* [Blog](https://www2.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www2.paloaltonetworks.com/blog/corporate/)
* [Announcement](https://www2.paloaltonetworks.com/blog/category/announcement/)
* New: The Industry's Most ...

# New: The Industry's Most Flexible Software NGFW Consumption Model

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2021%2F02%2Fnetsec-flexible-firewall-licensing%2F)  
[](https://twitter.com/share?text=New%3A+The+Industry%E2%80%99s+Most+Flexible+Software+NGFW+Consumption+Model&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2021%2F02%2Fnetsec-flexible-firewall-licensing%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2021%2F02%2Fnetsec-flexible-firewall-licensing%2F&title=New%3A+The+Industry%E2%80%99s+Most+Flexible+Software+NGFW+Consumption+Model&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/2021/02/netsec-flexible-firewall-licensing/&ts=markdown)  
\[\](mailto:?subject=New: The Industry’s Most Flexible Software NGFW Consumption Model)  
Link copied  
By [Jaimin Patel](https://www.paloaltonetworks.com/blog/author/jaimin-patel/?ts=markdown "Posts by Jaimin Patel")  
Feb 09, 2021  
6 minutes  
[Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown)  
[Hybrid Cloud Data Center](https://www.paloaltonetworks.com/blog/network-security/category/hybrid-cloud-data-center/?ts=markdown)  
[Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown)  
[Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)  
[CN-Series](https://www.paloaltonetworks.com/blog/tag/cn-series/?ts=markdown)  
[next-generation firewall](https://www.paloaltonetworks.com/blog/tag/next-generation-firewall/?ts=markdown)  
[NGFW](https://www.paloaltonetworks.com/blog/tag/ngfw/?ts=markdown)  
[Virtualized Next-Generation Firewall](https://www.paloaltonetworks.com/blog/tag/virtualized-next-generation-firewall/?ts=markdown)

What if there was a licensing approach that would let you procure software firewalls and security services with the speed and flexibility to match rapidly changing cloud requirements? Or how about dynamically resizing your software firewalls in response to changes in your organization? That could minimize the need for forecasting, to say nothing of alleviating the need to purchase and deploy new and bigger firewalls as your environment grows over time.

And why stop there? What if there was a firewall licensing approach that would allow you to deploy the latest security innovations as soon as they are made available -- rather than hoping for their inclusion in the security services bundles you've already purchased?

What if you could simply scale and pay for the security you actually use?

None of the above is wishful thinking. It's all possible now with the industry's most flexible consumption model, which makes our software firewall offerings more adaptable to your organization than ever before.

This new flexible consumption model featuring credit-based licensing lets you consume firewall-as-a-platform components, such as VM-Series virtual firewalls, CN-Series container firewalls, all of our security services, and virtual Panorama for firewall management and log collection. With this approach, you can consume and deploy network security in minutes and maximize ROI in private and public clouds -- as well as on-premises and in branch, retail and service provider environments, to name just a few of the opportunities for more agility.

Until now, common practice has required software firewalls to be procured as discrete components, just like the products that run a data center. In the old approach, users are forced to commit to firewalls with fixed sizes based on *projected* traffic levels. Next, users must purchase rigid bundles of security services -- such as an Intrusion Prevention Service (IPS) or anti-malware capabilities -- that may or may not include the capabilities needed to satisfy their future requirements. Then they hope for the best.

There is no intrinsic technical reason why software firewalls and related security services must be consumed and procured this way -- so we changed it. Take a look at this short explainer video to see how it works:

## Three Simple Steps Get You the Firewall Licensing and Security Services You Need

Now procurement and deployment can be based on actual and immediate needs. Customers purchase Software NGFW Credits, which can then be allocated to VM-Series virtual and CN-Series container next-generation firewalls (NGFWs), cloud-delivered Security Services, and VM Panorama for management and log collection. The process just takes three simple steps:

1. Procure Software NGFW Credits.
2. Allocate or reallocate credits across different deployments to activate your choice of security products and your choice of security services in just minutes.
3. Manage and monitor credits via the Palo Alto Networks customer support portal.

As needs change over time, Software NGFW Credits can be reallocated to new and other firewall-as-a-platform solutions without having to go through additional procurement cycles. This flexible purchasing and deployment approach can substantially save time and money, while improving scalability and providing the agility needed to tailor security controls to your current security needs.

## **Meet Cloud Security Needs in Minutes**

The thinking behind the flexible consumption model is that security shouldn't get in the way of critical activities, such as application development. But when procurement processes can take days, or even weeks, people start thinking about taking shortcuts. And if you're a security professional, you know how that story usually concludes.

Here's why it often takes days -- or even weeks -- to purchase and deploy new software firewalls:

![License-based model: Time to deploy = days or weeks; Security requirement leads to purchase order leads to approval leads to procurement leads to license leads to software download leads to security deployed.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/02/word-image-21.png)

Now consider this plot twist in which the initial procurement steps above are required only once, and the flexible deployment model shrinks the new software firewall deployment process to just a few minutes:

![Flexible firewall licensing in action: Credit-based model: Time to deploy = minutes; Security requirement leads to self-service portal leads to credit allocation leads to security deployed.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/02/word-image-22.png)

In the interest of living happily ever after, we'd suggest you consider the new flexible consumption approach so you can focus on deploying security at the right time and in the right places.

## Say Hello to Flexible Firewall Sizing

These dramatically simplified steps for procurement mean no more hoping for the best and then scrambling to get things right at a later date. So unless you're Nostradamus, the flexible consumption model is for you -- because you, not the vendor, should determine how many cores (vCPUs) and how much memory are allocated to your software firewalls to meet specific scaling and performance requirements that are almost certain to change over time.

With our flexible consumption model, you simply allocate or remove additional cores to scale the software firewall up or down, instead of going through the long process of procuring a new firewall model that fits your latest requirements. A few clicks will appropriately size your firewalls, and Software NGFW Credits will automatically be deducted from -- or refunded to -- your credit bank.

## **Avoid Lock-In and Maximize ROI**

You can also say farewell to being locked into products and services in an era when you need to be able to turn on a dime. Who wants to pony up for new firewalls every time needs change or leave unused firewalls on the books for months at a time? With the new flexible consumption approach, that changes. You can instead consume any of the Palo Alto Networks cloud-delivered security services on-demand with your Software NGFW Credits and skip committing to a rigid security subscription bundle that could easily be outdated in a few months. You'll also get immediate access to *new*security services as soon as they are made generally available.

## Track Your Network Security Resource Consumption and Deployment

The new approach is also designed to help organizations get the most out of budgets by providing comprehensive firewall inventory oversight. Now you can leverage a centralized view to see precisely how many software credits have been procured -- and where they have been deployed, whether on-prem or in public clouds. With this capability, you can accurately track, audit and adjust firewall use based upon consumption and need.

## Get Ready to Get Started

The new flexible consumption model is ready for you to leverage today. Down the road, it will be the only way Palo Alto Networks will license its software firewalls and security services. During this transition period, Palo Alto Networks will support the licensing model you currently use -- and let you know when these methods for licensing are no longer available. Customers using pay-as-you-go licensing through cloud service providers will not be affected by this change.

To find out more, read this [solution brief](https://paloaltonetworks.com/resources/techbriefs/capitalize-on-the-new-flexible-firewall-consumption-model), which will guide you through the process, or watch this information-packed webinar, ["Software NGFWs: More Flexible Than Ever](https://register.paloaltonetworks.com/virtualngfwflexibility)," to find out how to get started with more flexibility to meet immediate security needs today.

*** ** * ** ***

## Related Blogs

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown)

[#### Introducing PAN-OS 9.0: Stop Threats Hiding in DNS, Close Security Gaps](https://www2.paloaltonetworks.com/blog/2019/02/introducing-pan-os-9-0-stop-threats-hiding-dns-close-security-gaps/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Enterprise \& Branch Security with Palo Alto Networks New NGFWs](https://www2.paloaltonetworks.com/blog/network-security/enterprise-branch-security-with-palo-alto-networks-new-ngfws/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Zero Trust Security](https://www.paloaltonetworks.com/blog/network-security/category/zero-trust-security/?ts=markdown)

[#### Palo Alto Networks Paves the Way with New OT Security Innovations](https://www2.paloaltonetworks.com/blog/2023/11/new-ot-security-innovations/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Just Released and Ready for Download --- Software Firewalls for Dummies](https://www2.paloaltonetworks.com/blog/2023/09/software-firewalls-for-dummies/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Company \& Culture](https://www.paloaltonetworks.com/blog/category/company-culture/?ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### VM-Series Virtual Firewalls Beat Fortinet Fortigate in Miercom Testing](https://www2.paloaltonetworks.com/blog/2023/03/vm-series-virtual-firewalls-in-miercom-testing/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Introducing New 4th Generation ML-Powered NGFWs](https://www2.paloaltonetworks.com/blog/2022/11/introducing-new-ml-powered-ngfws/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language