Prevent threats, safely enable applications

Multi-gig-throughput firewalls to secure your internet edge

PA-3200 Series next-generation firewall appliances help secure your organization through the safe enablement of applications, users and content at high throughput speeds.

Predictable performance, broad threat coverage

The PA-3200 Series provides dedicated, programmable hardware resources for networking, security, signature matching and management functions, ensuring predictable performance. The appliances deliver high decryption throughput and SSL session capacity so you can secure encrypted traffic without slowing down your business, simplify your deployments, and uncover and stop hidden threats without compromising privacy.




PA-3200 Series architecture

Integrate network security without holding back the business

PA-3200 Series appliances secure your business with a prevention-focused architecture and integrated innovations that are easy to deploy and use – so you can cut risks and speed growth at the same time.

Classifies all applications, on all ports, all the time

PA-3200 Series appliances identify any application, regardless of port, encryption (SSL or SSH) or evasive technique employed, and use the application – not the port – as the basis for all your safe enablement policy decisions: allow, deny, schedule, inspect and apply traffic-shaping. They also categorize unidentified applications for policy control, threat forensics or custom App-ID™ technology development.

Enforces security policies for any user, at any location

With the PA-3200 Series next-generation firewalls, you can deploy consistent policies to local and remote users running on Windows®, macOS®, Linux, Android® or Apple® iOS platforms. You can choose from a multitude of ways to identify users, including GlobalProtect™ network security for endpoints, captive portal, AAA servers, Microsoft® Active Directory®, Terminal Services, LDAP and Novell® eDirectory™, as well as other sources you can add using XML API.

Prevents known and unknown threats

PA-3200 Series appliances block a range of threats, including exploits, malware and spyware, across all ports, regardless of threat-evasion tactics employed. They limit the unauthorized transfer of files and sensitive data to safely enable web and application access. They also identify unknown malware, analyze it based on malicious behaviors, and then automatically create and deliver protection.

Learn more

The PA-3200 Series family


  • 8.4/10 Gbps firewall throughput
    (App-ID enabled1)
  • 3.9/4.7 Gbps Threat Prevention throughput2
  • 4.8 Gbps IPsec VPN throughput
  • 3,000,000 max sessions
  • 118,000 new sessions per second3
  • 6,000 IPsec VPN tunnels/tunnel interfaces
  • 2,048 SSL VPN Users
  • 10 virtual routers
  • 1/6 virtual systems (base/max4)
  • 200 security zones
  • 5,000 max number of policies


  • 6/7 Gbps firewall throughput
    (App-ID enabled1)
  • 2.6/3.1 Gbps Threat Prevention throughput2
  • 3.2 Gbps IPsec VPN throughput
  • 2,000,000 max sessions
  • 84,000 new sessions per second3
  • 6,000 IPsec VPN tunnels/tunnel interfaces
  • 2,048 SSL VPN Users
  • 10 virtual routers
  • 1/6 virtual systems (base/max4)
  • 200 security zones
  • 5,000 max number of policies


  • 4.6/4.6 Gbps firewall throughput (App-ID enabled1)
  • 2.2/2.6 Gbps Threat Prevention throughput2
  • 2.5 Gbps IPsec VPN throughput
  • 1,000,000 max sessions
  • 57,000 new sessions per second3
  • 4,000 IPsec VPN tunnels/tunnel interfaces
  • 1,024 SSL VPN Users
  • 10 virtual routers
  • 1/6 virtual systems (base/max4)
  • 200 security zones
  • 2,500 max number of policies

1. Firewall throughput measured with App-ID and logging enabled utilizing 64KB HTTP/appmix transactions
2. Threat Prevention throughput measured with App-ID, IPS, antivirus, anti-spyware, WildFire and logging enabled utilizing 64KB HTTP/appmix transactions
3. IPsec VPN throughput measured with 64KB HTTP transactions
4. New sessions per second measured with application-override utilizing 1-byte HTTP transactions
5. Adding virtual systems to the base quantity requires a separately purchased license




Request your Security Lifecycle Review (SLR)

The SLR examines your network traffic and generates a comprehensive report unique to your organization to help you discover the applications and threats exposing vulnerabilities in your security posture. Request now



Are you ready to take the
Ultimate Test Drive?

If you're ready to take the test drive, pick the best time for you below!

All times are displayed in Pacific time.