[](https://www.paloaltonetworks.com/?ts=markdown)

* Sign In
  
  * Customer
  * Partner
  * Employee
  * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown)
  * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown)

* EN
  
  * [USA (ENGLISH)](https://www.paloaltonetworks.com)
  * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au)
  * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br)
  * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca)
  * [CHINA (简体中文)](https://www.paloaltonetworks.cn)
  * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr)
  * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de)
  * [INDIA (ENGLISH)](https://www.paloaltonetworks.in)
  * [ITALY (ITALIANO)](https://www.paloaltonetworks.it)
  * [JAPAN (日本語)](https://www.paloaltonetworks.jp)
  * [KOREA (한국어)](https://www.paloaltonetworks.co.kr)
  * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat)
  * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx)
  * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg)
  * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es)
  * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw)
  * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk)

* ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg)

* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)

* [What's New](https://www.paloaltonetworks.com/resources?ts=markdown)

* [Get Support](https://support.paloaltonetworks.com/SupportAccount/MyAccount)

* [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html)
  ![x close icon to close mobile navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/x-black.svg) [![Palo Alto Networks logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)](https://www.paloaltonetworks.com/?ts=markdown) ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg)

* [](https://www.paloaltonetworks.com/?ts=markdown)

* Products  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Products  
  [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)
  
  * [AI Security](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)
  
  * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)
  
  * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)
  
  * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)
  
  * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)
  
  * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)
  
  * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)
  
  * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)
  
  * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)
  
  * [Enterprise Device Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)
  
  * [Medical Device Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)
  
  * [OT Device Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown)
  
  * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)
  
  * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)
  
  * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)
  
  * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)
  
  * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)
  
  * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)
  
  * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)
  
  * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)
  
  * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)
  
  * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)
  
  * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)
  
  * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)
  
  * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)
  
  * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)
  
  * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)
  
  * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)
  
  * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)
  
  * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)  
    [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)
  
  * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)
  
  * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)
  
  * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)
  
  * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)
  
  * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)
  
  * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)
  
  * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)
  
  * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)
  
  * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)
  
  * [Cortex AgentiX](https://www.paloaltonetworks.com/cortex/agentix?ts=markdown)
  
  * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)
  
  * [Cortex Exposure Management](https://www.paloaltonetworks.com/cortex/exposure-management?ts=markdown)
  
  * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)
  
  * [Cortex Advanced Email Security](https://www.paloaltonetworks.com/cortex/advanced-email-security?ts=markdown)
  
  * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)
  
  * [Unit 42 Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* Solutions  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Solutions  
  Secure AI by Design
  
  * [Secure AI Ecosystem](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)
  * [Secure GenAI Usage](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)  
    Network Security
  * [Cloud Network Security](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)
  * [Data Center Security](https://www.paloaltonetworks.com/network-security/data-center?ts=markdown)
  * [DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)
  * [Intrusion Detection and Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)
  * [Device Security](https://www.paloaltonetworks.com/network-security/device-security?ts=markdown)
  * [OT Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown)
  * [5G Security](https://www.paloaltonetworks.com/network-security/5g-security?ts=markdown)
  * [Secure All Apps, Users and Locations](https://www.paloaltonetworks.com/sase/secure-users-data-apps-devices?ts=markdown)
  * [Secure Branch Transformation](https://www.paloaltonetworks.com/sase/secure-branch-transformation?ts=markdown)
  * [Secure Work on Any Device](https://www.paloaltonetworks.com/sase/secure-work-on-any-device?ts=markdown)
  * [VPN Replacement](https://www.paloaltonetworks.com/sase/vpn-replacement-for-secure-remote-access?ts=markdown)
  * [Web \& Phishing Security](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)  
    Cloud Security
  * [Application Security Posture Management (ASPM)](https://www.paloaltonetworks.com/cortex/cloud/application-security-posture-management?ts=markdown)
  * [Software Supply Chain Security](https://www.paloaltonetworks.com/cortex/cloud/software-supply-chain-security?ts=markdown)
  * [Code Security](https://www.paloaltonetworks.com/cortex/cloud/code-security?ts=markdown)
  * [Cloud Security Posture Management (CSPM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-security-posture-management?ts=markdown)
  * [Cloud Infrastructure Entitlement Management (CIEM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-infrastructure-entitlement-management?ts=markdown)
  * [Data Security Posture Management (DSPM)](https://www.paloaltonetworks.com/cortex/cloud/data-security-posture-management?ts=markdown)
  * [AI Security Posture Management (AI-SPM)](https://www.paloaltonetworks.com/cortex/cloud/ai-security-posture-management?ts=markdown)
  * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown)
  * [Cloud Workload Protection (CWP)](https://www.paloaltonetworks.com/cortex/cloud/cloud-workload-protection?ts=markdown)
  * [Web Application \& API Security (WAAS)](https://www.paloaltonetworks.com/cortex/cloud/web-app-api-security?ts=markdown)  
    Security Operations
  * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown)
  * [Security Information and Event Management](https://www.paloaltonetworks.com/cortex/modernize-siem?ts=markdown)
  * [Network Security Automation](https://www.paloaltonetworks.com/cortex/network-security-automation?ts=markdown)
  * [Incident Case Management](https://www.paloaltonetworks.com/cortex/incident-case-management?ts=markdown)
  * [SOC Automation](https://www.paloaltonetworks.com/cortex/security-operations-automation?ts=markdown)
  * [Threat Intel Management](https://www.paloaltonetworks.com/cortex/threat-intel-management?ts=markdown)
  * [Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)
  * [Attack Surface Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/attack-surface-management?ts=markdown)
  * [Compliance Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/compliance-management?ts=markdown)
  * [Internet Operations Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/internet-operations-management?ts=markdown)
  * [Extended Data Lake (XDL)](https://www.paloaltonetworks.com/cortex/cortex-xdl?ts=markdown)
  * [Agentic Assistant](https://www.paloaltonetworks.com/cortex/cortex-agentic-assistant?ts=markdown)  
    Endpoint Security
  * [Endpoint Protection](https://www.paloaltonetworks.com/cortex/endpoint-protection?ts=markdown)
  * [Extended Detection \& Response](https://www.paloaltonetworks.com/cortex/detection-and-response?ts=markdown)
  * [Ransomware Protection](https://www.paloaltonetworks.com/cortex/ransomware-protection?ts=markdown)
  * [Digital Forensics](https://www.paloaltonetworks.com/cortex/digital-forensics?ts=markdown)  
    [Industries](https://www.paloaltonetworks.com/industry?ts=markdown)
  * [Public Sector](https://www.paloaltonetworks.com/industry/public-sector?ts=markdown)
  * [Financial Services](https://www.paloaltonetworks.com/industry/financial-services?ts=markdown)
  * [Manufacturing](https://www.paloaltonetworks.com/industry/manufacturing?ts=markdown)
  * [Healthcare](https://www.paloaltonetworks.com/industry/healthcare?ts=markdown)
  * [Small \& Medium Business Solutions](https://www.paloaltonetworks.com/industry/small-medium-business-portfolio?ts=markdown)

* Services  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Services  
  [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)
  
  * [Assess](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)
  
  * [AI Security Assessment](https://www.paloaltonetworks.com/unit42/assess/ai-security-assessment?ts=markdown)
  
  * [Attack Surface Assessment](https://www.paloaltonetworks.com/unit42/assess/attack-surface-assessment?ts=markdown)
  
  * [Breach Readiness Review](https://www.paloaltonetworks.com/unit42/assess/breach-readiness-review?ts=markdown)
  
  * [BEC Readiness Assessment](https://www.paloaltonetworks.com/bec-readiness-assessment?ts=markdown)
  
  * [Cloud Security Assessment](https://www.paloaltonetworks.com/unit42/assess/cloud-security-assessment?ts=markdown)
  
  * [Compromise Assessment](https://www.paloaltonetworks.com/unit42/assess/compromise-assessment?ts=markdown)
  
  * [Cyber Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/cyber-risk-assessment?ts=markdown)
  
  * [M\&A Cyber Due Diligence](https://www.paloaltonetworks.com/unit42/assess/mergers-acquisitions-cyber-due-diligence?ts=markdown)
  
  * [Penetration Testing](https://www.paloaltonetworks.com/unit42/assess/penetration-testing?ts=markdown)
  
  * [Purple Team Exercises](https://www.paloaltonetworks.com/unit42/assess/purple-teaming?ts=markdown)
  
  * [Ransomware Readiness Assessment](https://www.paloaltonetworks.com/unit42/assess/ransomware-readiness-assessment?ts=markdown)
  
  * [SOC Assessment](https://www.paloaltonetworks.com/unit42/assess/soc-assessment?ts=markdown)
  
  * [Supply Chain Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/supply-chain-risk-assessment?ts=markdown)
  
  * [Tabletop Exercises](https://www.paloaltonetworks.com/unit42/assess/tabletop-exercise?ts=markdown)
  
  * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown)
  
  * [Respond](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)
  
  * [Cloud Incident Response](https://www.paloaltonetworks.com/unit42/respond/cloud-incident-response?ts=markdown)
  
  * [Digital Forensics](https://www.paloaltonetworks.com/unit42/respond/digital-forensics?ts=markdown)
  
  * [Incident Response](https://www.paloaltonetworks.com/unit42/respond/incident-response?ts=markdown)
  
  * [Managed Detection and Response](https://www.paloaltonetworks.com/unit42/respond/managed-detection-response?ts=markdown)
  
  * [Managed Threat Hunting](https://www.paloaltonetworks.com/unit42/respond/managed-threat-hunting?ts=markdown)
  
  * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)
  
  * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown)
  
  * [Transform](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)
  
  * [IR Plan Development and Review](https://www.paloaltonetworks.com/unit42/transform/incident-response-plan-development-review?ts=markdown)
  
  * [Security Program Design](https://www.paloaltonetworks.com/unit42/transform/security-program-design?ts=markdown)
  
  * [Virtual CISO](https://www.paloaltonetworks.com/unit42/transform/vciso?ts=markdown)
  
  * [Zero Trust Advisory](https://www.paloaltonetworks.com/unit42/transform/zero-trust-advisory?ts=markdown)  
    [Global Customer Services](https://www.paloaltonetworks.com/services?ts=markdown)
  
  * [Education \& Training](https://www.paloaltonetworks.com/services/education?ts=markdown)
  
  * [Professional Services](https://www.paloaltonetworks.com/services/consulting?ts=markdown)
  
  * [Success Tools](https://www.paloaltonetworks.com/services/customer-success-tools?ts=markdown)
  
  * [Support Services](https://www.paloaltonetworks.com/services/solution-assurance?ts=markdown)
  
  * [Customer Success](https://www.paloaltonetworks.com/services/customer-success?ts=markdown)  
    [![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/logo-unit-42.svg)  
    UNIT 42 RETAINER
    Custom-built to fit your organization's needs, you can choose to allocate your retainer hours to any of our offerings, including proactive cyber risk management services. Learn how you can put the world-class Unit 42 Incident Response team on speed dial.
    Learn more](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown)

* Partners  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Partners  
  NextWave Partners
  
  * [NextWave Partner Community](https://www.paloaltonetworks.com/partners?ts=markdown)
  * [Cloud Service Providers](https://www.paloaltonetworks.com/partners/nextwave-for-csp?ts=markdown)
  * [Global Systems Integrators](https://www.paloaltonetworks.com/partners/nextwave-for-gsi?ts=markdown)
  * [Technology Partners](https://www.paloaltonetworks.com/partners/technology-partners?ts=markdown)
  * [Service Providers](https://www.paloaltonetworks.com/partners/service-providers?ts=markdown)
  * [Solution Providers](https://www.paloaltonetworks.com/partners/nextwave-solution-providers?ts=markdown)
  * [Managed Security Service Providers](https://www.paloaltonetworks.com/partners/managed-security-service-providers?ts=markdown)
  * [XMDR Partners](https://www.paloaltonetworks.com/partners/managed-security-service-providers/xmdr?ts=markdown)  
    Take Action
  * [Portal Login](https://www.paloaltonetworks.com/partners/nextwave-partner-portal?ts=markdown)
  * [Managed Services Program](https://www.paloaltonetworks.com/partners/managed-security-services-provider-program?ts=markdown)
  * [Become a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=becomepartner)
  * [Request Access](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=requestaccess)
  * [Find a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerlocator)  
    [CYBERFORCE
    CYBERFORCE represents the top 1% of partner engineers trusted for their security expertise.
    Learn more](https://www.paloaltonetworks.com/cyberforce?ts=markdown)

* Company  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Company  
  Palo Alto Networks
  
  * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
  * [Management Team](https://www.paloaltonetworks.com/about-us/management?ts=markdown)
  * [Investor Relations](https://investors.paloaltonetworks.com)
  * [Locations](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
  * [Ethics \& Compliance](https://www.paloaltonetworks.com/company/ethics-and-compliance?ts=markdown)
  * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
  * [Military \& Veterans](https://jobs.paloaltonetworks.com/military)  
    [Why Palo Alto Networks?](https://www.paloaltonetworks.com/why-paloaltonetworks?ts=markdown)
  * [Precision AI Security](https://www.paloaltonetworks.com/precision-ai-security?ts=markdown)
  * [Our Platform Approach](https://www.paloaltonetworks.com/why-paloaltonetworks/platformization?ts=markdown)
  * [Accelerate Your Cybersecurity Transformation](https://www.paloaltonetworks.com/why-paloaltonetworks/nam-cxo-portfolio?ts=markdown)
  * [Awards \& Recognition](https://www.paloaltonetworks.com/about-us/awards?ts=markdown)
  * [Customer Stories](https://www.paloaltonetworks.com/customers?ts=markdown)
  * [Global Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
  * [Trust 360 Program](https://www.paloaltonetworks.com/resources/whitepapers/trust-360?ts=markdown)  
    Careers
  * [Overview](https://jobs.paloaltonetworks.com/)
  * [Culture \& Benefits](https://jobs.paloaltonetworks.com/en/culture/)  
    [A Newsweek Most Loved Workplace
    "Businesses that do right by their employees"
    Read more](https://www.paloaltonetworks.com/company/press/2021/palo-alto-networks-secures-top-ranking-on-newsweek-s-most-loved-workplaces-list-for-2021?ts=markdown)

* More  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) More  
  Resources
  
  * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
  * [Unit 42 Threat Research](https://unit42.paloaltonetworks.com/)
  * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
  * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
  * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
  * [Tech Insider](https://techinsider.paloaltonetworks.com/)
  * [Knowledge Base](https://knowledgebase.paloaltonetworks.com/)
  * [Palo Alto Networks TV](https://tv.paloaltonetworks.com/)
  * [Perspectives of Leaders](https://www.paloaltonetworks.com/perspectives/?ts=markdown)
  * [Cyber Perspectives Magazine](https://www.paloaltonetworks.com/cybersecurity-perspectives/cyber-perspectives-magazine?ts=markdown)
  * [Regional Cloud Locations](https://www.paloaltonetworks.com/products/regional-cloud-locations?ts=markdown)
  * [Tech Docs](https://docs.paloaltonetworks.com/)
  * [Security Posture Assessment](https://www.paloaltonetworks.com/security-posture-assessment?ts=markdown)
  * [Threat Vector Podcast](https://unit42.paloaltonetworks.com/unit-42-threat-vector-podcast/)
  * [Packet Pushers Podcasts](https://www.paloaltonetworks.com/podcasts/packet-pusher?ts=markdown)  
    Connect
  * [LIVE community](https://live.paloaltonetworks.com/)
  * [Events](https://events.paloaltonetworks.com/)
  * [Executive Briefing Center](https://www.paloaltonetworks.com/about-us/executive-briefing-program?ts=markdown)
  * [Demos](https://www.paloaltonetworks.com/demos?ts=markdown)
  * [Contact us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)  
    [Blog
    Stay up-to-date on industry trends and the latest innovations from the world's largest cybersecurity
    Learn more](https://www.paloaltonetworks.com/blog/)

* Sign In  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Sign In
  
  * Customer
  * Partner
  * Employee
  * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown)
  * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown)

* EN  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Language
  
  * [USA (ENGLISH)](https://www.paloaltonetworks.com)
  * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au)
  * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br)
  * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca)
  * [CHINA (简体中文)](https://www.paloaltonetworks.cn)
  * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr)
  * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de)
  * [INDIA (ENGLISH)](https://www.paloaltonetworks.in)
  * [ITALY (ITALIANO)](https://www.paloaltonetworks.it)
  * [JAPAN (日本語)](https://www.paloaltonetworks.jp)
  * [KOREA (한국어)](https://www.paloaltonetworks.co.kr)
  * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat)
  * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx)
  * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg)
  * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es)
  * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw)
  * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk)

* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)

* [What's New](https://www.paloaltonetworks.com/resources?ts=markdown)

* [Get support](https://support.paloaltonetworks.com/SupportAccount/MyAccount)

* [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html)

* [Demos and Trials](https://www.paloaltonetworks.com/get-started?ts=markdown)  
  Search  
  All

* [Tech Docs](https://docs.paloaltonetworks.com/search)  
  Close search modal
  [Deploy Bravely --- Secure your AI transformation with Prisma AIRS](https://www.deploybravely.com)  
  [](https://www.paloaltonetworks.com/?ts=markdown)

1. [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
2. [Cloud Security](https://www.paloaltonetworks.com/cyberpedia/cloud-security?ts=markdown)
3. [What Is an SD-WAN Gateway? | Definition, Explanation, Use Cases](https://www.paloaltonetworks.com/cyberpedia/what-is-an-sd-wan-gateway?ts=markdown)  
   Table of contents

* [What are the limitations of hub-and-spoke architecture?](#what)
* [What is the purpose of an SD-WAN gateway?](#purpose)
* [What are the primary SD-WAN gateway use cases?](#primary)
* [What are the features of an SD-WAN gateway?](#features)
* [What are the different types of SD-WAN gateway form factors?](#different)
* [What are the disadvantages of an SD-WAN gateway?](#disadvantages)
* [SD-WAN gateway FAQs](#faqs)

# What Is an SD-WAN Gateway? | Definition, Explanation, Use Cases

4 min. read  
Table of contents

* [What are the limitations of hub-and-spoke architecture?](#what)
* [What is the purpose of an SD-WAN gateway?](#purpose)
* [What are the primary SD-WAN gateway use cases?](#primary)
* [What are the features of an SD-WAN gateway?](#features)
* [What are the different types of SD-WAN gateway form factors?](#different)
* [What are the disadvantages of an SD-WAN gateway?](#disadvantages)
* [SD-WAN gateway FAQs](#faqs)

1. What are the limitations of hub-and-spoke architecture?

* [1. What are the limitations of hub-and-spoke architecture?](#what)
* [2. What is the purpose of an SD-WAN gateway?](#purpose)
* [3. What are the primary SD-WAN gateway use cases?](#primary)
* [4. What are the features of an SD-WAN gateway?](#features)
* [5. What are the different types of SD-WAN gateway form factors?](#different)
* [6. What are the disadvantages of an SD-WAN gateway?](#disadvantages)
* [7. SD-WAN gateway FAQs](#faqs)  
  ![](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-a-sd-wan-gateway.jpg)  
  close

An SD-WAN gateway is a central hub within an SD-WAN architecture that manages and directs network traffic between branch locations and cloud services. It facilitates traffic routing, ensuring optimized communication across the network.

SD-WAN gateways play a crucial role in maintaining network performance and security.

## What are the limitations of hub-and-spoke architecture?

Originally, [SD-WAN](https://www.paloaltonetworks.com/cyberpedia/what-is-sd-wan?ts=markdown) technology was developed to give organizations the ability to securely connect users, applications, and data flows on-premises or hosted in public or private clouds.

Traditional SD-WAN (software-defined wide area network) setups use point-to-point network setups. Which means an edge device is located at each endpoint, establishing a direct connection to other devices. This results in a hub-and-spoke architecture.

A hub-and-spoke architecture connects all branch sites (spokes) to a central hub, typically located at the headquarters or a data center.

Like this:  
![Hub-and-spoke topology architecture diagram showing a network design where multiple branches connect to two central data centers or hubs. On the left side, two icons labeled](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/sd-wan-gateway/hub-and-spoke-topology.png "Hub-and-spoke topology architecture diagram showing a network design where multiple branches connect to two central data centers or hubs. On the left side, two icons labeled ")

This configuration has been widely used over time, and to its credit, provides a straightforward way to manage network traffic.

But it also comes with limitations:

### Latency

One major limitation is the added latency.

All branch-to-branch and branch-to-cloud communication must first route through the central hub. The detour can significantly slow down traffic, leading to delays and decreased performance--- especially when accessing cloud-based services.  
![Architecture diagram illustrating the latency impact of hub-and-spoke routing, featuring multiple branches connected to a central MPLS (Multiprotocol Label Switching) hub. Each branch displays the time taken for data to travel, indicated in milliseconds (ms), with one branch showing a latency of 30 ms, while the others indicate 50 ms to the MPLS hub. The MPLS hub then connects to a data center with a latency of 60 ms. From the data center, connections to AWS, cloud applications, and the Internet exhibit latencies of 50 ms, 100 ms, and 50 ms, respectively.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/sd-wan-gateway/hub-and-spoke-latency.png "Architecture diagram illustrating the latency impact of hub-and-spoke routing, featuring multiple branches connected to a central MPLS (Multiprotocol Label Switching) hub. Each branch displays the time taken for data to travel, indicated in milliseconds (ms), with one branch showing a latency of 30 ms, while the others indicate 50 ms to the MPLS hub. The MPLS hub then connects to a data center with a latency of 60 ms. From the data center, connections to AWS, cloud applications, and the Internet exhibit latencies of 50 ms, 100 ms, and 50 ms, respectively.")

As more applications move to the cloud, the extra step becomes increasingly problematic.

### Single point of failure

Another issue is the single point of failure inherent in this architecture.

The central hub is responsible for managing and securing all network traffic.  
![Diagram illustrating a single point of failure in a hub-and-spoke network architecture. It features multiple branches connecting to a central MPLS (Multiprotocol Label Switching) hub. The MPLS hub is depicted as a central node, with an indicator (red circle) showing a failure point. This hub connects to a data center, which in turn links to AWS, cloud applications, and the Internet. The branches show direct connections to the MPLS hub, emphasizing their dependency on this central node for network access.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/sd-wan-gateway/hub-and-spoke-single-point-of-failure.png "Diagram illustrating a single point of failure in a hub-and-spoke network architecture. It features multiple branches connecting to a central MPLS (Multiprotocol Label Switching) hub. The MPLS hub is depicted as a central node, with an indicator (red circle) showing a failure point. This hub connects to a data center, which in turn links to AWS, cloud applications, and the Internet. The branches show direct connections to the MPLS hub, emphasizing their dependency on this central node for network access.")

If the hub experiences an outage or becomes overloaded, the entire network can suffer. And that can lead to downtime, which tends to disrupt business operations and reduce productivity across the organization.

### Scalability

Scalability is also a challenge.

As the number of branch sites increases, the central hub must handle more traffic. The added load can strain the hub, requiring costly upgrades or more complex configurations to maintain performance. The architecture's reliance on a single point of control makes it less adaptable to growing network demands.  
![Architecture diagram illustrating the scalability challenges of a hub-and-spoke architecture in a network setup. It features multiple branch offices connected to a central MPLS (Multiprotocol Label Switching) hub. The MPLS hub then connects to a data center, which is linked to AWS, cloud applications, and the Internet. The layout highlights the connections between the branch offices, MPLS hub, and data center, emphasizing the centralized structure of the architecture.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/sd-wan-gateway/hub-and-spoke-scalability-challenges.png "Architecture diagram illustrating the scalability challenges of a hub-and-spoke architecture in a network setup. It features multiple branch offices connected to a central MPLS (Multiprotocol Label Switching) hub. The MPLS hub then connects to a data center, which is linked to AWS, cloud applications, and the Internet. The layout highlights the connections between the branch offices, MPLS hub, and data center, emphasizing the centralized structure of the architecture.")

In today's cloud-centric environment, this limitation becomes more apparent.

Modern SD-WAN solutions, including SD-WAN gateways, are designed to overcome these challenges by allowing direct branch-to-branch and branch-to-cloud communication.

This approach reduces latency, distributes traffic management, and enhances the overall efficiency of the network.

## What is the purpose of an SD-WAN gateway?

The purpose of an SD-WAN gateway is to function as a central point that manages and directs traffic in an [SD-WAN architecture](https://www.paloaltonetworks.com/cyberpedia/sd-wan-architecture?ts=markdown).

Think of it as the hub that connects different branches and cloud services, allowing data flows to travel smoothly and efficiently across the network.

As mentioned, in traditional WAN setups, all traffic would typically pass through a headquarters or central data center. But with the rise of cloud services, the need for direct branch-to-cloud communication is a must---and the old model can create bottlenecks.

An SD-WAN gateway changes the game by intelligently routing traffic. It can be deployed on premises or in the cloud, outside the headquarters. Its job is to handle all the SD-WAN traffic and control.

Like so:  
![Architecture diagram depicting a hybrid SD-WAN gateway deployment scenario. It features an SD-WAN orchestrator at the top, connecting to various components, including SD-WAN gateways with embedded controllers and legacy enterprise data centers. Below, an edge appliance or virtual device connects to a public internet node and a private circuit. Additionally, private edges are shown linked to a private network/MPLS. To the right, an edge cluster connects to hybrid data centers, which can be either enterprise or cloud-based. The diagram also illustrates connections to software as a service (SaaS) applications such as AWS, Box, and Salesforce.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/sd-wan-gateway/hybrid-sd-wan-gateway-deployment-scenario.png "Architecture diagram depicting a hybrid SD-WAN gateway deployment scenario. It features an SD-WAN orchestrator at the top, connecting to various components, including SD-WAN gateways with embedded controllers and legacy enterprise data centers. Below, an edge appliance or virtual device connects to a public internet node and a private circuit. Additionally, private edges are shown linked to a private network/MPLS. To the right, an edge cluster connects to hybrid data centers, which can be either enterprise or cloud-based. The diagram also illustrates connections to software as a service (SaaS) applications such as AWS, Box, and Salesforce.")

This way, instead of sending all data back to the central hub, branch offices can communicate directly with each other or with cloud services through the gateway. Which reduces the load on the headquarters network and improves performance overall.

Basically, the SD-WAN gateway is there to optimize how data travels across a network. Especially in environments where cloud services are heavily used.

*** ** * ** ***

***Note:** The concept of an "SD-WAN gateway" as part of an SD-WAN architecture is widely recognized and used in modern networking solutions, though the term isn't necessarily universally defined. In many cases, this functionality might be integrated into other SD-WAN components, such as edge devices or controllers. The terminology can vary depending on the vendor or specific implementation of the SD-WAN solution.*

*** ** * ** ***

## What are the primary SD-WAN gateway use cases?

SD-WAN gateways work well for organizations with heavy cloud service usage, multiple branches, or complex networking needs. In these scenarios, implementing an SD-WAN gateway can optimize network performance and improve efficiency.

### Multiple branch sites or heavy reliance on cloud-based services

SD-WAN gateways are especially useful for organizations with multiple branch sites that need to communicate efficiently. They allow direct communication between sites without relying on a central hub. And this majorly reduces delays.  
![SD-WAN architecture diagram, featuring a central data center connected to four branch locations, represented as gray building icons. These connections are color-coded to indicate different types of internet connections: MPLS in red, cellular connections in green, and broadband in orange. Surrounding the central network diagram are logos of various internet and cloud services, such as AWS, Azure, Google, Dropbox, Salesforce, Workday, and YouTube, implying their integration or accessibility through this network architecture.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/sd-wan-gateway/sd-wan-architecture-multiple-branch-sites.png "SD-WAN architecture diagram, featuring a central data center connected to four branch locations, represented as gray building icons. These connections are color-coded to indicate different types of internet connections: MPLS in red, cellular connections in green, and broadband in orange. Surrounding the central network diagram are logos of various internet and cloud services, such as AWS, Azure, Google, Dropbox, Salesforce, Workday, and YouTube, implying their integration or accessibility through this network architecture.")

Enterprises that use a variety of cloud applications, like Office 365, Salesforce, or AWS-hosted tools, can benefit from an SD-WAN gateway as well. SD-WAN gateways provide direct connections to cloud services. Which means faster, more reliable access to applications.

### Multiple remote sites or sites experiencing high volumes of site-to-site traffic

Businesses with complex network demands---such as those with multiple remote sites **or** those experiencing high volumes of site-to-site traffic---may also consider an SD-WAN gateway.  
![SD-WAN cloud connectivity architecture diagram, featuring a central data center connected to four branch locations, represented as gray building icons. These connections are color-coded to indicate different types of internet connections: MPLS in red, cellular connections in green, and broadband in orange. Surrounding the central network diagram are logos of various internet and cloud services, such as AWS, Azure, Google, Dropbox, Salesforce, Workday, and YouTube, implying their integration or accessibility through this network architecture.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/sd-wan-gateway/sd-wan-cloud-connectivity.png "SD-WAN cloud connectivity architecture diagram, featuring a central data center connected to four branch locations, represented as gray building icons. These connections are color-coded to indicate different types of internet connections: MPLS in red, cellular connections in green, and broadband in orange. Surrounding the central network diagram are logos of various internet and cloud services, such as AWS, Azure, Google, Dropbox, Salesforce, Workday, and YouTube, implying their integration or accessibility through this network architecture.")

As explained, the gateway can offload the burden from a central data center by allowing direct branch-to-branch and branch-to-cloud communication. Which equals better network performance and less strain on headquarters' resources.

### Meshed WAN architectures

Organizations with a long-term SD-WAN strategy that involves building a meshed WAN design across all their sites are another key group that would benefit from an SD-WAN gateway.  
![Architecture diagram illustrating a full mesh topology in a network configuration. It features two data centers or hubs positioned at the center, connected to multiple branch locations represented by blue icons. Each branch is interconnected, indicating that every branch can communicate directly with every other branch and the data centers, demonstrating a comprehensive network architecture that allows for multiple pathways between all nodes. The layout emphasizes the redundancy and direct connectivity characteristic of a full mesh topology.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/sd-wan-gateway/full-mesh-topology.png "Architecture diagram illustrating a full mesh topology in a network configuration. It features two data centers or hubs positioned at the center, connected to multiple branch locations represented by blue icons. Each branch is interconnected, indicating that every branch can communicate directly with every other branch and the data centers, demonstrating a comprehensive network architecture that allows for multiple pathways between all nodes. The layout emphasizes the redundancy and direct connectivity characteristic of a full mesh topology.")

In these scenarios, a gateway can simplify network management. Plus, it reduces the hardware and operational costs associated with traditional point-to-point architectures.

*** ** * ** ***

***Further reading:***

* [What Is SD-Branch?](https://www.paloaltonetworks.com/cyberpedia/sd-branch?ts=markdown)
* [What Is SD-WAN Multicloud?](https://www.paloaltonetworks.com/cyberpedia/what-is-a-sd-wan-multicloud?ts=markdown)
* [What Is the Cloud-delivered Branch?](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-delivered-branch?ts=markdown)
* [What Is Next-Generation SD-WAN?](https://www.paloaltonetworks.com/cyberpedia/what-is-next-generation-sd-wan?ts=markdown)

*** ** * ** ***

## What are the features of an SD-WAN gateway?

![Graphic presenting the features of an SD-WAN gateway, organized in a grid layout. Each feature is represented within a green square. The features listed include dynamic path selection at the top left, centralized management below it, built-in security features at the bottom left, more bandwidth at the top right, and reliability and failover at the bottom right. The title](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/sd-wan-gateway/sd-wan-gateway-features.png "Graphic presenting the features of an SD-WAN gateway, organized in a grid layout. Each feature is represented within a green square. The features listed include dynamic path selection at the top left, centralized management below it, built-in security features at the bottom left, more bandwidth at the top right, and reliability and failover at the bottom right. The title ")

An SD-WAN gateway offers several key features:

* Dynamic path selection
* Centralized management
* Built-in security features
* More bandwidth
* Reliability and failover

### Dynamic path selection

First and foremost is dynamic path selection.

This feature allows the gateway to choose the best route for network traffic in real-time. In other words, it dynamically selects the most efficient path for data to travel, avoiding congested or unreliable routes.  
![Architecture diagram illustrating the dynamic path selection of an SD-WAN gateway. It features branch offices on the left, where policies are deployed to the SD-WAN router. In the center, three types of connections are displayed: MPLS, LTE, and Fiber, represented with green, yellow, and red circles, indicating their status. To the right, cloud services, a data center, and data center applications are shown as destinations for data flow. The SD-WAN gateway is highlighted in blue at the center, managing network policies, traffic routing, and monitoring. Dashed lines indicate control connections, while solid lines represent data flow.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/sd-wan-gateway/sd-wan-gateway-performing-dynamic-path-selection.png "Architecture diagram illustrating the dynamic path selection of an SD-WAN gateway. It features branch offices on the left, where policies are deployed to the SD-WAN router. In the center, three types of connections are displayed: MPLS, LTE, and Fiber, represented with green, yellow, and red circles, indicating their status. To the right, cloud services, a data center, and data center applications are shown as destinations for data flow. The SD-WAN gateway is highlighted in blue at the center, managing network policies, traffic routing, and monitoring. Dashed lines indicate control connections, while solid lines represent data flow.")

This ensures that traffic flows smoothly, which is particularly important for applications that require consistent, reliable performance.

### Centralized management

An SD-WAN gateway provides a single point of control for managing the entire network.  
![Architecture diagram showing how SD-WAN gateways provide centralized control and management across the network. It features multiple branch locations on the left, connecting to various WAN types in the center, including MPLS, Starlink, LTE, 4G/5G, and DSL. To the right, cloud services, a data center, and data center applications are depicted as endpoints for data flow. At the bottom center, the SD-WAN gateway is illustrated, indicating its roles in security policy management, routing option management, and network orchestration. The layout emphasizes the gateway's central function in managing network policies and connections.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/sd-wan-gateway/sd-wan-gateways-centralized-management.png "Architecture diagram showing how SD-WAN gateways provide centralized control and management across the network. It features multiple branch locations on the left, connecting to various WAN types in the center, including MPLS, Starlink, LTE, 4G/5G, and DSL. To the right, cloud services, a data center, and data center applications are depicted as endpoints for data flow. At the bottom center, the SD-WAN gateway is illustrated, indicating its roles in security policy management, routing option management, and network orchestration. The layout emphasizes the gateway's central function in managing network policies and connections.")

Centralizing control makes it way easier for organizations to monitor, deploy, and update network policies across all locations.

With centralized management, network teams can have deeper visibility into the network. Including access points, switches, and gateways. And that means more granular control over network operations.

### Built-in security features

SD-WAN gateways typically include built-in security measures like [firewalls](https://www.paloaltonetworks.com/cyberpedia/what-is-a-firewall?ts=markdown), [VPNs](https://www.paloaltonetworks.com/cyberpedia/what-is-a-vpn?ts=markdown), and [encryption](https://www.paloaltonetworks.com/cyberpedia/data-encryption?ts=markdown).

These features help protect sensitive data as it moves across the network. So information remains secure from potential threats.

By integrating security directly into the gateway, organizations can somewhat lessen the need for separate security solutions.

*** ** * ** ***

***Note:** While SD-WAN gateways include important security features, these features are not exhaustive. Gateways are designed primarily for traffic management and optimization, not for comprehensive security. They should be part of a broader network security strategy that includes additional protective measures. The same is true for SD-WAN overall, but gateways are even more limited in scope.*

*** ** * ** ***

### WAN aggregation

Additionally, an SD-WAN gateway can improve overall bandwidth by aggregating multiple WAN connections.

Instead of relying on a single connection, the gateway can combine several, increasing the total available bandwidth.  
![Architecture diagram illustrating WAN aggregation managed by SD-WAN gateways. It features multiple branch locations on the left, which connect to various WAN types in the center, including MPLS, Starlink, LTE, 4G/5G, and DSL. On the right, cloud services, a data center, and data center applications are displayed as endpoints. The SD-WAN gateway is highlighted at the bottom center, indicating its role in managing the aggregation of these WAN connections. The layout emphasizes the connectivity between branches, WANs, and cloud services facilitated by the SD-WAN gateway.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/sd-wan-gateway/sd-wan-gateway-wan-aggregation.png "Architecture diagram illustrating WAN aggregation managed by SD-WAN gateways. It features multiple branch locations on the left, which connect to various WAN types in the center, including MPLS, Starlink, LTE, 4G/5G, and DSL. On the right, cloud services, a data center, and data center applications are displayed as endpoints. The SD-WAN gateway is highlighted at the bottom center, indicating its role in managing the aggregation of these WAN connections. The layout emphasizes the connectivity between branches, WANs, and cloud services facilitated by the SD-WAN gateway.")

This is particularly useful for organizations with high data transfer needs. Because it helps ensure the network can handle large volumes of traffic without slowing down.

### Reliability and failover

Finally, reliability and failover are key features of an SD-WAN gateway.

In the event of a network failure, the gateway can automatically switch to a backup connection. Like a secondary WAN link or a cellular network.  
![Architecture diagram depicting an SD-WAN gateway performing failover. It shows a WAN connection on the left side leading to the SD-WAN gateway, which is centrally positioned. The primary path to the Internet is indicated by a solid line extending from the SD-WAN gateway, while a secondary path to the Internet is represented by a dashed line. Below the SD-WAN gateway, a failover path is illustrated, indicating alternative connectivity. A backup tunnel is also shown extending from the gateway, signifying a secondary connection option. The overall layout emphasizes the gateway's role in maintaining connectivity during failover scenarios.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/sd-wan-gateway/sd-wan-gateway-failover.png "Architecture diagram depicting an SD-WAN gateway performing failover. It shows a WAN connection on the left side leading to the SD-WAN gateway, which is centrally positioned. The primary path to the Internet is indicated by a solid line extending from the SD-WAN gateway, while a secondary path to the Internet is represented by a dashed line. Below the SD-WAN gateway, a failover path is illustrated, indicating alternative connectivity. A backup tunnel is also shown extending from the gateway, signifying a secondary connection option. The overall layout emphasizes the gateway's role in maintaining connectivity during failover scenarios.")

The failover capability ensures the network remains operational, even if the primary connection goes down. And that adds up to lower risk of downtime and sustained business continuity.

## What are the different types of SD-WAN gateway form factors?

![Graphic illustrating the types of SD-WAN gateway form factors, featuring three distinct categories. On the left, a](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/sd-wan-gateway/types-of-sd-wan-gateway-form-factors.png)

There are three primary types of SD-WAN gateway form factors: hardware, virtual, and cloud.

Selecting the right form factor depends on your organization's specific needs, including performance requirements, deployment architecture, scalability, and budget considerations.

### Hardware SD-WAN gateway

* **Overview:** A hardware gateway is a physical [SD-WAN appliance](https://www.paloaltonetworks.com/cyberpedia/what-is-an-sdwan-appliance?ts=markdown), typically installed on-premises in a data center, branch office, or other locations. It manages and directs network traffic locally, often preferred in environments where on-site control and high performance are necessary.
* **Use case:** Suitable for organizations that need dedicated hardware for traffic management and prefer physical appliances for security or performance reasons.

### Virtual SD-WAN gateway

* **Overview:** A software-based solution that runs on virtualized infrastructure. It can be deployed either on-premises (e.g., on a virtual machine) or in a cloud environment. Virtual gateways offer the same functionality as hardware gateways, but they provide greater flexibility when it comes to deployment and scaling.
* **Use case:** Ideal for organizations that prefer a more flexible, scalable solution--especially those with hybrid cloud environments or those looking to reduce physical hardware.

### SD-WAN cloud gateway

* **Overview:** Hosted entirely in the cloud by a service provider, a cloud gateway manages traffic between branch locations and cloud services. This form factor eliminates the need for on-premises hardware.
* **Use case:** Best for organizations that are cloud-first or have a significant reliance on cloud services. It provides a managed solution that integrates seamlessly with other cloud services.

## What are the disadvantages of an SD-WAN gateway?

The main disadvantage of SD-WAN gateways is that they require an additional resource to be hosted, most commonly in the cloud to establish a global point of presence.

For example: An SD-WAN gateway will require a compute resource to host a virtualized SD-WAN gateway appliance, usually in the form of an open virtual appliance (OVA), creating another network device to manage, update and monitor.

It's worth noting: Many SD-WAN gateway offerings can be hosted by a service provider to facilitate a hybrid SD-WAN model.

## SD-WAN gateway FAQs

### What is the difference between SD-WAN edge and gateway?

An SD-WAN edge refers to the devices at branch locations that connect to the network, while an SD-WAN gateway is a central point (often in the cloud) that routes and manages traffic between these edge devices and cloud services.

### What is the difference between WAN and gateway?

A WAN (wide area network) is a network that connects geographically dispersed locations, while a gateway is a device or node that routes traffic between different networks or parts of a network, such as between a WAN and the cloud.

### How does an SD-WAN gateway differ from a traditional WAN router?

An SD-WAN gateway manages traffic within an SD-WAN architecture to optimize and direct traffic to cloud services and branch locations, whereas a traditional WAN router primarily routes traffic within a conventional network setup.

### Can an SD-WAN gateway replace my existing network hardware?

No, an SD-WAN gateway cannot replace existing network hardware. It can potentially replace some network hardware by consolidating traffic management and security, but it may need to be integrated with existing infrastructure rather than functioning as a complete replacement.

### How is traffic managed through an SD-WAN gateway?

Traffic is managed through an SD-WAN gateway via dynamic path selection, centralized control, and optimized routing to ensure efficient and secure data flow across the network.

### What are the costs associated with implementing an SD-WAN gateway?

The costs of implementing an SD-WAN gateway can include hardware or software purchases, subscription fees, and potential expenses for integration and ongoing management. The overall cost depends on the chosen gateway form factor and network requirements.
Recommended for you  
[Report: 2024 Gartner Magic Quadrant for SD-WAN
5-time Leader with the Furthest for Completeness of Vision.](https://start.paloaltonetworks.com/gartner-sd-wan-mq-2024.html)  
[Infographic: Next-Gen SD-WAN: The Branch of the Future
Find out how modern SD-WAN meets today's network demands.](https://www.paloaltonetworks.com/resources/infographics/branch-of-the-future?ts=markdown)  
[Video: Best Practices for SD-WAN Deployment
Dive into best practices for a successful SD-WAN deployment.](https://www.paloaltonetworks.com/engage/sd-wan-lightspeed-on-demand/sd-wan-on-demand-videos/best-practices-sd-wan)  
[eBook: Branch of the Future with SD-WAN For Dummies^®^
Learn the four tenets of modern SD-WAN.](https://start.paloaltonetworks.com/branch-of-the-future-with-sd-wan-for-dummies.html)  
![Share page on facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/facebook-circular-icon.svg) ![Share page on linkedin](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/linkedin-circular-icon.svg) [![Share page by an email](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/email-circular-icon.svg)](mailto:?subject=What%20Is%20an%20SD-WAN%20Gateway%3F%20%7C%20Definition%2C%20Explanation%2C%20Use%20Cases&body=An%20SD-WAN%20gateway%20is%20a%20central%20hub%20within%20an%20SD-WAN%20architecture%20that%20manages%20and%20directs%20network%20traffic%20between%20branch%20locations%20and%20cloud%20services.%20at%20https%3A//www.paloaltonetworks.com/cyberpedia/what-is-an-sd-wan-gateway)  
Back to Top  
{#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2025 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language