Introducing PA-400 Series ML-Powered NGFW

Design and Deploy Zero Trust Network Security with the PA-400 Series Next-Gen Firewall

10-time Leader in Magic Quadrant

How Machine Learning Is Disrupting Network Security?
Complete the form to download the PDF

PA-460

PA-450

PA-440

PA-410

Enterprise-class security with PA-400 Series

Best in class price-quality-performance

Wall-mount, Rack-mount Desktop

Up to 10x Higher performance

Up to 5x faster boot times

Redundant Power (except PA 410)

ML-Powered NGFW

Noiseless Operation with Fanless Design

PA-400 Delivers for the Distributed Enterprise Branches

Sensitive
Customer Data

ML-Powered NGFW
PAN-OS 10.1
Cloud Delivered Services

Limited
IT resources

Zero Touch Provisioning
& Panorama Centralized Management

Servicing
Remote Locations

Resilient Designs
Dual Power Supplies
Multiple Mounting Options

PA-400 Delivers for the Distributed Enterprise Branches

Sensitive
Customer Data

ML-Powered NGFW
PAN-OS 10.1
Cloud Delivered Services

Limited
IT resources

Zero Touch Provisioning
& Panorama Centralized Management

Servicing
Remote Locations

Resilient Designs
Dual Power Supplies
Multiple Mounting Options

Tools for Success with PA-400 Series

Expedition
Migrate and reduce rule set

IronSkillet
Accelerate config with best practices

Best Practice Assessment
Assess your prevention level

Policy Optimizer
Optimize legacy rules with app-based rules

Key Capabilities

Enterprise-Grade Security with Best-in-Class PAN-OS

PAN-OS is the software that fuels our ML-Powered Next-Generation Firewalls. By leveraging the key technologies natively built into PAN‑OS — App‑ID™, Content‑ID™, Device-ID™, and User‑ID™— you can have complete visibility and control of the applications in use across all users and devices in all locations all the time. And, because inline ML and the application and threat signatures automatically update our firewalls with the latest intelligence, security teams can be confident allowed traffic is free of known and unknown threats.

Visibility into Applications, Users, and Content

App-ID enables network security administrators to see the applications on the network and learn how they work, their behavioral characteristics, and their relative risk. It identifies the applications traversing the network irrespective of port, protocol, evasive techniques, or encryption(TLS/SSL). App-ID uses the application, not the port, as the basis for all safe enablement policy decisions: allow, deny, schedule, inspect, and apply traffic-shaping. In addition, it also identifies all payload data within an application (e.g., files and data patterns) to block malicious files and thwart exfiltration attempts. For new users, App-ID enables safe migration of legacy Layer 4 rule sets to App-ID-based rules with built-in Policy Optimizer, delivering a rule set that is more secure and easier to manage. PAN-OS also offers the ability to create custom App-ID tags for proprietary applications, or customers can request App-ID development for new applications from Palo Alto Networks. For more detailed information on App-ID, refer to the App-ID Tech Brief.

Security Policies Based on User Activity

PAN-OS enforces security for users at any location, on any device, while adapting policy based on user activity. It enables visibility, security policies, reporting, and forensics based on users and groups—not just IP addresses, and provides dynamic security actions based on user behavior to restrict suspicious or malicious users. PAN-OS easily integrates with a wide range of repositories to leverage user information: wireless LAN controllers, VPNs, directory servers, SIEMs, proxies, and more. As a user is identified, PAN-OS then applies consistent policies irrespective of users’ locations (office, home, travel, etc.) and devices (iOS and Android® mobile devices, macOS®, Windows®, Linux desktops, laptops; Citrix and Microsoft VDI and Terminal Servers).

Secure Encrypted Traffic

With over 90% of internet traffic being encrypted, network security administrators have to be able to secure (decrypt-secure-encrypt) traffic right within the NGFW. PAN-OS is ideal for this as it inspects and applies policy to TLS/SSL-encrypted traffic, both inbound and outbound, including for traffic that uses TLS 1.3 and HTTP/2. It provides tools that offer rich visibility into TLS traffic, such as the amount of encrypted traffic, TLS/SSL versions, cipher suites, and more, even before decrypting the traffic. PAN-OS enables control over use of legacy TLS protocols, insecure ciphers, and misconfigured certificates to mitigate risks and facilitates easy deployment of decryption with built-in troubleshooting logs. Strata by Palo Alto Networks | PA-400 Series for Distributed Enterprises | Solution Brief 3 To help organizations meet compliance and privacy requirements, PAN-OS allows network security administrators to enable or disable decryption flexibly based on URL category, source and destination zone, address, user, user group, device, and port. For more information on securing encrypted traffic, refer to Decryption: Why, Where and How.

ML-Powered Next-Generation Firewall

The PA-400 Series with PAN-OS is an ML-Powered NGFW that embeds ML in the core of the firewall to provide inline signatureless attack prevention for file-based attacks while identifying and immediately stopping never-before-seen phishing attempts. It leverages cloud-based ML processes to push zero-delay signatures and instructions back to the NGFW and uses behavioral analysis to detect IoT devices and make policy recommendations as part of a cloud-delivered and natively integrated service on the NGFW. It also automates policy recommendations that save time and reduce the chance of human error. For a more complete description of PAN-OS features, you can refer to Firewall Feature Overview Datasheet.