[](https://www.paloaltonetworks.com/?ts=markdown)

* Sign In
  
  * Customer
  * Partner
  * Employee
  * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown)
  * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown)

* EN
  
  * [USA (ENGLISH)](https://www.paloaltonetworks.com)
  * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au)
  * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br)
  * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca)
  * [CHINA (简体中文)](https://www.paloaltonetworks.cn)
  * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr)
  * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de)
  * [INDIA (ENGLISH)](https://www.paloaltonetworks.in)
  * [ITALY (ITALIANO)](https://www.paloaltonetworks.it)
  * [JAPAN (日本語)](https://www.paloaltonetworks.jp)
  * [KOREA (한국어)](https://www.paloaltonetworks.co.kr)
  * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat)
  * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx)
  * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg)
  * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es)
  * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw)
  * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk)

* ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg)

* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)

* [What's New](https://www.paloaltonetworks.com/resources?ts=markdown)

* [Get Support](https://support.paloaltonetworks.com/SupportAccount/MyAccount)

* [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html)
  ![x close icon to close mobile navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/x-black.svg) [![Palo Alto Networks logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)](https://www.paloaltonetworks.com/?ts=markdown) ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg)

* [](https://www.paloaltonetworks.com/?ts=markdown)

* Products  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Products  
  [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)
  
  * [AI Security](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)
  
  * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)
  
  * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)
  
  * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)
  
  * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)
  
  * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)
  
  * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)
  
  * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)
  
  * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)
  
  * [Enterprise Device Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)
  
  * [Medical Device Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)
  
  * [OT Device Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown)
  
  * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)
  
  * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)
  
  * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)
  
  * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)
  
  * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)
  
  * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)
  
  * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)
  
  * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)
  
  * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)
  
  * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)
  
  * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)
  
  * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)
  
  * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)
  
  * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)
  
  * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)
  
  * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)
  
  * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)
  
  * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)  
    [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)
  
  * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)
  
  * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)
  
  * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)
  
  * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)
  
  * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)
  
  * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)
  
  * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)
  
  * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)
  
  * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)
  
  * [Cortex AgentiX](https://www.paloaltonetworks.com/cortex/agentix?ts=markdown)
  
  * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)
  
  * [Cortex Exposure Management](https://www.paloaltonetworks.com/cortex/exposure-management?ts=markdown)
  
  * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)
  
  * [Cortex Advanced Email Security](https://www.paloaltonetworks.com/cortex/advanced-email-security?ts=markdown)
  
  * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)
  
  * [Unit 42 Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* Solutions  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Solutions  
  Secure AI by Design
  
  * [Secure AI Ecosystem](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)
  * [Secure GenAI Usage](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)  
    Network Security
  * [Cloud Network Security](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)
  * [Data Center Security](https://www.paloaltonetworks.com/network-security/data-center?ts=markdown)
  * [DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)
  * [Intrusion Detection and Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)
  * [Device Security](https://www.paloaltonetworks.com/network-security/device-security?ts=markdown)
  * [OT Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown)
  * [5G Security](https://www.paloaltonetworks.com/network-security/5g-security?ts=markdown)
  * [Secure All Apps, Users and Locations](https://www.paloaltonetworks.com/sase/secure-users-data-apps-devices?ts=markdown)
  * [Secure Branch Transformation](https://www.paloaltonetworks.com/sase/secure-branch-transformation?ts=markdown)
  * [Secure Work on Any Device](https://www.paloaltonetworks.com/sase/secure-work-on-any-device?ts=markdown)
  * [VPN Replacement](https://www.paloaltonetworks.com/sase/vpn-replacement-for-secure-remote-access?ts=markdown)
  * [Web \& Phishing Security](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)  
    Cloud Security
  * [Application Security Posture Management (ASPM)](https://www.paloaltonetworks.com/cortex/cloud/application-security-posture-management?ts=markdown)
  * [Software Supply Chain Security](https://www.paloaltonetworks.com/cortex/cloud/software-supply-chain-security?ts=markdown)
  * [Code Security](https://www.paloaltonetworks.com/cortex/cloud/code-security?ts=markdown)
  * [Cloud Security Posture Management (CSPM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-security-posture-management?ts=markdown)
  * [Cloud Infrastructure Entitlement Management (CIEM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-infrastructure-entitlement-management?ts=markdown)
  * [Data Security Posture Management (DSPM)](https://www.paloaltonetworks.com/cortex/cloud/data-security-posture-management?ts=markdown)
  * [AI Security Posture Management (AI-SPM)](https://www.paloaltonetworks.com/cortex/cloud/ai-security-posture-management?ts=markdown)
  * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown)
  * [Cloud Workload Protection (CWP)](https://www.paloaltonetworks.com/cortex/cloud/cloud-workload-protection?ts=markdown)
  * [Web Application \& API Security (WAAS)](https://www.paloaltonetworks.com/cortex/cloud/web-app-api-security?ts=markdown)  
    Security Operations
  * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown)
  * [Security Information and Event Management](https://www.paloaltonetworks.com/cortex/modernize-siem?ts=markdown)
  * [Network Security Automation](https://www.paloaltonetworks.com/cortex/network-security-automation?ts=markdown)
  * [Incident Case Management](https://www.paloaltonetworks.com/cortex/incident-case-management?ts=markdown)
  * [SOC Automation](https://www.paloaltonetworks.com/cortex/security-operations-automation?ts=markdown)
  * [Threat Intel Management](https://www.paloaltonetworks.com/cortex/threat-intel-management?ts=markdown)
  * [Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)
  * [Attack Surface Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/attack-surface-management?ts=markdown)
  * [Compliance Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/compliance-management?ts=markdown)
  * [Internet Operations Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/internet-operations-management?ts=markdown)
  * [Extended Data Lake (XDL)](https://www.paloaltonetworks.com/cortex/cortex-xdl?ts=markdown)
  * [Agentic Assistant](https://www.paloaltonetworks.com/cortex/cortex-agentic-assistant?ts=markdown)  
    Endpoint Security
  * [Endpoint Protection](https://www.paloaltonetworks.com/cortex/endpoint-protection?ts=markdown)
  * [Extended Detection \& Response](https://www.paloaltonetworks.com/cortex/detection-and-response?ts=markdown)
  * [Ransomware Protection](https://www.paloaltonetworks.com/cortex/ransomware-protection?ts=markdown)
  * [Digital Forensics](https://www.paloaltonetworks.com/cortex/digital-forensics?ts=markdown)  
    [Industries](https://www.paloaltonetworks.com/industry?ts=markdown)
  * [Public Sector](https://www.paloaltonetworks.com/industry/public-sector?ts=markdown)
  * [Financial Services](https://www.paloaltonetworks.com/industry/financial-services?ts=markdown)
  * [Manufacturing](https://www.paloaltonetworks.com/industry/manufacturing?ts=markdown)
  * [Healthcare](https://www.paloaltonetworks.com/industry/healthcare?ts=markdown)
  * [Small \& Medium Business Solutions](https://www.paloaltonetworks.com/industry/small-medium-business-portfolio?ts=markdown)

* Services  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Services  
  [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)
  
  * [Assess](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)
  
  * [AI Security Assessment](https://www.paloaltonetworks.com/unit42/assess/ai-security-assessment?ts=markdown)
  
  * [Attack Surface Assessment](https://www.paloaltonetworks.com/unit42/assess/attack-surface-assessment?ts=markdown)
  
  * [Breach Readiness Review](https://www.paloaltonetworks.com/unit42/assess/breach-readiness-review?ts=markdown)
  
  * [BEC Readiness Assessment](https://www.paloaltonetworks.com/bec-readiness-assessment?ts=markdown)
  
  * [Cloud Security Assessment](https://www.paloaltonetworks.com/unit42/assess/cloud-security-assessment?ts=markdown)
  
  * [Compromise Assessment](https://www.paloaltonetworks.com/unit42/assess/compromise-assessment?ts=markdown)
  
  * [Cyber Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/cyber-risk-assessment?ts=markdown)
  
  * [M\&A Cyber Due Diligence](https://www.paloaltonetworks.com/unit42/assess/mergers-acquisitions-cyber-due-diligence?ts=markdown)
  
  * [Penetration Testing](https://www.paloaltonetworks.com/unit42/assess/penetration-testing?ts=markdown)
  
  * [Purple Team Exercises](https://www.paloaltonetworks.com/unit42/assess/purple-teaming?ts=markdown)
  
  * [Ransomware Readiness Assessment](https://www.paloaltonetworks.com/unit42/assess/ransomware-readiness-assessment?ts=markdown)
  
  * [SOC Assessment](https://www.paloaltonetworks.com/unit42/assess/soc-assessment?ts=markdown)
  
  * [Supply Chain Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/supply-chain-risk-assessment?ts=markdown)
  
  * [Tabletop Exercises](https://www.paloaltonetworks.com/unit42/assess/tabletop-exercise?ts=markdown)
  
  * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown)
  
  * [Respond](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)
  
  * [Cloud Incident Response](https://www.paloaltonetworks.com/unit42/respond/cloud-incident-response?ts=markdown)
  
  * [Digital Forensics](https://www.paloaltonetworks.com/unit42/respond/digital-forensics?ts=markdown)
  
  * [Incident Response](https://www.paloaltonetworks.com/unit42/respond/incident-response?ts=markdown)
  
  * [Managed Detection and Response](https://www.paloaltonetworks.com/unit42/respond/managed-detection-response?ts=markdown)
  
  * [Managed Threat Hunting](https://www.paloaltonetworks.com/unit42/respond/managed-threat-hunting?ts=markdown)
  
  * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)
  
  * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown)
  
  * [Transform](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)
  
  * [IR Plan Development and Review](https://www.paloaltonetworks.com/unit42/transform/incident-response-plan-development-review?ts=markdown)
  
  * [Security Program Design](https://www.paloaltonetworks.com/unit42/transform/security-program-design?ts=markdown)
  
  * [Virtual CISO](https://www.paloaltonetworks.com/unit42/transform/vciso?ts=markdown)
  
  * [Zero Trust Advisory](https://www.paloaltonetworks.com/unit42/transform/zero-trust-advisory?ts=markdown)  
    [Global Customer Services](https://www.paloaltonetworks.com/services?ts=markdown)
  
  * [Education \& Training](https://www.paloaltonetworks.com/services/education?ts=markdown)
  
  * [Professional Services](https://www.paloaltonetworks.com/services/consulting?ts=markdown)
  
  * [Success Tools](https://www.paloaltonetworks.com/services/customer-success-tools?ts=markdown)
  
  * [Support Services](https://www.paloaltonetworks.com/services/solution-assurance?ts=markdown)
  
  * [Customer Success](https://www.paloaltonetworks.com/services/customer-success?ts=markdown)  
    [![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/logo-unit-42.svg)  
    UNIT 42 RETAINER
    Custom-built to fit your organization's needs, you can choose to allocate your retainer hours to any of our offerings, including proactive cyber risk management services. Learn how you can put the world-class Unit 42 Incident Response team on speed dial.
    Learn more](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown)

* Partners  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Partners  
  NextWave Partners
  
  * [NextWave Partner Community](https://www.paloaltonetworks.com/partners?ts=markdown)
  * [Cloud Service Providers](https://www.paloaltonetworks.com/partners/nextwave-for-csp?ts=markdown)
  * [Global Systems Integrators](https://www.paloaltonetworks.com/partners/nextwave-for-gsi?ts=markdown)
  * [Technology Partners](https://www.paloaltonetworks.com/partners/technology-partners?ts=markdown)
  * [Service Providers](https://www.paloaltonetworks.com/partners/service-providers?ts=markdown)
  * [Solution Providers](https://www.paloaltonetworks.com/partners/nextwave-solution-providers?ts=markdown)
  * [Managed Security Service Providers](https://www.paloaltonetworks.com/partners/managed-security-service-providers?ts=markdown)
  * [XMDR Partners](https://www.paloaltonetworks.com/partners/managed-security-service-providers/xmdr?ts=markdown)  
    Take Action
  * [Portal Login](https://www.paloaltonetworks.com/partners/nextwave-partner-portal?ts=markdown)
  * [Managed Services Program](https://www.paloaltonetworks.com/partners/managed-security-services-provider-program?ts=markdown)
  * [Become a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=becomepartner)
  * [Request Access](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=requestaccess)
  * [Find a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerlocator)  
    [CYBERFORCE
    CYBERFORCE represents the top 1% of partner engineers trusted for their security expertise.
    Learn more](https://www.paloaltonetworks.com/cyberforce?ts=markdown)

* Company  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Company  
  Palo Alto Networks
  
  * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
  * [Management Team](https://www.paloaltonetworks.com/about-us/management?ts=markdown)
  * [Investor Relations](https://investors.paloaltonetworks.com)
  * [Locations](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
  * [Ethics \& Compliance](https://www.paloaltonetworks.com/company/ethics-and-compliance?ts=markdown)
  * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
  * [Military \& Veterans](https://jobs.paloaltonetworks.com/military)  
    [Why Palo Alto Networks?](https://www.paloaltonetworks.com/why-paloaltonetworks?ts=markdown)
  * [Precision AI Security](https://www.paloaltonetworks.com/precision-ai-security?ts=markdown)
  * [Our Platform Approach](https://www.paloaltonetworks.com/why-paloaltonetworks/platformization?ts=markdown)
  * [Accelerate Your Cybersecurity Transformation](https://www.paloaltonetworks.com/why-paloaltonetworks/nam-cxo-portfolio?ts=markdown)
  * [Awards \& Recognition](https://www.paloaltonetworks.com/about-us/awards?ts=markdown)
  * [Customer Stories](https://www.paloaltonetworks.com/customers?ts=markdown)
  * [Global Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
  * [Trust 360 Program](https://www.paloaltonetworks.com/resources/whitepapers/trust-360?ts=markdown)  
    Careers
  * [Overview](https://jobs.paloaltonetworks.com/)
  * [Culture \& Benefits](https://jobs.paloaltonetworks.com/en/culture/)  
    [A Newsweek Most Loved Workplace
    "Businesses that do right by their employees"
    Read more](https://www.paloaltonetworks.com/company/press/2021/palo-alto-networks-secures-top-ranking-on-newsweek-s-most-loved-workplaces-list-for-2021?ts=markdown)

* More  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) More  
  Resources
  
  * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
  * [Unit 42 Threat Research](https://unit42.paloaltonetworks.com/)
  * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
  * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
  * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
  * [Tech Insider](https://techinsider.paloaltonetworks.com/)
  * [Knowledge Base](https://knowledgebase.paloaltonetworks.com/)
  * [Palo Alto Networks TV](https://tv.paloaltonetworks.com/)
  * [Perspectives of Leaders](https://www.paloaltonetworks.com/perspectives/?ts=markdown)
  * [Cyber Perspectives Magazine](https://www.paloaltonetworks.com/cybersecurity-perspectives/cyber-perspectives-magazine?ts=markdown)
  * [Regional Cloud Locations](https://www.paloaltonetworks.com/products/regional-cloud-locations?ts=markdown)
  * [Tech Docs](https://docs.paloaltonetworks.com/)
  * [Security Posture Assessment](https://www.paloaltonetworks.com/security-posture-assessment?ts=markdown)
  * [Threat Vector Podcast](https://unit42.paloaltonetworks.com/unit-42-threat-vector-podcast/)
  * [Packet Pushers Podcasts](https://www.paloaltonetworks.com/podcasts/packet-pusher?ts=markdown)  
    Connect
  * [LIVE community](https://live.paloaltonetworks.com/)
  * [Events](https://events.paloaltonetworks.com/)
  * [Executive Briefing Center](https://www.paloaltonetworks.com/about-us/executive-briefing-program?ts=markdown)
  * [Demos](https://www.paloaltonetworks.com/demos?ts=markdown)
  * [Contact us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)  
    [Blog
    Stay up-to-date on industry trends and the latest innovations from the world's largest cybersecurity
    Learn more](https://www.paloaltonetworks.com/blog/)

* Sign In  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Sign In
  
  * Customer
  * Partner
  * Employee
  * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown)
  * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown)

* EN  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Language
  
  * [USA (ENGLISH)](https://www.paloaltonetworks.com)
  * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au)
  * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br)
  * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca)
  * [CHINA (简体中文)](https://www.paloaltonetworks.cn)
  * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr)
  * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de)
  * [INDIA (ENGLISH)](https://www.paloaltonetworks.in)
  * [ITALY (ITALIANO)](https://www.paloaltonetworks.it)
  * [JAPAN (日本語)](https://www.paloaltonetworks.jp)
  * [KOREA (한국어)](https://www.paloaltonetworks.co.kr)
  * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat)
  * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx)
  * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg)
  * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es)
  * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw)
  * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk)

* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)

* [What's New](https://www.paloaltonetworks.com/resources?ts=markdown)

* [Get support](https://support.paloaltonetworks.com/SupportAccount/MyAccount)

* [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html)

* [Demos and Trials](https://www.paloaltonetworks.com/get-started?ts=markdown)  
  Search  
  All

* [Tech Docs](https://docs.paloaltonetworks.com/search)  
  Close search modal
  [Deploy Bravely --- Secure your AI transformation with Prisma AIRS](https://www.deploybravely.com)  
  [](https://www.paloaltonetworks.com/?ts=markdown)

1. [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
2. [Network Security](https://www.paloaltonetworks.com/cyberpedia/network-security?ts=markdown)
3. [Hardware Firewalls vs. Software Firewalls: A Comparison](https://www.paloaltonetworks.com/cyberpedia/hardware-firewall-vs-software-firewall?ts=markdown)  
   Table of Contents

* [How are we defining 'hardware' and 'software' firewalls in this article?](#how-are-we-defining-hardware-and-software-firewalls-in-this-article)
* [What decision are you really making when it comes to hardware vs. software firewalls?](#what-decision-are-you-really-making-when-it-comes-to-hardware-vs-software-firewalls)
* [How does network placement differ?](#how-does-network-placement-differ)
* [Which use cases apply to one type of firewall over the other?](#which-use-cases-apply-to-one-type-of-firewall-over-the-other)
* [What are the key performance dimensions to compare?](#what-are-the-key-performance-dimensions-to-compare)
* [How do scaling and failover work in each model?](#how-do-scaling-and-failover-work-in-each-model)
* [How are policies, updates, and drift managed?](#how-are-policies-updates-and-drift-managed)
* [What are the cost and licensing trade-offs to expect?](#what-are-the-cost-and-licensing-trade-offs-to-expect)
* [Can you (and should you) run both?](#can-you-and-should-you-run-both)
* [How to decide between hardware and software firewalls](#how-to-decide-between-hardware-and-software-firewalls)
* [Hardware vs. software firewalls FAQs](#hardware-vs-software-firewalls-faqs)

# Hardware Firewalls vs. Software Firewalls: A Comparison

5 min. read  
Table of Contents

* [How are we defining 'hardware' and 'software' firewalls in this article?](#how-are-we-defining-hardware-and-software-firewalls-in-this-article)
* [What decision are you really making when it comes to hardware vs. software firewalls?](#what-decision-are-you-really-making-when-it-comes-to-hardware-vs-software-firewalls)
* [How does network placement differ?](#how-does-network-placement-differ)
* [Which use cases apply to one type of firewall over the other?](#which-use-cases-apply-to-one-type-of-firewall-over-the-other)
* [What are the key performance dimensions to compare?](#what-are-the-key-performance-dimensions-to-compare)
* [How do scaling and failover work in each model?](#how-do-scaling-and-failover-work-in-each-model)
* [How are policies, updates, and drift managed?](#how-are-policies-updates-and-drift-managed)
* [What are the cost and licensing trade-offs to expect?](#what-are-the-cost-and-licensing-trade-offs-to-expect)
* [Can you (and should you) run both?](#can-you-and-should-you-run-both)
* [How to decide between hardware and software firewalls](#how-to-decide-between-hardware-and-software-firewalls)
* [Hardware vs. software firewalls FAQs](#hardware-vs-software-firewalls-faqs)

1. How are we defining 'hardware' and 'software' firewalls in this article?

* [1. How are we defining 'hardware' and 'software' firewalls in this article?](#how-are-we-defining-hardware-and-software-firewalls-in-this-article)
* [2. What decision are you really making when it comes to hardware vs. software firewalls?](#what-decision-are-you-really-making-when-it-comes-to-hardware-vs-software-firewalls)
* [3. How does network placement differ?](#how-does-network-placement-differ)
* [4. Which use cases apply to one type of firewall over the other?](#which-use-cases-apply-to-one-type-of-firewall-over-the-other)
* [5. What are the key performance dimensions to compare?](#what-are-the-key-performance-dimensions-to-compare)
* [6. How do scaling and failover work in each model?](#how-do-scaling-and-failover-work-in-each-model)
* [7. How are policies, updates, and drift managed?](#how-are-policies-updates-and-drift-managed)
* [8. What are the cost and licensing trade-offs to expect?](#what-are-the-cost-and-licensing-trade-offs-to-expect)
* [9. Can you (and should you) run both?](#can-you-and-should-you-run-both)
* [10. How to decide between hardware and software firewalls](#how-to-decide-between-hardware-and-software-firewalls)
* [11. Hardware vs. software firewalls FAQs](#hardware-vs-software-firewalls-faqs)  
  ![hardware-firewall-vs-software-firewall](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/hardware-firewall-vs-software-firewall-video-thumbnail.jpg)  
  close

The difference between hardware and software firewalls is that hardware firewalls are delivered as dedicated appliances while software firewalls are deployed as virtual instances.

A hardware firewall uses purpose-built processors and interfaces to enforce security at physical network boundaries. A software firewall runs on general-purpose compute in cloud or virtual environments to protect workloads and east--west traffic.

## How are we defining 'hardware' and 'software' firewalls in this article?

**A [hardware firewall](https://www.paloaltonetworks.com/cyberpedia/what-is-a-hardware-firewall) is a dedicated appliance. It has its own processors, memory, and interfaces built solely for inspecting and controlling traffic.** The device sits physically between networks and enforces policies as packets flow through its ports.  
![The image shows a large metal hardware firewall appliance with multiple horizontal slots stacked vertically, each containing rows of network ports and indicator lights. The chassis is silver with black vented panels, and the bottom section has several cooling fans arranged in a grid. To the left of the device, text reads 'Example hardware firewall' in bold black font, with smaller text below stating 'Palo Alto Networks PA-7500 ML-Powered Next-Generation Firewall'.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/hardware-firewall-vs-software-firewall/Example-hardware-firewall.png "The image shows a large metal hardware firewall appliance with multiple horizontal slots stacked vertically, each containing rows of network ports and indicator lights. The chassis is silver with black vented panels, and the bottom section has several cooling fans arranged in a grid. To the left of the device, text reads 'Example hardware firewall' in bold black font, with smaller text below stating 'Palo Alto Networks PA-7500 ML-Powered Next-Generation Firewall'.")

**A [software firewall](https://www.paloaltonetworks.com/cyberpedia/what-is-a-software-firewall) delivers the same functions but in a virtualized form factor.** It runs as a process on a server, a virtual machine, or a cloud instance. It can also be packaged for container platforms. In other words, the firewall logic is delivered as software instead of a stand-alone device.  
![Diagram is titled 'How software firewalls work.' At the top, a cloud icon connects downward to a horizontal red bar labeled 'Hardware firewalls.' From this bar, dashed blue lines extend to two sections: 'Virtualization host' on the left and 'Container host' on the right. The virtualization host contains a red rectangle labeled 'Virtual FW (software)' above three gray boxes marked 'VM.' The container host contains a red rectangle labeled 'Cluster FW (software)' above two gray boxes labeled 'Node 1' and 'Node 2.' Arrows on the left and bottom edges indicate 'North-south traffic' vertically and 'East-west traffic' horizontally.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/hardware-firewall-vs-software-firewall/How-software-firewalls-work.png "Diagram is titled 'How software firewalls work.' At the top, a cloud icon connects downward to a horizontal red bar labeled 'Hardware firewalls.' From this bar, dashed blue lines extend to two sections: 'Virtualization host' on the left and 'Container host' on the right. The virtualization host contains a red rectangle labeled 'Virtual FW (software)' above three gray boxes marked 'VM.' The container host contains a red rectangle labeled 'Cluster FW (software)' above two gray boxes labeled 'Node 1' and 'Node 2.' Arrows on the left and bottom edges indicate 'North-south traffic' vertically and 'East-west traffic' horizontally.")

Both enforce traffic inspection, policy application, and logging. The difference lies in how they are deployed and operated.

By narrowing the definition to these two form factors, we can make an apples-to-apples comparison. That way, the focus stays on how dedicated appliances and software instances each serve as network enforcement points.  
| ***Further reading:***

* [*What Is a Virtual Firewall?*](https://www.paloaltonetworks.com/cyberpedia/what-is-a-virtual-firewall)
* [*What Is a Container Firewall?*](https://www.paloaltonetworks.com/cyberpedia/what-is-a-container-firewall)
* [*What Is Firewall as a Service (FWaaS)? | FWaaS Defined \& Explained*](https://www.paloaltonetworks.com/cyberpedia/what-is-firewall-as-a-service)

## What decision are you really making when it comes to hardware vs. software firewalls?

The distinction isn't about which [type of firewall](https://www.paloaltonetworks.com/cyberpedia/types-of-firewalls) is better. It's about where the enforcement point sits and how you expect to manage it.

A hardware [firewall](https://www.paloaltonetworks.com/cyberpedia/what-is-a-firewall) anchors traffic control at a physical boundary. A software firewall places the same enforcement inside virtual or cloud environments.

Which means: The decision is situational. Some networks need predictable, appliance-based performance. Others need the agility to spin up enforcement wherever workloads run.

Many organizations use both. The choice comes down to aligning form factor with traffic placement and your operational model.

## How does network placement differ?

Network placement is one of the clearest ways hardware and software firewalls diverge. Some enforce policies at physical boundaries. Others sit inside virtual or cloud environments.

Let's dig into the different placements to see where each form factor fits best.

* **North--south traffic**: This is the first axis to consider. North-south traffic moves in and out of a network. Hardware firewalls are often placed at these edges---such as the internet perimeter of a data center or the edge of a campus network.
* **Branch offices**: Branches are another placement. Here, hardware appliances may still serve as enforcement points. But software firewalls can also run on existing servers or white-box hardware to reduce footprint.
* **Data center cores**: Commonly anchored with hardware appliances. The reason is predictable performance. Physical firewalls handle high throughput between aggregation layers without sharing resources with other workloads.
* **Cloud environments**: The cloud shifts enforcement inside virtual edges. Software firewalls can be deployed at VPC or VNet boundaries to monitor both inbound and outbound flows.
* **East--west traffic**: East-west traffic tells a different story. This is communication between workloads, not just in and out. Software firewalls secure VM-to-VM traffic within virtualized data centers. They also protect container traffic by integrating with orchestration platforms like Kubernetes

The takeaway: Placement depends on where the traffic flows. Hardware aligns with physical edges and core aggregation. Software aligns with virtual boundaries and distributed workloads.

## Which use cases apply to one type of firewall over the other?

Use cases make the differences more tangible. They highlight the environments where hardware or software firewalls align best with operational needs.

The table below summarizes common scenarios and which model they align with. Each example is then explained in more detail.

| Hardware vs. software firewall use cases by form factor |
|---------------------------------------------------------|

|                    Use case                    |                                  Applies to                                  |
|------------------------------------------------|------------------------------------------------------------------------------|
| Branch offices                                 | Software (though hardware may still be used for larger or critical branches) |
| Public cloud                                   | Software                                                                     |
| Inter-VPC or inter-VNet traffic                | Software                                                                     |
| Microsegmentation (VM-to-VM, containers)       | Software                                                                     |
| Operational technology and industrial networks | Hardware                                                                     |
| Pop-up or temporary sites                      | Both, depending on available resources                                       |
| Compliance-bound or air-gapped environments    | Hardware                                                                     |

### Branch offices

Smaller branches may not have space or staff for appliances. A software firewall can run on existing servers or white-box hardware.

**Applies to:** Software (though hardware can still be used for larger or critical branches).

### Public cloud

Physical appliances can't be placed inside a cloud provider's infrastructure. Software firewalls extend inspection and policy enforcement to VPCs and VNets.

**Applies to:** Software.

### Inter-VPC or inter-VNet traffic

East--west traffic between cloud environments needs [segmentation](https://www.paloaltonetworks.com/cyberpedia/what-is-network-segmentation). Software firewalls integrate with cloud routing to enforce those controls.

**Applies to:** Software.

### Microsegmentation

VM-to-VM and container traffic require fine-grained control. Software firewalls support segmentation at the workload and service level.

**Applies to:** Software.

### Operational technology and industrial networks

Environments with [rugged hardware](https://www.paloaltonetworks.com/cyberpedia/what-is-rugged-hardware) requirements often need tamper-resistant devices. Hardware firewalls meet physical and compliance constraints.

**Applies to:** Hardware.

### Pop-up or temporary sites

Some sites lack permanent infrastructure. A small hardware appliance can be deployed quickly. If infrastructure already exists, software may be simpler.

**Applies to:** Both, depending on available resources.

### Compliance-bound or air-gapped environments

Some regulated environments require certified, physically controlled devices. Hardware firewalls meet those requirements more directly.

**Applies to:** Hardware.

## What are the key performance dimensions to compare?

![Bold black text at the top center reads 'Key performance dimensions' with a subtitle underneath in lighter text that says 'Hardware vs. software firewalls.' Below are three vertical columns labeled 'Throughput,' 'Sessions,' and 'TLS decryption,' each with gray divider lines separating them. Under 'Throughput,' an orange circular chip icon is next to the heading 'Hardware' in orange text followed by the description 'Dedicated acceleration chips sustain higher packets per second.' Beneath it, a blue grid icon appears next to the heading 'Software' in blue text followed by the description 'Performance tied to host or cloud compute resources.' Under 'Sessions,' an orange circular chip icon appears with the heading 'Hardware' followed by the description 'Large concurrent session capacity per device,' and below that a blue grid icon labeled 'Software' with the description 'Scale-out clusters add capacity across instances.' Under 'TLS decryption,' an orange circular chip icon appears next to 'Hardware' with the description 'Cryptographic modules offload heavy operations,' and below, a blue grid icon labeled 'Software' followed by the description 'Relies on general-purpose CPU cycles under load.'](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/hardware-firewall-vs-software-firewall/Key-performance-dimensions.png "Bold black text at the top center reads 'Key performance dimensions' with a subtitle underneath in lighter text that says 'Hardware vs. software firewalls.' Below are three vertical columns labeled 'Throughput,' 'Sessions,' and 'TLS decryption,' each with gray divider lines separating them. Under 'Throughput,' an orange circular chip icon is next to the heading 'Hardware' in orange text followed by the description 'Dedicated acceleration chips sustain higher packets per second.' Beneath it, a blue grid icon appears next to the heading 'Software' in blue text followed by the description 'Performance tied to host or cloud compute resources.' Under 'Sessions,' an orange circular chip icon appears with the heading 'Hardware' followed by the description 'Large concurrent session capacity per device,' and below that a blue grid icon labeled 'Software' with the description 'Scale-out clusters add capacity across instances.' Under 'TLS decryption,' an orange circular chip icon appears next to 'Hardware' with the description 'Cryptographic modules offload heavy operations,' and below, a blue grid icon labeled 'Software' followed by the description 'Relies on general-purpose CPU cycles under load.'")

Performance isn't about feature sets. It's about how each form factor holds up under load.

The three dimensions that matter most are:

* Throughput
* Session capacity
* TLS decryption

### Throughput

Throughput is the raw volume of traffic a firewall can handle. Hardware appliances often include acceleration chips to sustain higher packets per second (PPS). Software firewalls rely on shared compute, so throughput is tied to the capacity of the host server or cloud instance.

### Session capacity

Session capacity is the number of concurrent connections the firewall can track. Hardware devices support large numbers of sessions with dedicated memory and processors. Software firewalls may support fewer sessions per instance. On the other hand, they can scale horizontally, adding instances when demand grows.

### TLS decryption

TLS decryption is often the most resource-intensive task. Hardware firewalls may use cryptographic acceleration modules to maintain performance. Software firewalls consume general-purpose CPU cycles, so heavy [encryption](https://www.paloaltonetworks.com/cyberpedia/data-encryption) can theoretically reduce efficiency if it's not paired with an external decryption card.

Important: These aren't weaknesses of either form factor. They're just design characteristics. The results depend on how much traffic, how many sessions, and how much encrypted data your network carries.

So what should you measure across both?

Peak and average traffic rates. Packet size distribution. The percentage of encrypted sessions. These metrics will give you a realistic view of how either option performs in your environment.

## How do scaling and failover work in each model?

Scaling and resilience are handled differently in hardware and software firewalls. The focus here is on how capacity grows and how continuity is maintained if something fails.

**Hardware firewalls are usually deployed in high-availability pairs or clusters.**

State information is synchronized so if one unit fails, the other takes over with minimal disruption. Some appliances also include fail-to-wire or bypass options, allowing traffic to continue flowing even if the device itself stops inspecting packets.

Why is this important?

Because hardware capacity is tied to the appliance. Growth often means adding another pair or upgrading to a larger model. That gives predictable performance but fixed expansion steps.

**On the other hand, software firewalls scale by adding more instances.**

In cloud environments, they can be grouped in scale-out clusters or managed by autoscaling policies. This means additional capacity can be provisioned quickly through orchestration tools.

Failover also works differently. Software firewalls can be configured for zone-aware resilience, shifting traffic to healthy nodes if one instance becomes unavailable. Provisioning is often faster because it relies on automation rather than manual replacement of equipment.

Remember: Neither approach is inherently superior. They simply reflect the design of each form factor.

**Hardware emphasizes reliability through clustering and physical redundancy. Software emphasizes elasticity and rapid recovery through automation.**

Choose the model that aligns with how your environment grows and how you need traffic to stay protected during failures. In many cases, you'll need both.

## How are policies, updates, and drift managed?

Managing firewalls is not only about inspection. It's also about keeping policies consistent, applying updates, and preventing drift.

**Hardware firewalls are maintained at the appliance level. Updates are staged and committed directly to the device.**

Lifecycle refreshes are expected, since each unit eventually needs replacement or hardware support renewals. Basically, management is tied to each appliance and its refresh cycle.

**Software firewalls shift this model. Policies are often defined in centralized templates.**

They can be distributed across many instances through automation. Infrastructure-as-code tools and APIs make it possible to integrate firewall policies into broader deployment workflows. This means updates and rollbacks can be handled programmatically instead of manually.

Why does drift matter?

Because both models can lose alignment over time.

Hardware devices may diverge if changes are made locally instead of through a management system. Software instances may drift if templates are not enforced consistently across environments.

It's important to note: Drift could be a potential challenge in either form factor.

Consistency depends less on form factor than on how policies are managed and enforced. And that's largely dependent upon whether the firewall vendor offers a centralized management plane for both form factors.

## What are the cost and licensing trade-offs to expect?

| Hardware vs. software firewall cost models |
|--------------------------------------------|

|     Cost dimension      |                      Hardware firewall                       |                               Software firewall                                |
|-------------------------|--------------------------------------------------------------|--------------------------------------------------------------------------------|
| **Primary model**       | CapEx: appliance purchase, refresh cycles, bundled licensing | OpEx: cloud instance fees, elastic scaling, per-vCPU or per-instance licensing |
| **Cost predictability** | Predictable, tied to device lifecycle and support contracts  | Variable, tied to workload demands and cloud usage                             |
| **Secondary costs**     | Shipping, installation, lifecycle management                 | Cloud egress fees, licensing complexity across regions or instances            |

Costs show up differently depending on the form factor.

**Hardware firewalls are usually a capital expense.**

You purchase the appliance, renew support contracts, and eventually budget for refresh cycles. Licensing often comes bundled with features or throughput tiers, which means ongoing commitments alongside the physical device.

That said, the industry is steadily moving toward subscription models for both hardware and software. So cost structures are converging even if the form factors differ.

**Software firewalls move those costs into operating expenses.**

You pay for cloud instances or VM resources, plus the software license. Scaling is elastic. Which means: More traffic or workloads can be covered by spinning up more instances. But every instance adds cost, so charges can grow quickly if usage spikes.

Secondary costs matter too. For hardware, shipping, installation, and lifecycle management all add up.

For software, cloud egress fees and licensing complexity can surprise teams. For instance, outbound traffic across regions may cost more than anticipated, and licensing may tie to per-vCPU or per-instance metrics that are hard to forecast.

On the other hand, software's pay-as-you-go model can be efficient for variable workloads.

Hardware can be more predictable when traffic patterns are stable.

The key is to align pricing models with your environment. If you value long-term stability, appliances may be easier to budget. If elasticity matters, software may fit better.

## Can you (and should you) run both?

Yes --- many organizations do. The reason is simple. Hardware and software firewalls complement each other.

**Hardware appliances anchor the network edge.**

They provide predictable enforcement where traffic enters or leaves a data center, branch, or campus. These devices are purpose-built to handle large volumes and sustain performance.

**Software firewalls fill the gaps hardware cannot reach.**

They sit inside cloud environments, between virtual machines, or at container layers. So they can enforce policies closer to workloads and support east--west segmentation.

Why run both?

Because traffic flows are no longer confined to one perimeter. A hybrid approach ensures you can cover physical boundaries and distributed workloads with the same policy logic.

However: This can also create management challenges. Different form factors mean multiple enforcement points. Without centralized control, policies can drift or become inconsistent.

Fortunately, there's a practical solution. Which is unified management. Central consoles, APIs, or orchestration tools can align policies across appliances and software instances. This reduces the risk of blind spots while keeping operations consistent.

Running both hardware and software firewalls is not only possible but often necessary. The key is to approach it as a hybrid model with coordinated management. Not as two disconnected strategies.  
| ***Further reading:** [What Is Firewall Management?](https://www.paloaltonetworks.com/cyberpedia/what-is-firewall-management)*

## How to decide between hardware and software firewalls

![Architecture diagram titled 'Deciding between hardware and software firewalls'. The diagram is structured in a horizontal flow with three numbered circles: '1. Traffic flow', '2. Performance bottleneck', and '3. Ops model'. Under 'Traffic flow', the left branch shows 'Edge traffic' leading to 'Hardware firewall', while 'Distributed workflow' leads to 'Software firewall'. Under 'Performance bottleneck', the upper branch shows 'High throughput / TLS offload' leading to 'Hardware firewall', while 'Variable sessions / scale-out' leads to 'Software firewall'. Under 'Ops model', the upper branch shows 'Lifecycle \& appliance management' leading to 'Hardware firewall', while 'Automation \& IaC' leads to 'Software firewall'. Hardware firewall is displayed in a red rectangular box, and Software firewall is displayed in a blue rectangular box.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/hardware-firewall-vs-software-firewall/Deciding-between-hardware-and-software-firewalls.png "Architecture diagram titled 'Deciding between hardware and software firewalls'. The diagram is structured in a horizontal flow with three numbered circles: '1. Traffic flow', '2. Performance bottleneck', and '3. Ops model'. Under 'Traffic flow', the left branch shows 'Edge traffic' leading to 'Hardware firewall', while 'Distributed workflow' leads to 'Software firewall'. Under 'Performance bottleneck', the upper branch shows 'High throughput / TLS offload' leading to 'Hardware firewall', while 'Variable sessions / scale-out' leads to 'Software firewall'. Under 'Ops model', the upper branch shows 'Lifecycle & appliance management' leading to 'Hardware firewall', while 'Automation & IaC' leads to 'Software firewall'. Hardware firewall is displayed in a red rectangular box, and Software firewall is displayed in a blue rectangular box.")

Deciding between the two isn't about features because hardware and software firewalls do the same things. It's about aligning the form factor with how your network actually operates.

A quick way to think about it is to ask three questions.

1. **Where does your traffic flow?**
   
   * If most of it still passes through a clear edge, a hardware firewall may fit best.
   * If workloads are spread across cloud or virtual environments, software may align better.

2. **What bottlenecks first in your environment?**
   
   Throughput, session count, or TLS decryption capacity.
   
   * Hardware devices often maintain higher throughput with dedicated acceleration.
   * Software can scale out, but each instance may support fewer sessions or handle TLS less efficiently.

3. **How do you plan to operate it?**
   
   * If your team is built for appliance lifecycle management, hardware may be easier to maintain.
   * If you rely on automation and infrastructure-as-code, software integrates more naturally.

The decision is situational. Some networks lean heavily one way. Many end up blending both. The key is to let traffic patterns, performance constraints, and operational models guide the choice instead of treating it as a binary either-or.  
![Document icon](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-rlhf/icon-rlhf-document.svg)

## STAY AHEAD OF EMERGING CYBER THREATS Read the Unit 42 2025 Incident Response Report to see how organizations are responding to today's attacks and strengthening resilience across their environments.

[Download report](https://www.paloaltonetworks.com/resources/research/unit-42-incident-response-report)

## Hardware vs. software firewalls FAQs

#### What should you consider when choosing between a hardware firewall and a software firewall?

When choosing between a hardware firewall and a software firewall, consider the specific needs of your network, scale of protection required, deployment flexibility, and the resources available for installation and maintenance.

#### Can you run a software and hardware firewall at the same time?

Yes, you can run a software and a hardware firewall simultaneously. But ideally you will manage them through the same management console.

#### What is a disadvantage of a hardware firewall compared to a software firewall?

A possible disadvantage of a hardware firewall compared to a software firewall may include less flexibility in deployment, especially in virtualized or cloud environments, and potential higher upfront costs. However, advantages and disadvantages depend on needs and environment details. Hardware firewalls continue to be a mainstay in network security.

#### Is it necessary to have a hardware firewall?

Whether a hardware firewall is necessary depends on the needs and requirements of the organization.

#### Where should a hardware firewall be placed?

Where a hardware firewall should be placed depends on what needs to be secured. Hardware firewalls are commonly positioned between the internal network and the internet connection, to monitor and filter all incoming and outgoing data and traffic effectively.

#### What are the disadvantages of software firewalls?

Software firewalls offer the same advantages as hardware firewalls. However, they are most useful in environments where deploying physical firewalls is difficult or impossible. Therefore, if organizational needs are outside of this scope, a hardware firewall may be a better option.

#### Which firewall is best, hardware or software?

Neither is inherently better. Hardware firewalls provide predictable performance at physical edges. Software firewalls extend the same protections into virtual and cloud environments. The best fit depends on traffic patterns, performance needs, and operational model.

#### Can a firewall be both hardware and software?

Yes. Hardware firewalls deliver functions through dedicated appliances. Software firewalls deliver the same functions on servers, VMs, or cloud instances. Many organizations run both, using hardware for physical boundaries and software for distributed workloads.
Related content  
[What is Network Security?](https://www.paloaltonetworks.com/cyberpedia/what-is-network-security?ts=markdown)  
[VM-Series Virtual Next Generation Firewall
Simple. Stronger. Consistently secure networks across clouds.](https://www.paloaltonetworks.com/network-security/vm-series-virtual-next-generation-firewall?ts=markdown)  
[Software Firewall Selector
Find the Right Software Firewall Fast](https://www.paloaltonetworks.com/resources/infographics/software-firewall-selector?ts=markdown)  
[Software Firewalls For Dummies
Learn how software firewalls extend Zero Trust to cloud applications and are optimal for a variety of use cases.](https://start.paloaltonetworks.com/software-firewalls-for-dummies.html)  
![Share page on facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/facebook-circular-icon.svg) ![Share page on linkedin](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/linkedin-circular-icon.svg) [![Share page by an email](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/email-circular-icon.svg)](mailto:?subject=Hardware%20Firewalls%20vs.%20Software%20Firewalls%3A%20A%20Comparison&body=Hardware%20firewalls%20are%20delivered%20as%20dedicated%20appliances%20while%20software%20firewalls%20are%20deployed%20as%20virtual%20instances.%20at%20https%3A//www.paloaltonetworks.com/cyberpedia/hardware-firewall-vs-software-firewall)  
Back to Top  
{#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language