Complete Control

The controlling element of the PA-220 is PAN-OS, which natively classifies all traffic, inclusive of applications, threats, and content, and then ties that traffic to the user regardless of location or device type. The application, content, and user (in other words, the elements that run your business), then serve as the basis of your security policies, resulting in improved security posture and reduced incident response time.

Key Security and Connectivity Features

Classifies all applications, on all ports, all the time. Identifies the application, regardless of port, SSL/SSH encryption, or evasive technique employed.

Uses the application, not the port, as the basis for all your safe enablement policy decisions: allow, deny, schedule, inspect, and apply traffic-shaping.

Categorizes unidentified applications for policy control, threat forensics, or App-ID™ technology development.

Provides full visibility into the details of all TLS-encrypted connections and stops threats hidden in encrypted traffic, including traffic that uses TLS 1.3 and HTTP/2 protocols.

Enforces security policies for any user, at any location

Deploys consistent policies to local and remote users running on the Windows, macOS, Linux, Android, or Apple iOS platforms.

Enables agentless integration with Microsoft Active Directory and Terminal Services, LDAP, Novell eDirectory and Citrix.

Easily integrates your firewall policies with 802.1X wireless, proxies, network access control, and any other source of user identity information.

Extends native protection across all attack vectors with cloud-delivered security subscriptions

Threat Prevention inspects all traffic to automatically block known vulnerabilities, malware, vulnerability exploits, spyware, command and control (C2) and custom intrusion prevention system (IPS) signatures.

WildFire malware prevention protects against unknown file-based threats, delivering automated prevention in seconds for most new threats across networks, endpoints and clouds.

URL Filtering prevents access to malicious sites and protects users against web-based threats.

DNS Security detects and blocks known and unknown threats over DNS while predictive analytics disrupt attacks using DNS for C2 or data theft.

IoT Security—discovers all unmanaged devices in your network, identifies risks and vulnerabilities and automates enforcement policies for your ML-Powered NGFW using a new Device-ID™ policy construct.

Enables SD-WAN functionality

Allows you to easily adopt SD-WAN by simply enabling it on your existing firewalls.

Enables you to safely implement SD-WAN, which is natively integrated with our industry-leading security.

Delivers an exceptional end user experience by minimizing latency, jitter, and packet loss.