In our organization, we use the product "PA 3220" for Security and NAT policy configuration to block unwanted traffic. We can create different zones in our network, such as trusted, untrusted, DMZ. advance threat protection, and anti-malware protection.
We can create site-to-site and remote site VPNs as per users' requests. With the help of the SP3 engine, we can allow traffic with a high level of performance. We are able to configure the high availability as Active-Active or Active-Passive to load balance the traffic on the firewall interface. A vulnerability assessment is also done.