[](https://www.paloaltonetworks.com/?ts=markdown) * Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get Support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) ![x close icon to close mobile navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/x-black.svg) [![Palo Alto Networks logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)](https://www.paloaltonetworks.com/?ts=markdown) ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [](https://www.paloaltonetworks.com/?ts=markdown) * Products ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Products [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [AI Security](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise Device Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical Device Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [OT Device Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex AgentiX](https://www.paloaltonetworks.com/cortex/agentix?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Exposure Management](https://www.paloaltonetworks.com/cortex/exposure-management?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Cortex Advanced Email Security](https://www.paloaltonetworks.com/cortex/advanced-email-security?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Unit 42 Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * Solutions ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Solutions Secure AI by Design * [Secure AI Ecosystem](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [Secure GenAI Usage](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) Network Security * [Cloud Network Security](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Data Center Security](https://www.paloaltonetworks.com/network-security/data-center?ts=markdown) * [DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Intrusion Detection and Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Device Security](https://www.paloaltonetworks.com/network-security/device-security?ts=markdown) * [OT Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown) * [5G Security](https://www.paloaltonetworks.com/network-security/5g-security?ts=markdown) * [Secure All Apps, Users and Locations](https://www.paloaltonetworks.com/sase/secure-users-data-apps-devices?ts=markdown) * [Secure Branch Transformation](https://www.paloaltonetworks.com/sase/secure-branch-transformation?ts=markdown) * [Secure Work on Any Device](https://www.paloaltonetworks.com/sase/secure-work-on-any-device?ts=markdown) * [VPN Replacement](https://www.paloaltonetworks.com/sase/vpn-replacement-for-secure-remote-access?ts=markdown) * [Web \& Phishing Security](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) Cloud Security * [Application Security Posture Management (ASPM)](https://www.paloaltonetworks.com/cortex/cloud/application-security-posture-management?ts=markdown) * [Software Supply Chain Security](https://www.paloaltonetworks.com/cortex/cloud/software-supply-chain-security?ts=markdown) * [Code Security](https://www.paloaltonetworks.com/cortex/cloud/code-security?ts=markdown) * [Cloud Security Posture Management (CSPM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-security-posture-management?ts=markdown) * [Cloud Infrastructure Entitlement Management (CIEM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-infrastructure-entitlement-management?ts=markdown) * [Data Security Posture Management (DSPM)](https://www.paloaltonetworks.com/cortex/cloud/data-security-posture-management?ts=markdown) * [AI Security Posture Management (AI-SPM)](https://www.paloaltonetworks.com/cortex/cloud/ai-security-posture-management?ts=markdown) * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Cloud Workload Protection (CWP)](https://www.paloaltonetworks.com/cortex/cloud/cloud-workload-protection?ts=markdown) * [Web Application \& API Security (WAAS)](https://www.paloaltonetworks.com/cortex/cloud/web-app-api-security?ts=markdown) Security Operations * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Security Information and Event Management](https://www.paloaltonetworks.com/cortex/modernize-siem?ts=markdown) * [Network Security Automation](https://www.paloaltonetworks.com/cortex/network-security-automation?ts=markdown) * [Incident Case Management](https://www.paloaltonetworks.com/cortex/incident-case-management?ts=markdown) * [SOC Automation](https://www.paloaltonetworks.com/cortex/security-operations-automation?ts=markdown) * [Threat Intel Management](https://www.paloaltonetworks.com/cortex/threat-intel-management?ts=markdown) * [Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Attack Surface Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/attack-surface-management?ts=markdown) * [Compliance Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/compliance-management?ts=markdown) * [Internet Operations Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/internet-operations-management?ts=markdown) * [Extended Data Lake (XDL)](https://www.paloaltonetworks.com/cortex/cortex-xdl?ts=markdown) * [Agentic Assistant](https://www.paloaltonetworks.com/cortex/cortex-agentic-assistant?ts=markdown) Endpoint Security * [Endpoint Protection](https://www.paloaltonetworks.com/cortex/endpoint-protection?ts=markdown) * [Extended Detection \& Response](https://www.paloaltonetworks.com/cortex/detection-and-response?ts=markdown) * [Ransomware Protection](https://www.paloaltonetworks.com/cortex/ransomware-protection?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/cortex/digital-forensics?ts=markdown) [Industries](https://www.paloaltonetworks.com/industry?ts=markdown) * [Public Sector](https://www.paloaltonetworks.com/industry/public-sector?ts=markdown) * [Financial Services](https://www.paloaltonetworks.com/industry/financial-services?ts=markdown) * [Manufacturing](https://www.paloaltonetworks.com/industry/manufacturing?ts=markdown) * [Healthcare](https://www.paloaltonetworks.com/industry/healthcare?ts=markdown) * [Small \& Medium Business Solutions](https://www.paloaltonetworks.com/industry/small-medium-business-portfolio?ts=markdown) * Services ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Services [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Assess](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [AI Security Assessment](https://www.paloaltonetworks.com/unit42/assess/ai-security-assessment?ts=markdown) * [Attack Surface Assessment](https://www.paloaltonetworks.com/unit42/assess/attack-surface-assessment?ts=markdown) * [Breach Readiness Review](https://www.paloaltonetworks.com/unit42/assess/breach-readiness-review?ts=markdown) * [BEC Readiness Assessment](https://www.paloaltonetworks.com/bec-readiness-assessment?ts=markdown) * [Cloud Security Assessment](https://www.paloaltonetworks.com/unit42/assess/cloud-security-assessment?ts=markdown) * [Compromise Assessment](https://www.paloaltonetworks.com/unit42/assess/compromise-assessment?ts=markdown) * [Cyber Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/cyber-risk-assessment?ts=markdown) * [M\&A Cyber Due Diligence](https://www.paloaltonetworks.com/unit42/assess/mergers-acquisitions-cyber-due-diligence?ts=markdown) * [Penetration Testing](https://www.paloaltonetworks.com/unit42/assess/penetration-testing?ts=markdown) * [Purple Team Exercises](https://www.paloaltonetworks.com/unit42/assess/purple-teaming?ts=markdown) * [Ransomware Readiness Assessment](https://www.paloaltonetworks.com/unit42/assess/ransomware-readiness-assessment?ts=markdown) * [SOC Assessment](https://www.paloaltonetworks.com/unit42/assess/soc-assessment?ts=markdown) * [Supply Chain Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/supply-chain-risk-assessment?ts=markdown) * [Tabletop Exercises](https://www.paloaltonetworks.com/unit42/assess/tabletop-exercise?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Respond](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Cloud Incident Response](https://www.paloaltonetworks.com/unit42/respond/cloud-incident-response?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/unit42/respond/digital-forensics?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond/incident-response?ts=markdown) * [Managed Detection and Response](https://www.paloaltonetworks.com/unit42/respond/managed-detection-response?ts=markdown) * [Managed Threat Hunting](https://www.paloaltonetworks.com/unit42/respond/managed-threat-hunting?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Transform](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [IR Plan Development and Review](https://www.paloaltonetworks.com/unit42/transform/incident-response-plan-development-review?ts=markdown) * [Security Program Design](https://www.paloaltonetworks.com/unit42/transform/security-program-design?ts=markdown) * [Virtual CISO](https://www.paloaltonetworks.com/unit42/transform/vciso?ts=markdown) * [Zero Trust Advisory](https://www.paloaltonetworks.com/unit42/transform/zero-trust-advisory?ts=markdown) [Global Customer Services](https://www.paloaltonetworks.com/services?ts=markdown) * [Education \& Training](https://www.paloaltonetworks.com/services/education?ts=markdown) * [Professional Services](https://www.paloaltonetworks.com/services/consulting?ts=markdown) * [Success Tools](https://www.paloaltonetworks.com/services/customer-success-tools?ts=markdown) * [Support Services](https://www.paloaltonetworks.com/services/solution-assurance?ts=markdown) * [Customer Success](https://www.paloaltonetworks.com/services/customer-success?ts=markdown) [![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/logo-unit-42.svg) UNIT 42 RETAINER Custom-built to fit your organization's needs, you can choose to allocate your retainer hours to any of our offerings, including proactive cyber risk management services. Learn how you can put the world-class Unit 42 Incident Response team on speed dial. Learn more](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * Partners ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Partners NextWave Partners * [NextWave Partner Community](https://www.paloaltonetworks.com/partners?ts=markdown) * [Cloud Service Providers](https://www.paloaltonetworks.com/partners/nextwave-for-csp?ts=markdown) * [Global Systems Integrators](https://www.paloaltonetworks.com/partners/nextwave-for-gsi?ts=markdown) * [Technology Partners](https://www.paloaltonetworks.com/partners/technology-partners?ts=markdown) * [Service Providers](https://www.paloaltonetworks.com/partners/service-providers?ts=markdown) * [Solution Providers](https://www.paloaltonetworks.com/partners/nextwave-solution-providers?ts=markdown) * [Managed Security Service Providers](https://www.paloaltonetworks.com/partners/managed-security-service-providers?ts=markdown) * [XMDR Partners](https://www.paloaltonetworks.com/partners/managed-security-service-providers/xmdr?ts=markdown) Take Action * [Portal Login](https://www.paloaltonetworks.com/partners/nextwave-partner-portal?ts=markdown) * [Managed Services Program](https://www.paloaltonetworks.com/partners/managed-security-services-provider-program?ts=markdown) * [Become a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=becomepartner) * [Request Access](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=requestaccess) * [Find a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerlocator) [CYBERFORCE CYBERFORCE represents the top 1% of partner engineers trusted for their security expertise. Learn more](https://www.paloaltonetworks.com/cyberforce?ts=markdown) * Company ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Company Palo Alto Networks * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Management Team](https://www.paloaltonetworks.com/about-us/management?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com) * [Locations](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Ethics \& Compliance](https://www.paloaltonetworks.com/company/ethics-and-compliance?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Military \& Veterans](https://jobs.paloaltonetworks.com/military) [Why Palo Alto Networks?](https://www.paloaltonetworks.com/why-paloaltonetworks?ts=markdown) * [Precision AI Security](https://www.paloaltonetworks.com/precision-ai-security?ts=markdown) * [Our Platform Approach](https://www.paloaltonetworks.com/why-paloaltonetworks/platformization?ts=markdown) * [Accelerate Your Cybersecurity Transformation](https://www.paloaltonetworks.com/why-paloaltonetworks/nam-cxo-portfolio?ts=markdown) * [Awards \& Recognition](https://www.paloaltonetworks.com/about-us/awards?ts=markdown) * [Customer Stories](https://www.paloaltonetworks.com/customers?ts=markdown) * [Global Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Trust 360 Program](https://www.paloaltonetworks.com/resources/whitepapers/trust-360?ts=markdown) Careers * [Overview](https://jobs.paloaltonetworks.com/) * [Culture \& Benefits](https://jobs.paloaltonetworks.com/en/culture/) [A Newsweek Most Loved Workplace "Businesses that do right by their employees" Read more](https://www.paloaltonetworks.com/company/press/2021/palo-alto-networks-secures-top-ranking-on-newsweek-s-most-loved-workplaces-list-for-2021?ts=markdown) * More ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) More Resources * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Unit 42 Threat Research](https://unit42.paloaltonetworks.com/) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Tech Insider](https://techinsider.paloaltonetworks.com/) * [Knowledge Base](https://knowledgebase.paloaltonetworks.com/) * [Palo Alto Networks TV](https://tv.paloaltonetworks.com/) * [Perspectives of Leaders](https://www.paloaltonetworks.com/perspectives/?ts=markdown) * [Cyber Perspectives Magazine](https://www.paloaltonetworks.com/cybersecurity-perspectives/cyber-perspectives-magazine?ts=markdown) * [Regional Cloud Locations](https://www.paloaltonetworks.com/products/regional-cloud-locations?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Security Posture Assessment](https://www.paloaltonetworks.com/security-posture-assessment?ts=markdown) * [Threat Vector Podcast](https://unit42.paloaltonetworks.com/unit-42-threat-vector-podcast/) * [Packet Pushers Podcasts](https://www.paloaltonetworks.com/podcasts/packet-pusher?ts=markdown) Connect * [LIVE community](https://live.paloaltonetworks.com/) * [Events](https://events.paloaltonetworks.com/) * [Executive Briefing Center](https://www.paloaltonetworks.com/about-us/executive-briefing-program?ts=markdown) * [Demos](https://www.paloaltonetworks.com/demos?ts=markdown) * [Contact us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) [Blog Stay up-to-date on industry trends and the latest innovations from the world's largest cybersecurity Learn more](https://www.paloaltonetworks.com/blog/) * Sign In ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Language * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) * [Demos and Trials](https://www.paloaltonetworks.com/get-started?ts=markdown) Search All * [Tech Docs](https://docs.paloaltonetworks.com/search) Close search modal [Deploy Bravely --- Secure your AI transformation with Prisma AIRS](https://www.deploybravely.com) [](https://www.paloaltonetworks.com/?ts=markdown) 1. [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) 2. [Network Security](https://www.paloaltonetworks.com/cyberpedia/network-security?ts=markdown) 3. [What Is a Software Firewall? \[Why It's Needed + How It Works\]](https://www.paloaltonetworks.com/cyberpedia/what-is-a-software-firewall?ts=markdown) Table of contents * [What created the need for software firewalls?](#what-created-the-need-for-software-firewalls) * [How do software firewalls work?](#how-do-software-firewalls-work) * [Why use software firewalls?](#why-use-software-firewalls) * [What are the different types of software firewalls?](#what-are-the-different-types-of-software-firewalls) * [Where are software firewalls deployed?](#where-are-software-firewalls-deployed) * [What is the difference between a software and hardware firewall?](#what-is-the-difference-between-a-software-and-hardware-firewall) * [How software firewalls help achieve a Zero Trust strategy](#how-software-firewalls-help-achieve-a-zero-trust-strategy) # What Is a Software Firewall? \[Why It's Needed + How It Works\] 6 min. read Table of contents * [What created the need for software firewalls?](#what-created-the-need-for-software-firewalls) * [How do software firewalls work?](#how-do-software-firewalls-work) * [Why use software firewalls?](#why-use-software-firewalls) * [What are the different types of software firewalls?](#what-are-the-different-types-of-software-firewalls) * [Where are software firewalls deployed?](#where-are-software-firewalls-deployed) * [What is the difference between a software and hardware firewall?](#what-is-the-difference-between-a-software-and-hardware-firewall) * [How software firewalls help achieve a Zero Trust strategy](#how-software-firewalls-help-achieve-a-zero-trust-strategy) 1. What created the need for software firewalls? * [1. What created the need for software firewalls?](#what-created-the-need-for-software-firewalls) * [2. How do software firewalls work?](#how-do-software-firewalls-work) * [3. Why use software firewalls?](#why-use-software-firewalls) * [4. What are the different types of software firewalls?](#what-are-the-different-types-of-software-firewalls) * [5. Where are software firewalls deployed?](#where-are-software-firewalls-deployed) * [6. What is the difference between a software and hardware firewall?](#what-is-the-difference-between-a-software-and-hardware-firewall) * [7. How software firewalls help achieve a Zero Trust strategy](#how-software-firewalls-help-achieve-a-zero-trust-strategy) ![What is a software firewall?](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/thumbnail-video-what-is-a-software-firewall.jpg) close A software firewall is a firewall delivered in a software form factor that runs on general-purpose hardware, virtual machines, or cloud instances. It applies the same inspection and policy enforcement functions as hardware firewalls. Software firewalls are used to secure applications, workloads, and data where physical appliances can't be placed, like public clouds, containers, and distributed networks. ## What created the need for software firewalls? [Firewalls](https://www.paloaltonetworks.com/cyberpedia/what-is-a-firewall) have long enforced traffic policies at network boundaries. Hardware appliances in data centers and offices inspected traffic moving in and out --- and still do. They remain essential for anchoring high-performance inspection and policy enforcement wherever physical devices can be deployed. But environments have changed. "92% of workloads are now hosted on some form of cloud platform, indicating a significant shift from traditional on-premises solutions. Only 8% of workloads remain solely on-premises, showing a substantial move towards cloud-based infrastructure across various industries." [- Rackspace, The 2025 State of Cloud Report](https://www.rackspace.com/lp/2025-state-cloud-report) Applications now run in multiple clouds. Workloads are virtualized, containerized, and portable. Development cycles are faster. The result is a network without a fixed boundary. ![The diagram titled 'Corporate connectivity pre and post-SaaS' shows the difference in network connections before and after implementing SaaS. The 'Before' section depicts a branch office connecting to the headquarters (HQ) through a single network link. The 'After' section shows the branch office connected to HQ via multiple network links, which in turn connect to various cloud services such as AWS, Azure, Google Drive, Salesforce, and Microsoft, indicating SaaS integration. Additionally, the 'After' section includes connections to social media and other internet services like TikTok, YouTube, Instagram, and Facebook, labeled as 'Best effort.'](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-a-software-firewall/Connectivity-pre-and-post-SaaS.png) This creates new risks. Organizations face breaches in cloud environments even with mature security programs. Developers move quickly, often relying on limited native controls. Security teams struggle to enforce consistent policy across diverse platforms. The gap between how fast applications deploy and how slowly traditional appliance rollouts adapt makes the problem worse. Here's why this matters: Physical appliances can't be placed inside a cloud provider's infrastructure or attached to workloads that spin up and down on demand. Security needs to extend closer to the workloads themselves, in forms that can scale as dynamically as the environments they protect. ![Diagram titled 'Diverse roles of firewalls across environments' showing a comparison between a traditional data center and cloud providers. On the left, a section labeled 'Traditional data center' contains a red icon labeled 'Perimeter hardware firewall' connected to boxes representing a web server, database server, application server, mail server, file server, and backup server. Below, three bullet points under 'Traditional model characteristics' read 'Fixed perimeter design,' 'Visibility centered on on-premises environments,' and 'Policy enforcement at centralized boundaries.' In the center, an icon of the internet is connected to both the data center and two cloud provider sections with a red triangle labeled 'Security gap' beneath it. On the right, 'Cloud provider 1' and 'Cloud provider 2' each show icons for VM instances, K8 clusters, serverless functions, databases, load balancers, and cloud storage. Below, three bullet points under 'Cloud characteristics' read 'Workloads span multiple cloud providers,' 'Dynamic scaling and auto-provisioning,' and 'Serverless and ephemeral workloads.'](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-a-software-firewall/Why-traditional-firewalls-cant-secure-cloud-workloads.png) That's where software firewalls come in. They deliver the same inspection, enforcement, and logging as appliances, but run as software on servers, virtual machines, or containers. They support automation and orchestration, making it possible to scale protection at the speed of modern deployments. In short: hardware firewalls continue to anchor physical environments. Software firewalls complement them by covering cloud, virtual, and container use cases. Together, they extend firewall protection wherever applications and data reside ## How do software firewalls work? A software firewall inspects traffic between applications, workloads, and networks. It runs as a software process on servers, virtual machines, or cloud instances. And it applies rules to each connection. Again, the functions are the same as a hardware firewall. The software evaluates packets. It compares them to policy. It allows or blocks traffic. It can also track session state, enforce application-level rules, and log events for monitoring. ![The diagram is titled 'How software firewalls work.' At the top, a cloud icon connects downward to a horizontal red bar labeled 'Hardware firewalls.' From this bar, dashed blue lines extend to two sections: 'Virtualization host' on the left and 'Container host' on the right. The virtualization host contains a red rectangle labeled 'Virtual FW (software)' above three gray boxes marked 'VM.' The container host contains a red rectangle labeled 'Cluster FW (software)' above two gray boxes labeled 'Node 1' and 'Node 2.' Arrows on the left and bottom edges indicate 'North-south traffic' vertically and 'East-west traffic' horizontally.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-a-software-firewall/How-software-firewalls-work.png "The diagram is titled 'How software firewalls work.' At the top, a cloud icon connects downward to a horizontal red bar labeled 'Hardware firewalls.' From this bar, dashed blue lines extend to two sections: 'Virtualization host' on the left and 'Container host' on the right. The virtualization host contains a red rectangle labeled 'Virtual FW (software)' above three gray boxes marked 'VM.' The container host contains a red rectangle labeled 'Cluster FW (software)' above two gray boxes labeled 'Node 1' and 'Node 2.' Arrows on the left and bottom edges indicate 'North-south traffic' vertically and 'East-west traffic' horizontally.") The difference is in placement. A hardware firewall usually sits at the physical edge of a network. A software firewall runs inside virtual or cloud environments. Which means it can secure east-west traffic between workloads as well as north-south traffic entering or leaving a cloud. In containerized environments, software firewalls integrate with orchestration platforms like [Kubernetes](https://www.paloaltonetworks.com/cyberpedia/what-is-kubernetes). They enforce [segmentation](https://www.paloaltonetworks.com/cyberpedia/what-is-network-segmentation) at the service level. And adapt to workloads that are short-lived and change frequently. In cloud or hybrid deployments, you can spin up software firewalls wherever resources exist. They follow the workload instead of being tied to a single appliance. Management is centralized. Policies can be defined once and applied across multiple environments. APIs and orchestration tools make it possible to automate deployment and updates. All of this reduces the need for manual configuration. ## Why use software firewalls? ![Graphic titled 'Benefits of software firewalls' with four blue square icons on the left, each containing a white padlock symbol. To the right of each icon is descriptive text. The first icon is paired with the text 'Inbound protection close to applications.' The second icon is paired with the text 'Outbound protection in distributed environments.' The third icon is paired with the text 'Lateral protection between workloads.' The fourth icon is paired with the text 'Simplified deployment and management.' The layout is organized in a vertical list, with the icons aligned in a column and the text aligned to their right.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-a-software-firewall/Benefits-of-software-firewalls.png "Graphic titled 'Benefits of software firewalls' with four blue square icons on the left, each containing a white padlock symbol. To the right of each icon is descriptive text. The first icon is paired with the text 'Inbound protection close to applications.' The second icon is paired with the text 'Outbound protection in distributed environments.' The third icon is paired with the text 'Lateral protection between workloads.' The fourth icon is paired with the text 'Simplified deployment and management.' The layout is organized in a vertical list, with the icons aligned in a column and the text aligned to their right.") The main reason to use software firewalls is to secure environments where physical appliances aren't practical. Like hybrid and multi-cloud networks, containerized applications, and distributed workloads. These create traffic flows that perimeter firewalls were never designed to handle. A software form factor makes it possible to place security controls closer to the resources that need them. Software firewalls bring several advantages in these contexts. **Inbound protection close to applications.** A software firewall can sit directly in front of a database or app tier inside a cloud VPC. That way, only approved connections are allowed, limiting the risk of an attacker reaching workloads from outside. **Outbound protection in distributed environments.** Modern applications often pull code or updates from external repositories. A software firewall can monitor and restrict outbound requests from inside cloud or container platforms, ensuring only approved destinations are reached. **Lateral protection between workloads.** In dynamic environments, applications communicate heavily through APIs and service-to-service calls. Software firewalls can inspect east--west traffic within a data center or cloud, stopping threats from spreading if one workload is compromised. **Simplified deployment and management.** Software firewalls can be provisioned through orchestration tools, scaled up or down as needed, and managed centrally through policies. And that reduces the effort required to keep security consistent across dynamic environments. Whereas you can only manage policies centrally for physical firewalls. ## What are the different types of software firewalls? There are three types of software firewalls: * Virtual firewalls * Container firewalls * Managed service firewalls Each one uses the same inspection and enforcement principles, but they're applied in different ways. ### Virtual firewalls ![The diagram is titled 'Virtual firewall.' At the top, a dark gray bar labeled 'Internet' connects downward to a red bar labeled 'Hardware firewalls.' Below that, another red bar labeled 'Virtual firewall (software)' spans across two sections. Inside this section, two orange rectangles labeled 'SWFW process' sit above pairs of gray ovals marked 'App A' and 'App B,' which rest above a gray rectangle labeled 'Operating system.' These layers are contained within two stacked boxes labeled 'Virtual machine,' sitting on a white base labeled 'Hypervisor.' The entire structure is titled 'Virtualization host.' Blue arrows and labels indicate 'North-south traffic' vertically and 'East-west traffic' horizontally.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-a-software-firewall/Virtual-Firewall.png "The diagram is titled 'Virtual firewall.' At the top, a dark gray bar labeled 'Internet' connects downward to a red bar labeled 'Hardware firewalls.' Below that, another red bar labeled 'Virtual firewall (software)' spans across two sections. Inside this section, two orange rectangles labeled 'SWFW process' sit above pairs of gray ovals marked 'App A' and 'App B,' which rest above a gray rectangle labeled 'Operating system.' These layers are contained within two stacked boxes labeled 'Virtual machine,' sitting on a white base labeled 'Hypervisor.' The entire structure is titled 'Virtualization host.' Blue arrows and labels indicate 'North-south traffic' vertically and 'East-west traffic' horizontally.") A virtual firewall runs as a software instance on a virtual machine. It's most common in public and private clouds, hybrid networks, and virtualized data centers. Virtual firewalls can inspect north-south traffic moving in or out of the cloud. They can also secure east-west traffic between workloads. That means it extends enforcement where cloud provider controls stop. Plus, virtual firewalls also help segment workloads, apply consistent policy across clouds, and maintain visibility into traffic that spans providers. ***Note:*** *Industry terminology can vary. Virtual firewalls are sometimes called cloud firewalls, public cloud firewalls, or even cloud [NGFWs](https://www.paloaltonetworks.com/cyberpedia/what-is-a-next-generation-firewall-ngfw). Firewall as a Service (FWaaS) is related but refers to a cloud-delivered service model rather than a specific deployment instance.* | ***Further reading:*** * [*What Is a Virtual Firewall?*](https://www.paloaltonetworks.com/cyberpedia/what-is-a-virtual-firewall) * [*What Is a Public Cloud Firewall?*](https://www.paloaltonetworks.com/cyberpedia/what-is-a-public-cloud-firewall) * [*What Is Firewall as a Service (FWaaS)? | FWaaS Defined \& Explained*](https://www.paloaltonetworks.com/cyberpedia/what-is-firewall-as-a-service) ### Container firewalls ![The diagram is titled 'Container firewall.' At the top, a dark gray bar labeled 'Internet' connects downward to a red bar labeled 'Hardware firewalls.' Beneath it, within a container cluster, another red bar labeled 'Cluster firewall service' spans horizontally. Below this, two gray boxes labeled 'Container' contain smaller boxes marked 'Service A' and 'Service B,' with a green arrow labeled 'East-west traffic' pointing between them. A blue arrow labeled 'North-south traffic' flows vertically from the internet through the firewall layers. Under the containers, there are white stacked boxes labeled 'Container engine' and 'Host operating system,' with the base labeled 'Containerization host.'](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-a-software-firewall/Container-firewall.png "The diagram is titled 'Container firewall.' At the top, a dark gray bar labeled 'Internet' connects downward to a red bar labeled 'Hardware firewalls.' Beneath it, within a container cluster, another red bar labeled 'Cluster firewall service' spans horizontally. Below this, two gray boxes labeled 'Container' contain smaller boxes marked 'Service A' and 'Service B,' with a green arrow labeled 'East-west traffic' pointing between them. A blue arrow labeled 'North-south traffic' flows vertically from the internet through the firewall layers. Under the containers, there are white stacked boxes labeled 'Container engine' and 'Host operating system,' with the base labeled 'Containerization host.'") A container firewall is built for orchestration platforms like Kubernetes. Its focus is on microservices. This is useful because containers are short-lived and highly dynamic. And traditional firewalls aren't designed to watch every service-to-service call. But a container firewall integrates at the orchestration layer. It enforces segmentation, monitors traffic in real time, and helps secure workloads that change frequently. | ***Further reading:** [What Is a Container Firewall?](https://www.paloaltonetworks.com/cyberpedia/what-is-a-container-firewall)* ### Managed service firewalls ![The diagram is titled 'Managed service firewall.' On the left, a circular icon of a person with a wrench is labeled 'Managed Service Provider with remote management tools.' A gray circle labeled 'Internet' sits to the right, connected by dotted lines. From the internet, dotted lines branch upward to a box labeled 'HQ data center,' which contains two red icons labeled 'Perimeter firewalls' and 'Internal firewalls.' Another dotted line branches downward to a box labeled 'Branch location,' containing a red icon labeled 'Branch firewalls.'](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-a-software-firewall/Managed-service-firewall.png "The diagram is titled 'Managed service firewall.' On the left, a circular icon of a person with a wrench is labeled 'Managed Service Provider with remote management tools.' A gray circle labeled 'Internet' sits to the right, connected by dotted lines. From the internet, dotted lines branch upward to a box labeled 'HQ data center,' which contains two red icons labeled 'Perimeter firewalls' and 'Internal firewalls.' Another dotted line branches downward to a box labeled 'Branch location,' containing a red icon labeled 'Branch firewalls.'") A managed service firewall is a software firewall that's delivered and operated by a third-party provider. The provider hosts the software, maintains it, and handles ongoing updates. This model reduces operational overhead for the customer. Policies can still be defined and applied centrally, but the provider manages the infrastructure behind them. This way, software firewalls can be scaled up or down on demand and enforced consistently across environments without day-to-day upkeep. For organizations that want coverage in virtual or cloud environments without direct management, this approach offers a practical alternative. ***Note:*** *Managed service firewalls are distinct from Firewall as a Service (FWaaS). In this context, the term refers to software firewall instances operated by a third-party provider, not the broader cloud-delivered firewall model often described as FWaaS.* ## Where are software firewalls deployed? ![The diagram is titled 'Software firewall deployment environments.' At the center is a red circle labeled 'Software firewalls' with five gray lines branching outward. Each branch connects to a blue or gray circular icon paired with a label: 'Private cloud/data center' with a server stack, 'Public cloud' with a cloud symbol, 'Branch office' with a building icon, 'DevOps pipeline' with gears and circuit lines, and 'Container environment' with a cube outline.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-a-software-firewall/Software-Firewall-deployment-environments.png "The diagram is titled 'Software firewall deployment environments.' At the center is a red circle labeled 'Software firewalls' with five gray lines branching outward. Each branch connects to a blue or gray circular icon paired with a label: 'Private cloud/data center' with a server stack, 'Public cloud' with a cloud symbol, 'Branch office' with a building icon, 'DevOps pipeline' with gears and circuit lines, and 'Container environment' with a cube outline.") Software firewalls can be placed in several environments, including: * Public cloud * Private cloud and data centers * Branch offices * Container environments * DevOps pipelines Their value comes from extending firewall controls into areas where hardware appliances cannot be installed. ### Public cloud In public clouds, software firewalls run as virtual instances. They monitor north-south traffic moving in and out of cloud workloads. They also secure east-west traffic between applications inside the cloud. This adds enforcement beyond the native controls offered by providers and helps maintain consistent policy across multi-cloud deployments. ***Note:*** *Software firewalls also help organizations meet shared-responsibility requirements by enforcing customer-side controls that cloud providers don't cover.* ### Private cloud and data centers In private clouds or virtualized data centers, software firewalls protect workloads hosted on shared infrastructure. They can inspect traffic between virtual machines. They also support microsegmentation, which reduces the attack surface by limiting unnecessary connections within the environment. ***Note:*** *They're often used during cloud migrations to keep policies consistent between on-premises workloads and new cloud applications.* ### Branch offices Branches often lack the space or resources to host dedicated appliances. Software firewalls can run on existing servers or white-box hardware. This allows segmentation and [threat prevention](https://www.paloaltonetworks.com/cyberpedia/what-is-threat-prevention) without deploying a separate physical device at each site. ### Container environments Containerized applications need protection at the orchestration layer. Software firewalls integrate with platforms like Kubernetes. They enforce policies on communication between services and monitor traffic in highly dynamic, short-lived workloads. ### DevOps pipelines Some deployments use software firewalls that scale on demand. They integrate into [DevOps](https://www.paloaltonetworks.com/cyberpedia/what-is-devops) workflows so policies can be applied without slowing releases. This ensures security keeps pace with rapid deployment cycles. ***Note:*** *Embedding firewalls into [CI/CD pipelines](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security) allows security to be applied automatically, not bolted on after release.* ## What is the difference between a software and hardware firewall? The distinction between software and hardware firewalls comes down to form factor and deployment. | Software firewalls vs. hardware firewalls | |-------------------------------------------| | Parameters | Software firewall | Hardware firewall | |-------------------------------|--------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------| | **Form factors** | Software | Physical device | | **Installation \& operation** | \* Installed on a server or virtual machine \* Operates on a security OS running on generic hardware with a virtualization layer | Installed between network elements and connected devices | | **Deployment options** | Cloud, Container, Virtual, NGFW | NGFW | | **Complexity** | \* Can be deployed quickly using cloud automation tools \* Usable by non-network security experts | \* Requires physical setup (cabling, CLI configuration) \* Skilled staff needed for installation and management | A hardware firewall is a physical device. It sits between network elements and connected devices. It often anchors the edge of a data center or office network. ![The diagram titled 'Hardware firewall deployment' shows traffic flow and firewall placement from the internet to internal environments. At the top, a grey cloud labeled 'Internet' connects downward to a horizontal red bar labeled 'Hardware firewalls,' which sits within a dashed box labeled 'Network edge.' Dashed blue lines extend downward from the hardware firewalls to two sections. On the left, a box labeled 'Virtualization host' contains an orange rectangle labeled 'Virtual FW (software)' above three smaller grey boxes labeled 'VM.' On the right, a box labeled 'Container host' contains an orange rectangle labeled 'Cluster FW (software)' above two smaller grey boxes labeled 'Node 1' and 'Node 2.' A vertical arrow on the left is labeled 'North-south traffic,' and a horizontal arrow along the bottom is labeled 'East-west traffic.'](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-a-software-firewall/Hardware-Firewall-Deployment.png "The diagram titled 'Hardware firewall deployment' shows traffic flow and firewall placement from the internet to internal environments. At the top, a grey cloud labeled 'Internet' connects downward to a horizontal red bar labeled 'Hardware firewalls,' which sits within a dashed box labeled 'Network edge.' Dashed blue lines extend downward from the hardware firewalls to two sections. On the left, a box labeled 'Virtualization host' contains an orange rectangle labeled 'Virtual FW (software)' above three smaller grey boxes labeled 'VM.' On the right, a box labeled 'Container host' contains an orange rectangle labeled 'Cluster FW (software)' above two smaller grey boxes labeled 'Node 1' and 'Node 2.' A vertical arrow on the left is labeled 'North-south traffic,' and a horizontal arrow along the bottom is labeled 'East-west traffic.'") A software firewall is delivered in software form. It runs on a server, virtual machine, or cloud instance. Deployment is another distinction. Hardware firewalls require physical setup. That means racking equipment, connecting cables, and configuring through dedicated interfaces. Skilled staff are usually needed to install and manage them. Software firewalls, on the other hand, can be deployed using automation tools. They can scale on demand and be managed centrally through policy. Which makes them practical in hybrid and multi-cloud networks where agility is important. It's worth noting, though, that while they can be deployed faster than hardware appliances, they still require expertise for policy design and orchestration. **Basically: Hardware firewalls secure physical network boundaries. Software firewalls extend the same protections into virtual, cloud, and distributed environments.** Both are complementary. Neither replaces the other. | ***Further reading:*** * [*What Is a Hardware Firewall? Definition \& Explanation*](https://www.paloaltonetworks.com/cyberpedia/what-is-a-hardware-firewall) * [*Hardware Firewalls vs. Software Firewalls*](https://www.paloaltonetworks.com/cyberpedia/hardware-firewall-vs-software-firewall) ## How software firewalls help achieve a Zero Trust strategy As discussed, traditional firewalls were built to guard the perimeter, but today's environments don't have a single, fixed boundary. Applications and workloads run across clouds, containers, and distributed infrastructure. Zero Trust emerged as a response to that shift, assuming no user, device, or workload is trusted by default. Every connection must be verified, and access should be limited to only what is required. Here's where software firewalls come in. In Zero Trust terms, they provide enforcement points inside environments that hardware cannot reach. They also evaluate requests against defined access rules before allowing traffic to pass. And extend Zero Trust from the edge of the network to the workloads and applications themselves. ![A diagram titled 'Software firewalls as Zero Trust enforcement points' shows three icons across the top labeled 'Cloud,' 'SaaS,' and 'Partner.' From these, lines connect downward into a central box labeled 'Zero trust policy enforcement point' on the left and 'Firewall services' on the right. Inside the box are icons and labels for 'Threat prevention,' 'URL filtering,' 'DNS security,' 'Identity validation,' 'Micro-segmentation,' 'Constant inspection,' 'IDS/IPS,' and 'Zero trust access.' From the bottom of the box, lines extend to icons labeled 'Devices,' 'Users,' and 'Locations.'](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-a-software-firewall/Software-firewalls-as-Zero-Trust-enforcement-points.png "A diagram titled 'Software firewalls as Zero Trust enforcement points' shows three icons across the top labeled 'Cloud,' 'SaaS,' and 'Partner.' From these, lines connect downward into a central box labeled 'Zero trust policy enforcement point' on the left and 'Firewall services' on the right. Inside the box are icons and labels for 'Threat prevention,' 'URL filtering,' 'DNS security,' 'Identity validation,' 'Micro-segmentation,' 'Constant inspection,' 'IDS/IPS,' and 'Zero trust access.' From the bottom of the box, lines extend to icons labeled 'Devices,' 'Users,' and 'Locations.'") **For example:** A software firewall can be placed between application tiers in a cloud. It can require explicit policy before one service communicates with another. That reduces the risk of [lateral movement](https://www.paloaltonetworks.com/cyberpedia/what-is-lateral-movement) if an attacker gains a foothold. [Microsegmentation](https://www.paloaltonetworks.com/cyberpedia/what-is-microsegmentation) is a core part of Zero Trust. Software firewalls make it possible to segment workloads at a granular level. So, a database can be limited to a single application. A containerized service can be isolated from others unless policy allows communication. This supports [least-privilege access](https://www.paloaltonetworks.com/cyberpedia/what-is-least-privilege-access). Each segment can be restricted based on sensitivity, function, or compliance needs, reducing the blast radius of an attack. Centralized management also supports Zero Trust. Policies can be defined once and enforced consistently across cloud, virtual, and container environments. That means authentication and [access controls](https://www.paloaltonetworks.com/cyberpedia/access-control) remain uniform, even when resources are distributed. Important: Software firewalls are not a complete Zero Trust solution. They don't replace identity, device, or data controls. They do, however, give the network layer the enforcement capability Zero Trust requires. And they're a practical enforcement mechanism. They turn Zero Trust principles into real-world controls by verifying every connection and restricting access to the minimum needed. | ***Further reading:*** * [*What is Zero Trust Architecture (ZTA)?*](https://www.paloaltonetworks.com/cyberpedia/what-is-a-zero-trust-architecture) * [*What Is Zero Trust for the Cloud?*](https://www.paloaltonetworks.com/cyberpedia/what-is-a-zero-trust-for-the-cloud) ![Icon of a book](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-rlhf/icon-rlhf-document.svg) LEARN HOW TO SECURE CLOUD-BASED APPLICATIONS Read *Hackers Are Coming for Your Cloud-Based Applications* to learn how software firewalls secure cloud-native workloads. --- [Download white paper](https://www.paloaltonetworks.com/resources/whitepapers/hackers-are-coming-for-your-cloud-based-applications) ## Software firewall FAQs #### What does a software firewall do? Software firewalls are designed to protect data, workloads and applications in environments wherein it is difficult or impossible to deploy physical firewalls. #### How does a software firewall work? Software firewalls embody the same firewall technology as hardware firewalls (also known as next-generation firewalls or NGFWs). Software firewalls offer multiple deployment options to match the needs of hybrid/multi-cloud environments and modern cloud applications. #### What is the difference between a software firewall and a hardware firewall? The most important difference between a hardware and software firewall is the form factor. A software firewall is installed on a server or virtual machine. A hardware firewall is a physical device installed between network elements and connected devices. #### Is there a software firewall? Yes. A software firewall is a firewall delivered in software form that runs on servers, virtual machines, or cloud instances. It provides the same traffic inspection and policy enforcement functions as hardware firewalls but is deployed in virtual, cloud, or distributed environments. #### How do you set up a software firewall? Software firewalls are provisioned on servers, VMs, or cloud instances. They're typically deployed using automation and orchestration tools, managed through centralized consoles or APIs, and configured with policies that control inbound, outbound, and east-west traffic. #### Where are software firewalls usually located? They are deployed in environments where hardware appliances can't be used, such as public clouds, private clouds, virtualized data centers, branch offices, container platforms, and DevOps pipelines. Their placement extends firewall protections close to workloads and applications. #### What is the difference between a physical firewall and a software firewall? A hardware firewall is a physical device that sits at the edge of a network. A software firewall runs in software on a server, VM, or cloud instance. Both enforce security rules, but software firewalls extend protections into distributed, cloud, and virtualized environments. #### Do I need a software firewall? You likely need one if your applications, data, or workloads run in cloud, container, or distributed environments where physical appliances aren't practical. Software firewalls provide inbound, outbound, and lateral protection while supporting automation and consistent policy enforcement. #### Can a firewall be both hardware and software? Yes. Hardware firewalls use dedicated physical appliances. Software firewalls deliver the same functions in a software form factor. Many organizations use both together, with hardware firewalls securing physical boundaries and software firewalls extending protection into virtual and cloud environments. Related content [White paper: Your Hybrid Infrastructure is Under Attack Discover best practices for securing distributed, interconnected hybrid cloud environments.](https://www.paloaltonetworks.com/resources/whitepapers/your-hybrid-infrastructure-is-under-attack) [Podcast: Threat Vector | Rethinking Cloud Security Strategies Hear how cloud security is being reshaped by platformization, AI, and a prevention-first approach.](https://www.paloaltonetworks.com/resources/podcasts/threat-vector-rethinking-cloud-security-strategies) [Report: Unit 42 Global Incident Response Report 2025 Get current data on breaches in cloud and hybrid environments.](https://www.paloaltonetworks.com/resources/research/unit-42-incident-response-report) [Checklist: 42 Tips to Build a Resilient Cybersecurity Program Find out everything you need to know to stop adversaries from targeting cloud environments.](https://start.paloaltonetworks.com/incident-response-42-tips-checklist-unit42) ![Share page on facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/facebook-circular-icon.svg) ![Share page on linkedin](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/linkedin-circular-icon.svg) [![Share page by an email](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/email-circular-icon.svg)](mailto:?subject=What%20Is%20a%20Software%20Firewall%3F%20%5BWhy%20It%27s%20Needed%20%2B%20How%20It%20Works%5D&body=A%20software%20firewall%20is%20a%20firewall%20delivered%20in%20a%20software%20form%20factor%20that%20runs%20on%20general-purpose%20hardware%2C%20virtual%20machines%2C%20or%20cloud%20instances.%20at%20https%3A//www.paloaltonetworks.com/cyberpedia/what-is-a-software-firewall) Back to Top {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2025 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language