Compare Firewall Products
PA-220 & PA-800 Series:
(1) Optical/Copper transceivers are sold separately.
PA 3200 Series:
(1) VM-Series performance will vary based on underlying
virtualization infrastructure (hypervisor/cloud). Refer to the
individual datasheets for detailed performance and testing
information.
(2) Adding virtual systems to the base quantity requires a
separately purchased license.
(3) Optical/Copper transceivers are sold separately.
PA 5200 Series:
(1) VM-Series performance will vary based on underlying
virtualization infrastructure (hypervisor/cloud). Refer to the
individual datasheets for detailed performance and testing
information.
(2) Adding virtual systems to the base quantity requires a
separately purchased license.
(3) Optical/Copper transceivers are sold separately.
PA 7000 Series:
(1) VM-Series performance will vary based on underlying
virtualization infrastructure (hypervisor/cloud). Refer to the
individual datasheets for detailed performance and testing
information.
(2) Adding virtual systems to the base quantity requires a
separately purchased license.
(3) New sessions per second and max session capacity for PA-7000
Series specified with 100G-NPCs.
(4) Optical/Copper transceivers are sold separately.
Key Features:
Next-Generation Firewall | Supported Across All Models |
---|---|
Deep visibility and granular control for thousands of applications; ability to create custom applications; ability to manage unknown traffic based on policy | |
User identification and control: VPNs, WLAN controllers, captive portal, proxies, Active Directory, eDirectory, Exchange, Terminal Services, syslog parsing, XML API | |
Granular SSL decryption and inspection (inbound and outbound); per-policy SSH control (inbound and outbound) | |
Networking: dynamic routing (RIP, OSPF, BGP, multiprotocol BGP), DHCP, DNS, NAT, route redistribution, ECMP, LLDP, BFD, tunnel content inspection | |
QoS: policy-based traffic shaping (priority, guaranteed, maximum) per application, per user, per tunnel, based on DSCP classification | |
Virtual systems: logical, separately managed firewall instances within a single physical firewall, with each virtual system’s traffic kept separate | |
Zone-based network segmentation and zone protection; DoS protection against flooding of new sessions | |
Threat Prevention (subscription required) | |
In-line malware prevention automatically enforced through payload-based signatures, updated daily | |
Vulnerability-based protections against exploits and evasive techniques on network and application layers, including port scans, buffer overflows, packet fragmentation, and obfuscation | |
Command-and-control (C2) activity stopped from exfiltrating data or delivering secondary malware payloads; infected hosts identified through DNS sinkholing | |
URL Filtering (subscription required) | |
Automatic prevention of web-based attacks, including phishing links in emails, phishing sites, HTTP-based C2, and pages that carry exploit kits | |
Ability to stop in-process credential phishing | |
Custom URL categories, alerts, and notification pages | |
WildFire malware prevention (subscription required) | |
Detection of zero-day malware and exploits with layered, complementary analysis techniques | |
Automated prevention in as few as five minutes across networks, endpoints, and clouds | |
Community-based data for protection, including more than 30,000 subscribers | |
AutoFocus threat intelligence (subscription required) | |
Contextualization and classification of attacks, including malware family, adversary, and campaign, to speed triage and response efforts | |
Rich, globally correlated threat analysis sourced from WildFire | |
Third-party threat intelligence for automated prevention | |
DNS Security (subscription required) | |
Automatically prevent tens of millions of malicious domains identified with realtime analysis and continuously growing global threat intelligence | |
Quickly detect C2 or data theft employing DNS tunneling with machine learning-powered analysis | |
Automate dynamic response to find infected machines and quickly respond in policy | |
File and data filtering | |
Bidirectional control over the unauthorised transfer of file types and Social Security numbers, credit card numbers, and custom data patterns | |
GlobalProtect network security for endpoints (subscription required) | |
Remote access VPN (SSL, IPsec, clientless); mobile threat prevention and policy enforcement based on apps, users, content, device, and device state | |
BYOD: app-level VPN for user privacy | |
Panorama network security management (subscription required for managing multiple firewalls | |
Intuitive policy control with applications, users, threats, advanced malware prevention, URLs, file types, and data patterns all in the same policy | |
Actionable insight into traffic and threats with Application Command Center (ACC); fully customizable reporting | |
Aggregated logging and event correlation | |
Consistent scalable management of up to 30,000 hardware and all VM-Series firewalls; role-based access control; logical and hierarchical device groups; and templates | |
GUI, CLI, XML-based REST API |