During the 2017 Next Generation Intrusion Prevention System (NGIPS) Group Test, the Palo Alto Networks PA-5250 (v8.0.6-h3) failed to detect three evasions. This affected its placement in the Security Value Map (SVM)™. Upon notification of the issue, Palo Alto Networks submitted a software update (v8.0.6-h4). NSS Labs has tested the updated device and published this Test Report, which provides updated performance and security effectiveness results.

This document provides test results for the Palo Alto Networks PA-5250 v8.0.6-h4. During NSS’ 2017 Next Generation Intrusion Prevention System (NGIPS) Group Test, the Palo Alto Networks PA-5250 v8.0.3-h4 failed to detect three HTTP evasions. This affected its placement in the Security Value Map (SVM)™. After working closely with NSS, Palo Alto Networks rolled out a new version of its software (v8.06-h4) for the Palo Alto Networks PA-5250. The updated device was subjected to testing using the NGIPS Test Methodology v3.1, the same methodology used in the NGIPS Group Test. The device’s exploit block rate decreased by 0.09%; it failed to detect one evasion, and it demonstrated a performance decrease of 4,962 Mbps.