Palo Alto Next-Generation Firewall PA 445

Palo Alto Next-Generation Firewall PA 445


Palo Alto Next-Generation Firewall PA 445


Earn 2,200 points when you buy me!

Hurry! Other 2 people are watching this product
In stock
Free shipping Free shipping
could be yours in 1 - 5 days could be yours in 1 - 5 days
Hurry! Other 2 people are watching this product

The Palo Alto Networks PA-400 Series Series Next-Generation Firewalls, comprising the PA410, PA-415, PA-440, PA-445, PA-450, and PA-460, brings ML-Powered NGFW capabilities to distributed enterprise branch offices, retail locations, and midsize businesses.

The world’s first ML-Powered Next-Generation Firewall enables you to prevent unknown threats, see and secure everything—including the Internet of Things (IoT)—and reduce errors with automatic policy recommendations.


ML-Powered Next-Generation Firewall
• Embeds machine learning (ML) in the core of the firewall to provide inline signatureless attack
prevention for file-based attacks while identifying and immediately stopping never-before-seen
phishing attempts.
• Leverages cloud-based ML processes to push zero-delay signatures and instructions back to the NGFW.
• Uses behavioral analysis to detect IoT devices and make policy recommendations; cloud-delivered
and natively integrated service on the NGFW.
• Automates policy recommendations that save time and reduce the chance of human error.

Identifies and Categorizes All Applications, on All Ports, All the Time, with
Full Layer 7 Inspection
• Identifies the applications traversing your network irrespective of port, protocol, evasive techniques,
or encryption (TLS/SSL). In addition, it automatically discovers and controls new applications to
keep pace with the SaaS explosion with SaaS Security subscription.
• Uses the application, not the port, as the basis for all your safe enablement policy decisions: allow,
deny, schedule, inspect, and apply traffic-shaping.
• Offers the ability to create custom App-ID™ tags for proprietary applications or request App-ID
development for new applications from Palo Alto Networks.
• Identifies all payload data within the application (e.g., files and data patterns) to block malicious
files and thwart data exfiltration attempts.
• Creates standard and customized application usage reports, including software-as-a-service (SaaS)
reports that provide insight into all sanctioned and unsanctioned SaaS traffic on your network.
• Enables safe migration of legacy Layer 4 rule sets to App-ID-based rules with built-in Policy
Optimizer, giving you a rule set that is more secure and easier to manage


Delivers a Unique Approach to Packet Processing with Single-Pass
• Performs networking, policy lookup, application and decoding, and signature matching—for all
threats and content—in a single pass. This significantly reduces the amount of processing overhead
required to perform multiple functions in one security device.
• Avoids introducing latency by scanning traffic for all signatures in a single pass, using stream-based,
uniform signature matching.
• Enables consistent and predictable performance when security subscriptions are enabled.

Enables SD-WAN Functionality
• Allows you to easily adopt SD-WAN by simply enabling it on your existing firewalls.
• Enables you to safely implement SD-WAN, which is natively integrated with our industry-leading
• Delivers an exceptional end-user experience by minimizing latency, jitter, and packet loss

Tech Specs

Tech specs

PA-450 Performance and Capacities

Firewall throughput (HTTP/appmix) 2.7 Gbps
Threat Prevention throughput (HTTP/appmix) 1.25 Gbps
IPsec VPN throughput 1.1 Gbps
Max sessions 200,000
New sessions per second 34,000
Virtual systems (base/max) 1/2

Manufacturing Number

MFG Part Number PAN-PA-445

PA-450 Networking Features

Interface Modes L2, L3, tap, virtual wire (transparent mode)
Routing OSPFv2/v3 with graceful restart, BGP with graceful restart, RIP, static routing
Policy-based forwarding
Point-to-point protocol over Ethernet (PPPoE)
Multicast: PIM-SM, PIM-SSM, IGMP v1, v2, and v3
SD-WAN Path quality measurement (jitter, packet loss, latency)
Initial path selection (PBF)
Dynamic path change
IPv6 L2, L3, tap, virtual wire (transparent mode)
Features: App-ID, User-ID, Content-ID, WildFire, and SSL Decryption
IPsec VPN Key exchange: manual key, IKEv1, and IKEv2 (pre-shared key,certificate-based authentication
Encryption: 3DES, AES (128-bit, 192-bit, 256-bit)
Authentication: MD5, SHA-1, SHA-256, SHA-384, SHA-512
VLANs 802.1Q VLAN tags per device/per interface: 4,094/4,094
Network Address Translation -
High Availability Modes: active/active, active/passive
Failure detection: path monitoring, interface monitoring
Mobile Network Infrastructure 5G Security
5G MEC (multi-access edge computing) SecurityGTP SecuritySCTP Security

PA-450 Hardware Specifications

I/O PA-460, PA-450, PA-440: 10/100/1000 (8) RJ45
PA-410: 10/100/1000 (7) RJ45
Management I/O PA-460, PA-450, PA-440: 10/100/1000 out-of-band management port (1), RJ45 console port (1), USB port (2), Micro USB console port (1) PA-410: 10/100/1000 out-of-band management port (1), RJ45 console port (1), USB port (2)
Storage Capacity PA-460, PA-450, PA-440: 128 GB eMMC
PA-410: 64 GB eMMC
Power Supply (Avg/Max Power Consumption) PA-460, PA-450: 33/41 W
PA-440: 29/34 W
PA-410: 17/18 W
Max BTU/hr PA-460, PA-450: 141
PA-440: 117
PA-410: 78
Power Supplies (Base/Max) -
AC Input Voltage (Input Hz) 100-240 VAC (50-60 Hz)
AC Power Supply Output -
Max Current Consumption PA-460, PA-450: 3.4 A @ 12 VDC
PA-440: 2.9 A @ 12 VDC
PA-410: 1.5 A @ 12 VDC
Max Inrush Current PA-460, PA-450: 4.2 A
PA-440: 3.3 A
PA-410: 2.1 A
Mean Time Between Failure (MTBF) -
Rack Mount (Dimensions) PA-460, PA-450, PA-440: 5.0 lbs/7.8 lbs
PA-410: 3.1 lbs/5.9 lbs
Between Failure (MTBF) -
Safety cTUVus, CB
EMI FCC Class B, CE Class B, VCCI Class B
Environment Operating temperature: 32° to 104° F, 0° to 40° C
Non-operating temperature: -4° to 158° F, -20° to 70° C
Passive cooling
OS Features


What’s New

Our latest release continues the tradition of delivering integrated innovations. New features will help you extend security into branch offices, apply security dynamically to users, and provide better visibility for mobile users connecting to your network.

Integrated SD-WAN, dynamic user policy enforcement, enhanced visibility into mobile user activity

Secure SD-WAN

Natively integrated connectivity and security on a single intuitive interface.

Dynamic User Groups

Automated security actions that adapt to changing business needs.

GlobalProtect Enhancements

Full visibility with comprehensive logging and reports to simplify troubleshooting.

World-Class Security + High-Performance Connectivity

With industry-leading security natively integrated into our SD-WAN solution, you get all the security features from our Next-Generation Firewalls – powered by PAN-OS® 9.1 – together with Zero Touch Provisioning (ZTP) and the SD-WAN functionality from a single vendor.

Consume our secure Prisma™ Access SD-WAN hub as a service, or build the hub and interconnect infrastructure yourself using our Next-Generation Firewalls.

Regardless of the deployment model, this tight integration allows you to manage security and SD-WAN on a single intuitive interface.

Dynamic Security Actions with Automated Enforcements

User access policies based on static directory information are simply not enough in today’s dynamic environment.

Network and security teams are tasked with providing correct access to users. But creating ad hoc rules to provide time-bound access to workers – and then ensuring these rules are removed once the business need is over – is manual, time-consuming and poses a security risk if the rules become over-provisioned.

In addition, the inability to dynamically change a user's access based on information about their behavior results in tedious operations and increased security risks.

With PAN-OS 9.1, you can enable Dynamic User Groups (DUG) and reap these benefits:

• Automatically include users as members without manually creating and committing policy or group changes.
• Still maintain user-to-data correlation at the device level before the firewall even scans the traffic.
• Configure and manage a single security policy to auto-remediate anomalous behavior and malicious activity while maintaining user visibility.

Enhanced Visibility and Troubleshooting for GlobalProtect Deployments

PAN-OS 9.1 provides greater visibility, rapid troubleshooting, and enhanced logging enhancements to help you monitor and rectify connection failures with your GlobalProtect™ deployments.

The logging enhancements are available for any Palo Alto Networks Next-Generation Firewall deployed as a GlobalProtect gateway or portal or in a Prisma Access mobile user deployment.

• Throughput is measured with App-ID and logging enabled, with 64 KB HTTP/appmix transactions.
• Disable Server Response Inspection (DSRI) throughput is measured with App-ID, IPS, antivirus, anti-spyware, WildFire, file blocking, and logging enabled, utilizing 64 KB HTTP transactions.
• Threat Prevention throughput measured with App-ID, IPS, antivirus, anti-spyware, WildFire, and logging enabled, utilizing 64 KB HTTP/appmix transactions.
• IPsec VPN throughput is measured with 64 KB HTTP transactions and logging enabled.
• New sessions per second is measured with application override, utilizing 1 byte HTTP transactions.
• Adding virtual systems to the base quantity requires a separately purchased license.