Palo Alto PA-220

The Palo Alto PA-220 is a next-generation firewall appliance in a small form factor that secures networks by preventing a broad range of cyberthreats while safely enabling applications. Palo Alto PA-220 desktop form factor brings the same PAN-OS® features that protect your largest data centers – including high availability with active/active and active/passive modes – to small organizations and remote or branch offices.

Palo Alto PA-220 Firewall


App-ID firewall throughput 500 Mbps
Threat prevention throughput 150 Mbps
IPSec VPN throughput 100 Mbps
New sessions per second 4.200
Max sessions 64.000
Virtual systems (base) 1

Hardware Specification

Interfaces supported4 4x 10/100/1000
Management I/O 10/100/1000 out-ofband management, RJ-45 console, USB, Micro USB console port
Rack mountable? 1.62” H X 6.29” D X 8.07” W
Power supply Dual redundant 40W
Redundant power supply? Yes (optional)
Disk drives 32GB EMMC
Hot swap fans No

Next-generation firewall in a small footprint

Combines simplicity and unparalleled reliability

The PA-220 provides dual DC power inputs and high availability configuration for increased reliability, a fanless design and solid-state storage for quiet operation, and no moving parts for increased reliability. It simplifies the deployment of large numbers of firewalls through its bootstrapping feature and USB port.

Learn more >

Classifies all applications, on all ports, all the time

The PA-220 identifies any application, regardless of port, encryption (SSL or SSH) or evasive technique employed, and uses the application – not the port – as the basis for all your safe enablement policy decisions: allow, deny, schedule, inspect and apply traffic-shaping. It also categorizes unidentified applications for policy control, threat forensics or custom App-ID development.

Enforces security policies for any user, at any location

The PA-220 lets you deploy consistent policies to local and remote users running on Windows®, macOS®, Linux, Android® or Apple® iOS platforms. You get agentless integration with Microsoft® Active Directory® and Terminal Services, LDAP, Novell® eDirectory and Citrix®, and you can integrate your firewall policies easily with 802.1X wireless, proxies, network access control and other sources of user identity.

Prevents known and unknown threats

The PA-220 blocks a range of threats, including exploits, malware and spyware, across all ports, regardless of common threat-evasion tactics employed. It limits the unauthorized transfer of files and sensitive data to safely enable non-work-related web surfing. It also identifies unknown malware, analyzes it based on hundreds of malicious behaviors, and then automatically creates and delivers protection.