[](https://www.paloaltonetworks.com/?ts=markdown) * Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get Support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) ![x close icon to close mobile navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/x-black.svg) [![Palo Alto Networks logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)](https://www.paloaltonetworks.com/?ts=markdown) ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [](https://www.paloaltonetworks.com/?ts=markdown) * Products ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Products [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [AI Security](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise Device Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical Device Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [OT Device Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex AgentiX](https://www.paloaltonetworks.com/cortex/agentix?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Exposure Management](https://www.paloaltonetworks.com/cortex/exposure-management?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Cortex Advanced Email Security](https://www.paloaltonetworks.com/cortex/advanced-email-security?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Unit 42 Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * Solutions ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Solutions Secure AI by Design * [Secure AI Ecosystem](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [Secure GenAI Usage](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) Network Security * [Cloud Network Security](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Data Center Security](https://www.paloaltonetworks.com/network-security/data-center?ts=markdown) * [DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Intrusion Detection and Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Device Security](https://www.paloaltonetworks.com/network-security/device-security?ts=markdown) * [OT Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown) * [5G Security](https://www.paloaltonetworks.com/network-security/5g-security?ts=markdown) * [Secure All Apps, Users and Locations](https://www.paloaltonetworks.com/sase/secure-users-data-apps-devices?ts=markdown) * [Secure Branch Transformation](https://www.paloaltonetworks.com/sase/secure-branch-transformation?ts=markdown) * [Secure Work on Any Device](https://www.paloaltonetworks.com/sase/secure-work-on-any-device?ts=markdown) * [VPN Replacement](https://www.paloaltonetworks.com/sase/vpn-replacement-for-secure-remote-access?ts=markdown) * [Web \& Phishing Security](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) Cloud Security * [Application Security Posture Management (ASPM)](https://www.paloaltonetworks.com/cortex/cloud/application-security-posture-management?ts=markdown) * [Software Supply Chain Security](https://www.paloaltonetworks.com/cortex/cloud/software-supply-chain-security?ts=markdown) * [Code Security](https://www.paloaltonetworks.com/cortex/cloud/code-security?ts=markdown) * [Cloud Security Posture Management (CSPM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-security-posture-management?ts=markdown) * [Cloud Infrastructure Entitlement Management (CIEM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-infrastructure-entitlement-management?ts=markdown) * [Data Security Posture Management (DSPM)](https://www.paloaltonetworks.com/cortex/cloud/data-security-posture-management?ts=markdown) * [AI Security Posture Management (AI-SPM)](https://www.paloaltonetworks.com/cortex/cloud/ai-security-posture-management?ts=markdown) * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Cloud Workload Protection (CWP)](https://www.paloaltonetworks.com/cortex/cloud/cloud-workload-protection?ts=markdown) * [Web Application \& API Security (WAAS)](https://www.paloaltonetworks.com/cortex/cloud/web-app-api-security?ts=markdown) Security Operations * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Security Information and Event Management](https://www.paloaltonetworks.com/cortex/modernize-siem?ts=markdown) * [Network Security Automation](https://www.paloaltonetworks.com/cortex/network-security-automation?ts=markdown) * [Incident Case Management](https://www.paloaltonetworks.com/cortex/incident-case-management?ts=markdown) * [SOC Automation](https://www.paloaltonetworks.com/cortex/security-operations-automation?ts=markdown) * [Threat Intel Management](https://www.paloaltonetworks.com/cortex/threat-intel-management?ts=markdown) * [Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Attack Surface Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/attack-surface-management?ts=markdown) * [Compliance Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/compliance-management?ts=markdown) * [Internet Operations Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/internet-operations-management?ts=markdown) * [Extended Data Lake (XDL)](https://www.paloaltonetworks.com/cortex/cortex-xdl?ts=markdown) * [Agentic Assistant](https://www.paloaltonetworks.com/cortex/cortex-agentic-assistant?ts=markdown) Endpoint Security * [Endpoint Protection](https://www.paloaltonetworks.com/cortex/endpoint-protection?ts=markdown) * [Extended Detection \& Response](https://www.paloaltonetworks.com/cortex/detection-and-response?ts=markdown) * [Ransomware Protection](https://www.paloaltonetworks.com/cortex/ransomware-protection?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/cortex/digital-forensics?ts=markdown) [Industries](https://www.paloaltonetworks.com/industry?ts=markdown) * [Public Sector](https://www.paloaltonetworks.com/industry/public-sector?ts=markdown) * [Financial Services](https://www.paloaltonetworks.com/industry/financial-services?ts=markdown) * [Manufacturing](https://www.paloaltonetworks.com/industry/manufacturing?ts=markdown) * [Healthcare](https://www.paloaltonetworks.com/industry/healthcare?ts=markdown) * [Small \& Medium Business Solutions](https://www.paloaltonetworks.com/industry/small-medium-business-portfolio?ts=markdown) * Services ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Services [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Assess](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [AI Security Assessment](https://www.paloaltonetworks.com/unit42/assess/ai-security-assessment?ts=markdown) * [Attack Surface Assessment](https://www.paloaltonetworks.com/unit42/assess/attack-surface-assessment?ts=markdown) * [Breach Readiness Review](https://www.paloaltonetworks.com/unit42/assess/breach-readiness-review?ts=markdown) * [BEC Readiness Assessment](https://www.paloaltonetworks.com/bec-readiness-assessment?ts=markdown) * [Cloud Security Assessment](https://www.paloaltonetworks.com/unit42/assess/cloud-security-assessment?ts=markdown) * [Compromise Assessment](https://www.paloaltonetworks.com/unit42/assess/compromise-assessment?ts=markdown) * [Cyber Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/cyber-risk-assessment?ts=markdown) * [M\&A Cyber Due Diligence](https://www.paloaltonetworks.com/unit42/assess/mergers-acquisitions-cyber-due-diligence?ts=markdown) * [Penetration Testing](https://www.paloaltonetworks.com/unit42/assess/penetration-testing?ts=markdown) * [Purple Team Exercises](https://www.paloaltonetworks.com/unit42/assess/purple-teaming?ts=markdown) * [Ransomware Readiness Assessment](https://www.paloaltonetworks.com/unit42/assess/ransomware-readiness-assessment?ts=markdown) * [SOC Assessment](https://www.paloaltonetworks.com/unit42/assess/soc-assessment?ts=markdown) * [Supply Chain Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/supply-chain-risk-assessment?ts=markdown) * [Tabletop Exercises](https://www.paloaltonetworks.com/unit42/assess/tabletop-exercise?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Respond](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Cloud Incident Response](https://www.paloaltonetworks.com/unit42/respond/cloud-incident-response?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/unit42/respond/digital-forensics?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond/incident-response?ts=markdown) * [Managed Detection and Response](https://www.paloaltonetworks.com/unit42/respond/managed-detection-response?ts=markdown) * [Managed Threat Hunting](https://www.paloaltonetworks.com/unit42/respond/managed-threat-hunting?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Transform](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [IR Plan Development and Review](https://www.paloaltonetworks.com/unit42/transform/incident-response-plan-development-review?ts=markdown) * [Security Program Design](https://www.paloaltonetworks.com/unit42/transform/security-program-design?ts=markdown) * [Virtual CISO](https://www.paloaltonetworks.com/unit42/transform/vciso?ts=markdown) * [Zero Trust Advisory](https://www.paloaltonetworks.com/unit42/transform/zero-trust-advisory?ts=markdown) [Global Customer Services](https://www.paloaltonetworks.com/services?ts=markdown) * [Education \& Training](https://www.paloaltonetworks.com/services/education?ts=markdown) * [Professional Services](https://www.paloaltonetworks.com/services/consulting?ts=markdown) * [Success Tools](https://www.paloaltonetworks.com/services/customer-success-tools?ts=markdown) * [Support Services](https://www.paloaltonetworks.com/services/solution-assurance?ts=markdown) * [Customer Success](https://www.paloaltonetworks.com/services/customer-success?ts=markdown) [![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/logo-unit-42.svg) UNIT 42 RETAINER Custom-built to fit your organization's needs, you can choose to allocate your retainer hours to any of our offerings, including proactive cyber risk management services. Learn how you can put the world-class Unit 42 Incident Response team on speed dial. Learn more](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * Partners ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Partners NextWave Partners * [NextWave Partner Community](https://www.paloaltonetworks.com/partners?ts=markdown) * [Cloud Service Providers](https://www.paloaltonetworks.com/partners/nextwave-for-csp?ts=markdown) * [Global Systems Integrators](https://www.paloaltonetworks.com/partners/nextwave-for-gsi?ts=markdown) * [Technology Partners](https://www.paloaltonetworks.com/partners/technology-partners?ts=markdown) * [Service Providers](https://www.paloaltonetworks.com/partners/service-providers?ts=markdown) * [Solution Providers](https://www.paloaltonetworks.com/partners/nextwave-solution-providers?ts=markdown) * [Managed Security Service Providers](https://www.paloaltonetworks.com/partners/managed-security-service-providers?ts=markdown) * [XMDR Partners](https://www.paloaltonetworks.com/partners/managed-security-service-providers/xmdr?ts=markdown) Take Action * [Portal Login](https://www.paloaltonetworks.com/partners/nextwave-partner-portal?ts=markdown) * [Managed Services Program](https://www.paloaltonetworks.com/partners/managed-security-services-provider-program?ts=markdown) * [Become a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=becomepartner) * [Request Access](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=requestaccess) * [Find a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerlocator) [CYBERFORCE CYBERFORCE represents the top 1% of partner engineers trusted for their security expertise. Learn more](https://www.paloaltonetworks.com/cyberforce?ts=markdown) * Company ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Company Palo Alto Networks * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Management Team](https://www.paloaltonetworks.com/about-us/management?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com) * [Locations](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Ethics \& Compliance](https://www.paloaltonetworks.com/company/ethics-and-compliance?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Military \& Veterans](https://jobs.paloaltonetworks.com/military) [Why Palo Alto Networks?](https://www.paloaltonetworks.com/why-paloaltonetworks?ts=markdown) * [Precision AI Security](https://www.paloaltonetworks.com/precision-ai-security?ts=markdown) * [Our Platform Approach](https://www.paloaltonetworks.com/why-paloaltonetworks/platformization?ts=markdown) * [Accelerate Your Cybersecurity Transformation](https://www.paloaltonetworks.com/why-paloaltonetworks/nam-cxo-portfolio?ts=markdown) * [Awards \& Recognition](https://www.paloaltonetworks.com/about-us/awards?ts=markdown) * [Customer Stories](https://www.paloaltonetworks.com/customers?ts=markdown) * [Global Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Trust 360 Program](https://www.paloaltonetworks.com/resources/whitepapers/trust-360?ts=markdown) Careers * [Overview](https://jobs.paloaltonetworks.com/) * [Culture \& Benefits](https://jobs.paloaltonetworks.com/en/culture/) [A Newsweek Most Loved Workplace "Businesses that do right by their employees" Read more](https://www.paloaltonetworks.com/company/press/2021/palo-alto-networks-secures-top-ranking-on-newsweek-s-most-loved-workplaces-list-for-2021?ts=markdown) * More ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) More Resources * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Unit 42 Threat Research](https://unit42.paloaltonetworks.com/) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Tech Insider](https://techinsider.paloaltonetworks.com/) * [Knowledge Base](https://knowledgebase.paloaltonetworks.com/) * [Palo Alto Networks TV](https://tv.paloaltonetworks.com/) * [Perspectives of Leaders](https://www.paloaltonetworks.com/perspectives/?ts=markdown) * [Cyber Perspectives Magazine](https://www.paloaltonetworks.com/cybersecurity-perspectives/cyber-perspectives-magazine?ts=markdown) * [Regional Cloud Locations](https://www.paloaltonetworks.com/products/regional-cloud-locations?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Security Posture Assessment](https://www.paloaltonetworks.com/security-posture-assessment?ts=markdown) * [Threat Vector Podcast](https://unit42.paloaltonetworks.com/unit-42-threat-vector-podcast/) * [Packet Pushers Podcasts](https://www.paloaltonetworks.com/podcasts/packet-pusher?ts=markdown) Connect * [LIVE community](https://live.paloaltonetworks.com/) * [Events](https://events.paloaltonetworks.com/) * [Executive Briefing Center](https://www.paloaltonetworks.com/about-us/executive-briefing-program?ts=markdown) * [Demos](https://www.paloaltonetworks.com/demos?ts=markdown) * [Contact us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) [Blog Stay up-to-date on industry trends and the latest innovations from the world's largest cybersecurity Learn more](https://www.paloaltonetworks.com/blog/) * Sign In ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Language * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) * [Demos and Trials](https://www.paloaltonetworks.com/get-started?ts=markdown) Search All * [Tech Docs](https://docs.paloaltonetworks.com/search) Close search modal [Deploy Bravely --- Secure your AI transformation with Prisma AIRS](https://www.deploybravely.com) [](https://www.paloaltonetworks.com/?ts=markdown) 1. [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) 2. [Network Security](https://www.paloaltonetworks.com/cyberpedia/network-security?ts=markdown) 3. [What Is a Firewall? \[Definition \& Explanation\]](https://www.paloaltonetworks.com/cyberpedia/what-is-a-firewall?ts=markdown) Table of Contents * [What do firewalls do, and how do they work?](#what-do-firewalls-do-and-how-do-they-work) * [What are the different types of firewalls?](#what-are-the-different-types-of-firewalls) * [What features do firewalls include?](#what-features-do-firewalls-include) * [What benefits do firewalls provide?](#what-benefits-do-firewalls-provide) * [What challenges come with using firewalls?](#what-challenges-come-with-using-firewalls) * [How do firewalls compare with other network security technologies?](#how-do-firewalls-compare-with-other-network-security-technologies) * [Firewall FAQs](#firewall-faqs) # What Is a Firewall? \[Definition \& Explanation\] 9 min. read Table of Contents * [What do firewalls do, and how do they work?](#what-do-firewalls-do-and-how-do-they-work) * [What are the different types of firewalls?](#what-are-the-different-types-of-firewalls) * [What features do firewalls include?](#what-features-do-firewalls-include) * [What benefits do firewalls provide?](#what-benefits-do-firewalls-provide) * [What challenges come with using firewalls?](#what-challenges-come-with-using-firewalls) * [How do firewalls compare with other network security technologies?](#how-do-firewalls-compare-with-other-network-security-technologies) * [Firewall FAQs](#firewall-faqs) 1. What do firewalls do, and how do they work? * [1. What do firewalls do, and how do they work?](#what-do-firewalls-do-and-how-do-they-work) * [2. What are the different types of firewalls?](#what-are-the-different-types-of-firewalls) * [3. What features do firewalls include?](#what-features-do-firewalls-include) * [4. What benefits do firewalls provide?](#what-benefits-do-firewalls-provide) * [5. What challenges come with using firewalls?](#what-challenges-come-with-using-firewalls) * [6. How do firewalls compare with other network security technologies?](#how-do-firewalls-compare-with-other-network-security-technologies) * [7. Firewall FAQs](#firewall-faqs) ![Image of a user at a computer with a firewall icon in between the user and a network](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-a-firewall/what-is-a-firewall-thumbnail.png) close Firewalls act as barriers between private and external networks, checking and filtering data based on set security rules. Using these rules, firewalls decide if they should allow, block, or drop the data to protect the network. Form factors include hardware, software, or a mix of both. This process ensures only safe, legitimate traffic gains entry. ## What do firewalls do, and how do they work? "A firewall acts a lot like a secretary for your network. The firewall examines requests for access to your network, and it decides whether they pass a reasonableness test. If so, they are allowed through, and, if not, they are refused entry." [- Mark Stamp, Information Security: Principles and Practice](https://www.wiley.com/en-us/Information+Security%3A+Principles+and+Practice%2C+3rd+Edition-p-9781119505884) Firewalls monitor and manage network traffic. Their job is to protect network devices (also referred to as hosts). That can mean computers, servers, or anything else with an IP address. Basically, firewalls filter traffic to determine what should be allowed and what should be blocked. ![Architecture diagram titled 'How firewalls work' shows traffic flowing between the internet on the left and a private network on the right, with a firewall in the center. Permitted traffic is represented by green arrows passing through the firewall in both directions. One red arrow labeled 'Denied traffic' originates from the internet and is blocked at the firewall, indicating that the firewall selectively allows or denies traffic based on defined rules. Each element—Internet, Firewall, and Private Network—is labeled and illustrated with icons.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-a-firewall/FW-2025_1-How-firewalls-work-new.png "Architecture diagram titled 'How firewalls work' shows traffic flowing between the internet on the left and a private network on the right, with a firewall in the center. Permitted traffic is represented by green arrows passing through the firewall in both directions. One red arrow labeled 'Denied traffic' originates from the internet and is blocked at the firewall, indicating that the firewall selectively allows or denies traffic based on defined rules. Each element—Internet, Firewall, and Private Network—is labeled and illustrated with icons.") To break it down further, a firewall uses rules to make those decisions. Rules can be based on IP addresses, protocols, ports, or other packet-level details. If a packet violates the rules, the firewall blocks it. ![Diagram titled 'How firewall rules evaluate traffic' shows a flowchart beginning with an incoming packet entering a firewall. The first decision point is 'Check IP address rules.' If there is no match, the packet is blocked and a security event is logged. If there is a match, the process continues to 'Check port rules.' Again, if there is no match, the packet is blocked and a security event is logged. If there is a match, the packet moves to 'Check protocol rules.' If this also matches, the packet is allowed and logged as allowed traffic. Red arrows indicate blocked traffic paths and are labeled 'No match' with actions to 'Block packet' and 'Log security event.' Green arrows indicate matched traffic paths with actions to 'Allow traffic' and 'Log allowed traffic.' Each step is visually represented by icons: document icons for rule checks, an 'X' icon for blocked packets, and a checkmark icon for allowed traffic.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-a-firewall/How-firewall-rules-evaluate-traffic.png "Diagram titled 'How firewall rules evaluate traffic' shows a flowchart beginning with an incoming packet entering a firewall. The first decision point is 'Check IP address rules.' If there is no match, the packet is blocked and a security event is logged. If there is a match, the process continues to 'Check port rules.' Again, if there is no match, the packet is blocked and a security event is logged. If there is a match, the packet moves to 'Check protocol rules.' If this also matches, the packet is allowed and logged as allowed traffic. Red arrows indicate blocked traffic paths and are labeled 'No match' with actions to 'Block packet' and 'Log security event.' Green arrows indicate matched traffic paths with actions to 'Allow traffic' and 'Log allowed traffic.' Each step is visually represented by icons: document icons for rule checks, an 'X' icon for blocked packets, and a checkmark icon for allowed traffic.") More advanced firewalls don't just look at packets one by one. Instead, they use stateful inspection, which means they track the entire session that a packet belongs to. That way, they can understand if packet behavior is expected or unusual. Like this: ![A vertical flowchart titled 'Stateful packet inspection example' shows the decision-making process for determining whether a packet from the internet is allowed through. At the top right, a globe icon labeled 'Internet' points to a blue envelope icon labeled 'Packet arrives from internet,' which connects to an orange firewall icon. From there, the packet is evaluated through a series of white decision boxes with green 'Yes' or red 'No' arrows. The boxes ask, in order: 'From valid IP?', 'From permitted port?', 'To permitted port?', and 'Pass protocol checks?' Red 'No' arrows from any decision point lead to a red stop icon with an X in a circle. If all answers are 'Yes,' the packet is either recorded in the connection table or compared against it, with white boxes showing 'Record IP and SYN/ACK data in connection table' or 'Check IP and SYN/ACK against data in connection table.' If it matches, a green arrow leads to 'Translate IP address' followed by the final blue envelope icon labeled 'Packet delivered to destination,' ending at a gray computer icon. Dotted lines are used for alternate flows and protocol verification steps.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-a-firewall/Stateful-packet-inspection-example-new.png) This matters because looking at the full context helps detect more complex or stealthy threats. Firewalls also rely on [threat intelligence](https://www.paloaltonetworks.com/cyberpedia/what-is-cyberthreat-intelligence-cti). They compare traffic against databases of known malicious signatures. If a match is found, the firewall blocks the traffic. They also treat traffic differently based on direction. North-south traffic comes from outside the network and is more likely to carry threats, so it's inspected closely. East-west traffic moves within the network and is often overlooked---but if attackers get in, they can use it to move laterally. Which is why inspecting internal traffic matters too. ![Diagram titled 'North-south vs. east-west traffic inspection' shows a cloud icon at the top, representing external internet traffic entering a network through a series of firewall icons positioned along the perimeter. This downward vertical flow is labeled 'North-south traffic.' A blue annotation box states 'North-south traffic inspection blocks threats.' Inside the network perimeter, horizontal arrows labeled 'East-west traffic' move between internal network segments. One segment is marked 'Compromised' and shows a malware icon and red arrows labeled 'Lateral movement' connecting to other internal segments. East-west firewalls are shown within each internal section, representing inspection between internal systems. Vertical and horizontal directional arrows illustrate the difference between north-south and east-west traffic paths.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-a-firewall/North-south-vs-east-west-traffic-inspection-new.png) Not to mention: Firewalls help enforce [access control](https://www.paloaltonetworks.com/cyberpedia/access-control). Most organizations today follow the [principle of least privilege](https://www.paloaltonetworks.com/cyberpedia/what-is-the-principle-of-least-privilege) so that users and devices only get access to what they need. No more, no less. It's one of the most effective ways to limit risk. | ***Further reading:*** * [*What Does a Firewall Do? | How Firewalls Work*](https://www.paloaltonetworks.com/cyberpedia/what-does-a-firewall-do) * [*What Are Firewall Rules? | Firewall Rules Explained*](https://www.paloaltonetworks.com/cyberpedia/what-are-firewall-rules) * [*The History of Firewalls | Who Invented the Firewall?*](https://www.paloaltonetworks.com/cyberpedia/history-of-firewalls) ## What are the different types of firewalls? ![Diagram titled “Types of firewalls” featuring a central red-orange circle with a firewall icon and four surrounding branches labeled by category. The top right branch, labeled “Systems protected” in yellow, lists two types: Network and Host-based. The middle right branch, labeled “Network placement” in blue, includes Hybrid mesh firewall, Internal, Distributed, and Perimeter. The bottom right branch, labeled “Form factors” in light blue, includes Hardware and Software. The bottom left branch, labeled “Data filtering method” in green, lists Stateful inspection, Proxy, Web app, Circuit level, Packet filtering, and Next generation (NGFW). Thin gray connector lines link each item to the central icon, creating a radial layout.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-a-firewall/types-of-firewalls_new.png "Diagram titled “Types of firewalls” featuring a central red-orange circle with a firewall icon and four surrounding branches labeled by category. The top right branch, labeled “Systems protected” in yellow, lists two types: Network and Host-based. The middle right branch, labeled “Network placement” in blue, includes Hybrid mesh firewall, Internal, Distributed, and Perimeter. The bottom right branch, labeled “Form factors” in light blue, includes Hardware and Software. The bottom left branch, labeled “Data filtering method” in green, lists Stateful inspection, Proxy, Web app, Circuit level, Packet filtering, and Next generation (NGFW). Thin gray connector lines link each item to the central icon, creating a radial layout.") Not all firewalls work the same way. Some protect individual devices. Others monitor traffic for an entire network. Some are physical appliances. Others run in the cloud. That's why they're generally categorized based on what they protect, how they're deployed, where they sit in the network, or how they inspect traffic. Below, we'll break down the main types of firewalls across each of these categories: | Types of firewalls ||| | Category | Type | Description | |-------------------------------------|---------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------| | **Systems protected** | Network firewall | Protects an entire network by inspecting incoming and outgoing traffic. | | **Systems protected** | Host-based firewall | Installed on a specific device to monitor traffic to and from that host. | | **Form factors** | Hardware firewall | A physical device placed between network elements and connected devices. | | **Form factors** | Software firewall | A software-based firewall deployed on servers or virtual machines. Includes container firewalls, virtual firewalls, and managed service firewalls. | | **Placement within infrastructure** | Perimeter firewall | Placed at the edge of a network to manage traffic entering or leaving. | | **Placement within infrastructure** | Internal firewall | Positioned within the network to monitor traffic between internal segments. | | **Placement within infrastructure** | Distributed firewall | A scalable approach where enforcement is applied across multiple devices. | | **Placement within infrastructure** | Hybrid mesh firewall | Firewalls deployed across on-premises and cloud environments in a coordinated, distributed architecture. | | **Data filtering method** | Packet filtering firewall | Checks each packet against rule sets and allows or blocks based on criteria. | | **Data filtering method** | Stateful inspection firewall | Tracks the state of active connections to evaluate traffic in context. | | **Data filtering method** | Circuit-level gateway | Verifies session-level connections before allowing ongoing communication. | | **Data filtering method** | Proxy firewall | Intercepts and evaluates application-layer traffic between client and server. | | **Data filtering method** | Next-generation firewall (NGFW) | Combines traditional firewall features with advanced capabilities like IPS and traffic decryption. | | **Data filtering method** | Web application firewall | Filters HTTP traffic to and from web apps to block attacks like cross-site scripting or SQL injection. | These distinctions aren't just technical trivia. They reflect how firewalls have adapted to different layers, architectures, and threats. Knowing the differences helps you make sense of where each firewall fits and what problems it's designed to solve. | ***Further reading:*** * [*Types of Firewalls Defined and Explained*](https://www.paloaltonetworks.com/cyberpedia/types-of-firewalls) * [*Layer 3 vs Layer 7 Firewall: What Are the Differences?*](https://www.paloaltonetworks.com/cyberpedia/layer-3-vs-layer-7-firewall) ## What features do firewalls include? ![Diagram titled 'Firewall features' displaying two adjacent circles representing categories of firewall capabilities. The right circle is labeled 'Basic firewall features' in orange and contains icons linked to four items: Stateful inspection, Packet filtering, Access control, and Logging \& monitoring. Also linked to this section is Network address translation (NAT) positioned at the top left. The left circle is labeled 'Advanced firewall features' in black and includes five items: Next generation CASB, DNS security, Advanced URL filtering, IoT security, and Advanced threat protection. A smaller circle at the center overlaps both categories, showing a firewall icon to indicate shared functionality or progression between basic and advanced features. Thin lines connect each feature to its corresponding category.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-a-firewall/firewall-features-new.png "Diagram titled 'Firewall features' displaying two adjacent circles representing categories of firewall capabilities. The right circle is labeled 'Basic firewall features' in orange and contains icons linked to four items: Stateful inspection, Packet filtering, Access control, and Logging & monitoring. Also linked to this section is Network address translation (NAT) positioned at the top left. The left circle is labeled 'Advanced firewall features' in black and includes five items: Next generation CASB, DNS security, Advanced URL filtering, IoT security, and Advanced threat protection. A smaller circle at the center overlaps both categories, showing a firewall icon to indicate shared functionality or progression between basic and advanced features. Thin lines connect each feature to its corresponding category.") Firewalls have evolved. What started as basic traffic filtering has grown into a wide range of capabilities designed to meet different levels of risk. Some firewall features are foundational: packet filtering, logging, access control, etc. Others are more advanced, using modern technologies like deep learning and automation to stop sophisticated threats in real time. Let's break down the primary firewall features into two categories---basic and advanced---and take a closer look at each: | Firewall features ||| | Category | Feature | Description | |--------------|-----------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------| | **Basic** | Packet filtering | Evaluates packets based on criteria like IP address or port to allow or block traffic. | | **Basic** | Stateful inspection | Tracks the state of active connections to allow only legitimate traffic. | | **Basic** | Network Address Translation (NAT) | Modifies packet IP addresses to conserve addresses and hide internal network structure. | | **Basic** | Logging and monitoring | Records network activity for analysis and response to potential threats. | | **Basic** | Access control | Applies rules to regulate which users or systems can access network resources. | | **Advanced** | Advanced threat prevention | Uses deep learning to detect zero-day attacks and automate protection workflows. | | **Advanced** | Advanced URL filtering | Uses real-time deep learning to stop known and unknown web threats. | | **Advanced** | DNS security | Applies ML and analytics to block advanced [DNS-based attacks](https://www.paloaltonetworks.com/cyberpedia/what-is-a-dns-attack) and reduce tool sprawl. | | **Advanced** | IoT security | Segments and protects IoT devices using Zero Trust and contextual machine learning. | | **Advanced** | Next-generation CASB | Secures SaaS apps in real time with deeper visibility and modern data protection. | On paper, many firewalls advertise similar features. But the depth, accuracy, and integration of those features vary widely. What matters most is how well they work together to detect, prevent, and respond to modern threats in real time. | ***Further reading:*** * [*What Are the Top Firewall Features? | Traditional \& NGFWs*](https://www.paloaltonetworks.com/cyberpedia/top-firewall-features) * [*What Makes a Strong Firewall?*](https://www.paloaltonetworks.com/cyberpedia/what-makes-a-strong-firewall) ## What benefits do firewalls provide? ![Diagram titled 'Firewall benefits' showing two connected circles representing basic and advanced firewall benefits. The right circle is labeled 'Basic firewall benefits' in orange and contains five items arranged vertically: Monitoring \& filtering network traffic, Blocking unauthorized access, Preventing virus infiltration, Upholding data privacy, and Supporting regulatory compliance. The left circle is labeled 'Advanced firewall benefits' in black and includes five items: Enhanced user identity protection, Zero trust principles, Control over application use, Automated threat intelligence sharing, Encrypted traffic security without privacy compromise, and Advanced threat protection. A central overlapping circle displays a firewall icon, symbolizing the integration of both benefit categories. Thin lines connect each benefit to its respective category.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-a-firewall/Firewall-benefits-new.png "Diagram titled 'Firewall benefits' showing two connected circles representing basic and advanced firewall benefits. The right circle is labeled 'Basic firewall benefits' in orange and contains five items arranged vertically: Monitoring & filtering network traffic, Blocking unauthorized access, Preventing virus infiltration, Upholding data privacy, and Supporting regulatory compliance. The left circle is labeled 'Advanced firewall benefits' in black and includes five items: Enhanced user identity protection, Zero trust principles, Control over application use, Automated threat intelligence sharing, Encrypted traffic security without privacy compromise, and Advanced threat protection. A central overlapping circle displays a firewall icon, symbolizing the integration of both benefit categories. Thin lines connect each benefit to its respective category.") Firewalls help control traffic, reduce risk, and support compliance. Some benefits are well established, like blocking malicious traffic, enforcing access controls, and maintaining [data privacy](https://www.paloaltonetworks.com/cyberpedia/data-privacy). Others reflect relatively newer capabilities: inspecting encrypted traffic, applying [Zero Trust](https://www.paloaltonetworks.com/cyberpedia/what-is-a-zero-trust-architecture) policies across the network, etc. In other words: The value of a firewall depends on what it can do and how it's used. Below, we've grouped firewall benefits into basic protections and more advanced capabilities that support today's hybrid and threat-rich environments. | Firewall benefits ||| | Category | Benefit | Description | |--------------|-------------------------------------------------------|--------------------------------------------------------------------------------------------------------| | **Basic** | Monitoring and filtering network traffic | Inspects data packets and blocks harmful patterns using stateful inspection. | | **Basic** | Preventing virus infiltration | Blocks known virus patterns and supports antivirus tools. NGFWs improve detection of advanced threats. | | **Basic** | Blocking unauthorized access | Applies access controls to limit interactions to trusted sources only. | | **Basic** | Upholding data privacy | Prevents sensitive data exposure by monitoring inbound and outbound traffic. | | **Basic** | Supporting regulatory compliance | Logs and controls access to sensitive data to support audit readiness and compliance. | | **Advanced** | Enhanced user identity protection | Applies security policies based on user identity for more precise access control. | | **Advanced** | Control over application use | Identifies and restricts app usage to approved applications only. | | **Advanced** | Encrypted traffic security without privacy compromise | Inspects encrypted traffic for threats while preserving user privacy. | | **Advanced** | Advanced threat protection | Protects against known and emerging threats across multiple attack vectors. | | **Advanced** | Automated threat intelligence sharing | Detects and responds to threats using shared global intelligence feeds. | | **Advanced** | Zero Trust principles | Applies continuous authentication and verification to reduce implicit trust. | Not every firewall delivers every benefit listed here. That's because firewalls are used in many different environments. What matters is aligning capabilities with your network architecture, threat landscape, and operational needs. | ***Further reading:** [What Are the Benefits of a Firewall?](https://www.paloaltonetworks.com/cyberpedia/what-are-the-benefits-of-a-firewall)* ## What challenges come with using firewalls? Firewalls aren't just a set-it-and-forget-it technology. They need to keep up with evolving threats, shifting traffic patterns, and changing business needs. One of the first challenges is choosing the right type of firewall for each environment. Whether that's a data center, public cloud, branch, or hybrid setup. From there, the real work begins. Misconfigurations are one of the most common and dangerous issues. Whether it's overly permissive rules, missing updates, or traffic filtering mistakes that leave gaps or create bottlenecks. ![Diagram titled 'Effective vs. improper firewall configuration' shows two horizontal network flows. In the top section labeled 'Effective,' green arrows labeled 'Allow legitimate traffic' flow between users, a firewall icon, and the internet. A red arrow labeled 'Block malicious traffic' stops at the firewall, indicating the threat is blocked. In the bottom section labeled 'Improper,' green arrows again indicate that legitimate traffic is allowed, but a red dashed arrow labeled 'Allows malicious traffic' passes through the firewall from the internet to users, showing that the threat is not blocked. Both sections include icons for users, firewalls, and the internet arranged left to right.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-a-firewall/effective-vs-improper-firewall-configurations-new.png "Diagram titled 'Effective vs. improper firewall configuration' shows two horizontal network flows. In the top section labeled 'Effective,' green arrows labeled 'Allow legitimate traffic' flow between users, a firewall icon, and the internet. A red arrow labeled 'Block malicious traffic' stops at the firewall, indicating the threat is blocked. In the bottom section labeled 'Improper,' green arrows again indicate that legitimate traffic is allowed, but a red dashed arrow labeled 'Allows malicious traffic' passes through the firewall from the internet to users, showing that the threat is not blocked. Both sections include icons for users, firewalls, and the internet arranged left to right.") Plus, firewall rule sets grow over time. New policies get added, but old ones often remain. That leads to bloated configurations that slow performance, create conflicts, or block legitimate traffic. And tight rules can also cause false positives, which frustrates users and overloads IT teams with unnecessary alerts. ![Diagram titled 'Firewall rule set challenges' is split into two sections. On the left, a table illustrates a growing firewall rule list with 12 rows and columns for Rule ID, Source IP, Destination IP, Protocol, Port, and Action. The rules include mixed 'Allow' and 'Deny' actions, with notes indicating that rule growth can increase performance issues, complexity, and conflicts. The last row is labeled 'Excessive rule set growth' in red. On the right, icons show the impact of overly strict rules, including blocked email, sites, and collaboration tools. A central firewall icon connects to three effects: 'Security operations center' with the note 'Analyst fatigue from excessive alerts,' 'Help desk overload' with 'Drowning in unnecessary user tickets,' and 'User frustration' with 'Legitimate traffic blocked.'](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-a-firewall/Firewall-rule-set-challenges.png) Meanwhile, performance demands continue to rise. Deep inspection, encrypted traffic analysis, and advanced features all require processing power. If firewalls aren't properly sized or tuned, throughput suffers. ![Bar chart titled 'Firewall performance vs. processing demand' shows throughput in Gbps on the left y-axis and CPU utilization percentage on the right y-axis. The x-axis lists seven firewall capabilities: stateful firewall, IPS/IDS, antivirus, deep packet inspection, SSL decryption, sandbox, and all features. Each capability includes two bars: a red bar representing a poorly sized CPU and a blue bar representing a well-sized CPU. As features increase from left to right, throughput decreases and CPU utilization increases, especially for the poorly sized system. A red box highlights the last three features as a 'Performance bottleneck area.' Above the chart, a banner lists associated performance impacts: high latency, packet drops, session timeouts, user complaints, and service degradation.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-a-firewall/Firewall-performance-vs-processing-demand.png) Even updates present risks. Regular patches and threat signature updates are critical. But poorly timed changes can disrupt traffic or introduce new issues. ![Circular timeline diagram showing the progression of firewall update timing and potential risks. The top arc, labeled 'Normal operation', begins with a gray circle labeled 'Normal operation', followed by 'Peak traffic begins', 'Firewall stable', and 'Patch identified', all marked with connected colored dots. A central dark blue circle labeled 'Update event' follows, connected to 'Patch deployed', 'Firewall performance impacted', and 'Firewall restart'. A red triangle labeled 'Service impact' sits along the lower arc, which is segmented into two phases: 'Response' and 'Recovery'. The 'Response' phase includes icons and steps: 'Support calls flood', 'Users disconnected', 'Traffic blocked', 'Rollback initiated', and 'Emergency troubleshoot'. The 'Recovery' phase follows with 'Service restored' as the final green circle. The diagram emphasizes how an update event can lead to cascading service impacts and operational response before recovery is achieved.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-a-firewall/Firewall-update-timing-risks.png) And underlying it all is one consistent challenge: translating business needs into clear, effective firewall rules. That's especially hard during infrastructure changes, when visibility is limited and documentation may be incomplete. ![Diagram showing the flow of business logic into firewall enforcement across three roles. On the left, a purple box labeled 'Executive' contains an icon of a person with a briefcase. Below, Step 1 reads: 'Executive initiative to improve overall security posture by reducing phishing.' An arrow labeled 'Business goals' points right to a red box labeled 'Firewall admin' at the center. The firewall admin is shown receiving email logs from a gray box on the far right labeled 'Email admin,' illustrated with a person and envelope icon. Step 2 reads: 'Log analysis of emails.' A vertical line from the firewall admin points downward to an icon of a firewall, labeled with Step 3: 'New firewall rule to block traffic.' The flow demonstrates how a high-level phishing reduction goal is translated into firewall policy through email log analysis.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-a-firewall/Translating-business-logic-into-firewall-rules-new.png "Diagram showing the flow of business logic into firewall enforcement across three roles. On the left, a purple box labeled 'Executive' contains an icon of a person with a briefcase. Below, Step 1 reads: 'Executive initiative to improve overall security posture by reducing phishing.' An arrow labeled 'Business goals' points right to a red box labeled 'Firewall admin' at the center. The firewall admin is shown receiving email logs from a gray box on the far right labeled 'Email admin,' illustrated with a person and envelope icon. Step 2 reads: 'Log analysis of emails.' A vertical line from the firewall admin points downward to an icon of a firewall, labeled with Step 3: 'New firewall rule to block traffic.' The flow demonstrates how a high-level phishing reduction goal is translated into firewall policy through email log analysis.") Bottom line: Firewall management is an ongoing process. It takes constant tuning, review, and adaptation to keep protections strong without slowing the business down. | ***Further reading:*** * [*How to Troubleshoot a Firewall | Firewall Issues \& Solutions*](https://www.paloaltonetworks.com/cyberpedia/how-to-troubleshoot-common-firewall-issues) * [*What Is Firewall Management? | A Comprehensive Guide*](https://www.paloaltonetworks.com/cyberpedia/what-is-firewall-management) * [*What Is Firewall Configuration? | How to Configure a Firewall*](https://www.paloaltonetworks.com/cyberpedia/what-is-firewall-configuration) * [*Key Firewall Best Practices*](https://www.paloaltonetworks.com/cyberpedia/firewall-best-practices) ## How do firewalls compare with other network security technologies? Firewalls are often one of the first tools people think of when it comes to [network security](https://www.paloaltonetworks.com/cyberpedia/what-is-network-security). But they're far from the only one. From antivirus to [web gateways](https://www.paloaltonetworks.com/cyberpedia/what-is-secure-web-gateway) to access control lists, each tool in the stack plays a distinct role. And while many overlap or integrate with firewalls, they aren't interchangeable. Understanding the differences helps clarify what a firewall does---and doesn't---do. It also helps you spot where it fits in a layered defense strategy. The table below breaks down how firewalls compare to other common technologies across five dimensions: purpose, deployment, traffic visibility, control, and overlap. | Firewalls vs. other network \& security technologies / functions | |------------------------------------------------------------------| | Technology | Antivirus | IDS | IPS | NGFW | UTM | Proxy server | SWG | VPN | WAF | Router | ACL | |------------------------|------------------------------------------------|----------------------------------------------------|---------------------------------------|---------------------------------------------------------------|--------------------------------------------------------|-------------------------------------------------|------------------------------------------------|---------------------------------------------|------------------------------------------------------|----------------------------------|--------------------------------------------------------| | **Primary function** | Scans and removes known malware from endpoints | Monitors traffic for suspicious activity | Detects and blocks known attacks | Inspects traffic using application, user, and content context | Combines firewall, antivirus, and intrusion prevention | Forwards traffic through an intermediary server | Filters outbound web traffic based on policy | Encrypts traffic for secure remote access | Filters HTTP traffic to web apps and blocks exploits | Directs traffic between networks | Controls access by specifying which traffic is allowed | | **Level of control** | Endpoint-level | Network-level monitoring only | Network-level blocking | Deep, contextual inspection and enforcement | Moderate control with basic unified enforcement | Traffic relay with optional filtering | Policy-based access to internet content | Tunnel-level encryption and access control | Application-level filtering | Basic routing decisions | Packet-level filtering | | **Traffic visibility** | Scans local files and memory | Observes traffic for anomalies | Analyzes known exploit patterns | Full visibility into traffic, including encrypted data | Moderate visibility | Limited unless combined with logging/monitoring | URL-level visibility and categorization | Limited visibility into application traffic | Full HTTP/S traffic inspection | No inspection | No inspection | | **Deployment scope** | Device-level | Inline or passive network sensor | Inline, often combined with IDS | Network-wide, hybrid environments | All-in-one perimeter devices | Edge or cloud-based | Cloud-based or appliance | Client or gateway-based | Perimeter or cloud-based | Physical or virtual appliance | Integrated into routers/firewalls | | **Common use case** | Protecting individual devices from malware | Alerting on suspicious network behavior | Blocking known network-based attacks | Centralized security policy enforcement | Simplified security for SMBs | Hiding user IP, filtering traffic | Blocking malicious or non-compliant web access | Securing remote workforce | Protecting web apps from OWASP threats | Routing LAN/WAN traffic | Enforcing basic network security rules | | **Strengths** | Detects and removes file-based malware | Detects unknown threats via heuristics or behavior | Stops known exploits in real time | Application-aware, identity-based control | Easy deployment with broad protection | Anonymity, content caching, filtering | URL filtering, DLP, malware prevention | Secure tunneling, remote access | Shields web apps, prevents common attacks | Simple traffic direction | Explicit rule control, lightweight | | **Limitations** | Can't stop network-based threats | Doesn't block traffic by itself | Needs tuning to avoid false positives | Complexity, resource-intensive | Performance, limited advanced control | Doesn't inspect deeply by default | Limited to web traffic | Doesn't inspect traffic content | Limited to web app layer | Not security-focused | Easily misconfigured or bypassed | No single tool can secure an entire environment. But knowing how firewalls interact with the rest of the security stack makes it easier to design defenses that are both complementary and complete. | ***Further reading:*** * [*Firewall | Antivirus --- What Is the Difference?*](https://www.paloaltonetworks.com/cyberpedia/firewall-vs-antivirus) * [*IPS. vs. IDS vs. Firewall: What Are the Differences?*](https://www.paloaltonetworks.com/cyberpedia/firewall-vs-ids-vs-ips) ![Reprot icon](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-a-firewall/icon-ebook.svg) ## RESEARCH: UNIT 42 2025 INCIDENT RESPONSE REPORT See how organizations are responding to today's attacks and strengthening resilience across their environments. [Download report](https://www.paloaltonetworks.com/resources/research/unit-42-incident-response-report) ## Firewall FAQs #### What is a firewall and how does it work? A firewall monitors network traffic to allow or block data based on security rules. It inspects packets and sessions to stop unauthorized access or threats and protects network devices from malicious traffic. #### What does a firewall protect against? A firewall blocks unauthorized access, known threats, and suspicious traffic. It filters data between internal and external networks and protects against both perimeter breaches and internal lateral movement. #### What feature does a firewall provide? A firewall monitors and filters network traffic based on security rules. It uses stateful inspection to assess packets in context and helps block or allow data based on risk. #### Do I need a firewall? Yes. Firewalls are essential for both individuals and organizations to block threats, protect data, and maintain secure access across home and business networks. #### What firewalls do you implement and why? Firewall selection depends on what you're protecting---entire networks or individual devices---and where it's deployed. Options include hardware, software, host-based, or network-based firewalls, based on traffic type and filtering needs. #### What is a firewall used for? Firewalls are used to secure networks by controlling incoming and outgoing data, allowing safe traffic while blocking malicious or unauthorized access. #### What does a firewall look like? Hardware firewalls resemble rack-mounted devices with ports and lights. Software firewalls appear as interfaces for managing rules and traffic. Appearance varies by type and scale. #### What is a firewall example? Examples include network and host-based firewalls, hardware or software firewalls, perimeter or internal placement, and traffic inspection types like NGFWs, proxy firewalls, or WAFs. #### What is the difference between a proxy server and a firewall? A proxy relays traffic between users and external services. A firewall filters and blocks traffic based on policies. Both enhance security but serve different roles. Related content [Explore all hardware appliances Take a look at the hardware firewall appliances available.](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) [Product comparison Compare NGFWs, including physical appliances and virtualized firewalls.](https://www.paloaltonetworks.com/products/product-selection?ts=markdown) [Infographic: The Evolution of Firewalls Find out how firewalls have evolved from packet filtering to machine learning-powered.](https://www.paloaltonetworks.com/resources/infographics/the-evolution-of-firewalls-from-simple-to-machine-learning-powered?ts=markdown) [eBook: Small Business Firewall Guide Learn the top 3 requirements for your next firewall purchase.](https://www.paloaltonetworks.com/resources/guides/small-business-firewall-guide?ts=markdown) ![Share page on facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/facebook-circular-icon.svg) ![Share page on linkedin](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/linkedin-circular-icon.svg) [![Share page by an email](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/email-circular-icon.svg)](mailto:?subject=What%20Is%20a%20Firewall%3F%20%5BDefinition%20%26%20Explanation%5D&body=A%20firewall%20is%20a%20network%20security%20solution%20that%20monitors%20and%20regulates%20traffic%20based%20on%20defined%20security%20rules%20and%20accepts%2C%20rejects%20or%20drops%20traffic%20accordingly.%20at%20https%3A//www.paloaltonetworks.com/cyberpedia/what-is-a-firewall) Back to Top {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2025 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language