- Hybrid Cloud, Next-Generation Firewall, Palo Alto Networks, Network Security, Performance Evaluation, Cloud Security.
Abstract
Hybrid cloud architectures, combining on-premises data centers with public cloud resources, have become increasingly prevalent in modern enterprise networks due to their flexibility, scalability, and cost-effectiveness. However, this hybridization introduces complex security challenges, including consistent policy enforcement, secure traffic inspection, and maintaining performance while implementing advanced threat prevention mechanisms. Next-Generation Firewalls (NGFWs) have emerged as critical components in safeguarding hybrid environments by providing deep packet inspection, application awareness, user identification, and integrated threat prevention. Among NGFW vendors, Palo Alto Networks is widely deployed across enterprise networks, yet there is limited research rigorously evaluating its performance and security effectiveness in realistic hybrid cloud scenarios. This study aims to bridge that gap by conducting a comprehensive performance and security evaluation of Palo Alto NGFWs within hybrid cloud deployments. Using a controlled experimental testbed that integrates both physical PA-Series appliances and virtual VM-Series firewalls deployed in public cloud instances, we examine the impact of enabling various NGFW security features on network throughput, latency, packet loss, and resource utilization. Concurrently, we assess the security efficacy of the firewalls in detecting and mitigating known and simulated cyber threats, including malware, intrusions, and encrypted traffic attacks. Methodologically, the research involves incremental activation of security features from baseline (minimal inspection) to full feature stack activation across multiple traffic scenarios, including East-West and North South flows. Performance metrics are captured using high-precision network monitoring tools, while security effectiveness is evaluated through synthetic attack simulations and controlled malware injections. Comparative analysis identifies the trade-offs between security enforcement and performance degradation. Key findings reveal that while enabling the full security feature set imposes measurable latency and throughput overhead, the NGFWs maintain robust threat detection and prevention capabilities, particularly for application aware traffic and SSL-encrypted flows. Incremental feature deployment can optimize the balance between security and performance, offering practical guidance for network architects. Overall, the study provides actionable insights into the operational suitability of Palo Alto NGFWs in hybrid cloud networks and informs best practices for enterprises seeking to secure complex multi-environment infrastructures without sacrificing network efficiency.