[](https://www.paloaltonetworks.com/?ts=markdown) * Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get Support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) ![x close icon to close mobile navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/x-black.svg) [![Palo Alto Networks logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)](https://www.paloaltonetworks.com/?ts=markdown) ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [](https://www.paloaltonetworks.com/?ts=markdown) * Products ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Products [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [AI Security](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise Device Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical Device Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [OT Device Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex AgentiX](https://www.paloaltonetworks.com/cortex/agentix?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Exposure Management](https://www.paloaltonetworks.com/cortex/exposure-management?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Cortex Advanced Email Security](https://www.paloaltonetworks.com/cortex/advanced-email-security?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Unit 42 Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * Solutions ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Solutions Secure AI by Design * [Secure AI Ecosystem](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [Secure GenAI Usage](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) Network Security * [Cloud Network Security](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Data Center Security](https://www.paloaltonetworks.com/network-security/data-center?ts=markdown) * [DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Intrusion Detection and Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Device Security](https://www.paloaltonetworks.com/network-security/device-security?ts=markdown) * [OT Security](https://www.paloaltonetworks.com/network-security/ot-security-solution?ts=markdown) * [5G Security](https://www.paloaltonetworks.com/network-security/5g-security?ts=markdown) * [Secure All Apps, Users and Locations](https://www.paloaltonetworks.com/sase/secure-users-data-apps-devices?ts=markdown) * [Secure Branch Transformation](https://www.paloaltonetworks.com/sase/secure-branch-transformation?ts=markdown) * [Secure Work on Any Device](https://www.paloaltonetworks.com/sase/secure-work-on-any-device?ts=markdown) * [VPN Replacement](https://www.paloaltonetworks.com/sase/vpn-replacement-for-secure-remote-access?ts=markdown) * [Web \& Phishing Security](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) Cloud Security * [Application Security Posture Management (ASPM)](https://www.paloaltonetworks.com/cortex/cloud/application-security-posture-management?ts=markdown) * [Software Supply Chain Security](https://www.paloaltonetworks.com/cortex/cloud/software-supply-chain-security?ts=markdown) * [Code Security](https://www.paloaltonetworks.com/cortex/cloud/code-security?ts=markdown) * [Cloud Security Posture Management (CSPM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-security-posture-management?ts=markdown) * [Cloud Infrastructure Entitlement Management (CIEM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-infrastructure-entitlement-management?ts=markdown) * [Data Security Posture Management (DSPM)](https://www.paloaltonetworks.com/cortex/cloud/data-security-posture-management?ts=markdown) * [AI Security Posture Management (AI-SPM)](https://www.paloaltonetworks.com/cortex/cloud/ai-security-posture-management?ts=markdown) * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Cloud Workload Protection (CWP)](https://www.paloaltonetworks.com/cortex/cloud/cloud-workload-protection?ts=markdown) * [Web Application \& API Security (WAAS)](https://www.paloaltonetworks.com/cortex/cloud/web-app-api-security?ts=markdown) Security Operations * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Security Information and Event Management](https://www.paloaltonetworks.com/cortex/modernize-siem?ts=markdown) * [Network Security Automation](https://www.paloaltonetworks.com/cortex/network-security-automation?ts=markdown) * [Incident Case Management](https://www.paloaltonetworks.com/cortex/incident-case-management?ts=markdown) * [SOC Automation](https://www.paloaltonetworks.com/cortex/security-operations-automation?ts=markdown) * [Threat Intel Management](https://www.paloaltonetworks.com/cortex/threat-intel-management?ts=markdown) * [Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Attack Surface Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/attack-surface-management?ts=markdown) * [Compliance Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/compliance-management?ts=markdown) * [Internet Operations Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/internet-operations-management?ts=markdown) * [Extended Data Lake (XDL)](https://www.paloaltonetworks.com/cortex/cortex-xdl?ts=markdown) * [Agentic Assistant](https://www.paloaltonetworks.com/cortex/cortex-agentic-assistant?ts=markdown) Endpoint Security * [Endpoint Protection](https://www.paloaltonetworks.com/cortex/endpoint-protection?ts=markdown) * [Extended Detection \& Response](https://www.paloaltonetworks.com/cortex/detection-and-response?ts=markdown) * [Ransomware Protection](https://www.paloaltonetworks.com/cortex/ransomware-protection?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/cortex/digital-forensics?ts=markdown) [Industries](https://www.paloaltonetworks.com/industry?ts=markdown) * [Public Sector](https://www.paloaltonetworks.com/industry/public-sector?ts=markdown) * [Financial Services](https://www.paloaltonetworks.com/industry/financial-services?ts=markdown) * [Manufacturing](https://www.paloaltonetworks.com/industry/manufacturing?ts=markdown) * [Healthcare](https://www.paloaltonetworks.com/industry/healthcare?ts=markdown) * [Small \& Medium Business Solutions](https://www.paloaltonetworks.com/industry/small-medium-business-portfolio?ts=markdown) * Services ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Services [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Assess](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [AI Security Assessment](https://www.paloaltonetworks.com/unit42/assess/ai-security-assessment?ts=markdown) * [Attack Surface Assessment](https://www.paloaltonetworks.com/unit42/assess/attack-surface-assessment?ts=markdown) * [Breach Readiness Review](https://www.paloaltonetworks.com/unit42/assess/breach-readiness-review?ts=markdown) * [BEC Readiness Assessment](https://www.paloaltonetworks.com/bec-readiness-assessment?ts=markdown) * [Cloud Security Assessment](https://www.paloaltonetworks.com/unit42/assess/cloud-security-assessment?ts=markdown) * [Compromise Assessment](https://www.paloaltonetworks.com/unit42/assess/compromise-assessment?ts=markdown) * [Cyber Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/cyber-risk-assessment?ts=markdown) * [M\&A Cyber Due Diligence](https://www.paloaltonetworks.com/unit42/assess/mergers-acquisitions-cyber-due-diligence?ts=markdown) * [Penetration Testing](https://www.paloaltonetworks.com/unit42/assess/penetration-testing?ts=markdown) * [Purple Team Exercises](https://www.paloaltonetworks.com/unit42/assess/purple-teaming?ts=markdown) * [Ransomware Readiness Assessment](https://www.paloaltonetworks.com/unit42/assess/ransomware-readiness-assessment?ts=markdown) * [SOC Assessment](https://www.paloaltonetworks.com/unit42/assess/soc-assessment?ts=markdown) * [Supply Chain Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/supply-chain-risk-assessment?ts=markdown) * [Tabletop Exercises](https://www.paloaltonetworks.com/unit42/assess/tabletop-exercise?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Respond](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Cloud Incident Response](https://www.paloaltonetworks.com/unit42/respond/cloud-incident-response?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/unit42/respond/digital-forensics?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond/incident-response?ts=markdown) * [Managed Detection and Response](https://www.paloaltonetworks.com/unit42/respond/managed-detection-response?ts=markdown) * [Managed Threat Hunting](https://www.paloaltonetworks.com/unit42/respond/managed-threat-hunting?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Transform](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [IR Plan Development and Review](https://www.paloaltonetworks.com/unit42/transform/incident-response-plan-development-review?ts=markdown) * [Security Program Design](https://www.paloaltonetworks.com/unit42/transform/security-program-design?ts=markdown) * [Virtual CISO](https://www.paloaltonetworks.com/unit42/transform/vciso?ts=markdown) * [Zero Trust Advisory](https://www.paloaltonetworks.com/unit42/transform/zero-trust-advisory?ts=markdown) [Global Customer Services](https://www.paloaltonetworks.com/services?ts=markdown) * [Education \& Training](https://www.paloaltonetworks.com/services/education?ts=markdown) * [Professional Services](https://www.paloaltonetworks.com/services/consulting?ts=markdown) * [Success Tools](https://www.paloaltonetworks.com/services/customer-success-tools?ts=markdown) * [Support Services](https://www.paloaltonetworks.com/services/solution-assurance?ts=markdown) * [Customer Success](https://www.paloaltonetworks.com/services/customer-success?ts=markdown) [![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/logo-unit-42.svg) UNIT 42 RETAINER Custom-built to fit your organization's needs, you can choose to allocate your retainer hours to any of our offerings, including proactive cyber risk management services. Learn how you can put the world-class Unit 42 Incident Response team on speed dial. Learn more](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * Partners ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Partners NextWave Partners * [NextWave Partner Community](https://www.paloaltonetworks.com/partners?ts=markdown) * [Cloud Service Providers](https://www.paloaltonetworks.com/partners/nextwave-for-csp?ts=markdown) * [Global Systems Integrators](https://www.paloaltonetworks.com/partners/nextwave-for-gsi?ts=markdown) * [Technology Partners](https://www.paloaltonetworks.com/partners/technology-partners?ts=markdown) * [Service Providers](https://www.paloaltonetworks.com/partners/service-providers?ts=markdown) * [Solution Providers](https://www.paloaltonetworks.com/partners/nextwave-solution-providers?ts=markdown) * [Managed Security Service Providers](https://www.paloaltonetworks.com/partners/managed-security-service-providers?ts=markdown) * [XMDR Partners](https://www.paloaltonetworks.com/partners/managed-security-service-providers/xmdr?ts=markdown) Take Action * [Portal Login](https://www.paloaltonetworks.com/partners/nextwave-partner-portal?ts=markdown) * [Managed Services Program](https://www.paloaltonetworks.com/partners/managed-security-services-provider-program?ts=markdown) * [Become a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=becomepartner) * [Request Access](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=requestaccess) * [Find a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerlocator) [CYBERFORCE CYBERFORCE represents the top 1% of partner engineers trusted for their security expertise. Learn more](https://www.paloaltonetworks.com/cyberforce?ts=markdown) * Company ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Company Palo Alto Networks * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Management Team](https://www.paloaltonetworks.com/about-us/management?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com) * [Locations](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Ethics \& Compliance](https://www.paloaltonetworks.com/company/ethics-and-compliance?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Military \& Veterans](https://jobs.paloaltonetworks.com/military) [Why Palo Alto Networks?](https://www.paloaltonetworks.com/why-paloaltonetworks?ts=markdown) * [Precision AI Security](https://www.paloaltonetworks.com/precision-ai-security?ts=markdown) * [Our Platform Approach](https://www.paloaltonetworks.com/why-paloaltonetworks/platformization?ts=markdown) * [Accelerate Your Cybersecurity Transformation](https://www.paloaltonetworks.com/why-paloaltonetworks/nam-cxo-portfolio?ts=markdown) * [Awards \& Recognition](https://www.paloaltonetworks.com/about-us/awards?ts=markdown) * [Customer Stories](https://www.paloaltonetworks.com/customers?ts=markdown) * [Global Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Trust 360 Program](https://www.paloaltonetworks.com/resources/whitepapers/trust-360?ts=markdown) Careers * [Overview](https://jobs.paloaltonetworks.com/) * [Culture \& Benefits](https://jobs.paloaltonetworks.com/en/culture/) [A Newsweek Most Loved Workplace "Businesses that do right by their employees" Read more](https://www.paloaltonetworks.com/company/press/2021/palo-alto-networks-secures-top-ranking-on-newsweek-s-most-loved-workplaces-list-for-2021?ts=markdown) * More ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) More Resources * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Unit 42 Threat Research](https://unit42.paloaltonetworks.com/) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Tech Insider](https://techinsider.paloaltonetworks.com/) * [Knowledge Base](https://knowledgebase.paloaltonetworks.com/) * [Palo Alto Networks TV](https://tv.paloaltonetworks.com/) * [Perspectives of Leaders](https://www.paloaltonetworks.com/perspectives/?ts=markdown) * [Cyber Perspectives Magazine](https://www.paloaltonetworks.com/cybersecurity-perspectives/cyber-perspectives-magazine?ts=markdown) * [Regional Cloud Locations](https://www.paloaltonetworks.com/products/regional-cloud-locations?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Security Posture Assessment](https://www.paloaltonetworks.com/security-posture-assessment?ts=markdown) * [Threat Vector Podcast](https://unit42.paloaltonetworks.com/unit-42-threat-vector-podcast/) * [Packet Pushers Podcasts](https://www.paloaltonetworks.com/podcasts/packet-pusher?ts=markdown) Connect * [LIVE community](https://live.paloaltonetworks.com/) * [Events](https://events.paloaltonetworks.com/) * [Executive Briefing Center](https://www.paloaltonetworks.com/about-us/executive-briefing-program?ts=markdown) * [Demos](https://www.paloaltonetworks.com/demos?ts=markdown) * [Contact us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) [Blog Stay up-to-date on industry trends and the latest innovations from the world's largest cybersecurity Learn more](https://www.paloaltonetworks.com/blog/) * Sign In ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Language * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) * [Demos and Trials](https://www.paloaltonetworks.com/get-started?ts=markdown) Search All * [Tech Docs](https://docs.paloaltonetworks.com/search) Close search modal [Deploy Bravely --- Secure your AI transformation with Prisma AIRS](https://www.deploybravely.com) [](https://www.paloaltonetworks.com/?ts=markdown) 1. [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) 2. [Network Security](https://www.paloaltonetworks.com/cyberpedia/network-security?ts=markdown) 3. [What Is a Hybrid Mesh Firewall (HMF)? \[Starter Guide\]](https://www.paloaltonetworks.com/cyberpedia/what-is-a-hybrid-mesh-firewall?ts=markdown) Table of Contents * [What created the need for a hybrid mesh firewall platform?](#what-created-the-need-for-a-hybrid-mesh-firewall-platform) * [How do hybrid mesh firewall platforms and network firewalls compare?](#how-do-hybrid-mesh-firewall-platforms-and-network-firewalls-compare) * [How do hybrid mesh firewall platforms work?](#how-do-hybrid-mesh-firewall-platforms-work) * [What are the main features of an HMF platform?](#what-are-the-main-features-of-an-hmf-platform) * [What are the main hybrid mesh firewall use cases?](#what-are-the-main-features-of-an-hmf-platform) * [What are the benefits of a hybrid mesh firewall platform?](#what-are-the-benefits-of-a-hybrid-mesh-firewall-platform) * [Top 5 hybrid mesh firewall platform myths](#top-5-hybrid-mesh-firewall-platform-myths) * [Hybrid mesh firewall FAQs](#hybrid-mesh-firewall-faqs) # What Is a Hybrid Mesh Firewall (HMF)? \[Starter Guide\] 5 min. read Table of Contents * [What created the need for a hybrid mesh firewall platform?](#what-created-the-need-for-a-hybrid-mesh-firewall-platform) * [How do hybrid mesh firewall platforms and network firewalls compare?](#how-do-hybrid-mesh-firewall-platforms-and-network-firewalls-compare) * [How do hybrid mesh firewall platforms work?](#how-do-hybrid-mesh-firewall-platforms-work) * [What are the main features of an HMF platform?](#what-are-the-main-features-of-an-hmf-platform) * [What are the main hybrid mesh firewall use cases?](#what-are-the-main-features-of-an-hmf-platform) * [What are the benefits of a hybrid mesh firewall platform?](#what-are-the-benefits-of-a-hybrid-mesh-firewall-platform) * [Top 5 hybrid mesh firewall platform myths](#top-5-hybrid-mesh-firewall-platform-myths) * [Hybrid mesh firewall FAQs](#hybrid-mesh-firewall-faqs) 1. What created the need for a hybrid mesh firewall platform? * [1. What created the need for a hybrid mesh firewall platform?](#what-created-the-need-for-a-hybrid-mesh-firewall-platform) * [2. How do hybrid mesh firewall platforms and network firewalls compare?](#how-do-hybrid-mesh-firewall-platforms-and-network-firewalls-compare) * [3. How do hybrid mesh firewall platforms work?](#how-do-hybrid-mesh-firewall-platforms-work) * [4. What are the main features of an HMF platform?](#what-are-the-main-features-of-an-hmf-platform) * [5. What are the main hybrid mesh firewall use cases?](#what-are-the-main-features-of-an-hmf-platform) * [6. What are the benefits of a hybrid mesh firewall platform?](#what-are-the-benefits-of-a-hybrid-mesh-firewall-platform) * [7. Top 5 hybrid mesh firewall platform myths](#top-5-hybrid-mesh-firewall-platform-myths) * [8. Hybrid mesh firewall FAQs](#hybrid-mesh-firewall-faqs) A hybrid mesh firewall platform (HMF) is a single-vendor solution that unifies hardware, software, and cloud firewalls under one management system. It provides consistent security and centralized control across every environment: on-prem, cloud, remote, or hybrid. This approach allows organizations to enforce the same policies everywhere, regardless of how or where firewalls are deployed. ## What created the need for a hybrid mesh firewall platform? Business networks have changed. [Traditional firewalls](https://www.paloaltonetworks.com/cyberpedia/what-is-a-firewall) weren't designed to support today's mix of on-prem data centers, cloud workloads, branch offices, remote users, and agile development pipelines. Meanwhile, security teams need consistent visibility and control across all of it. But stitching together separate firewall products has made that harder. The problem isn't that organizations need more firewalls. It's that they need better integration across the ones they already use. Here's why: Most organizations now rely on more than two types of firewall deployments. Hardware. Virtual. [Cloud-native](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-native). As-a-service. All with different interfaces, update cycles, and policy management systems. Like this: ![The diagram titled 'Example of a fragmented firewall deployment environment' shows multiple firewall vendors positioned around a central network layout. In the center, a large rectangle is divided into three stacked sections labeled DMZ, Servers, and Internal network users, with icons representing devices and servers. Red shield icons with exclamation marks indicate firewall placements between these sections and at external connection points. On the left, Vendor A, Vendor B, and Vendor C are listed with details including form factor, type, management method, and update frequency. On the right, connections lead to Cloud provider A, Cloud provider B, and a Branch location, each protected by additional vendors—Vendor D, Vendor E, and Vendor F—with their corresponding specifications. Each vendor uses different firewall types, management consoles, and update schedules, illustrating a diverse and disconnected security setup.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-a-hybrid-mesh-firewall/hybrid-mesh-firewall_5-Example.png "The diagram titled 'Example of a fragmented firewall deployment environment' shows multiple firewall vendors positioned around a central network layout. In the center, a large rectangle is divided into three stacked sections labeled DMZ, Servers, and Internal network users, with icons representing devices and servers. Red shield icons with exclamation marks indicate firewall placements between these sections and at external connection points. On the left, Vendor A, Vendor B, and Vendor C are listed with details including form factor, type, management method, and update frequency. On the right, connections lead to Cloud provider A, Cloud provider B, and a Branch location, each protected by additional vendors—Vendor D, Vendor E, and Vendor F—with their corresponding specifications. Each vendor uses different firewall types, management consoles, and update schedules, illustrating a diverse and disconnected security setup.") Managing them independently takes too much time and leads to policy drift. So centralized control has become critical. That shift is what led to the rise of hybrid mesh firewalls. Instead of treating firewall form factors as separate products, the HMF model unifies them under a single platform with shared policy, automation, and threat prevention capabilities. The consistency makes security way easier to manage. And easier to adapt, too. Centralized management is what makes that possible. Plus, it improves response time, provides real-time threat prevention, and simplifies scaling across multi-cloud environments. ## How do hybrid mesh firewall platforms and network firewalls compare? Traditional network firewalls were designed for perimeter defense and data center segmentation. Typically as hardware or virtual appliances managed separately. But today's networks are hybrid, dynamic, and distributed. HMF platforms respond to this shift by integrating multiple firewall types---physical, virtual, cloud-native, and [FWaaS](https://www.paloaltonetworks.com/cyberpedia/what-is-firewall-as-a-service)---under a single cloud-based management plane. This lets teams enforce consistent policy, respond to threats faster, and support evolving use cases like microsegmentation and CI/CD. Here's a side-by-side comparison: | Traditional network firewall vs. hybrid mesh firewall platform ||| | Capability | Traditional network firewall | Hybrid mesh firewall platform | |----------------------|-----------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | Deployment options | Typically hardware or virtual appliances | Supports 3+ types: [hardware](https://www.paloaltonetworks.com/cyberpedia/what-is-a-hardware-firewall), [virtual](https://www.paloaltonetworks.com/cyberpedia/what-is-a-virtual-firewall), cloud-native, FWaaS | | Management | Managed separately by form factor | Centralized, cloud-delivered control plane | | Policy enforcement | Location-specific, prone to drift | Shared, context-aware policies across environments | | Integration | Limited integration with cloud and automation tools | Built-in CI/CD, microsegmentation, and cloud-native visibility | | Threat prevention | Deployment-dependent | Unified across platform with advanced detection | | Use case flexibility | Suited to perimeter use cases | Extends to hybrid, cloud, DevOps, and remote work models | ## How do hybrid mesh firewall platforms work? Hybrid mesh firewall platforms unify different firewall deployment models into a single, coordinated system. That includes hardware appliances, virtual firewalls, [cloud-native firewalls](https://www.paloaltonetworks.com/cyberpedia/what-is-a-public-cloud-firewall), and firewall-as-a-service. Each enforcement point still handles traffic locally. But the control, visibility, and policy management all come from a shared, centralized plane. Like so: ![The diagram titled 'Hybrid mesh firewall' is organized into three horizontal sections showing relationships between environments, management, capabilities, and deployment forms. At the top, icons represent data center, internet, public cloud, and SaaS, all connected downward to a red-shaded section labeled 'Unified management \& operations' with the text 'Cloud-based centralized management engine.' Below, a blue-shaded section labeled 'Capabilities' lists four items with icons: 'Visibility,' 'Threat prevention,' 'CI/CD DevOps,' and 'Multiple form factors.' The next section, labeled 'Consistently applied to every environment,' is divided into three gray boxes labeled 'Hardware,' 'Cloud,' and 'Software,' with 'Virtual' under software. At the bottom, six icons depict different environments labeled 'Campus,' 'Branch,' 'Contractors,' 'Hybrid workers,' and 'IoT devices.'](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-a-hybrid-mesh-firewall/hybrid-mesh-firewall_6-Hybrid.png) In other words: You manage in one place. And enforce everywhere. Let's break down how it works. An HMF platform collects telemetry across all [firewall form factors](https://www.paloaltonetworks.com/cyberpedia/types-of-firewalls). That data feeds into a unified management layer---typically cloud-delivered---which provides a single interface for configuring policies, monitoring activity, and resolving issues. The central console applies shared security rules across every deployment. Whether that means a branch firewall, cloud container, or IoT gateway, the platform ensures consistent policy. It also integrates security services like threat detection, DNS filtering, and decryption across the entire estate. Some platforms offer built-in tools for automation, anomaly detection, or policy optimization. This helps reduce human error and catch configuration drift early. Others provide AI-powered recommendations to fine-tune rule sets or flag unused policies. The result is less fragmentation, better visibility, and fewer gaps between firewall types. Without changing how each form factor is deployed. | ***Further reading:*** * [*What Is Firewall Management?*](https://www.paloaltonetworks.com/cyberpedia/what-is-firewall-management) * [*What Is Network Security Management?*](https://www.paloaltonetworks.com/cyberpedia/what-is-network-security-management) * [*What Is Cybersecurity Platformization?*](https://www.paloaltonetworks.com/cyberpedia/what-is-cybersecurity-platformization) * [*What is Cybersecurity Consolidation?*](https://www.paloaltonetworks.com/cyberpedia/what-is-cybersecurity-consolidation) ![Strata icon on a browser](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-a-hybrid-mesh-firewall/icon-hybrid-mesh-strata-browser.svg) ## See firsthand how unified firewall management and AI-driven insights simplify network security operations. Watch the Strata Cloud Manager demo. [Watch demo](https://www.paloaltonetworks.com/resources/webcasts/strata-cloud-manager-demo) ## What are the main features of an HMF platform? ![A rectangular infographic titled 'Hybrid mesh firewall platform features' divided into two vertical sections. The left section has a light gray background with the title in bold black text. The right section features six blue square icons, each with a white line illustration and a short feature label in black text. The icons are arranged in two vertical columns. From top to bottom, the left column displays: a globe surrounded by three shield-like nodes with the label 'Multiple deployment form factors'; a network diagram icon labeled 'Centralized management plane'; and a radar-like signal icon labeled 'Integrated threat prevention'. The right column shows: a gear surrounded by arrows labeled 'CI/CD \& DevOps support'; a chart with points and lines labeled 'Visibility \& usage mapping'; and a padlock with a person icon labeled 'Optional Zero Trust \& remote access support'.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-a-hybrid-mesh-firewall/hybrid-mesh-firewall_1-Hybrid.png "A rectangular infographic titled 'Hybrid mesh firewall platform features' divided into two vertical sections. The left section has a light gray background with the title in bold black text. The right section features six blue square icons, each with a white line illustration and a short feature label in black text. The icons are arranged in two vertical columns. From top to bottom, the left column displays: a globe surrounded by three shield-like nodes with the label 'Multiple deployment form factors'; a network diagram icon labeled 'Centralized management plane'; and a radar-like signal icon labeled 'Integrated threat prevention'. The right column shows: a gear surrounded by arrows labeled 'CI/CD & DevOps support'; a chart with points and lines labeled 'Visibility & usage mapping'; and a padlock with a person icon labeled 'Optional Zero Trust & remote access support'.") Hybrid mesh firewall platforms share a few essential characteristics: * Multiple deployment form factors * Centralized management plane * Integrated threat prevention * CI/CD and DevOps support * Visibility and usage mapping * Optional Zero Trust and remote access support Each of these capabilities supports consistent policy enforcement and makes it easier to manage security at scale. Let's break down each feature one by one: ### Multiple deployment form factors HMF platforms support more than one type of firewall deployment---often three or more. That includes hardware appliances, virtual machines, cloud-native firewalls, [containerized firewalls](https://www.paloaltonetworks.com/cyberpedia/what-is-a-container-firewall), and firewall-as-a-service. Each one acts as an enforcement point. But the platform brings them together for unified control. ***Note:*** *Some HMF platforms allow organizations to transfer licenses between form factors. This avoids delays and extra costs when moving from a hardware appliance to a cloud-native firewall.* ### Centralized management plane Policy creation, rule enforcement, and visibility are handled in one place. Typically, this is a cloud-based console. From here, teams can push updates, monitor traffic, investigate threats, and audit activity. Without logging into each firewall individually. Which reduces drift and simplifies change control. ### Integrated threat prevention Most platforms include advanced threat protection services. These may block [DNS-based attacks](https://www.paloaltonetworks.com/cyberpedia/what-is-a-dns-attack), identify malicious IoT activity, or detect known and unknown threats using deep packet inspection and threat intelligence. Controls are applied consistently across environments. ### CI/CD and DevOps support To support cloud-native use cases, HMF platforms offer CI/CD integration. This allows teams to apply security policies in step with code deployments or infrastructure changes. Some platforms allow tag-based controls or integration with common automation tools. ***Note:*** *Integrating security policy enforcement into CI/CD pipelines ensures controls are applied before code or infrastructure changes go live. Which prevents last-minute deployment rollbacks due to missing or misaligned rules.* ### Visibility and usage mapping HMFs often include tools for application discovery and connectivity mapping. These help teams visualize traffic flows, detect misconfigurations, and spot anomalies in real time. Visibility and usage mapping also helps enforce [segmentation](https://www.paloaltonetworks.com/cyberpedia/what-is-network-segmentation") and policy alignment in hybrid environments. ***Note:*** *Traffic flow maps from HMF platforms can serve as evidence in compliance audits, showing exactly how [sensitive data](https://www.paloaltonetworks.com/cyberpedia/sensitive-data) moves across environments and where controls are enforced.* ### Optional Zero Trust and remote access support Some platforms offer optional features like agent-based [microsegmentation](https://www.paloaltonetworks.com/cyberpedia/what-is-microsegmentation), unified endpoint clients, and [secure remote access](https://www.paloaltonetworks.com/cyberpedia/secure-remote-access-understand-how-to-protect-remote-employees). These aren't core to every deployment, but they help extend coverage to roaming users, home offices, or sensitive workloads. ## What are the main hybrid mesh firewall use cases? ![A rectangular infographic titled 'Hybrid mesh firewall platform use cases' is split into two vertical sections. The left section has a light gray background with the title in bold black text. The right section displays five purple square icons with white line illustrations, each paired with a corresponding label in black text. The icons are arranged in two vertical columns. On the left column, from top to bottom: a cloud above a data center labeled 'Securing hybrid environments'; a cloud with up and down arrows labeled 'North-south inspection'; and a segmented circuit diagram labeled 'East-west inspection + microsegmentation'. The right column shows: a house icon labeled 'Work-from-home \& distributed offices'; and a cloud with rotating gears labeled 'Securing cloud workloads'.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-a-hybrid-mesh-firewall/hybrid-mesh-firewall_2-Hybrid.png "A rectangular infographic titled 'Hybrid mesh firewall platform use cases' is split into two vertical sections. The left section has a light gray background with the title in bold black text. The right section displays five purple square icons with white line illustrations, each paired with a corresponding label in black text. The icons are arranged in two vertical columns. On the left column, from top to bottom: a cloud above a data center labeled 'Securing hybrid environments'; a cloud with up and down arrows labeled 'North-south inspection'; and a segmented circuit diagram labeled 'East-west inspection + microsegmentation'. The right column shows: a house icon labeled 'Work-from-home & distributed offices'; and a cloud with rotating gears labeled 'Securing cloud workloads'.") There are five major use cases for hybrid mesh firewall platforms: * Securing hybrid environments * North-south inspection * East-west inspection + microsegmentation * Work-from-home and distributed offices * Securing cloud workloads These platforms aren't built for a single environment. They're designed to span all of them. That's why their use cases go beyond traditional firewall deployments. Here's how each one plays out in practice: ### Securing hybrid environments This is the foundational use case for HMFs. Most enterprises today operate in a mix of physical and cloud environments. Some use hardware firewalls for data centers. Others rely on virtual firewalls, cloud-native security, or firewall-as-a-service. An HMF lets teams use all of them. While also enforcing shared policies and centralizing control. ***Note:*** *Some HMF platforms can automatically detect new environments---like a newly spun-up cloud account---and apply baseline policies without manual configuration.* ### North-south inspection North-south traffic refers to data moving between internal networks and external sources. This remains one of the primary firewall functions. But now, that traffic spans data centers, SaaS apps, cloud workloads, and more. HMFs apply perimeter inspection across multiple form factors---from hardware appliances to containerized firewalls---without managing each separately. ### East-west inspection and microsegmentation East-west traffic refers to data moving within a network; such as between applications, workloads, or user devices. HMFs support both macrosegmentation (zone-based controls) and microsegmentation ([Layer 7](https://www.paloaltonetworks.com/cyberpedia/what-is-layer-7) enforcement). This includes virtual, cloud-native, and agent-based firewalls, all managed from a centralized console. ***Note:*** *Integrating microsegmentation at Layer 7 allows HMFs to enforce controls based on application identity, not just IP or port. This reduces the risk of lateral movement in compromised environments.* ### Work-from-home and distributed offices This use case isn't just about remote users. It's about how modern organizations extend firewall coverage to anywhere work happens. HMFs let you mix branch office hardware, home office firewall boxes, and firewall-as-a-service for remote users. All under a common security framework. ### Securing cloud workloads Cloud adoption has made workload protection more dynamic. Applications might run in containers, virtual machines, or serverless compute. Each one needs a different enforcement point. HMFs support virtual firewalls, cloud-native policies, and microsegmentation---while still managing everything through one platform. ***Note:*** *HMFs that integrate with cloud provider APIs can automatically update enforcement points when workloads are moved, resized, or redeployed, ensuring policy coverage remains intact during scaling events.* ## What are the benefits of a hybrid mesh firewall platform? ![A circular infographic titled 'Hybrid mesh firewall platform benefits' centered at the bottom of the image in bold black text. Ten labeled icons radiate outward from the circle along thin gray lines, forming a semi-arc across the top. Each benefit is represented by a colored circular icon with a white line illustration and corresponding label in black text. Clockwise from top left: a cloud and gear labeled 'Support for modern deployment models'; a network icon labeled 'Centralized management across deployments'; a shield icon labeled 'Consistent security policy across environments'; a radar icon labeled 'Advanced threat prevention built in'; a hexagonal mesh icon labeled 'Better alignment with Zero Trust \& mesh architectures'; a flowchart icon labeled 'Reduced complexity compared to siloed tools'; a hand holding a coin labeled 'Lower total cost of ownership (TCO)'; a scale and arrow icon labeled 'Improved agility \& scale'; and a magnifying glass over a chart labeled 'Improved visibility \& control'.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-a-hybrid-mesh-firewall/hybrid-mesh-firewall_3-Hybrid.png "A circular infographic titled 'Hybrid mesh firewall platform benefits' centered at the bottom of the image in bold black text. Ten labeled icons radiate outward from the circle along thin gray lines, forming a semi-arc across the top. Each benefit is represented by a colored circular icon with a white line illustration and corresponding label in black text. Clockwise from top left: a cloud and gear labeled 'Support for modern deployment models'; a network icon labeled 'Centralized management across deployments'; a shield icon labeled 'Consistent security policy across environments'; a radar icon labeled 'Advanced threat prevention built in'; a hexagonal mesh icon labeled 'Better alignment with Zero Trust & mesh architectures'; a flowchart icon labeled 'Reduced complexity compared to siloed tools'; a hand holding a coin labeled 'Lower total cost of ownership (TCO)'; a scale and arrow icon labeled 'Improved agility & scale'; and a magnifying glass over a chart labeled 'Improved visibility & control'.") A hybrid mesh firewall platform brings security, management, and visibility into one coordinated system. The result is faster operations, consistent enforcement, and fewer gaps between firewall types. Here's how that translates into real benefits: * **Centralized management across deployments:** An HMF platform lets you manage hardware, virtual, and cloud firewalls from a single control plane. That simplifies policy enforcement and reduces operational overhead. * **Consistent security policy across environments:** Policies follow the traffic---not the location. Whether data moves through on-prem, cloud, or remote locations, enforcement stays consistent. * **Improved visibility and control:** Unified telemetry gives teams a complete view of traffic, threats, and configurations across the network. Which makes it easier to spot misconfigurations or gaps before they become exposures. * **Support for modern deployment models:** An HMF supports dynamic environments like containers, microservices, and [CI/CD pipelines](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security). It integrates with tools used in cloud and [DevOps](https://www.paloaltonetworks.com/cyberpedia/what-is-devops) workflows. * **Advanced threat prevention built in:** Many platforms come with AI-powered detection, [sandboxing](https://www.paloaltonetworks.com/cyberpedia/sandboxing), and signature-based defenses. This provides near real-time protection without relying on bolt-on tools. * **Better alignment with [Zero Trust](https://www.paloaltonetworks.com/cyberpedia/what-is-a-zero-trust-architecture) and mesh architectures:** Because enforcement is distributed but managed centrally, HMFs support modern architectures that require identity-aware, context-driven security controls across domains. * **Reduced complexity compared to siloed tools:** Replacing point solutions with a single integrated platform cuts down on management effort, reduces friction between teams, and simplifies troubleshooting. * **Improved agility and scale:** Security teams can deploy and adapt firewall enforcement as business needs evolve, without rebuilding security models for every location. * **Lower total cost of ownership (TCO):** Fewer tools to license, configure, and maintain. Combined with centralized visibility and automation, that helps organizations reduce both capex and opex over time. ## Top 5 hybrid mesh firewall platform myths ![An infographic titled 'Top 5 hybrid mesh firewall platform misconceptions' by Palo Alto Networks. The infographic presents five common myths about hybrid mesh firewalls (HMFs), each matched with the corresponding reality: Myth #1: Hybrid mesh firewalls are just a patchwork of firewall types. Reality: A true HMF platform is built as a single, unified system, not a collection of point products. Myth #2: HMFs are too complex for most organizations. Reality: Most complexity in network security comes from managing multiple firewall products separately. Myth #3: You only need an HMF if you have a large, global network. Reality: HMFs are designed for hybrid environments, not just large ones. Myth #4: Centralized control means giving up flexibility. Reality: Centralized control doesn't mean one-size-fits-all; it means having one place to define policies and the flexibility to apply them based on context. Myth #5: It's easier to stick with traditional firewalls and layer on extra tools.Reality: Point solutions create overlap, blind spots, and policy drift. At the bottom, a takeaway message states: 'HMFs eliminate the confusion—and risk—of managing firewalls in isolation.' The Palo Alto Networks logo appears underneath. The design includes icons for each myth and uses blue text for myths and black text for realities, all on a light background with shaded boxes.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-a-hybrid-mesh-firewall/hybrid-mesh-firewall-04.png) Hybrid mesh firewall platforms are still relatively new. That's why a few common misunderstandings still show up. Especially when they're compared to older firewall approaches. Here's a breakdown of the most frequent misconceptions and how they hold up: 1. ### Myth: Hybrid mesh firewalls are just a patchwork of firewall types. **Reality:** A true HMF platform is built as a single, unified system. Not a collection of point products. The management plane, policy framework, and enforcement mechanisms all work together by design. That's what enables consistent security across hardware, software, cloud, and as-a-service deployments. 2\. ### Myth: HMFs are too complex for most organizations. **Reality:** Most of the complexity in network security comes from managing multiple firewall products separately. HMF platforms reduce that complexity. They let teams manage policy, updates, and configurations from one place. And with automation and best practice checks to reduce overhead. 3\. ### Myth: You only need an HMF if you have a large, global network. **Reality:** HMFs are designed for hybrid environments. Not just large ones. Even midsize organizations often use two or more firewall types to cover cloud, data center, and branch environments. That mix is what drives the need for a centralized platform, regardless of scale. 4\. ### Myth: Centralized control means giving up flexibility. **Reality:** Centralized control doesn't mean one-size-fits-all. It means having one place to define policies. And the flexibility to apply them based on context. HMF platforms support granular segmentation, CI/CD integrations, and location-specific enforcement without losing visibility or coordination. 5\. ### Myth: It's easier to stick with traditional firewalls and layer on extra tools. **Reality:** Point solutions create overlap, blind spots, and policy drift. HMF platforms solve this by integrating capabilities like DNS protection, microsegmentation, and threat prevention into the firewall platform itself. It reduces tool sprawl and improves overall security posture. ![Strata Cloud Manager icon](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-a-hybrid-mesh-firewall/icon-strata.svg) ## Try Strata Cloud Manager for free and see unified firewall management in action. [Start free trial](https://www.paloaltonetworks.com/network-security/strata-cloud-manager#free-trials) ## Hybrid mesh firewall FAQs ### What is a hybrid firewall? A hybrid firewall combines traditional stateful inspection with next-generation firewall capabilities, including deep packet inspection, intrusion prevention, and application awareness. ### What is a hybrid mesh? A hybrid mesh refers to a network architecture that blends wired, wireless, and virtual networking components for robust connectivity and redundancy. ### What is hybrid mesh security? Hybrid mesh security is an integrated approach to protect an organization's assets across various environments, including on-premises, cloud, and virtual infrastructures, through unified management. ### What is the difference between mesh and hybrid? The difference between mesh and hybrid lies in their scope: 'mesh' refers to a network structure with interconnected nodes, while 'hybrid' indicates the combination of different technologies or environments. ### What are the main categories of firewalls? Types of firewalls can be categorized by systems protected, form factors, placement within network infrastructure, and data filtering method. ### What makes a firewall platform 'hybrid mesh'? A platform is considered hybrid mesh when it supports multiple firewall types---hardware, virtual, cloud, and FWaaS---and manages them through a single, centralized control plane. ### What makes a firewall platform 'hybrid mesh'? A platform is considered hybrid mesh when it supports multiple firewall types---hardware, virtual, cloud, and FWaaS---and manages them through a single, centralized control plane. Related Content [Blog: Strata Cloud Manager: One Interface, Complete Network Security Control Learn about Strata Cloud Manager, the AI-powered platform for managing your entire network security estate.](https://www.paloaltonetworks.com/blog/2024/11/strata-cloud-manager-one-interface-complete-network-security-control/?ts=markdown) [Data sheet: Strata Cloud Manager Get the facts, features, and benefits of Strata Cloud Manager.](https://www.paloaltonetworks.com/blog/sase/critical-role-of-enterprise-browsers-in-a-sase-framework/?ts=markdown) [TechDocs: Strata Cloud Manager Explore setup, workflows, and best practices for Strata Cloud Manager.](https://docs.paloaltonetworks.com/strata-cloud-manager) [White paper: Modernize Your Network Security With Artificial Intelligence Discover key principles to adopting a Zero Trust, AI-powered approach to network security.](https://www.paloaltonetworks.com/resources/whitepapers/modernize-your-network-security-with-artificial-intelligence?ts=markdown) ![Share page on facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/facebook-circular-icon.svg) ![Share page on linkedin](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/linkedin-circular-icon.svg) [![Share page by an email](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/email-circular-icon.svg)](mailto:?subject=What%20is%20a%20Hybrid%20Mesh%20Firewall%3F&body=Explore%20how%20a%20hybrid%20mesh%20firewall%20integrates%20multiple%20firewall%20types%20across%20IT%20environments%20to%20deliver%20comprehensive%20and%20adaptive%20network%20security.%20at%20https%3A//www.paloaltonetworks.com/cyberpedia/what-is-a-hybrid-mesh-firewall) Back to Top {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language