for those who use an on-premises proxy by introducing web proxy support for next-generation firewalls. This allows users to modernize their network security without instituting large changes to existing infrastructures.
Now, both proxy and firewall admins can leverage a single UI to deploy, manage and operate their firewall, allowing them to provide consistent security and policies across all deployments. We make it simple for organizations to move away from their legacy solutions that can't scale, and give them a way to modernize their proxy architecture and deliver best-in-class security everywhere, all while maintaining interim support for their proxy.
Through this platform, organizations can:
- Achieve a new standard of consistent, integrated security.
- Seamlessly bridge the divide between current and future network architecture.
- Significantly enhance operational efficiency.
RECOMMENDED PRODUCTS
Expand your network protection
PAN-OS
Leverage the software brain inside every firewall – with App-ID™, User-ID™, Device-ID™, decryption and more.