Prevent threats, safely enable applications

Consistent architecture for branch offices and midsize businesses

PA-500 next-generation firewall appliance helps secure branch offices and midsize businesses by preventing a broad range of cyberthreats while safely enabling applications.

Visibility, control and power to prevent network threats

The PA-500 next-generation firewall enables you to secure your organization through advanced visibility and control of applications, users and content at throughput speeds of up to 250 Mbps. Dedicated computing resources assigned to networking, security, signature matching and management functions ensure predictable performance.


Prevent attacks and grow with confidence

The PA-500 appliance secures your business with a prevention-focused architecture and integrated innovations that are easy to deploy and use – so you can cut risks and speed growth at the same time.

Classifies all applications, on all ports, all the time

The PA-500 appliance identifies the application, regardless of port, encryption (SSL or SSH) or evasive technique employed, and uses the application – not the port – as the basis for all your safe enablement policy decisions: allow, deny, schedule, inspect and apply traffic-shaping. It also categorizes unidentified applications for policy control, threat forensics or App-ID™ technology development.

Enforces security policies for any user, at any location

The PA-500 lets you deploy consistent policies to local and remote users running on Windows®, macOS®, Linux®, Android®, or Apple® iOS platforms. You get agentless integration with Microsoft® Active Directory® and Terminal Services, LDAP, Novell® eDirectory™ and Citrix®. And you can integrate your firewall policies easily with 802.1X wireless, proxies, network access control and other sources of user ID.

Learn what’s new

Prevents known and unknown threats

The PA-500 blocks a range of threats, including exploits, malware and spyware, across all ports, regardless of common threat-evasion tactics employed. It limits the unauthorized transfer of files and sensitive data to safely enable non-work-related web surfing. It also identifies unknown malware, analyzes it based on hundreds of malicious behaviors, and then automatically creates and delivers protection.

Learn more

The PA-500


  • 250 Mbps firewall throughput
  • 100 Mbps Threat Prevention throughput
  • 50 Mbps IPsec VPN throughput
  • 64,000 max sessions
  • 7500 new sessions per second
  • 250 IPsec VPN tunnels/tunnel interfaces
  • 100 SSL VPN users
  • 3 virtual routers
  • 20 security zones
  • 1000 max number of policies

Request your Security Lifecycle Review

The SLR examines your network traffic and generates a comprehensive report unique to your organization to help you discover the applications and threats exposing vulnerabilities in your security posture. Request now



Are you ready to take the
Ultimate Test Drive?

If you're ready to take the test drive, pick the best time for you below!

All times are displayed in Pacific time.