* [Blog](https://www.paloaltonetworks.com/blog) * [Network Security](https://www.paloaltonetworks.com/blog/network-security/) * [Data Security](https://www.paloaltonetworks.com/blog/network-security/category/data-security/) * Addressing Apache Log4j V... # Addressing Apache Log4j Vulnerability with NGFW and Cloud-Delivered Security Services [](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fnetwork-security%2Fapache-log4j-vulnerability-ngfw%2F) [](https://twitter.com/share?text=Addressing+Apache+Log4j+Vulnerability+with+NGFW+and+Cloud-Delivered+Security+Services&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fnetwork-security%2Fapache-log4j-vulnerability-ngfw%2F) [](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fnetwork-security%2Fapache-log4j-vulnerability-ngfw%2F&title=Addressing+Apache+Log4j+Vulnerability+with+NGFW+and+Cloud-Delivered+Security+Services&summary=&source=) [](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/network-security/apache-log4j-vulnerability-ngfw/&ts=markdown) \[\](mailto:?subject=Addressing Apache Log4j Vulnerability with NGFW and Cloud-Delivered Security Services) Link copied By [Siddhart Shibiraj](https://www.paloaltonetworks.com/blog/author/siddhart-shibiraj/?ts=markdown "Posts by Siddhart Shibiraj") and [Jason Reverri](https://www.paloaltonetworks.com/blog/author/jason-reverri/?ts=markdown "Posts by Jason Reverri") Dec 17, 2021 7 minutes [Data Security](https://www.paloaltonetworks.com/blog/network-security/category/data-security/?ts=markdown) [IoT Security](https://www.paloaltonetworks.com/blog/network-security/category/iot-security/?ts=markdown) [Network Perimeter](https://www.paloaltonetworks.com/blog/network-security/category/network-perimeter/?ts=markdown) [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown) [Zero Trust Security](https://www.paloaltonetworks.com/blog/network-security/category/zero-trust-security/?ts=markdown) [Apache Log4j vulnerability](https://www.paloaltonetworks.com/blog/tag/apache-log4j-vulnerability/?ts=markdown) [Log4J](https://www.paloaltonetworks.com/blog/tag/log4j/?ts=markdown) [NGFW](https://www.paloaltonetworks.com/blog/tag/ngfw/?ts=markdown) [threat prevention](https://www.paloaltonetworks.com/blog/tag/threat-prevention/?ts=markdown) This post is also available in: [日本語 (Japanese)](https://www.paloaltonetworks.com/blog/network-security/apache-log4j-vulnerability-ngfw/?lang=ja "Switch to Japanese(日本語)") Learn how our Palo Alto Networks customers can help protect against the critical Apache Log4j vulnerability with our Next-Generation Firewalls (PA-Series, VM-Series and CN-Series) by using automated preventions and best practices. **Recap: How the Exploit Works** **![Learn how our Palo Alto Networks customers can help protect against the critical Apache Log4j vulnerability with our NGFW by using automated preventions and best practices.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/12/word-image-95.png)** The Apache Log4j library allows for developers to log various data within their applications. In certain circumstances, data being logged can originate from user input. Should this user input contain special characters, as shown in **Step 1** of the above example, a Java method lookup can be called, as shown in **Step 2** . This method can be redirected to download and execute a Java class hosted on an attacker's external server in **Step 3** . The malicious Java class is then executed on the victim server that uses the vulnerable log4j instance. For a complete breakdown, description and most up-to-date information on the vulnerability, check out the [detailed report](https://unit42.paloaltonetworks.com/apache-log4j-vulnerability-cve-2021-44228/) from our Unit 42 team. **Automated Preventions and Best Practices to Help Detect and Prevent Against the Log4j Vulnerability** As you can see, Palo Alto Networks, through the Threat Prevention service and automated content updates, has been actively releasing signatures throughout the evolving timeline of this vulnerability. ![Learn how our Palo Alto Networks customers can help protect against the critical Apache Log4j vulnerability with our NGFW by using automated preventions and best practices.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/12/word-image-96.png) The following Palo Alto Networks protections can help keep customers secure from this vulnerability: * [PA-Series](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) hardware platforms for enterprise network security * [VM-Series](https://www.paloaltonetworks.com/prisma/vm-series?ts=markdown) virtual platforms for multi-cloud network security * [CN-Series](https://www.paloaltonetworks.com/network-security/cn-series?ts=markdown) containerized platforms for container security Multiple complementary security controls across our portfolio, combined with best practices, can help protect organizations against the vulnerability. Here's how: ![Learn how our Palo Alto Networks customers can help protect against the critical Apache Log4j vulnerability with our NGFW by using automated preventions and best practices.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/12/word-image-97.png) * [Threat Prevention](https://www.paloaltonetworks.com/products/secure-the-network/subscriptions/threat-prevention?ts=markdown) security subscription can automatically block sessions related to **Step** **1** of this attack using Threat IDs 91991, 91994, 91995, 92001, 92007 and 92012 (minimum Application and Threat content update 8506). Please note: the situation with this vulnerability is evolving quickly and we recommend that customers install the latest content updates in alignment with our best practices as we continue to add signatures to improve protections. ![Learn how our Palo Alto Networks customers can help protect against the critical Apache Log4j vulnerability with our NGFW by using automated preventions and best practices.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/12/word-image-98.png) If your organization is already aligned with our security [best practices](https://docs.paloaltonetworks.com/best-practices.html), you gain automated protection against the multiple steps of this attack with no manual intervention. Please note, while we provide multiple avenues of protection against this attack, customers with Log4j in their environments should patch or apply workarounds suggested by respective vendors, and not rely *only* on the Threat Prevention signatures. **Threat Prevention Best Practices** Also in line with our security best practices, we recommend security profiles be leveraged in policies, similar to this example: ![Learn how our Palo Alto Networks customers can help protect against the critical Apache Log4j vulnerability with our NGFW by using automated preventions and best practices.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/12/word-image-99.png) The Threat IDs relating to Log4Shell are all classified as Critical, so the referenced Vulnerability Protection Profile should be similar to this example: ![Learn how our Palo Alto Networks customers can help protect against the critical Apache Log4j vulnerability with our NGFW by using automated preventions and best practices.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/12/word-image-100.png) You can also confirm all the signatures developed to protect against CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105 are present by querying the CVE-ID in the Exceptions tab. ![Learn how our Palo Alto Networks customers can help protect against the critical Apache Log4j vulnerability with our NGFW by using automated preventions and best practices.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/12/word-image-101.png) Application and Threat Prevention * [SSL decryption](https://docs.paloaltonetworks.com/best-practices/10-1/decryption-best-practices/decryption-best-practices/deploy-ssl-decryption-using-best-practices.html) should be enabled on the NGFW to block known attacks over HTTPS * Egress application filtering should be used to block **Step 2** of the attack. Use the App-ID for ldap and rmi-iiop to block all RMI and LDAP to or from untrusted networks and unexpected sources. ![Learn how our Palo Alto Networks customers can help protect against the critical Apache Log4j vulnerability with our NGFW by using automated preventions and best practices.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/12/word-image-102.png) Egress application filtering with App-ID * **Step 3** of the attack requires access to malicious Java code hosted externally. Our [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) and [DNS Security service](https://www.paloaltonetworks.com/network-security/dns-security?ts=markdown)are constantly monitoring and blocking new, unknown and known malicious domains (websites) to block those unsafe external connections. Security Profiles should be applied to Security Policies in a fashion similar to the below example. You can also leverage Security Profiles Groups to minimize configuration errors: ![Learn how our Palo Alto Networks customers can help protect against the critical Apache Log4j vulnerability with our NGFW by using automated preventions and best practices.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/12/word-image-103.png) Advanced URL and DNS Security Profiles in policy **Advanced URL Filtering Best Practices** Advanced URL Filtering profiles should align with this best practice example: ![Learn how our Palo Alto Networks customers can help protect against the critical Apache Log4j vulnerability with our NGFW by using automated preventions and best practices.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/12/word-image-104.png) Advanced URL Security Profile ![Learn how our Palo Alto Networks customers can help protect against the critical Apache Log4j vulnerability with our NGFW by using automated preventions and best practices.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/12/word-image-105.png) Advanced URL Security Profile In addition to blocking the categories: * Malware * Command-and-Control * Phishing * Grayware Consider heightened security for the newly-registered-domain and high-risk categories. **DNS Security Best Practices** DNS Security is configured as part of the Anti-Spyware Profiles and should align with best practices similar to this example: ![Learn how our Palo Alto Networks customers can help protect against the critical Apache Log4j vulnerability with our NGFW by using automated preventions and best practices.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/12/word-image-106.png) DNS Security settings in the Anti-Spyware Security Profile **Identifying Vulnerable Devices with IoT Security** [Palo Alto Networks IoT Security](https://www.paloaltonetworks.com/network-security/iot-security?ts=markdown) helps identify IoT devices and IoT device management servers where CVE-2021-44228, CVE-2021-45046 or CVE-2021-45105 is being exploited based on specific indicators of compromise or behavior observed in network traffic. When IoT Security determines the identity of an IoT device and specifically the libraries it uses, it can alert you if it's running an affected Apache Log4j library. If so, it displays a vulnerability alert in the IoT Security portal so you can take further action, such as updating the device to a software patch that doesn't use the vulnerable library. ![Learn how our Palo Alto Networks customers can help protect against the critical Apache Log4j vulnerability with our NGFW by using automated preventions and best practices.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/12/word-image-107.png) Vulnerability alert in the IoT Security portal If you find any device that is vulnerable to these CVEs or exhibiting anomalous behavior, or if you receive a security alert, consider taking the following actions: * Patch the device to use the latest version (2.17.0 or newer) of Apache Log4j. * If you are unable to update Log4j 2 version, the following mitigations are available: * Remove JndiLookup.class from the classpath and restart the service zip -q -d log4j-core-\*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class * Disable JNDI * Set spring.jndi.ignore=true in the spring.properties file If you cannot patch your device or disable JNDI, take the following steps to minimize risk and keep your network safe: * * Configure the vulnerable device to ensure it's not accessible from the Internet. If Internet connectivity is necessary, limit the number of open ports to limit any backdoors. * Configure your network segments to ensure the vulnerable device is behind a firewall and isolated from guest and business networks. * Implement zero-trust network policies to protect any critical assets. * Block any anomalous IoT device traffic. * Quarantine any compromised device to stop attacks from spreading to other vulnerable devices in the same network segment. Visit this website for more information on [**Palo Alto Networks IoT Security**](https://www.paloaltonetworks.com/network-security/iot-security?ts=markdown). ***About the Log4j Vulnerability*** *On Dec. 9, 2021, a critical remote code execution (RCE) vulnerability in the Apache java logging package Log4j was disclosed. Given how frequently this open source library is used in enterprise software, teams are on high alert throughout the industry. The vulnerability is tracked as CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105. It is also known as "Log4Shell."* *Unauthenticated attackers can exploit Log4Shell and force a vulnerable system to download malicious software, enabling them to take control of servers located within enterprise networks. The affected software is prevalent in many applications and due to the recent discovery of this vulnerability, many systems, both on-premises and within cloud environments, have yet to be patched. Like with many high severity RCE exploits, massive scanning activity for Log4Shell has begun on the internet with the intent of seeking out and exploiting unpatched systems. As such, there have been ongoing reports of active exploitation in the wild, with recorded attempts to leverage the flaw to connect devices into a botnet and drop additional payloads such as Cobalt Strike and cryptocurrency miners.* *To stay on top of the latest Log4j analysis and mitigation, as well as the latest vulnerability updates, please continue checking the* [*Unit 42 blog*](https://unit42.paloaltonetworks.com/apache-log4j-vulnerability-cve-2021-44228/)*or view the on-demand replay of the* [*Unit 42 Briefing: Apache Log4j Threat Update*](https://start.paloaltonetworks.com/apache-log4j-threat-update.html)*.* *** ** * ** *** ## Related Blogs ### [Data Security](https://www.paloaltonetworks.com/blog/network-security/category/data-security/?ts=markdown), [IoT Security](https://www.paloaltonetworks.com/blog/network-security/category/iot-security/?ts=markdown), [Network Perimeter](https://www.paloaltonetworks.com/blog/network-security/category/network-perimeter/?ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Zero Trust Security](https://www.paloaltonetworks.com/blog/network-security/category/zero-trust-security/?ts=markdown) [#### Improving Phishing Detection, DNS and Industrial OT Security: The Always Innovating Series](https://www.paloaltonetworks.com/blog/network-security/always-innovating-network-security-platform/) ### [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Hybrid Cloud Data Center](https://www.paloaltonetworks.com/blog/network-security/category/hybrid-cloud-data-center/?ts=markdown), [IoT Security](https://www.paloaltonetworks.com/blog/network-security/category/iot-security/?ts=markdown), [Network Perimeter](https://www.paloaltonetworks.com/blog/network-security/category/network-perimeter/?ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Strata Network Security Platform](https://www.paloaltonetworks.com/blog/network-security/category/strata-network-security-platform/?ts=markdown), [Zero Trust Security](https://www.paloaltonetworks.com/blog/network-security/category/zero-trust-security/?ts=markdown) [#### Palo Alto Networks Leads the Way with Quantum and Multicloud Security](https://www.paloaltonetworks.com/blog/2025/08/paves-way-for-quantum-ready-security/) ### [Hybrid Cloud Data Center](https://www.paloaltonetworks.com/blog/network-security/category/hybrid-cloud-data-center/?ts=markdown), [IoT Security](https://www.paloaltonetworks.com/blog/network-security/category/iot-security/?ts=markdown), [Network Perimeter](https://www.paloaltonetworks.com/blog/network-security/category/network-perimeter/?ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown), [Zero Trust Security](https://www.paloaltonetworks.com/blog/network-security/category/zero-trust-security/?ts=markdown) [#### Announcing the First Unit 42 Network Threat Trends Research Report](https://www.paloaltonetworks.com/blog/network-security/unit-42-network-threat-trends-research/) ### [Hybrid Cloud Data Center](https://www.paloaltonetworks.com/blog/network-security/category/hybrid-cloud-data-center/?ts=markdown), [IoT Security](https://www.paloaltonetworks.com/blog/network-security/category/iot-security/?ts=markdown), [Network Perimeter](https://www.paloaltonetworks.com/blog/network-security/category/network-perimeter/?ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Zero Trust Security](https://www.paloaltonetworks.com/blog/network-security/category/zero-trust-security/?ts=markdown) [#### Nebula: Industry Firsts in NGFW Design and Security for Internet Edge, Campus, and Data Centers](https://www.paloaltonetworks.com/blog/network-security/pan-os-10-2-nebula-campus-data-center-security/) ### [Hybrid Cloud Data Center](https://www.paloaltonetworks.com/blog/network-security/category/hybrid-cloud-data-center/?ts=markdown), [Network Perimeter](https://www.paloaltonetworks.com/blog/network-security/category/network-perimeter/?ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Zero Trust Security](https://www.paloaltonetworks.com/blog/network-security/category/zero-trust-security/?ts=markdown) [#### Security without Compromise: PA-5450 (also) Beats Competition in Head-to-Head Test](https://www.paloaltonetworks.com/blog/network-security/pa-5450-series-miercom-report/) ### [Network Perimeter](https://www.paloaltonetworks.com/blog/network-security/category/network-perimeter/?ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Zero Trust Security](https://www.paloaltonetworks.com/blog/network-security/category/zero-trust-security/?ts=markdown) [#### Security without Compromise: PA-400 Series Beats Competition in Head-to-Head Test](https://www.paloaltonetworks.com/blog/network-security/pa-400-series-miercom-report/) ### Subscribe to Network Security Blogs! Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more. ![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up Please enter a valid email. By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder. This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply. {#footer} {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language