Introducing the PA-400 Series by Palo Alto Networks, a line of Next-Generation Firewalls designed specifically for midsize businesses, distributed enterprise branch offices, and retail locations. This series includes the PA-410, PA-415, PA-440, PA-445, PA-450, and PA-460, all powered by machine learning (ML) capabilities. By leveraging the world's first ML-Powered Next-Generation Firewall, these devices can effectively prevent unknown threats, secure IoT devices, and streamline security policy recommendations, reducing errors. At the core of the PA-400 Series is PAN-OS, the same software utilized by all Palo Alto Networks NGFWs. PAN-OS natively classifies all network traffic, from applications and content to potential threats, and associates each piece with a user, regardless of their location or device type. This information, along with the critical elements that drive your business, such as applications, content, and users, forms the foundation for security policies. This results in an improved security posture and faster incident response times.
key security and connectivity features:
• ML-Powered Next-Generation Firewall that can identify and categorize all applications on all ports, enforce security for users on any device and location, and prevent malicious activities hidden in encrypted traffic. • Centralized management and visibility that maximizes security investments and prevents business disruptions with AIOps. • SD-WAN functionality for seamless and efficient network connectivity. • Cloud-delivered security services that detect and prevent advanced threats. These services use the network effect of 80,000 customers to coordinate intelligence and protect against all threats across all vectors. • Advanced threat prevention that can stop known exploits, malware, spyware, and command-and-control (C2) threats. It also prevents zero-day attacks and highly evasive command-and-control traffic. • Advanced WildFire that ensures files are safe by automatically preventing known, unknown, and highly evasive malware 60X faster with the industry's largest threat intelligence and malware prevention engine. • Advanced URL filtering that ensures safe access to the internet and prevents web-based attacks. It has real-time prevention of known and unknown threats, stopping 88% of malicious URLs at least 48 hours before other vendors. • DNS security that stops 85% of malware that abuses DNS for command and control and data theft without requiring changes to your infrastructure. • Enterprise DLP that minimizes the risk of data breaches, stops out-of-policy data transfers, and enables consistent compliance across your enterprise with 2x greater coverage of any cloud-delivered enterprise DLP. • SaaS security that automatically sees and secures all apps across all protocols with the industry's only Next-Generation CASB. • IoT security that safeguards every "thing" and implements Zero Trust device security 20x faster with the industry's smartest security for smart devices.PA-400 Series Performance and Capacities
| PA-410 | PA-415 | PA-440 | PA-445 | PA-450 | PA-460 | |
|---|---|---|---|---|---|---|
| Firewall throughput (HTTP/appmix)* | 1.59/1.1 | 1.65/1.2 Gbps | 2.8/2.2 Gbps | 2.8/2.2 Gbps | 3.5/2.9 Gbps | 5.1/4.4 Gbps |
| Threat Prevention throughput (HTTP/appmix)† | 0.6/0.68 Gbps | 0.6/0.69 Gbps | 1.0/1.0 Gbps | 1.0/1.0 Gbps | 1.4/1.6 Gbps | 2.1/2.4 Gbps |
| IPsec VPN throughput‡ | 0.92 Gbps | 0.92 Gbps | 1.6 Gbps | 1.6 Gbps | 2.2 Gbps | 3.0 Gbps |
| Max sessions | 64,000 | 64,000 | 200,000 | 200,000 | 300,000 | 400,000 |
| New sessions per second§ | 12,000 | 12,000 | 37,500 | 37,500 | 51,000 | 73,000 |
| Virtual systems (base/max)|| | 1/1 | 1/1 | 1/2 | 1/2 | 1/5 | 1/5 |
Note: Results were measured on PAN-OS 11.0. * Firewall throughput is measured with App-ID and logging enabled, utilizing 64 KB HTTP/appmix transactions. † Threat Prevention throughput is measured with App-ID, IPS, antivirus, antispyware, WildFire, DNS Security, file blocking, and logging enabled, utilizing 64 KB HTTP/appmix transactions. ‡ IPsec VPN throughput is measured with 64 KB HTTP transactions and logging enabled. § New sessions per second is measured with application-override, utilizing 1 byte HTTP transactions. || Adding virtual systems over base quantity requires a separately purchased license and at minimum PAN-OS 11.0.
PA-400 Series Networking Features
| Interface Modes |
| L2, L3, tap, virtual wire (transparent mode) |
| Routing |
| OSPFv2/v3 with graceful restart, BGP with graceful restart, RIP, static routing |
| Policy-based forwarding |
| Point-to-Point Protocol over Ethernet (PPPoE) |
| Multicast: PIM-SM, PIM-SSM, IGMP v1, v2, and v3 |
| SD-WAN |
| Path quality measurement (jitter, packet loss, latency) |
| Initial path selection (PBF) |
| Dynamic path change |
| IPv6 |
| L2, L3, tap, virtual wire (transparent mode) |
| Features: App-ID, User-ID, Content-ID, WildFire, and SSL Decryption |
| SLAAC |
| IPsec VPN |
| Key exchange: manual key, IKEv1 and IKEv2 (pre-shared key, certificate-based authentication) |
| Encryption: 3DES, AES (128-bit, 192-bit, 256-bit) |
| Authentication: MD5, SHA-1, SHA-256, SHA-384, SHA-512 |
| VLANs |
| 802.1Q VLAN tags per device/per interface: 4,094/4,094 |