The Palo Alto Networks PA-400 Series, comprising the PA-460, PA-410, PA-410, and PA-410, brings ML-Powered NGFW capabilities to distributed enterprise branch offices, retail locations, and midsize businesses. The world's first ML-Powered Next-Generation Firewall (NGFW) enables you to prevent unknown threats, see and secure everything—including the Internet of Things (IoT)—and reduce errors with automatic policy recommendations. The controlling element of the PA-400 Series is PAN-OS, the same software that runs all Palo Alto Networks NGFWs. PAN-OS natively classifies all traffic, including of applications, threats, and content, and then ties that traffic to the user regardless of location or device type. The application, content, and user—in other words, the elements that run your business—then serve as the basis of your security policies, resulting in improved security posture and reduced incident response times.

  • Category: Palo Alto - Firewall
  • SKU: PAN-PA-440




Part number



Palo Alto Networks PA-440, 3.0 Gbps firewall throughput, 0.9 Gbps threat prevention throughput

Firewall throughput (HTTP/appmix)

3.0/2.4 Gbps

Threat Prevention throughput (HTTP/appmix)

0.9/1.0 Gbps

IPsec VPN throughput

1.6 Gbps

Max sessions


New sessions per second


Product Details

Key Security and Connectivity Features

1.ML-Powered Next-Generation Firewall

Embeds machine learning (ML) in the core of the firewall to provide inline signatureless attack prevention for file- based attacks while identifying and immediately stopping never-before-seen phishing attempts.

2.Enables SD-WAN functionality

Delivers an exceptional end user experience by minimizing latency, jitter, and packet loss.

3.Delivers a unique approach to packet processing with Single-Pass Architecture

Avoids introducing latency by scanning traffic for all signatures in a single pass, using stream-based, uniform signature matching.

4.Prevents malicious activity concealed in encrypted traffic

Offers rich visibility into TLS traffic, such as the amount of encrypted traffic, TLS/SSL versions, cipher suites, and more, without decrypting.

5.Identifies and categorizes all applications, on all ports, all the time, with full Layer 7 inspection

Uses the application, not the port, as the basis for all your safe enablement policy decisions: allow, deny, schedule, inspect, and apply traffic-shaping.

6.Enforces security for users at any location, on any device, while adapting policy based on user activity

Prevents corporate credentials from leaking to third-party websites and prevents reuse of stolen credentials by enabling multi-factor authentication (MFA) at the network layer for any application without any application changes.