Introducing the PA-400 Series from Palo Alto Networks, a range of next-generation firewalls designed specifically for medium-sized businesses, distributed enterprise branches and retail locations. This series includes the PA-410, PA-415, PA-440, PA-445, PA-450 and PA-460 models, all of which feature machine learning (ML) capabilities. By leveraging the world's first ML-powered next-generation firewall, these devices can effectively prevent unknown threats, secure IoT devices, and optimise security policy recommendations, reducing errors.
At the heart of the PA-400 series is PAN-OS, the same software used by all Palo Alto Networks NGFWs. PAN-OS natively classifies all network traffic, from applications and content to potential threats, and associates each element with a user, regardless of their location or device type. This information, combined with the critical elements that drive your business, such as applications, content and users, forms the basis for security policies. This results in improved security posture and faster incident response times.
Key security and connectivity features:
• Next-generation ML-powered firewall that can identify and categorise all applications on all ports, enforce security for users on any device and location, and prevent malicious activity hidden in encrypted traffic.• Centralised management and visibility that maximises security investments and prevents business disruptions with AIOps.
• SD-WAN functionality for seamless and efficient network connectivity.
• Cloud-based security services that detect and prevent complex threats. These services leverage the network effect of 80,000 customers to coordinate information and protect against all threats across all vectors.
• Advanced threat prevention that can stop known exploits, malware, spyware, and command-and-control (C2) threats. It also prevents zero-day attacks and hard-to-detect command-and-control traffic.
• Advanced WildFire that ensures file security by automatically preventing known, unknown and highly difficult-to-detect malware with the industry's most powerful engine for threat intelligence and malware prevention.
• Advanced URL filtering that ensures secure Internet access and prevents web-based attacks. It provides real-time protection against known and unknown threats and stops 88% of all malicious URLs at least 48 hours before other vendors.
• DNS security that stops 85% of malware that abuses DNS for command and control purposes and data theft, without requiring any changes to your infrastructure.
• Enterprise DLP that minimises the risk of data breaches, stops non-compliant data transfers, and enables consistent compliance across your organisation, with twice the coverage of any other cloud-based enterprise DLP.
• SaaS security that automatically detects and protects all apps across all protocols-with the industry's only next-generation CASB.
• IoT security that protects every 'thing' and implements zero-trust device security 20 times faster - with the industry's most intelligent security for smart devices.
PA-400 Series Performance and Capacity:
| PA-410 | PA-415 | PA-440 | PA-445 | PA-450 | PA-460 | |
|---|---|---|---|---|---|---|
| Firewall throughput (HTTP/Appmix) * | 1.59/1.1 | 1.65/1.2 Gbit/s | 2.8/2.2 Gbit/s | 2.8/2.2 Gbit/s | 3.5/2.9 Gbit/s | 5.1/4.4 Gbit/s |
| Threat prevention throughput (HTTP/Appmix) † | 0.6/0.68 Gbit/s | 0.6/0.69 Gbit/s | 1.0/1.0 Gbit/s | 1.0/1.0 Gbit/s | 1.4/1.6 Gbit/s | 2.1/2.4 Gbit/s |
| IPsec VPN throughput ‡ | 0.92 Gbit/s | 0.92 Gbit/s | 1.6 Gbit/s | 1.6 Gbit/s | 2.2 Gbit/s | 3.0 Gbit/s |
| Maximum number of sessions | 64,000 | 64,000 | 200,000 | 200,000 | 300,000 | 400,000 |
| New sessions per second § | 12,000 | 12,000 | 37,500 | 37,500 | 51,000 | 73,000 |
| Virtual systems (base/max) ∥ | 1/2 | 1/1 | 1/2 | 1/2 | 1/2 | 1/5 |
Note: Results were measured on PAN-OS 11.0.
* Firewall throughput is measured with App-ID and logging enabled using 64 KB HTTP/Appmix transactions.
† Threat prevention throughput is measured with App-ID, IPS, antivirus, antispyware, WildFire, DNS security, file blocking, and logging enabled using 64 KB HTTP/Appmix transactions. ‡ IPsec VPN throughput is measured with 64 KB HTTP transactions and logging enabled.
§ New sessions per second were measured with application override using 1-byte HTTP transactions.
∥ Adding virtual systems beyond the base set requires a separately purchased licence and at least PAN-OS 11.0.
PA-400 Series Network Features
| Interface Modes |
| label.paloAlto400.overview. IPv6.1=L2, L3, Tap, Virtual Wire (transparent mode) |
| Routing |
| OSPFv2/v3 with soft restart, BGP with soft restart, RIP, static routing |
| Policy-based forwarding |
| Point-to-point protocol over Ethernet (PPPoE) |
| Multicast: PIM-SM, PIM-SSM, IGMP v1, v2 and v3 |
| SD-WAN |
| Path quality measurement (jitter, packet loss, latency) |
| Initial path selection (PBF) |
| Dynamic Path Change |
| IPv6 |
| L2, L3, Tap, Virtual Wire (transparent mode) |
| Features: App ID, User ID, Content ID, WildFire and SSL decryption |
| SLAAC |
| IPsec VPN |
| Key exchange: manual key, IKEv1 and IKEv2 (pre-shared key, certificate-based authentication) |
| Encryption: 3DES, AES (128-bit, 192-bit, 256-bit) |
| Authentication: MD5, SHA-1, SHA-256, SHA-384, SHA-512 |
| VLANs |
| 802.1Q VLAN tags per device/per interface: 4,094/4,094 |